chore: add aws/datasync metadata update to changelog

prowler/CHANGELOG.md

@@ -28,6 +28,8 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS API Gateway service metadata to new format [(#8788)](https://github.com/prowler-cloud/prowler/pull/8788)
 - Update AWS Athena service metadata to new format [(#8790)](https://github.com/prowler-cloud/prowler/pull/8790)
 - Update AWS Lambda service metadata to new format [(#8825)](https://github.com/prowler-cloud/prowler/pull/8825)
+- Update AWS DataSync service metadata to new format [(#8854)](https://github.com/prowler-cloud/prowler/pull/8854)
+
 
 ### Fixed
 - Fix SNS topics showing empty AWS_ResourceID in Quick Inventory output [(#8762)](https://github.com/prowler-cloud/prowler/issues/8762)

prowler/providers/aws/services/datasync/datasync_task_logging_enabled/datasync_task_logging_enabled.metadata.json

@@ -1,28 +1,38 @@
 {
   "Provider": "aws",
   "CheckID": "datasync_task_logging_enabled",
-  "CheckTitle": "DataSync tasks should have logging enabled",
+  "CheckTitle": "DataSync task has CloudWatch Logs log group configured for logging",
   "CheckType": [
-    "Software and Configuration Checks/AWS Security Best Practices"
+    "Software and Configuration Checks/AWS Security Best Practices",
+    "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices"
   ],
   "ServiceName": "datasync",
   "SubServiceName": "",
-  "ResourceIdTemplate": "arn:aws:datasync:{region}:{account-id}:task/{task-id}",
+  "ResourceIdTemplate": "",
   "Severity": "high",
-  "ResourceType": "AwsDataSyncTask",
-  "Description": "This control checks if AWS DataSync tasks have logging enabled. The control fails if the task doesn't have the CloudWatchLogGroupArn property defined.",
-  "Risk": "Without logging enabled, important operational data may be lost, making it difficult to troubleshoot issues, monitor performance, and ensure compliance with auditing requirements.",
-  "RelatedUrl": "https://docs.aws.amazon.com/datasync/latest/userguide/monitor-datasync.html#enable-logging",
+  "ResourceType": "Other",
+  "Description": "**AWS DataSync tasks** are evaluated for a configured **CloudWatch Logs** destination (`CloudWatchLogGroupArn`).\n\nTasks that specify a log group are recognized as logging-enabled; those without one are identified as not publishing execution events.",
+  "Risk": "**Absent DataSync task logs** create blind spots, preventing timely detection of **failed or partial transfers**, unexpected deletions, or anomalies. This undermines data **integrity** verification, obscures potential **exfiltration** indicators, and slows forensics and recovery, reducing **availability** during incidents.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://support.icompaas.com/support/solutions/articles/62000233637-ensure-datasync-tasks-should-have-logging-enabled",
+    "https://docs.aws.amazon.com/datasync/latest/userguide/monitor-datasync.html#enable-logging",
+    "https://sudoconsultants.com/aws-datasync-accelerating-data-transfer-for-software-and-hardware-teams/",
+    "https://github.com/terraform-providers/terraform-provider-aws/issues/14666",
+    "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/datasync_task",
+    "https://github.com/terraform-providers/terraform-provider-aws/issues/13046",
+    "https://www.datacamp.com/tutorial/aws-datasync"
+  ],
   "Remediation": {
     "Code": {
       "CLI": "aws datasync update-task --task-arn <task-arn> --cloud-watch-log-group-arn <log-group-arn>",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/datasync/latest/userguide/monitor-datasync.html#enable-logging",
-      "Terraform": ""
+      "NativeIaC": "```yaml\n# CloudFormation: Enable CloudWatch Logs for a DataSync task\nResources:\n  <example_resource_name>:\n    Type: AWS::DataSync::Task\n    Properties:\n      SourceLocationArn: <example_source_location_arn>\n      DestinationLocationArn: <example_destination_location_arn>\n      CloudWatchLogGroupArn: <example_log_group_arn>  # Critical: attaches a CloudWatch Logs group to enable task logging\n```",
+      "Other": "1. In the AWS Console, go to DataSync > Tasks\n2. Select the task and click Edit\n3. In the Logging section, set CloudWatch Log group to an existing log group\n4. Click Save",
+      "Terraform": "```hcl\n# Enable CloudWatch Logs for a DataSync task\nresource \"aws_datasync_task\" \"<example_resource_name>\" {\n  source_location_arn      = \"<example_source_location_arn>\"\n  destination_location_arn = \"<example_destination_location_arn>\"\n  cloudwatch_log_group_arn = \"<example_log_group_arn>\"  # Critical: attaches a CloudWatch Logs group to enable task logging\n}\n```"
     },
     "Recommendation": {
-      "Text": "Configure logging for your DataSync tasks to ensure that operational data is captured and available for debugging, monitoring, and auditing purposes.",
-      "Url": "https://docs.aws.amazon.com/datasync/latest/userguide/monitor-datasync.html#enable-logging"
+      "Text": "Configure each task to publish logs to a dedicated CloudWatch Logs group. Select an appropriate log level (e.g., `BASIC` or `TRANSFER`), enforce **least privilege** for log access, set **retention** and immutability, and integrate alerts. Centralize and monitor logs to support **defense in depth** and incident response.",
+      "Url": "https://hub.prowler.com/check/datasync_task_logging_enabled"
     }
   },
   "Categories": [