chore(release): 3.11.1

.github/CODEOWNERS

@@ -1 +1 @@
-* @prowler-cloud/prowler-oss @prowler-cloud/prowler-dev
+* @prowler-cloud/prowler-oss

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,6 +1,6 @@
 name:  💡 Feature Request
 description: Suggest an idea for this project
-labels: ["feature-request", "status/needs-triage"]
+labels: ["enhancement", "status/needs-triage"]
 
 
 body:

.github/dependabot.yml

@@ -13,8 +13,3 @@ updates:
     labels:
       - "dependencies"
       - "pip"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    target-branch: master

.github/labeler.yml

@@ -1,27 +0,0 @@
-documentation:
-  - changed-files:
-      - any-glob-to-any-file: "docs/**"
-
-provider/aws:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/aws/**"
-      - any-glob-to-any-file: "tests/providers/aws/**"
-
-provider/azure:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/azure/**"
-      - any-glob-to-any-file: "tests/providers/azure/**"
-
-provider/gcp:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/gcp/**"
-      - any-glob-to-any-file: "tests/providers/gcp/**"
-
-provider/kubernetes:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
-      - any-glob-to-any-file: "tests/providers/kubernetes/**"
-
-github_actions:
-  - changed-files:
-      - any-glob-to-any-file: ".github/workflows/*"

.github/workflows/build-documentation-on-pr.yml

@@ -1,24 +0,0 @@
-name: Pull Request Documentation Link
-
-on:
-  pull_request:
-    branches:
-      - 'master'
-      - 'v3'
-    paths:
-      - 'docs/**'
-
-env:
-  PR_NUMBER: ${{ github.event.pull_request.number }}
-
-jobs:
-  documentation-link:
-    name: Documentation Link
-    runs-on: ubuntu-latest
-    steps:
-      - name: Leave PR comment with the SaaS Documentation URI
-        uses: peter-evans/create-or-update-comment@v4
-        with:
-          issue-number: ${{ env.PR_NUMBER }}
-          body: |
-            You can check the documentation for this PR here -> [SaaS Documentation](https://prowler-prowler-docs--${{ env.PR_NUMBER }}.com.readthedocs.build/projects/prowler-open-source/en/${{ env.PR_NUMBER }}/)

.github/workflows/build-lint-push-containers.yml

@@ -3,7 +3,6 @@ name: build-lint-push-containers
 on:
   push:
     branches:
-      - "v3"
       - "master"
     paths-ignore:
       - ".github/**"
@@ -14,98 +13,52 @@ on:
     types: [published]
 
 env:
-  # AWS Configuration
   AWS_REGION_STG: eu-west-1
   AWS_REGION_PLATFORM: eu-west-1
   AWS_REGION: us-east-1
-
-  # Container's configuration
   IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Tags
   LATEST_TAG: latest
   STABLE_TAG: stable
-  # The RELEASE_TAG is set during runtime in releases
-  RELEASE_TAG: ""
-  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
-  PROWLER_VERSION: ""
-  PROWLER_VERSION_MAJOR: ""
-  # TEMPORARY_TAG: temporary
-
-  # Python configuration
-  PYTHON_VERSION: 3.12
+  TEMPORARY_TAG: temporary
+  DOCKERFILE_PATH: ./Dockerfile
+  PYTHON_VERSION: 3.9
 
 jobs:
   # Build Prowler OSS container
   container-build-push:
     # needs: dockerfile-linter
     runs-on: ubuntu-latest
-    outputs:
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
-      prowler_version: ${{ steps.update-prowler-version.outputs.PROWLER_VERSION }}
     env:
       POETRY_VIRTUALENVS_CREATE: "false"
-
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
-      - name: Setup Python
-        uses: actions/setup-python@v5
+      - name: Setup python (release)
+        if: github.event_name == 'release'
+        uses: actions/setup-python@v2
         with:
           python-version: ${{ env.PYTHON_VERSION }}
 
-      - name: Install Poetry
+      - name: Install dependencies (release)
+        if: github.event_name == 'release'
         run: |
           pipx install poetry
           pipx inject poetry poetry-bumpversion
 
-      - name: Get Prowler version
-        id: get-prowler-version
-        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-
-          # Store prowler version major just for the release
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-
-          case ${PROWLER_VERSION_MAJOR} in
-          3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              ;;
-
-          4)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              ;;
-
-          *)
-              # Fallback if any other version is present
-              echo "Releasing another Prowler major version, aborting..."
-              exit 1
-              ;;
-          esac
-
       - name: Update Prowler version (release)
-        id: update-prowler-version
         if: github.event_name == 'release'
         run: |
-          PROWLER_VERSION="${{ github.event.release.tag_name }}"
-          poetry version "${PROWLER_VERSION}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-          
+          poetry version ${{ github.event.release.tag_name }}
+
       - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to Public ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           registry: public.ecr.aws
           username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -114,11 +67,11 @@ jobs:
           AWS_REGION: ${{ env.AWS_REGION }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push container image (latest)
         if: github.event_name == 'push'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v2
         with:
           push: true
           tags: |
@@ -130,16 +83,16 @@ jobs:
 
       - name: Build and push container image (release)
         if: github.event_name == 'release'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v2
         with:
           # Use local context to get changes
           # https://github.com/docker/build-push-action#path-context
           context: .
           push: true
           tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
             ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
             ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
           file: ${{ env.DOCKERFILE_PATH }}
           cache-from: type=gha
@@ -149,26 +102,16 @@ jobs:
     needs: container-build-push
     runs-on: ubuntu-latest
     steps:
-      - name: Get latest commit info (latest)
+      - name: Get latest commit info
         if: github.event_name == 'push'
         run: |
           LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
           echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
-
-      - name: Dispatch event (latest)
-        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
+      - name: Dispatch event for latest
+        if: github.event_name == 'push'
         run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
-
-      - name: Dispatch event (release)
-        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+      - name: Dispatch event for release
+        if: github.event_name == 'release'
         run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ github.event.release.tag_name }}"}}'

.github/workflows/codeql.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master", "v3" ]
+    branches: [ "master", prowler-2, prowler-3.0-dev ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master", "v3" ]
+    branches: [ "master" ]
   schedule:
     - cron: '00 12 * * *'
 
@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,6 +52,6 @@ jobs:
         # queries: security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/find-secrets.yml

@@ -7,13 +7,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.76.3
+        uses: trufflesecurity/trufflehog@v3.4.4
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
-          extra_args: --only-verified

.github/workflows/labeler.yml

@@ -1,16 +0,0 @@
-name: "Pull Request Labeler"
-
-on:
-    pull_request_target:
-      branches:
-        - "master"
-        - "v3"
-
-jobs:
-  labeler:
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/labeler@v5

.github/workflows/pull-request.yml

@@ -4,23 +4,21 @@ on:
   push:
     branches:
       - "master"
-      - "v3"
   pull_request:
     branches:
       - "master"
-      - "v3"
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.9", "3.10", "3.11"]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
       - name: Test if changes are in not ignored paths
         id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v44
+        uses: tj-actions/changed-files@v39
         with:
           files: ./**
           files_ignore: |
@@ -28,7 +26,6 @@ jobs:
             README.md
             docs/**
             permissions/**
-            mkdocs.yml
       - name: Install poetry
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
         run: |
@@ -36,7 +33,7 @@ jobs:
           pipx install poetry
       - name: Set up Python ${{ matrix.python-version }}
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
           cache: "poetry"
@@ -73,7 +70,7 @@ jobs:
       - name: Safety
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
         run: |
-          poetry run safety check --ignore 67599
+          poetry run safety check
       - name: Vulture
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
         run: |
@@ -88,6 +85,6 @@ jobs:
           poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
       - name: Upload coverage reports to Codecov
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/pypi-release.yml

@@ -6,10 +6,7 @@ on:
 
 env:
   RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: 3.11
-  CACHE: "poetry"
-  # TODO: create a bot user for this kind of tasks, like prowler-bot
-  GIT_COMMITTER_EMAIL: "sergio@prowler.com"
+  GITHUB_BRANCH: master
 
 jobs:
   release-prowler-job:
@@ -18,80 +15,56 @@ jobs:
       POETRY_VIRTUALENVS_CREATE: "false"
     name: Release Prowler to PyPI
     steps:
-      - name: Get Prowler version
-        run: |
-          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-
-          case ${PROWLER_VERSION%%.*} in
-          3)
-              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
-              ;;
-          4)
-              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
-              ;;
-          *)
-              echo "Releasing another Prowler major version, aborting..."
-              exit 1
-              ;;
-          esac
-
-      - uses: actions/checkout@v4
-
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ env.GITHUB_BRANCH }}
       - name: Install dependencies
         run: |
           pipx install poetry
           pipx inject poetry poetry-bumpversion
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
+      - name: setup python
+        uses: actions/setup-python@v4
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: ${{ env.CACHE }}
-
-      - name: Update Poetry and config version
+          python-version: 3.9
+          cache: 'poetry'
+      - name: Change version and Build package
         run: |
           poetry version ${{ env.RELEASE_TAG }}
-
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          passphrase: ${{ secrets.GPG_PASSPHRASE }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
-
-      - name: Push updated version to the release tag
-        run: |
-          # Configure Git
           git config user.name "github-actions"
-          git config user.email "${{ env.GIT_COMMITTER_EMAIL }}"
-
-          # Add the files with the version changed
+          git config user.email "<noreply@github.com>"
           git add prowler/config/config.py pyproject.toml
-          git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify -S
-
-          # Replace the tag with the version updated
-          git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}" --sign
-
-          # Push the tag
+          git commit -m "chore(release): ${{ env.RELEASE_TAG }}" --no-verify
+          git tag -fa ${{ env.RELEASE_TAG }} -m "chore(release): ${{ env.RELEASE_TAG }}"
           git push -f origin ${{ env.RELEASE_TAG }}
-
-      - name: Build Prowler package
-        run: |
           poetry build
-
-      - name: Publish Prowler package to PyPI
+      - name: Publish prowler package to PyPI
         run: |
           poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
           poetry publish
+      # Create pull request with new version
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
+          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
+          branch: release-${{ env.RELEASE_TAG }}
+          labels: "status/waiting-for-revision, severity/low"
+          title: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}"
+          body: |
+            ### Description
 
-      - name: Replicate PyPI package
+            This PR updates Prowler Version to ${{ env.RELEASE_TAG }}.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+      - name: Replicate PyPi Package
         run: |
           rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
           pip install toml
           python util/replicate_pypi_package.py
           poetry build
-
       - name: Publish prowler-cloud package to PyPI
         run: |
           poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/refresh_aws_services_regions.yml

@@ -23,12 +23,12 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           ref: ${{ env.GITHUB_BRANCH }}
 
       - name: setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v2
         with:
           python-version: 3.9 #install the python needed
 
@@ -38,7 +38,7 @@ jobs:
           pip install boto3
 
       - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v1
         with:
           aws-region: ${{ env.AWS_REGION_DEV }}
           role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,12 +50,12 @@ jobs:
 
       # Create pull request
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
         with:
           token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
           commit-message: "feat(regions_update): Update regions for AWS services."
           branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws"
+          labels: "status/waiting-for-revision, severity/low"
           title: "chore(regions_update): Changes in regions for AWS services."
           body: |
             ### Description

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 repos:
   ## GENERAL
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.4.0
     hooks:
       - id: check-merge-conflict
       - id: check-yaml
@@ -15,7 +15,7 @@ repos:
 
