chore(oraclecloud): enhance metadata for filestorage service (#9374)

Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>
2026-03-22 03:08:23 +00:00 · 2026-03-06 12:21:45 +01:00
parent ca992006b8
commit 6aa524c47d
2 changed files with 18 additions and 17 deletions
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -23,6 +23,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update GitHub Organization service metadata to new format [(#10273)](https://github.com/prowler-cloud/prowler/pull/10273)
 - Update Oracle Cloud Compute Engine service metadata to new format [(#9371)](https://github.com/prowler-cloud/prowler/pull/9371)
 - Update Oracle Cloud Database service metadata to new format [(#9372)](https://github.com/prowler-cloud/prowler/pull/9372)
+- Update Oracle Cloud File Storage service metadata to new format [(#9374)](https://github.com/prowler-cloud/prowler/pull/9374)

 ---

--- a/prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json
+++ b/prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json
@@ -1,35 +1,35 @@
 {
  "Provider": "oraclecloud",
  "CheckID": "filestorage_file_system_encrypted_with_cmk",
-  "CheckTitle": "Ensure File Storage Systems are encrypted with Customer Managed Keys",
-  "CheckType": [
-    "Software and Configuration Checks",
-    "Industry and Regulatory Standards",
-    "CIS OCI Foundations Benchmark"
-  ],
+  "CheckTitle": "File Storage file system is encrypted with a customer-managed KMS key",
+  "CheckType": [],
  "ServiceName": "filestorage",
  "SubServiceName": "",
-  "ResourceIdTemplate": "oci:filestorage:resource",
+  "ResourceIdTemplate": "",
  "Severity": "medium",
-  "ResourceType": "OciFilestorageResource",
+  "ResourceType": "FileSystem",
  "ResourceGroup": "storage",
-  "Description": "File systems should be encrypted with Customer Managed Keys (CMK) for enhanced security and control over encryption keys.",
-  "Risk": "Not meeting this requirement increases security risk.",
-  "RelatedUrl": "https://docs.oracle.com/en-us/iaas/",
+  "Description": "**OCI File Storage** file systems use **Customer-Managed Keys** (`CMEK`) for encryption when a KMS key is associated, instead of the default Oracle-managed encryption.",
+  "Risk": "Using provider-managed keys limits control over key lifecycle and access, weakening **confidentiality**. You cannot enforce custom rotation, revoke use, or apply granular key permissions, increasing exposure to insider misuse, legal compulsion, or compromised services. It may hinder **compliance** and complicate incident response.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/oci/OCI-FileStorage/file-storage-systems-encrypted-with-cmks.html",
+    "https://docs.oracle.com/en-us/iaas/Content/File/Tasks/encrypt-file-system.htm"
+  ],
  "Remediation": {
    "Code": {
-      "CLI": "",
+      "CLI": "oci fs file-system update --file-system-id <FILE_SYSTEM_OCID> --kms-key-id <KMS_KEY_OCID>",
      "NativeIaC": "",
-      "Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/oci/OCI-FileStorage/file-storage-systems-encrypted-with-cmks.html",
-      "Terraform": ""
+      "Other": "1. Sign in to the OCI Console\n2. Go to Storage > File Storage > File Systems and select the target file system\n3. In the Encryption section, click Edit (or Change key)\n4. Select Customer-managed key, choose the Vault and KMS key\n5. Click Save to apply",
+      "Terraform": "```hcl\nresource \"oci_file_storage_file_system\" \"<example_resource_name>\" {\n  availability_domain = \"<AVAILABILITY_DOMAIN>\"\n  compartment_id      = \"<COMPARTMENT_OCID>\"\n  kms_key_id          = \"<KMS_KEY_OCID>\"  # Critical: associates a customer-managed KMS key to encrypt the file system\n}\n```"
    },
    "Recommendation": {
-      "Text": "Ensure File Storage Systems are encrypted with Customer Managed Keys",
-      "Url": "https://hub.prowler.com/check/oci/filestorage_file_system_encrypted_with_cmk"
+      "Text": "Encrypt file systems with **Customer-Managed Keys** in OCI KMS. Apply **least privilege** on key usage, enable periodic rotation, and require dual control for key administration. Monitor key activity with centralized logging. Use **defense in depth** by combining `CMEK` with network isolation and strong access governance.",
+      "Url": "https://hub.prowler.com/check/filestorage_file_system_encrypted_with_cmk"
    }
  },
  "Categories": [
-    "security-configuration"
+    "encryption"
  ],
  "DependsOn": [],
  "RelatedTo": [],