   ## TOML
   - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-    rev: v2.12.0
+    rev: v2.10.0
     hooks:
       - id: pretty-format-toml
         args: [--autofix]
@@ -28,7 +28,7 @@ repos:
       - id: shellcheck
   ## PYTHON
   - repo: https://github.com/myint/autoflake
-    rev: v2.2.1
+    rev: v2.2.0
     hooks:
       - id: autoflake
         args:
@@ -39,25 +39,25 @@ repos:
           ]
 
   - repo: https://github.com/timothycrosley/isort
-    rev: 5.13.2
+    rev: 5.12.0
     hooks:
       - id: isort
         args: ["--profile", "black"]
 
   - repo: https://github.com/psf/black
-    rev: 24.1.1
+    rev: 22.12.0
     hooks:
       - id: black
 
   - repo: https://github.com/pycqa/flake8
-    rev: 7.0.0
+    rev: 6.1.0
     hooks:
       - id: flake8
         exclude: contrib
         args: ["--ignore=E266,W503,E203,E501,W605"]
 
   - repo: https://github.com/python-poetry/poetry
-    rev: 1.7.0
+    rev: 1.6.0 # add version here
     hooks:
       - id: poetry-check
       - id: poetry-lock
@@ -80,12 +80,18 @@ repos:
       - id: trufflehog
         name: TruffleHog
         description: Detect secrets in your data.
-        entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
+        # entry: bash -c 'trufflehog git file://. --only-verified --fail'
         # For running trufflehog in docker, use the following entry instead:
-        # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
+        entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
         language: system
         stages: ["commit", "push"]
 
+      - id: pytest-check
+        name: pytest-check
+        entry: bash -c 'pytest tests -n auto'
+        language: system
+        files: '.*\.py'
+
       - id: bandit
         name: bandit
         description: "Bandit is a tool for finding common security issues in Python code"
@@ -96,7 +102,7 @@ repos:
       - id: safety
         name: safety
         description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'safety check --ignore 67599'
+        entry: bash -c 'safety check'
         language: system
 
       - id: vulture

.readthedocs.yaml

@@ -8,18 +8,16 @@ version: 2
 build:
   os: "ubuntu-22.04"
   tools:
-    python: "3.11"
+    python: "3.9"
   jobs:
     post_create_environment:
       # Install poetry
       # https://python-poetry.org/docs/#installing-manually
-      - python -m pip install poetry
+      - pip install poetry
+      # Tell poetry to not use a virtual environment
+      - poetry config virtualenvs.create false
     post_install:
-      # Install dependencies with 'docs' dependency group
-      # https://python-poetry.org/docs/managing-dependencies/#dependency-groups
-      # VIRTUAL_ENV needs to be set manually for now.
-      # See https://github.com/readthedocs/readthedocs.org/pull/11152/
-      - VIRTUAL_ENV=${READTHEDOCS_VIRTUALENV_PATH} python -m poetry install --only=docs
+      - poetry install -E docs
 
 mkdocs:
   configuration: mkdocs.yml

CODE_OF_CONDUCT.md

@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at [support.prowler.com](https://customer.support.prowler.com/servicedesk/customer/portals). All
+reported by contacting the project team at community@prowler.cloud. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.

CONTRIBUTING.md

@@ -10,4 +10,4 @@
 Want some swag as appreciation for your contribution?
 
 # Prowler Developer Guide
-https://docs.prowler.com/projects/prowler-open-source/en/latest/developer-guide/introduction/
+https://docs.prowler.cloud/en/latest/tutorials/developer-guide/

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12-alpine
+FROM python:3.11-alpine
 
 LABEL maintainer="https://github.com/prowler-cloud/prowler"
 

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright @ 2024 Toni de la Fuente
+Copyright 2018 Netflix, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,31 +1,24 @@
 <p align="center">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png?raw=True#gh-light-mode-only" width="350" height="115">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png?raw=True#gh-dark-mode-only" width="350" height="115">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-dark.png?raw=True#gh-dark-mode-only" width="150" height="36">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-light.png?raw=True#gh-light-mode-only" width="15%" height="15%">
 </p>
 <p align="center">
-  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>See all the things you and your team can do with ProwlerPro at <a href="https://prowler.pro">prowler.pro</a></i></b>
 </p>
-<p align="center">
-<b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
-</p>
-
-<p align="center">
-<a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img width="30" height="30" alt="Prowler community on Slack" src="https://github.com/prowler-cloud/prowler/assets/3985464/3617e470-670c-47c9-9794-ce895ebdb627"></a>
-  <br>
-<a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog">Join our Prowler community!</a>
-</p>
-
 <hr>
+<p align="center">
+  <img src="https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png" />
+</p>
 <p align="center">
   <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
   <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a>
   <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a>
   <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Prowler Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads"></a>
+  <a href="https://pypistats.org/packages/prowler-cloud"><img alt="PyPI Prowler-Cloud Downloads" src="https://img.shields.io/pypi/dw/prowler-cloud.svg?label=prowler-cloud%20downloads"></a>
   <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a>
   <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/cloud/build/toniblyx/prowler"></a>
   <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/image-size/toniblyx/prowler"></a>
   <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a>
-  <a href="https://codecov.io/gh/prowler-cloud/prowler"><img src="https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl"/></a>
 </p>
 <p align="center">
   <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
@@ -37,7 +30,6 @@
   <a href="https://twitter.com/ToniBlyx"><img alt="Twitter" src="https://img.shields.io/twitter/follow/toniblyx?style=social"></a>
   <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a>
 </p>
-<hr>
 
 # Description
 
@@ -45,16 +37,16 @@
 
 It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
 
-| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
+| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.cloud/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.cloud/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 304 | 61 -> `prowler aws --list-services` | 28 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
-| GCP | 75 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 127 | 16 -> `prowler azure --list-services` | 2 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
-| Kubernetes | Work In Progress | - | CIS soon | - |
+| AWS | 301 | 61 -> `prowler aws --list-services` | 25 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
+| GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 23 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| Kubernetes | Planned | - | - | - |
 
 # 📖 Documentation
 
-The full documentation can now be found at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)
+The full documentation can now be found at [https://docs.prowler.cloud](https://docs.prowler.cloud)
 
 ## Looking for Prowler v2 documentation?
 For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prowler/tree/2.12.1.
@@ -62,13 +54,13 @@ For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prow
 # ⚙️ Install
 
 ## Pip package
-Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9:
 
 ```console
 pip install prowler
 prowler -v
 ```
-More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/)
+More details at https://docs.prowler.cloud
 
 ## Containers
 
@@ -85,7 +77,7 @@ The container images are available here:
 
 ## From Github
 
-Python >= 3.9, < 3.13 is required with pip and poetry:
+Python >= 3.9 is required with pip and poetry:
 
 ```
 git clone https://github.com/prowler-cloud/prowler

SECURITY.md

@@ -14,7 +14,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F
 
 If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
 
-The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
 
 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
 

docs/developer-guide/checks.md

@@ -101,7 +101,7 @@ All the checks MUST fill the `report.status` and `report.status_extended` with t
 
 - Status -- `report.status`
     - `PASS` --> If the check is passing against the configured value.
-    - `FAIL` --> If the check is failing against the configured value.
+    - `FAIL` --> If the check is passing against the configured value.
     - `INFO` --> This value cannot be used unless a manual operation is required in order to determine if the `report.status` is whether `PASS` or `FAIL`.
 - Status Extended -- `report.status_extended`
     - MUST end in a dot `.`
@@ -125,7 +125,7 @@ All the checks MUST fill the `report.resource_id` and `report.resource_arn` with
     - Resource ARN -- `report.resource_arn`
         - AWS Account --> Root ARN `arn:aws:iam::123456789012:root`
         - AWS Resource --> Resource ARN
-        - Root resource --> Resource Type ARN `f"arn:{service_client.audited_partition}:<service_name>:{service_client.region}:{service_client.audited_account}:<resource_type>"`
+        - Root resource --> Root ARN `arn:aws:iam::123456789012:root`
 - GCP
     - Resource ID -- `report.resource_id`
         - GCP Resource --> Resource ID
@@ -196,17 +196,14 @@ aws:
 As you can see in the above code, within the service client, in this case the `ec2_client`, there is an object called `audit_config` which is a Python dictionary containing the values read from the configuration file.
 
 In order to use it, you have to check first if the value is present in the configuration file. If the value is not present, you can create it in the `config.yaml` file and then, read it from the check.
-
-???+ note
-    It is mandatory to always use the `dictionary.get(value, default)` syntax to set a default value in the case the configuration value is not present.
+> It is mandatory to always use the `dictionary.get(value, default)` syntax to set a default value in the case the configuration value is not present.
 
 
 ## Check Metadata
 
 Each Prowler check has metadata associated which is stored at the same level of the check's folder in a file called A `check_name.metadata.json` containing the check's metadata.
 
-???+ note
-    We are going to include comments in this example metadata JSON but they cannot be included because the JSON format does not allow comments.
+> We are going to include comments in this example metadata JSON but they cannot be included because the JSON format does not allow comments.
 
 ```json
 {
@@ -243,11 +240,11 @@ Each Prowler check has metadata associated which is stored at the same level of
     # Code holds different methods to remediate the FAIL finding
     "Code": {
       # CLI holds the command in the provider native CLI to remediate it
-      "CLI": "https://docs.prowler.com/checks/public_8#cli-command",
+      "CLI": "https://docs.bridgecrew.io/docs/public_8#cli-command",
       # NativeIaC holds the native IaC code to remediate it, use "https://docs.bridgecrew.io/docs"
       "NativeIaC": "",
       # Other holds the other commands, scripts or code to remediate it, use "https://www.trendmicro.com/cloudoneconformity"
-      "Other": "https://docs.prowler.com/checks/public_8#aws-console",
+      "Other": "https://docs.bridgecrew.io/docs/public_8#aws-console",
       # Terraform holds the Terraform code to remediate it, use "https://docs.bridgecrew.io/docs"
       "Terraform": ""
     },

docs/developer-guide/debugging.md

@@ -1,45 +0,0 @@
-# Debugging
-
-Debugging in Prowler make things easier!
-If you are developing Prowler, it's possible that you will encounter some situations where you have to inspect the code in depth to fix some unexpected issues during the execution. To do that, if you are using VSCode you can run the code using the integrated debugger. Please, refer to this [documentation](https://code.visualstudio.com/docs/editor/debugging) for guidance about the debugger in VSCode.
-The following file is an example of the [debugging configuration](https://code.visualstudio.com/docs/editor/debugging#_launch-configurations) file that you can add to [Virtual Studio Code](https://code.visualstudio.com/).
-
-This file should inside the *.vscode* folder and its name has to be *launch.json*:
-
-```json
-{
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "name": "Python: Current File",
-            "type": "python",
-            "request": "launch",
-            "program": "prowler.py",
-            "args": [
-                "aws",
-                "-f",
-                "eu-west-1",
-                "--service",
-                "cloudwatch",
-                "--log-level",
-                "ERROR",
-                "-p",
-                "dev",
-            ],
-            "console": "integratedTerminal",
-            "justMyCode": false
-        },
-        {
-            "name": "Python: Debug Tests",
-            "type": "python",
-            "request": "launch",
-            "program": "${file}",
-            "purpose": [
-                "debug-test"
-            ],
-            "console": "integratedTerminal",
-            "justMyCode": false
-        }
-    ]
-}
-```

docs/developer-guide/documentation.md

@@ -1,8 +1,8 @@
 ## Contribute with documentation
 
-We use `mkdocs` to build this Prowler documentation site so you can easily contribute back with new docs or improving them. To install all necessary dependencies use `poetry install --with docs`.
+We use `mkdocs` to build this Prowler documentation site so you can easily contribute back with new docs or improving them.
 
 1. Install `mkdocs` with your favorite package manager.
 2. Inside the `prowler` repository folder run `mkdocs serve` and point your browser to `http://localhost:8000` and you will see live changes to your local copy of this documentation site.
-3. Make all needed changes to docs or add new documents. To do so just edit existing md files inside `prowler/docs` and if you are adding a new section or file please make sure you add it to `mkdocs.yml` file in the root folder of the Prowler repo.
+3. Make all needed changes to docs or add new documents. To do so just edit existing md files inside `prowler/docs` and if you are adding a new section or file please make sure you add it to `mkdocs.yaml` file in the root folder of the Prowler repo.
 4. Once you are done with changes, please send a pull request to us for review and merge. Thank you in advance!

docs/developer-guide/introduction.md

@@ -1,6 +1,6 @@
 # Developer Guide
 
-You can extend Prowler Open Source in many different ways, in most cases you will want to create your own checks and compliance security frameworks, here is where you can learn about how to get started with it. We also include how to create custom outputs, integrations and more.
+You can extend Prowler in many different ways, in most cases you will want to create your own checks and compliance security frameworks, here is where you can learn about how to get started with it. We also include how to create custom outputs, integrations and more.
 
 ## Get the code and install all dependencies
 
@@ -16,7 +16,7 @@ pip install poetry
 ```
 Then install all dependencies including the ones for developers:
 ```
-poetry install --with dev
+poetry install
 poetry shell
 ```
 
@@ -31,9 +31,7 @@ You should get an output like the following:
 pre-commit installed at .git/hooks/pre-commit
 ```
 
-Before we merge any of your pull requests we pass checks to the code, we use the following tools and automation to make sure the code is secure and dependencies up-to-dated:
-???+ note
-    These should have been already installed if you ran `poetry install --with dev`
+Before we merge any of your pull requests we pass checks to the code, we use the following tools and automation to make sure the code is secure and dependencies up-to-dated (these should have been already installed if you ran `pipenv install -d`):
 
 - [`bandit`](https://pypi.org/project/bandit/) for code security review.
 - [`safety`](https://pypi.org/project/safety/) and [`dependabot`](https://github.com/features/security) for dependencies.

docs/developer-guide/security-compliance-framework.md

@@ -23,7 +23,7 @@ Each file version of a framework will have the following structure at high level
   "Requirements": [
     {
       "Id": "<unique-id>",
-      "Description": "Requirement full description",
+      "Description": "Requiemente full description",
       "Checks": [
         "Here is the prowler check or checks that is going to be executed"
       ],
@@ -38,4 +38,4 @@ Each file version of a framework will have the following structure at high level
 }
 ```
 
-Finally, to have a proper output file for your reports, your framework data model has to be created in `prowler/lib/outputs/models.py` and also the CLI table output in `prowler/lib/outputs/compliance.py`. Also, you need to add a new conditional in `prowler/lib/outputs/file_descriptors.py` if you create a new CSV model.
+Finally, to have a proper output file for your reports, your framework data model has to be created in `prowler/lib/outputs/models.py` and also the CLI table output in `prowler/lib/outputs/compliance.py`.

docs/developer-guide/services.md

@@ -175,8 +175,6 @@ class <Service>(ServiceParentClass):
                 f"{<item>.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )
 ```
-???+note
-    To avoid fake findings, when Prowler can't retrieve the items, because an Access Denied or similar error, we set that items value as `None`.
 
 ### Service Models
 

docs/developer-guide/unit-testing.md

@@ -40,15 +40,13 @@ Other commands to run tests:
 - Run tests for a provider service: `pytest -n auto -vvv -s -x tests/providers/<provider>/services/<service>`
 - Run tests for a provider check: `pytest -n auto -vvv -s -x tests/providers/<provider>/services/<service>/<check>`
 
-???+ note
-    Refer to the [pytest documentation](https://docs.pytest.org/en/7.1.x/getting-started.html) documentation for more information.
+> Refer to the [pytest documentation](https://docs.pytest.org/en/7.1.x/getting-started.html) documentation for more information.
 
 ## AWS
 
 For the AWS provider we have ways to test a Prowler check based on the following criteria:
 
-???+ note
-    We use and contribute to the [Moto](https://github.com/getmoto/moto) library which allows us to easily mock out tests based on AWS infrastructure. **It's awesome!**
+> Note: We use and contribute to the [Moto](https://github.com/getmoto/moto) library which allows us to easily mock out tests based on AWS infrastructure. **It's awesome!**
 
 - AWS API calls covered by [Moto](https://github.com/getmoto/moto):
     - Service tests with `@mock_<service>`
@@ -197,8 +195,7 @@ class Test_iam_password_policy_uppercase:
 
 If the IAM service for the check's we want to test is not covered by Moto, we have to inject the objects in the service client using [MagicMock](https://docs.python.org/3/library/unittest.mock.html#unittest.mock.MagicMock). As we have pointed above, we cannot instantiate the service since it will make real calls to the AWS APIs.
 
-???+ note
-    The following example uses the IAM GetAccountPasswordPolicy which is covered by Moto but this is only for demonstration purposes.
+> The following example uses the IAM GetAccountPasswordPolicy which is covered by Moto but this is only for demonstration purposes.
 
 The following code shows how to use MagicMock to create the service objects.
 
@@ -328,8 +325,7 @@ class Test_iam_password_policy_uppercase:
 
 Note that this does not use Moto, to keep it simple, but if you use any `moto`-decorators in addition to the patch, the call to `orig(self, operation_name, kwarg)` will be intercepted by Moto.
 
-???+ note
-    The above code comes from here https://docs.getmoto.org/en/latest/docs/services/patching_other_services.html
+> The above code comes from here https://docs.getmoto.org/en/latest/docs/services/patching_other_services.html
 
 #### Mocking more than one service
 
@@ -389,7 +385,7 @@ with mock.patch(
     "prowler.providers.<provider>.lib.audit_info.audit_info.audit_info",
     new=audit_info,
 ), mock.patch(
-    "prowler.providers.<provider>.services.<service>.<check>.<check>.<service>_client",
+    "prowler.providers.aws.services.<service>.<check>.<check>.<service>_client",
     new=<SERVICE>(audit_info),
 ):
 ```
@@ -411,10 +407,10 @@ with mock.patch(
     "prowler.providers.<provider>.lib.audit_info.audit_info.audit_info",
     new=audit_info,
 ), mock.patch(
-    "prowler.providers.<provider>.services.<service>.<SERVICE>",
+    "prowler.providers.aws.services.<service>.<SERVICE>",
     new=<SERVICE>(audit_info),
 ) as service_client, mock.patch(
-    "prowler.providers.<provider>.services.<service>.<service>_client.<service>_client",
+    "prowler.providers.aws.services.<service>.<service>_client.<service>_client",
     new=service_client,
 ):
 ```
@@ -509,113 +505,7 @@ class Test_compute_firewall_rdp_access_from_the_internet_allowed:
 
 ### Services
 
-For testing Google Cloud Services, we have to follow the same logic as with the Google Cloud checks. We still mocking all API calls, but in this case, every API call to set up an attribute is defined in [fixtures file](https://github.com/prowler-cloud/prowler/blob/master/tests/providers/gcp/gcp_fixtures.py) in `mock_api_client` function. Remember that EVERY method of a service must be tested.
-
-The following code shows a real example of a testing class, but it has more comments than usual for educational purposes.
-
-```python title="BigQuery Service Test"
-# We need to import the unittest.mock.patch to allow us to patch some objects
-# not to use shared ones between test, hence to isolate the test
-from unittest.mock import patch
-# Import the class needed from the service file
-from prowler.providers.gcp.services.bigquery.bigquery_service import BigQuery
-# Necessary constans and functions from fixtures file
-from tests.providers.gcp.gcp_fixtures import (
-    GCP_PROJECT_ID,
-    mock_api_client,
-    mock_is_api_active,
-    set_mocked_gcp_audit_info,
-)
-
-
-class TestBigQueryService:
-    # Only method needed to test full service
-    def test_service(self):
-        # In this case we are mocking the __is_api_active__ to ensure our mocked project is used
-        # And all the client to use our mocked API calls
-        with patch(
-            "prowler.providers.gcp.lib.service.service.GCPService.__is_api_active__",
-            new=mock_is_api_active,
-        ), patch(
-            "prowler.providers.gcp.lib.service.service.GCPService.__generate_client__",
-            new=mock_api_client,
-        ):
-            # Instantiate an object of class with the mocked provider
-            bigquery_client = BigQuery(
-                set_mocked_gcp_audit_info(project_ids=[GCP_PROJECT_ID])
-            )
-            # Check all attributes of the tested class is well set up according API calls mocked from GCP fixture file
-            assert bigquery_client.service == "bigquery"
-            assert bigquery_client.project_ids == [GCP_PROJECT_ID]
-
-            assert len(bigquery_client.datasets) == 2
-
-            assert bigquery_client.datasets[0].name == "unique_dataset1_name"
-            assert bigquery_client.datasets[0].id.__class__.__name__ == "str"
-            assert bigquery_client.datasets[0].region == "US"
-            assert bigquery_client.datasets[0].cmk_encryption
-            assert bigquery_client.datasets[0].public
-            assert bigquery_client.datasets[0].project_id == GCP_PROJECT_ID
-
-            assert bigquery_client.datasets[1].name == "unique_dataset2_name"
-            assert bigquery_client.datasets[1].id.__class__.__name__ == "str"
-            assert bigquery_client.datasets[1].region == "EU"
-            assert not bigquery_client.datasets[1].cmk_encryption
-            assert not bigquery_client.datasets[1].public
-            assert bigquery_client.datasets[1].project_id == GCP_PROJECT_ID
-
-            assert len(bigquery_client.tables) == 2
-
-            assert bigquery_client.tables[0].name == "unique_table1_name"
-            assert bigquery_client.tables[0].id.__class__.__name__ == "str"
-            assert bigquery_client.tables[0].region == "US"
-            assert bigquery_client.tables[0].cmk_encryption
-            assert bigquery_client.tables[0].project_id == GCP_PROJECT_ID
-
-            assert bigquery_client.tables[1].name == "unique_table2_name"
-            assert bigquery_client.tables[1].id.__class__.__name__ == "str"
-            assert bigquery_client.tables[1].region == "US"
-            assert not bigquery_client.tables[1].cmk_encryption
-            assert bigquery_client.tables[1].project_id == GCP_PROJECT_ID
-```
-As it can be confusing where all these values come from, I'll give an example to make this clearer. First we need to check
-what is the API call used to obtain the datasets. In this case if we check the service the call is
-`self.client.datasets().list(projectId=project_id)`.
-
-Now in the fixture file we have to mock this call in our `MagicMock` client in the function `mock_api_client`. The best way to mock
-is following the actual format, add one function where the client is passed to be changed, the format of this function name must be
-`mock_api_<endpoint>_calls` (*endpoint* refers to the first attribute pointed after *client*).
-
-In the example of BigQuery the function is called `mock_api_dataset_calls`. And inside of this function we found an assignation to
-be used in the `__get_datasets__` method in BigQuery class:
-
-```python
-# Mocking datasets
-dataset1_id = str(uuid4())
-dataset2_id = str(uuid4())
-
-client.datasets().list().execute.return_value = {
-    "datasets": [
-        {
-            "datasetReference": {
-                "datasetId": "unique_dataset1_name",
-                "projectId": GCP_PROJECT_ID,
-            },
-            "id": dataset1_id,
-            "location": "US",
-        },
-        {
-            "datasetReference": {
-                "datasetId": "unique_dataset2_name",
-                "projectId": GCP_PROJECT_ID,
-            },
-            "id": dataset2_id,
-            "location": "EU",
-        },
-    ]
-}
-```
-
+Coming soon ...
 
 ## Azure
 
@@ -623,8 +513,6 @@ client.datasets().list().execute.return_value = {
 
 For the Azure Provider we don't have any library to mock out the API calls we use. So in this scenario we inject the objects in the service client using [MagicMock](https://docs.python.org/3/library/unittest.mock.html#unittest.mock.MagicMock).
 
-In essence, we create object instances and we run the check that we are testing with that instance. In the test we ensure the check executed correctly and results with the expected values.
-
 The following code shows how to use MagicMock to create the service objects for a Azure check test.
 
 ```python
@@ -635,7 +523,7 @@ from unittest import mock
 from uuid import uuid4
 
 # Azure Constants
-from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION
+AZURE_SUSCRIPTION = str(uuid4())
 
 
 
@@ -654,7 +542,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
 
         # Create the custom Defender object to be tested
         defender_client.pricings = {
-            AZURE_SUBSCRIPTION: {
+            AZURE_SUSCRIPTION: {
                 "Arm": Defender_Pricing(
                     resource_id=resource_id,
                     pricing_tier="Not Standard",
@@ -665,8 +553,11 @@ class Test_defender_ensure_defender_for_arm_is_on:
 
         # In this scenario we have to mock also the Defender service and the defender_client from the check to enforce that the defender_client used is the one created within this check because patch != import, and if you execute tests in parallel some objects can be already initialised hence the check won't be isolated.
         # In this case we don't use the Moto decorator, we use the mocked Defender client for both objects
-         with mock.patch(
-            "prowler.providers.azure.services.defender.defender_ensure_defender_for_arm_is_on.defender_ensure_defender_for_arm_is_on.defender_client",
+        with mock.patch(
+            "prowler.providers.azure.services.defender.defender_service.Defender",
+            new=defender_client,
+        ), mock.patch(
+            "prowler.providers.azure.services.defender.defender_client.defender_client",
             new=defender_client,
         ):
 
@@ -680,7 +571,7 @@ class Test_defender_ensure_defender_for_arm_is_on:
             check = defender_ensure_defender_for_arm_is_on()
 
             # And then, call the execute() function to run the check
-            # against the Defender client we've set up.
+            # against the IAM client we've set up.
             result = check.execute()
 
             # Last but not least, we need to assert all the fields
@@ -689,180 +580,13 @@ class Test_defender_ensure_defender_for_arm_is_on:
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)"
+                == f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
             )
-            assert result[0].subscription == AZURE_SUBSCRIPTION
+            assert result[0].subscription == AZURE_SUSCRIPTION
             assert result[0].resource_name == "Defender plan ARM"
             assert result[0].resource_id == resource_id
 ```
 
 ### Services
 
-For the Azure Services tests, the idea is similar, we test that the functions we've done for capturing the values of the different objects using the Azure API work correctly. Again, we create an object instance and verify that the values captured for that instance are correct.
-
-The following code shows how a service test looks like.
-
-```python
-#We import patch from unittest.mock for simulating objects, the ones that we'll test with.
-from unittest.mock import patch
-
-#Importing FlowLogs from azure.mgmt.network.models allows us to create objects corresponding
-#to flow log settings for Azure networking resources.
-from azure.mgmt.network.models import FlowLog
-
-#We import the different classes of the Network Service so we can use them.
-from prowler.providers.azure.services.network.network_service import (
-    BastionHost,
-    Network,
-    NetworkWatcher,
-    PublicIp,
-    SecurityGroup,
-)
-
-#Azure constants
-from tests.providers.azure.azure_fixtures import (
-    AZURE_SUBSCRIPTION,
-    set_mocked_azure_audit_info,
-)
-
-#Mocks the behavior of a function responsible for retrieving security groups from a network service so
-#basically this is the instance for SecurityGroup that we are going to use
-def mock_network_get_security_groups(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            SecurityGroup(
-                id="id",
-                name="name",
-                location="location",
-                security_rules=[],
-            )
-        ]
-    }
-
-#We do the same for all the components we need, BastionHost, NetworkWatcher and PublicIp in this case
-
-def mock_network_get_bastion_hosts(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            BastionHost(
-                id="id",
-                name="name",
-                location="location",
-            )
-        ]
-    }
-
-def mock_network_get_network_watchers(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            NetworkWatcher(
-                id="id",
-                name="name",
-                location="location",
-                flow_logs=[FlowLog(enabled=True, retention_policy=90)],
-            )
-        ]
-    }
-
-def mock_network_get_public_ip_addresses(_):
-    return {
-        AZURE_SUBSCRIPTION: [
-            PublicIp(
-                id="id",
-                name="name",
-                location="location",
-                ip_address="ip_address",
-            )
-        ]
-    }
-
-#We use the 'path' decorator to replace during the test, the original get functions with the mock functions.
-
-#In this case we are replacing the '__get_security_groups__' with the 'mock_network_get_security_groups'.
-#We do the same for the rest of the functions.
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_security_groups__",
-    new=mock_network_get_security_groups,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_bastion_hosts__",
-    new=mock_network_get_bastion_hosts,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_network_watchers__",
-    new=mock_network_get_network_watchers,
-)
-@patch(
-    "prowler.providers.azure.services.network.network_service.Network.__get_public_ip_addresses__",
-    new=mock_network_get_public_ip_addresses,
-)
-
-#We create the class for finally testing the methods
-class Test_Network_Service:
-
-    #Verifies that Network class initializes correctly a client object
-    def test__get_client__(self):
-        #Creates instance of the Network class with the audit information provided
-        network = Network(set_mocked_azure_audit_info())
-        #Checks if the client is not being initialize correctly
-        assert (
-            network.clients[AZURE_SUBSCRIPTION].__class__.__name__
-            == "NetworkManagementClient"
-        )
-
-    #Verifies Securiy Group are set correctly
-    def test__get_security_groups__(self):
-        network = Network(set_mocked_azure_audit_info())
-        assert (
-            network.security_groups[AZURE_SUBSCRIPTION][0].__class__.__name__
-            == "SecurityGroup"
-        )
-        #As you can see, every field must be right according to the mocking method
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].id == "id"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].name == "name"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].location == "location"
-        assert network.security_groups[AZURE_SUBSCRIPTION][0].security_rules == []
-
-    #Verifies Network Watchers are set correctly
-    def test__get_network_watchers__(self):
-        network = Network(set_mocked_azure_audit_info())
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0].__class__.__name__
-            == "NetworkWatcher"
-        )
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].id == "id"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].name == "name"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].location == "location"
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [
-            FlowLog(enabled=True, retention_policy=90)
-        ]
-    #Verifies Flow Logs are set correctly
-    def __get_flow_logs__(self):
-        network = Network(set_mocked_azure_audit_info())
-        nw_name = "name"
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0]
-            .flow_logs[nw_name][0]
-            .__class__.__name__
-            == "FlowLog"
-        )
-        assert network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs == [
-            FlowLog(enabled=True, retention_policy=90)
-        ]
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0].flow_logs[0].enabled is True
-        )
-        assert (
-            network.network_watchers[AZURE_SUBSCRIPTION][0]
-            .flow_logs[0]
-            .retention_policy
-            == 90
-        )
-
-        ...
-```
-The code continues with some more verifications the same way.
-
-Hopefully this will result useful for understanding and creating new Azure Services checks.
-
-Please refer to the [Azure checks tests](./unit-testing.md#azure) for more information on how to create tests and check the existing services tests [here](https://github.com/prowler-cloud/prowler/tree/master/tests/providers/azure/services).
+Coming soon ...

docs/getting-started/requirements.md

@@ -5,7 +5,7 @@ Prowler has been written in Python using the [AWS SDK (Boto3)](https://boto3.ama
 
 Since Prowler uses AWS Credentials under the hood, you can follow any authentication method as described [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-precedence).
 
-### Authentication
+### AWS Authentication
 
 Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):
 
@@ -26,8 +26,9 @@ Those credentials must be associated to a user or role with proper permissions t
   - `arn:aws:iam::aws:policy/SecurityAudit`
   - `arn:aws:iam::aws:policy/job-function/ViewOnlyAccess`
 
-???+ note
-    Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
+  > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using.
+
+  > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
 
 ### Multi-Factor Authentication
 
@@ -38,7 +39,7 @@ If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to
 
 ## Azure
 
-Prowler for Azure supports the following authentication types:
+Prowler for azure supports the following authentication types:
 
 - Service principal authentication by environment variables (Enterprise Application)
 - Current az cli credentials stored
@@ -62,61 +63,33 @@ The other three cases does not need additional configuration, `--az-cli-auth` an
 
 ### Permissions
 
-To use each one you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:
+To use each one you need to pass the proper flag to the execution. Prowler fro Azure handles two types of permission scopes, which are:
 
-- **Microsoft Entra ID permissions**: Used to retrieve metadata from the identity assumed by Prowler (not mandatory to have access to execute the tool).
+- **Azure Active Directory permissions**: Used to retrieve metadata from the identity assumed by Prowler and future AAD checks (not mandatory to have access to execute the tool)
 - **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool.
 
 
-#### Microsoft Entra ID scope
+#### Azure Active Directory scope
 
-Microsoft Entra ID (AAD earlier) permissions required by the tool are the following:
+Azure Active Directory (AAD) permissions required by the tool are the following:
 
 - `Directory.Read.All`
 - `Policy.Read.All`
-- `UserAuthenticationMethod.Read.All`
 
-The best way to assign it is through the Azure web console:
-
-1. Access to Microsoft Entra ID
-2. In the left menu bar, go to "App registrations"
-3. Once there, in the menu bar click on "+ New registration" to register a new application
-4. Fill the "Name, select the "Supported account types" and click on "Register. You will be redirected to the applications page.
-  ![Register an Application page](../img/register-application.png)
-4. Select the new application
-5. In the left menu bar, select "API permissions"
-6. Then click on "+ Add a permission" and select "Microsoft Graph"
-7. Once in the "Microsoft Graph" view, select "Application permissions"
-8. Finally, search for "Directory", "Policy" and "UserAuthenticationMethod" select the following permissions:
-    - `Directory.Read.All`
-    - `Policy.Read.All`
-    - `UserAuthenticationMethod.Read.All`
-    ![EntraID Permissions](../img/AAD-permissions.png)
+The best way to assign it is through the azure web console:
 
+![AAD Permissions](../img/AAD-permissions.png)
 
 #### Subscriptions scope
 
-Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool:
+Regarding the subscription scope, Prowler by default scans all the subscriptions that is able to list, so it is required to add the following RBAC builtin roles per subscription  to the entity that is going to be assumed by the tool:
 
 - `Security Reader`
 - `Reader`
 
-To assign this roles, follow the instructions:
-
-1. Access your subscription, then select your subscription.
-2. Select "Access control (IAM)".
-3. In the overview, select "Roles"
-  ![IAM Page](../img/page-IAM.png)
-4. Click on "+ Add" and select "Add role assignment"
-5. In the search bar, type `Security Reader`, select it and click on "Next"
-6. In the Members tab, click on "+ Select members" and add the members you want to assign this role.
-7. Click on "Review + assign" to apply the new role.
-
-*Repeat these steps for `Reader` role*
-
 ## Google Cloud
 
-### Authentication
+### GCP Authentication
 
 Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):
 
@@ -126,5 +99,4 @@ Prowler will follow the same credentials search as [Google authentication librar
 
 Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
 
-???+ note
-    By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.
+> By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.

docs/index.md

@@ -1,13 +1,38 @@
-**Prowler** is an Open Source security tool to perform AWS, Azure and Google Cloud security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.
+<p href="https://github.com/prowler-cloud/prowler">
+<img align="right" src="./img/prowler-logo.png" height="100">
+</p>
+<br>
 
-![Prowler Execution](img/short-display.png)
+# Prowler Documentation
+
+**Welcome to [Prowler Open Source v3](https://github.com/prowler-cloud/prowler/) Documentation!** 📄
+
+For **Prowler v2 Documentation**, please go [here](https://github.com/prowler-cloud/prowler/tree/2.12.0) to the branch and its README.md.
+
+- You are currently in the **Getting Started** section where you can find general information and requirements to help you start with the tool.
+- In the [Tutorials](./tutorials/misc.md) section you will see how to take advantage of all the features in Prowler.
+- In the [Contact Us](./contact.md) section you can find how to reach us out in case of technical issues.
+- In the [About](./about.md) section you will find more information about the Prowler team and license.
+
+## About Prowler
+
+**Prowler** is an Open Source security tool to perform AWS, Azure and Google Cloud security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
+
+It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
+
+[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/prowlercloud.svg?style=social&label=Follow%20%40prowlercloud)](https://twitter.com/prowlercloud)
+
+## About ProwlerPro
+
+<a href="https://prowler.pro"><img align="right" src="./img/prowler-pro-light.png" width="350"></a> **ProwlerPro** gives you the benefits of Prowler Open Source plus continuous monitoring, faster execution, personalized support, visualization of your data with dashboards, alerts and much more.
+Visit <a href="https://prowler.pro">prowler.pro</a> for more info.
 
-Prowler offers hundreds of controls covering more than 25 standards and compliance frameworks like CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
 
 ## Quick Start
 ### Installation
 
-Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/), thus can be installed using pip with `Python >= 3.9`:
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with `Python >= 3.9`:
+
 
 === "Generic"
 
@@ -111,21 +136,30 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),
 
 === "AWS CloudShell"
 
-    After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [2](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+    Prowler can be easely executed in AWS CloudShell but it has some prerequsites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
 
     _Requirements_:
 
-    * Open AWS CloudShell `bash`.
-
+    * First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
+    ```
+    sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
+    wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
+    tar zxf Python-3.9.16.tgz
+    cd Python-3.9.16/
+    ./configure --enable-optimizations
+    sudo make altinstall
+    python3.9 --version
+    cd
+    ```
     _Commands_:
 
+    * Once Python 3.9 is available we can install Prowler from pip:
     ```
-    pip install prowler
+    pip3.9 install prowler
     prowler -v
     ```
 
-    ???+ note
-        To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
+    > To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
 
 === "Azure CloudShell"
 
@@ -160,18 +194,14 @@ You can run Prowler from your workstation, an EC2 instance, Fargate or any other
 ![Architecture](img/architecture.png)
 ## Basic Usage
 
-To run Prowler, you will need to specify the provider (e.g `aws`, `gcp` or `azure`):
-
-???+ note
-    If no provider specified, AWS will be used for backward compatibility with most of v2 options.
+To run Prowler, you will need to specify the provider (e.g aws, gcp or azure):
+> If no provider specified, AWS will be used for backward compatibility with most of v2 options.
 
 ```console
 prowler <provider>
 ```
 ![Prowler Execution](img/short-display.png)
-
-???+ note
-    Running the `prowler` command without options will use your environment variable credentials, see [Requirements](./getting-started/requirements.md) section to review the credentials settings.
+> Running the `prowler` command without options will use your environment variable credentials, see [Requirements](./getting-started/requirements.md) section to review the credentials settings.
 
 If you miss the former output you can use `--verbose` but Prowler v3 is smoking fast, so you won't see much ;)
 
@@ -222,9 +252,7 @@ Use a custom AWS profile with `-p`/`--profile` and/or AWS regions which you want
 ```console
 prowler aws --profile custom-profile -f us-east-1 eu-south-2
 ```
-
-???+ note
-    By default, `prowler` will scan all AWS regions.
+> By default, `prowler` will scan all AWS regions.
 
 See more details about AWS Authentication in [Requirements](getting-started/requirements.md)
 
@@ -274,6 +302,3 @@ prowler gcp --project-ids <Project ID 1> <Project ID 2> ... <Project ID N>
 ```
 
 See more details about GCP Authentication in [Requirements](getting-started/requirements.md)
-
-## Prowler v2 Documentation
-For **Prowler v2 Documentation**, please check it out [here](https://github.com/prowler-cloud/prowler/blob/8818f47333a0c1c1a457453c87af0ea5b89a385f/README.md).

docs/security.md

@@ -13,9 +13,9 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F
 
 ## Reporting Vulnerabilities
 
-If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler SaaS service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.
 
-The information you share with the Prowler team as part of this process is kept confidential within Prowler. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
 
 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.
 

docs/tutorials/allowlist.md

@@ -113,8 +113,7 @@ You will need to pass the S3 URI where your Allowlist YAML file was uploaded to
 ```
 prowler aws -w s3://<bucket>/<prefix>/allowlist.yaml
 ```
-???+ note
-    Make sure that the used AWS credentials have s3:GetObject permissions in the S3 path where the allowlist file is located.
+> Make sure that the used AWS credentials have s3:GetObject permissions in the S3 path where the allowlist file is located.
 
 ### AWS DynamoDB Table ARN
 
@@ -139,8 +138,7 @@ The following example will allowlist all resources in all accounts for the EC2 c
 
 <img src="../img/allowlist-row.png"/>
 
-???+ note
-    Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table.
+> Make sure that the used AWS credentials have `dynamodb:PartiQLSelect` permissions in the table.
 
 ### AWS Lambda ARN
 

docs/tutorials/aws/authentication.md

@@ -19,8 +19,9 @@ Those credentials must be associated to a user or role with proper permissions t
   - `arn:aws:iam::aws:policy/SecurityAudit`
   - `arn:aws:iam::aws:policy/job-function/ViewOnlyAccess`
 
-???+ note
-    Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using. If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
+  > Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy [prowler-additions-policy.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-additions-policy.json) to the role you are using.
+
+  > If you want Prowler to send findings to [AWS Security Hub](https://aws.amazon.com/security-hub), make sure you also attach the custom policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json).
 
 
 ## Profiles

docs/tutorials/aws/boto3-configuration.md

@@ -32,14 +32,3 @@ Prowler's AWS Provider uses the Boto3 [Standard](https://boto3.amazonaws.com/v1/
 - Retry attempts on nondescriptive, transient error codes. Specifically, these HTTP status codes: 500, 502, 503, 504.
 
 - Any retry attempt will include an exponential backoff by a base factor of 2 for a maximum backoff time of 20 seconds.
-
-## Notes for validating retry attempts
-
-If you are making changes to Prowler, and want to validate if requests are being retried or given up on, you can take the following approach
-
-* Run prowler with `--log-level DEBUG` and `--log-file debuglogs.txt`
-* Search for retry attempts using `grep -i 'Retry needed' debuglogs.txt`
-
-This is based off of the [AWS documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html#checking-retry-attempts-in-your-client-logs), which states that if a retry is performed, you will see a message starting with "Retry needed".
-
-You can determine the total number of calls made using `grep -i 'Sending http request' debuglogs.txt | wc -l`

docs/tutorials/aws/cloudshell.md

@@ -1,26 +1,26 @@
 # AWS CloudShell
 
-## Installation
-After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [[2]](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
-```shell
-pip install prowler
+Prowler can be easily executed in AWS CloudShell but it has some prerequisites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+
+- First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
+```
+sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
+wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
+tar zxf Python-3.9.16.tgz
+cd Python-3.9.16/
+./configure --enable-optimizations
+sudo make altinstall
+python3.9 --version
+cd 
+```
+- Once Python 3.9 is available we can install Prowler from pip:
+```
+pip3.9 install prowler
+```
+- Now enjoy Prowler:
+```
 prowler -v
+prowler 
 ```
 
-## Download Files
-
-To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
-
-## Clone Prowler from Github
-
-The limited storage that AWS CloudShell provides for the user's home directory causes issues when installing the poetry dependencies to run Prowler from GitHub. Here is a workaround:
-```shell
-git clone https://github.com/prowler-cloud/prowler.git
-cd prowler
-pip install poetry
-mkdir /tmp/pypoetry
-poetry config cache-dir /tmp/pypoetry
-poetry shell
-poetry install
-python prowler.py -v
-```
+- To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`

docs/tutorials/aws/organizations.md

@@ -1,28 +1,21 @@
 # AWS Organizations
-
 ## Get AWS Account details from your AWS Organization
 
-Prowler allows you to get additional information of the scanned account from AWS Organizations.
+Prowler allows you to get additional information of the scanned account in CSV and JSON outputs. When scanning a single account you get the Account ID as part of the output.
 
-If you have AWS Organizations enabled, Prowler can get your account details like account name, email, ARN, organization id and tags and you will have them next to every finding's output.
+If you have AWS Organizations Prowler can get your account details like Account Name, Email, ARN, Organization ID and Tags and you will have them next to every finding in the CSV and JSON outputs.
 
-In order to do that you can use the argument `-O`/`--organizations-role <organizations_role_arn>`. If this argument is not present Prowler will try to fetch that information automatically if the AWS account is a delegated administrator for the AWS Organization.
-
-???+ note
-    Refer [here](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_delegate_policies.html) for more information about AWS Organizations delegated administrator.
-
-See the following sample command:
+In order to do that you can use the option `-O`/`--organizations-role <organizations_role_arn>`. See the following sample command:
 
 ```shell
 prowler aws \
   -O arn:aws:iam::<management_organizations_account_id>:role/<role_name>
 ```
-???+ note
-    Make sure the role in your AWS Organizations management account has the permissions `organizations:DescribeAccount` and `organizations:ListTagsForResource`.
+> Make sure the role in your AWS Organizations management account has the permissions `organizations:ListAccounts*` and `organizations:ListTagsForResource`.
 
-Prowler will scan the AWS account and get the account details from AWS Organizations.
+In that command Prowler will scan the account and getting the account details from the AWS Organizations management account assuming a role and creating two reports with those details in JSON and CSV.
 
-In the JSON output below you can see tags coded in base64 to prevent breaking CSV or JSON due to its format:
+In the JSON output below (redacted) you can see tags coded in base64 to prevent breaking CSV or JSON due to its format:
 
 ```json
   "Account Email": "my-prod-account@domain.com",
@@ -32,15 +25,13 @@ In the JSON output below you can see tags coded in base64 to prevent breaking CS
   "Account tags": "\"eyJUYWdzIjpasf0=\""
 ```
 
-The additional fields in CSV header output are as follows:
+The additional fields in CSV header output are as follow:
 
-- ACCOUNT_DETAILS_EMAIL
-- ACCOUNT_DETAILS_NAME
-- ACCOUNT_DETAILS_ARN
-- ACCOUNT_DETAILS_ORG
-- ACCOUNT_DETAILS_TAGS
+```csv
+ACCOUNT_DETAILS_EMAIL,ACCOUNT_DETAILS_NAME,ACCOUNT_DETAILS_ARN,ACCOUNT_DETAILS_ORG,ACCOUNT_DETAILS_TAGS
+```
 
-## Extra: Run Prowler across all accounts in AWS Organizations by assuming roles
+## Extra: run Prowler across all accounts in AWS Organizations by assuming roles
 
 If you want to run Prowler across all accounts of AWS Organizations you can do this:
 
@@ -64,6 +55,4 @@ If you want to run Prowler across all accounts of AWS Organizations you can do t
     done
     ```
 
-???+ note
-    Using the same for loop it can be scanned a list of accounts with a variable like:
-    </br>`ACCOUNTS_LIST='11111111111 2222222222 333333333'`
+> Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`

docs/tutorials/aws/regions-and-partitions.md

@@ -6,13 +6,10 @@ By default Prowler is able to scan the following AWS partitions:
 - China: `aws-cn`
 - GovCloud (US): `aws-us-gov`
 
-???+ note
-    To check the available regions for each partition and service please refer to the following document [aws_regions_by_service.json](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/aws_regions_by_service.json)
+> To check the available regions for each partition and service please refer to the following document [aws_regions_by_service.json](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/aws/aws_regions_by_service.json)
 
 It is important to take into consideration that to scan the China (`aws-cn`) or GovCloud (`aws-us-gov`) partitions it is either required to have a valid region for that partition in your AWS credentials or to specify the regions you want to audit for that partition using the `-f/--region` flag.
-
-???+ note
-    Please, refer to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials for more information about the AWS credentials configuration.
+> Please, refer to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials for more information about the AWS credentials configuration.
 
 Prowler can scan specific region(s) with:
 ```console
@@ -37,8 +34,7 @@ aws_access_key_id = XXXXXXXXXXXXXXXXXXX
 aws_secret_access_key = XXXXXXXXXXXXXXXXXXX
 region = cn-north-1
 ```
-???+ note
-    With this option all the partition regions will be scanned without the need of use the `-f/--region` flag
+> With this option all the partition regions will be scanned without the need of use the `-f/--region` flag
 
 
 ## AWS GovCloud (US)
@@ -56,8 +52,7 @@ aws_access_key_id = XXXXXXXXXXXXXXXXXXX
 aws_secret_access_key = XXXXXXXXXXXXXXXXXXX
 region = us-gov-east-1
 ```
-???+ note
-    With this option all the partition regions will be scanned without the need of use the `-f/--region` flag
+> With this option all the partition regions will be scanned without the need of use the `-f/--region` flag
 
 
 ## AWS ISO (US & Europe)

docs/tutorials/aws/role-assumption.md

@@ -23,22 +23,13 @@ prowler aws -R arn:aws:iam::<account_id>:role/<role_name>
 prowler aws -T/--session-duration <seconds> -I/--external-id <external_id> -R arn:aws:iam::<account_id>:role/<role_name>
 ```
 
-## Custom Role Session Name
-
-Prowler can use your custom Role Session name with:
-```console
-prowler aws --role-session-name <role_session_name>
-```
-
-???+ note
-    It defaults to `ProwlerAssessmentSession`.
-
 ## STS Endpoint Region
 
 If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`.
 
-???+ note
-    Since v3.11.0, Prowler uses a regional token in STS sessions so it can scan all AWS regions without needing the `--sts-endpoint-region` argument. Make sure that you have enabled the AWS Region you want to scan in **BOTH** AWS Accounts (assumed role account and account from which you assume the role).
+> Since v3.11.0, Prowler uses a regional token in STS sessions so it can scan all AWS regions without needing the `--sts-endpoint-region` argument.
+
+> Make sure that you have enabled the AWS Region you want to scan in BOTH AWS Accounts (assumed role account and account from which you assume the role).
 
 ## Role MFA
 
@@ -51,7 +42,6 @@ If your IAM Role has MFA configured you can use `--mfa` along with  `-R`/`--role
 
 To create a role to be assumed in one or multiple accounts you can use either as CloudFormation Stack or StackSet the following [template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it.
 
-???+ note "About Session Duration"
-    Depending on the amount of checks you run and the size of your infrastructure, Prowler may require more than 1 hour to finish. Use option `-T <seconds>` to allow up to 12h (43200 seconds). To allow more than 1h you need to modify _"Maximum CLI/API session duration"_ for that particular role, read more [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session).
+> _NOTE 1 about Session Duration_: Depending on the amount of checks you run and the size of your infrastructure, Prowler may require more than 1 hour to finish. Use option `-T <seconds>` to allow up to 12h (43200 seconds). To allow more than 1h you need to modify _"Maximum CLI/API session duration"_ for that particular role, read more [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session).
 
-    Bear in mind that if you are using roles assumed by role chaining there is a hard limit of 1 hour so consider not using role chaining if possible, read more about that, in foot note 1 below the table [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).
+> _NOTE 2 about Session Duration_: Bear in mind that if you are using roles assumed by role chaining there is a hard limit of 1 hour so consider not using role chaining if possible, read more about that, in foot note 1 below the table [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).

docs/tutorials/aws/s3.md

@@ -21,5 +21,6 @@ By default Prowler sends HTML, JSON and CSV output formats, if you want to send
 prowler <provider> -M csv -B my-bucket
 ```
 
-???+ note
-        In the case you do not want to use the assumed role credentials but the initial credentials to put the reports into the S3 bucket, use `-D`/`--output-bucket-no-assume` instead of `-B`/`--output-bucket`. Make sure that the used credentials have `s3:PutObject` permissions in the S3 path where the reports are going to be uploaded.
+> In the case you do not want to use the assumed role credentials but the initial credentials to put the reports into the S3 bucket, use `-D`/`--output-bucket-no-assume` instead of `-B`/`--output-bucket`.
+
+> Make sure that the used credentials have `s3:PutObject` permissions in the S3 path where the reports are going to be uploaded.

docs/tutorials/aws/securityhub.md

@@ -1,137 +1,61 @@
 # AWS Security Hub Integration
 
-Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows **Prowler** to import its findings to AWS Security Hub.
+Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows Prowler to import its findings to AWS Security Hub.
 
+With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions and from Prowler for free.
 
-Before sending findings, you will need to enable AWS Security Hub and the **Prowler** integration.
+Before sending findings to Prowler, you will need to perform next steps:
 
-## Enable AWS Security Hub
+1. Since Security Hub is a region based service, enable it in the region or regions you require. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
+    - `aws securityhub enable-security-hub --region <region>`.
+2. Enable Prowler as partner integration integration. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
+    - `aws securityhub enable-import-findings-for-product --region <region> --product-arn arn:aws:securityhub:<region>::product/prowler/prowler` (change region also inside the ARN).
+    - Using the AWS Management Console:
+     ![Screenshot 2020-10-29 at 10 26 02 PM](https://user-images.githubusercontent.com/3985464/97634660-5ade3400-1a36-11eb-9a92-4a45cc98c158.png)
+3. Allow Prowler to import its findings to AWS Security Hub by adding the policy below to the role or user running Prowler:
+    - [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
 
-To enable the integration you have to perform the following steps, in _at least_ one AWS region of a given AWS account, to enable **AWS Security Hub** and **Prowler** as a partner integration.
-
-Since **AWS Security Hub** is a region based service, you will need to enable it in the region or regions you require. You can configure it using the AWS Management Console or the AWS CLI.
-
-???+ note
-    Take into account that enabling this integration will incur in costs in AWS Security Hub, please refer to its pricing [here](https://aws.amazon.com/security-hub/pricing/) for more information.
-
-### Using the AWS Management Console
-
-#### Enable AWS Security Hub
-
-If you have currently AWS Security Hub enabled you can skip to the [next section](#enable-prowler-integration).
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. When you open the Security Hub console for the first time make sure that you are in the region you want to enable, then choose **Go to Security Hub**.
-![](./img/enable.png)
-
-3. On the next page, the Security standards section lists the security standards that Security Hub supports. Select the check box for a standard to enable it, and clear the check box to disable it.
-
-4. Choose **Enable Security Hub**.
-![](./img/enable-2.png)
-
-#### Enable Prowler Integration
-
-If you have currently the Prowler integration enabled in AWS Security Hub you can skip to the [next section](#send-findings) and start sending findings.
-
-Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your **AWS Security Hub**.
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. Select the **Integrations** tab in the right-side menu bar.
-![](./img/enable-partner-integration.png)
-
-3. Search for _Prowler_ in the text search box and the **Prowler** integration will appear.
-
-4. Once there, click on **Accept Findings** to allow **AWS Security Hub** to receive findings from **Prowler**.
-![](./img/enable-partner-integration-2.png)
-
-5. A new modal will appear to confirm that you are enabling the **Prowler** integration.
-![](./img/enable-partner-integration-3.png)
-
-6. Right after click on **Accept Findings**, you will see that the integration is enabled in **AWS Security Hub**.
-![](./img/enable-partner-integration-4.png)
-
-### Using the AWS CLI
-
-To enable **AWS Security Hub** and the **Prowler** integration you have to run the following commands using the AWS CLI:
-
-```shell
-aws securityhub enable-security-hub --region <region>
-```
-???+ note
-    For this command to work you will need the `securityhub:EnableSecurityHub` permission. You will need to set the AWS region where you want to enable AWS Security Hub.
-
-Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your AWS Security Hub. You have to run the following commands using the AWS CLI:
-
-```shell
-aws securityhub enable-import-findings-for-product --region eu-west-1 --product-arn arn:aws:securityhub:<region>::product/prowler/prowler
-```
-???+ note
-    You will need to set the AWS region where you want to enable the integration and also the AWS region also within the ARN. For this command to work you will need the `securityhub:securityhub:EnableImportFindingsForProduct` permission.
-
-
-## Send Findings
 Once it is enabled, it is as simple as running the command below (for all regions):
 
 ```sh
-prowler aws --security-hub
+prowler aws -S
 ```
 
 or for only one filtered region like eu-west-1:
 
 ```sh
-prowler --security-hub --region eu-west-1
+prowler -S -f eu-west-1
 ```
 
-???+ note
-    It is recommended to send only fails to Security Hub and that is possible adding `-q/--quiet` to the command. You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub.
+> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q` to the command.
 
-    Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f/--region <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
+> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
 
-    To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.
+> **Note 3**: To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.
 
-### See you Prowler findings in AWS Security Hub
+Once you run findings for first time you will be able to see Prowler findings in Findings section:
 
-Once configured the **AWS Security Hub** in your next scan you will receive the **Prowler** findings in the AWS regions configured. To review those findings in **AWS Security Hub**:
-
-1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
-
-2. Select the **Findings** tab in the right-side menu bar.
-![](./img/findings.png)
-
-3. Use the search box filters and use the **Product Name** filter with the value _Prowler_ to see the findings sent from **Prowler**.
-
-4. Then, you can click on the check **Title** to see the details and the history of a finding.
-![](./img/finding-details.png)
-
-As you can see in the related requirements section, in the detailed view of the findings, **Prowler** also sends compliance information related to every finding.
+![Screenshot 2020-10-29 at 10 29 05 PM](https://user-images.githubusercontent.com/3985464/97634676-66c9f600-1a36-11eb-9341-70feb06f6331.png)
 
 ## Send findings to Security Hub assuming an IAM Role
 
 When you are auditing a multi-account AWS environment, you can send findings to a Security Hub of another account by assuming an IAM role from that account using the `-R` flag in the Prowler command:
 
 ```sh
-prowler --security-hub --role arn:aws:iam::123456789012:role/ProwlerExecutionRole
+prowler -S -R arn:aws:iam::123456789012:role/ProwlerExecRole
 ```
 
-???+ note
-    Remember that the used role needs to have permissions to send findings to Security Hub. To get more information about the permissions required, please refer to the following IAM policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
+> Remember that the used role needs to have permissions to send findings to Security Hub. To get more information about the permissions required, please refer to the following IAM policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
 
 
 ## Send only failed findings to Security Hub
 
-When using the **AWS Security Hub** integration you can send only the `FAIL` findings generated by **Prowler**. Therefore, the **AWS Security Hub** usage costs eventually would be lower. To follow that recommendation you could add the `-q/--quiet` flag to the Prowler command:
+When using Security Hub it is recommended to send only the failed findings generated. To follow that recommendation you could add the `-q` flag to the Prowler command:
 
 ```sh
-prowler --security-hub --quiet
+prowler -S -q
 ```
 
-You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub:
-
-```sh
-prowler --security-hub --send-sh-only-fails
-```
 
 ## Skip sending updates of findings to Security Hub
 
@@ -139,5 +63,5 @@ By default, Prowler archives all its findings in Security Hub that have not appe
 You can skip this logic by using the option `--skip-sh-update` so Prowler will not archive older findings:
 
 ```sh
-prowler --security-hub --skip-sh-update
+prowler -S --skip-sh-update
 ```

docs/tutorials/aws/v2_to_v3_checks_mapping.md

@@ -95,8 +95,7 @@ checks_v3_to_v2_mapping = {
     "ec2_networkacl_allow_ingress_any_port": "extra7138",
     "ec2_networkacl_allow_ingress_tcp_port_22": "check45",
     "ec2_networkacl_allow_ingress_tcp_port_3389": "check46",
-    "ec2_securitygroup_allow_ingress_from_internet_to_all_ports": "extra748",
-    "ec2_securitygroup_allow_ingress_from_internet_to_any_port": "extra74",
+    "ec2_securitygroup_allow_ingress_from_internet_to_any_port": "extra748",
     "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018": "extra753",
     "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21": "extra7134",
     "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22": "check41",

docs/tutorials/azure/use-non-default-cloud.md

@@ -1,16 +0,0 @@
-# Use non default Azure regions
-
-Microsoft provides clouds for compliance with regional laws, which are available for your use.
-By default, Prowler uses `AzureCloud` cloud which is the comercial one. (you can list all the available with `az cloud list --output table`).
-
-At the time of writing this documentation the available Azure Clouds from different regions are the following:
-- AzureCloud
-- AzureChinaCloud
-- AzureUSGovernment
-- AzureGermanCloud
-
-If you want to change the default one you must include the flag `--azure-region`, i.e.:
-
-```console
-prowler azure --az-cli-auth --azure-region AzureChinaCloud
-```

docs/tutorials/check-aliases.md

@@ -1,19 +1,19 @@
 # Check Aliases
 
 Prowler allows you to use aliases for the checks. You only have to add the `CheckAliases` key to the check's metadata with a list of the aliases:
-```json title="check.metadata.json"
-"Provider": "<provider>",
-"CheckID": "<check_id>",
-"CheckTitle": "<check_title>",
-"CheckAliases": [
-  "<check_alias_1>"
-  "<check_alias_2>",
-  ...
-],
-...
-```
+
+    "Provider": "<provider>",
+    "CheckID": "<check_id>",
+    "CheckTitle": "<check_title>",
+    "CheckAliases": [
+      "<check_alias_1>"
+      "<check_alias_2>",
+      ...
+    ],
+    ...
+
 Then, you can execute the check either with its check ID or with one of the previous aliases:
-```shell
+```console
 prowler <provider> -c/--checks <check_alias_1>
 
 Using alias <check_alias_1> for check <check_id>...

docs/tutorials/compliance.md

@@ -8,38 +8,29 @@ prowler <provider> --list-compliance
 ```
 Currently, the available frameworks are:
 
-- `aws_account_security_onboarding_aws`
-- `aws_audit_manager_control_tower_guardrails_aws`
-- `aws_foundational_security_best_practices_aws`
-- `aws_well_architected_framework_reliability_pillar_aws`
-- `aws_well_architected_framework_security_pillar_aws`
 - `cis_1.4_aws`
 - `cis_1.5_aws`
-- `cis_2.0_aws`
-- `cis_2.0_gcp`
-- `cis_2.0_azure`
-- `cis_2.1_azure`
-- `cis_3.0_aws`
-- `cisa_aws`
 - `ens_rd2022_aws`
+- `aws_audit_manager_control_tower_guardrails_aws`
+- `aws_foundational_security_best_practices_aws`
+- `aws_well_architected_framework_security_pillar_aws`
+- `cisa_aws`
 - `fedramp_low_revision_4_aws`
 - `fedramp_moderate_revision_4_aws`
 - `ffiec_aws`
-- `aws_foundational_technical_review_aws`
 - `gdpr_aws`
-- `gxp_21_cfr_part_11_aws`
 - `gxp_eu_annex_11_aws`
+- `gxp_21_cfr_part_11_aws`
 - `hipaa_aws`
-- `iso27001_2013_aws`
-- `mitre_attack_aws`
-- `nist_800_171_revision_2_aws`
 - `nist_800_53_revision_4_aws`
 - `nist_800_53_revision_5_aws`
+- `nist_800_171_revision_2_aws`
 - `nist_csf_1.1_aws`
 - `pci_3.2.1_aws`
 - `rbi_cyber_security_framework_aws`
 - `soc2_aws`
 
+
 ## List Requirements of Compliance Frameworks
 For each compliance framework, you can use option `--list-compliance-requirements` to list its requirements:
 ```sh

docs/tutorials/configuration_file.md

@@ -33,28 +33,17 @@ The following list includes all the AWS checks with configurable variables that
 | `drs_job_exist`                                               | `allowlist_non_default_regions`                  | Boolean         |
 | `guardduty_is_enabled`                                        | `allowlist_non_default_regions`                  | Boolean         |
 | `securityhub_enabled`                                         | `allowlist_non_default_regions`                  | Boolean         |
-| `rds_instance_backup_enabled`                                  | `check_rds_instance_replicas`      | Boolean        |
+
 ## Azure
 
 ### Configurable Checks
-The following list includes all the Azure checks with configurable variables that can be changed in the configuration yaml file:
-
-| Check Name                                                    | Value                                            | Type            |
-|---------------------------------------------------------------|--------------------------------------------------|-----------------|
-| `network_public_ip_shodan`                                   | `shodan_api_key`                    | String         |
-| `app_ensure_php_version_is_latest`                            | `php_latest_version`                             | String          |
-| `app_ensure_python_version_is_latest`                         | `python_latest_version`                          | String          |
-| `app_ensure_java_version_is_latest`                           | `java_latest_version`                            | String          |
-
 
 ## GCP
 
 ### Configurable Checks
 
 ## Config YAML File Structure
-
-???+ note
-    This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider.
+> This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider.
 
 ```yaml title="config.yaml"
 # AWS Configuration
@@ -100,27 +89,18 @@ aws:
   # aws.awslambda_function_using_supported_runtimes
   obsolete_lambda_runtimes:
     [
-      "java8",
-      "go1.x",
-      "provided",
       "python3.6",
       "python2.7",
-      "python3.7",
       "nodejs4.3",
       "nodejs4.3-edge",
       "nodejs6.10",
       "nodejs",
       "nodejs8.10",
       "nodejs10.x",
-      "nodejs12.x",
-      "nodejs14.x",
-      "dotnet5.0",
       "dotnetcore1.0",
       "dotnetcore2.0",
       "dotnetcore2.1",
-      "dotnetcore3.1",
       "ruby2.5",
-      "ruby2.7",
     ]
 
   # AWS Organizations
@@ -144,29 +124,10 @@ aws:
   # trustedadvisor_premium_support_plan_subscribed
   verify_premium_support_plans: True
 
-  # AWS RDS
-  # aws.rds_instance_backup_enabled
-  # Whether to check RDS instance replicas or not
-  check_rds_instance_replicas: False
-
 # Azure Configuration
 azure:
-  # Azure Network Configuration
-  # azure.network_public_ip_shodan
-  shodan_api_key: null
-
-  # Azure App Configuration
-  # azure.app_ensure_php_version_is_latest
-  php_latest_version: "8.2"
-  # azure.app_ensure_python_version_is_latest
-  python_latest_version: "3.12"
-  # azure.app_ensure_java_version_is_latest
-  java_latest_version: "17"
 
 # GCP Configuration
 gcp:
-  # GCP Compute Configuration
-  # gcp.compute_public_address_shodan
-  shodan_api_key: null
 
 ```

docs/tutorials/custom-checks-metadata.md

@@ -1,43 +0,0 @@
-# Custom Checks Metadata
-
-In certain organizations, the severity of specific checks might differ from the default values defined in the check's metadata. For instance, while `s3_bucket_level_public_access_block` could be deemed `critical` for some organizations, others might assign a different severity level.
-
-The custom metadata option offers a means to override default metadata set by Prowler
-
-You can utilize `--custom-checks-metadata-file` followed by the path to your custom checks metadata YAML file.
-
-## Available Fields
-
-The list of supported check's metadata fields that can be override are listed as follows:
-
-- Severity
-
-## File Syntax
-
-This feature is available for all the providers supported in Prowler since the metadata format is common between all the providers. The following is the YAML format for the custom checks metadata file:
-```yaml title="custom_checks_metadata.yaml"
-CustomChecksMetadata:
-  aws:
-    Checks:
-      s3_bucket_level_public_access_block:
-        Severity: high
-      s3_bucket_no_mfa_delete:
-        Severity: high
-  azure:
-    Checks:
-      storage_infrastructure_encryption_is_enabled:
-        Severity: medium
-  gcp:
-    Checks:
-      compute_instance_public_ip:
-        Severity: critical
-```
-
-## Usage
-
-Executing the following command will assess all checks and generate a report while overriding the metadata for those checks:
-```sh
-prowler <provider> --custom-checks-metadata-file <path/to/custom/metadata>
-```
-
-This customization feature enables organizations to tailor the severity of specific checks based on their unique requirements, providing greater flexibility in security assessment and reporting.

docs/tutorials/gcp/authentication.md

@@ -13,8 +13,7 @@ Otherwise, you can generate and download Service Account keys in JSON format (re
 prowler gcp --credentials-file path
 ```
 
-???+ note
-    `prowler` will scan the GCP project associated with the credentials.
+> `prowler` will scan the GCP project associated with the credentials.
 
 
 Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):

docs/tutorials/ignore-unused-services.md

@@ -1,7 +1,6 @@
 # Ignore Unused Services
 
-???+ note
-    Currently only available on the AWS provider.
+> Currently only available on the AWS provider.
 
 Prowler allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports.
 
@@ -30,10 +29,9 @@ If EBS default encyption is not enabled, sensitive information at rest is not pr
 
   - `ec2_ebs_default_encryption`
 
-If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups and the check for the default security group.
+If your Security groups are not properly configured the attack surface is increased, nonetheless, Prowler will detect those security groups that are being used (they are attached) to only notify those that are being used. This logic applies to the 15 checks related to open ports in security groups.
 
   - `ec2_securitygroup_allow_ingress_from_internet_to_port_X` (15 checks)
-  - `ec2_securitygroup_default_restrict_traffic`
 
 Prowler will also check for used Network ACLs to only alerts those with open ports that are being used.
 
@@ -49,7 +47,7 @@ It is a best practice to encrypt both metadata and connection passwords in AWS G
 #### Inspector
 Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2, Amazon ECR, and AWS Lambda environments. Prowler recommends to enable it and resolve all the Inspector's findings. Ignoring the unused services, Prowler will only notify you if there are any Lambda functions, EC2 instances or ECR repositories in the region where Amazon inspector should be enabled.
 
-  - `inspector2_is_enabled`
+  - `inspector2_findings_exist`
 
 #### Macie
 Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in S3 buckets. Prowler will only create a finding when Macie is not enabled if there are S3 buckets in your account.
@@ -70,15 +68,3 @@ You should enable Public Access Block at the account level to prevent the exposu
 VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows. Nevertheless, Prowler will only check if the Flow Logs are enabled for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
 
   - `vpc_flow_logs_enabled`
-
-VPC subnets must not have public IP addresses by default to prevent the exposure of your resources to the internet. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_no_public_ip_by_default`
-
-VPCs should have separate private and public subnets to prevent the exposure of your resources to the internet. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_separate_private_public`
-
-VPCs should have subnets in different availability zones to prevent a single point of failure. Prowler will only check this configuration for those VPCs that are in use, in other words, only the VPCs where you have ENIs (network interfaces).
-
-  - `vpc_subnet_different_az`

docs/tutorials/integrations.md

@@ -10,9 +10,7 @@ prowler <provider> --slack
 
 ![Prowler Slack Message](img/slack-prowler-message.png)
 
-???+ note
-    Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables.
-
+> Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables.
 ### Configuration
 
 To configure the Slack Integration, follow the next steps:
@@ -35,4 +33,4 @@ To configure the Slack Integration, follow the next steps:
 
 4. Set the following environment variables that Prowler will read:
     - `SLACK_API_TOKEN`: the *Slack App OAuth Token* that was previously get.
-    - `SLACK_CHANNEL_NAME`: the name of your Slack Channel where Prowler will send the message.
+    - `SLACK_CHANNEL_ID`: the name of your Slack Channel where Prowler will send the message.

docs/tutorials/logging.md

@@ -18,8 +18,7 @@ You can establish the log level of Prowler with `--log-level` option:
 prowler <provider> --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
 ```
 
-???+ note
-    By default, Prowler will run with the `CRITICAL` log level, since critical errors will abort the execution.
+> By default, Prowler will run with the `CRITICAL` log level, since critical errors will abort the execution.
 
 ## Export Logs to File
 
@@ -46,5 +45,4 @@ An example of a log file will be the following:
         "message": "eu-west-2 -- ClientError[124]: An error occurred (UnauthorizedOperation) when calling the DescribeNetworkAcls operation: You are not authorized to perform this operation."
     }
 
-???+ note
-    Each finding is represented as a `json` object.
+> NOTE: Each finding is represented as a `json` object.

docs/tutorials/misc.md

@@ -61,26 +61,21 @@ Prowler allows you to include your custom checks with the flag:
 ```console
 prowler <provider> -x/--checks-folder <custom_checks_folder>
 ```
-
-???+ note
-    S3 URIs are also supported as folders for custom checks, e.g. `s3://bucket/prefix/checks_folder/`. Make sure that the used credentials have `s3:GetObject` permissions in the S3 path where the custom checks are located.
+> S3 URIs are also supported as folders for custom checks, e.g. s3://bucket/prefix/checks_folder/. Make sure that the used credentials have s3:GetObject permissions in the S3 path where the custom checks are located.
 
 The custom checks folder must contain one subfolder per check, each subfolder must be named as the check and must contain:
 
 - An empty `__init__.py`: to make Python treat this check folder as a package.
 - A `check_name.py` containing the check's logic.
 - A `check_name.metadata.json` containing the check's metadata.
-
-???+ note
-    The check name must start with the service name followed by an underscore (e.g., ec2_instance_public_ip).
+>The check name must start with the service name followed by an underscore (e.g., ec2_instance_public_ip).
 
 To see more information about how to write checks see the [Developer Guide](../developer-guide/checks.md#create-a-new-check-for-a-provider).
 
-???+ note
-    If you want to run ONLY your custom check(s), import it with -x (--checks-folder) and then run it with -c (--checks), e.g.:
-    ```console
-    prowler aws -x s3://bucket/prowler/providers/aws/services/s3/s3_bucket_policy/ -c s3_bucket_policy
-    ```
+> If you want to run ONLY your custom check(s), import it with -x (--checks-folder) and then run it with -c (--checks), e.g.:
+```console
+prowler aws -x s3://bucket/prowler/providers/aws/services/s3/s3_bucket_policy/ -c s3_bucket_policy
+```
 
 ## Severities
 Each of Prowler's checks has a severity, which can be:

docs/tutorials/parallel-execution.md

@@ -1,188 +0,0 @@
-# Parallel Execution
-
-The strategy used here will be to execute Prowler once per service. You can modify this approach as per your requirements.
-
-This can help for really large accounts, but please be aware of AWS API rate limits:
-
-1. **Service-Specific Limits**: Each AWS service has its own rate limits. For instance, Amazon EC2 might have different rate limits for launching instances versus making API calls to describe instances.
-2. **API Rate Limits**: Most of the rate limits in AWS are applied at the API level. Each API call to an AWS service counts towards the rate limit for that service.
-3. **Throttling Responses**: When you exceed the rate limit for a service, AWS responds with a throttling error. In AWS SDKs, these are typically represented as `ThrottlingException` or `RateLimitExceeded` errors.
-
-For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.cloud/en/latest/tutorials/aws/boto3-configuration/).
-
-???+ note
-    You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy.
-
-## Linux
-
-Generate a list of services that Prowler supports, and populate this info into a file:
-
-```bash
-prowler aws --list-services | awk -F"- " '{print $2}' | sed '/^$/d' > services
-```
-
-Make any modifications for services you would like to skip scanning by modifying this file.
-
-Then create a new PowerShell script file `parallel-prowler.sh` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run Prowler with.
-
-```bash
-#!/bin/bash
-
-# Change these variables as needed
-profile="your_profile"
-account_id=$(aws sts get-caller-identity --profile "${profile}" --query 'Account' --output text)
-
-echo "Executing in account: ${account_id}"
-
-# Maximum number of concurrent processes
-MAX_PROCESSES=5
-
-# Loop through the services
-while read service; do
-    echo "$(date '+%Y-%m-%d %H:%M:%S'): Starting job for service: ${service}"
-
-    # Run the command in the background
-    (prowler -p "$profile" -s "$service" -F "${account_id}-${service}" --ignore-unused-services --only-logs; echo "$(date '+%Y-%m-%d %H:%M:%S') - ${service} has completed") &
-
-    # Check if we have reached the maximum number of processes
-    while [ $(jobs -r | wc -l) -ge ${MAX_PROCESSES} ]; do
-        # Wait for a second before checking again
-        sleep 1
-    done
-done < ./services
-
-# Wait for all background processes to finish
-wait
-echo "All jobs completed"
-```
-
-Output will be stored in the `output/` folder that is in the same directory from which you executed the script.
-
-## Windows
-
-Generate a list of services that Prowler supports, and populate this info into a file:
-
-```powershell
-prowler aws --list-services | ForEach-Object {
-    # Capture lines that are likely service names
-    if ($_ -match '^\- \w+$') {
-        $_.Trim().Substring(2)
-    }
-} | Where-Object {
-    # Filter out empty or null lines
-    $_ -ne $null -and $_ -ne ''
-} | Set-Content -Path "services"
-```
-
-Make any modifications for services you would like to skip scanning by modifying this file.
-
-Then create a new PowerShell script file `parallel-prowler.ps1` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run prowler with.
-
-Change any parameters you would like when calling prowler in the `Start-Job -ScriptBlock` section. Note that you need to keep the `--only-logs` parameter, else some encoding issue occurs when trying to render the progress-bar and prowler won't successfully execute.
-
-```powershell
-$profile = "your_profile"
-$account_id = Invoke-Expression -Command "aws sts get-caller-identity --profile $profile --query 'Account' --output text"
-
-Write-Host "Executing Prowler in $account_id"
-
-# Maximum number of concurrent jobs
-$MAX_PROCESSES = 5
-
-# Read services from a file
-$services = Get-Content -Path "services"
-
-# Array to keep track of started jobs
-$jobs = @()
-
-foreach ($service in $services) {
-    # Start the command as a job
-    $job = Start-Job -ScriptBlock {
-        prowler -p ${using:profile} -s ${using:service} -F "${using:account_id}-${using:service}" --ignore-unused-services --only-logs
-	      $endTimestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
-        Write-Output "${endTimestamp} - $using:service has completed"
-    }
-    $jobs += $job
-    Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - Starting job for service: $service"
-
-    # Check if we have reached the maximum number of jobs
-    while (($jobs | Where-Object { $_.State -eq 'Running' }).Count -ge $MAX_PROCESSES) {
-        Start-Sleep -Seconds 1
-        # Check for any completed jobs and receive their output
-        $completedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
-        foreach ($completedJob in $completedJobs) {
-            Receive-Job -Job $completedJob -Keep | ForEach-Object { Write-Host $_ }
-            $jobs = $jobs | Where-Object { $_.Id -ne $completedJob.Id }
-            Remove-Job -Job $completedJob
-        }
-    }
-}
-
-# Check for any remaining completed jobs
-$remainingCompletedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
-foreach ($remainingJob in $remainingCompletedJobs) {
-    Receive-Job -Job $remainingJob -Keep | ForEach-Object { Write-Host $_ }
-    Remove-Job -Job $remainingJob
-}
-
-Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - All jobs completed"
-```
-
-Output will be stored in `C:\Users\YOUR-USER\Documents\output\`
-
-## Combining the output files
-
-Guidance is provided for the CSV file format. From the ouput directory, execute either the following Bash or PowerShell script. The script will collect the output from the CSV files, only include the header from the first file, and then output the result as CombinedCSV.csv in the current working directory.
-
-There is no logic implemented in terms of which CSV files it will combine. If you have additional CSV files from other actions, such as running a quick inventory, you will need to move that out of the current (or any nested) directory, or move the output you want to combine into its own folder and run the script from there.
-
-```bash
-#!/bin/bash
-
-# Initialize a variable to indicate the first file
-firstFile=true
-
-# Find all CSV files and loop through them
-find . -name "*.csv" -print0 | while IFS= read -r -d '' file; do
-    if [ "$firstFile" = true ]; then
-        # For the first file, keep the header
-        cat "$file" > CombinedCSV.csv
-        firstFile=false
-    else
-        # For subsequent files, skip the header
-        tail -n +2 "$file" >> CombinedCSV.csv
-    fi
-done
-```
-
-```powershell
-# Get all CSV files from current directory and its subdirectories
-$csvFiles = Get-ChildItem -Recurse -Filter "*.csv"
-
-# Initialize a variable to track if it's the first file
-$firstFile = $true
-
-# Loop through each CSV file
-foreach ($file in $csvFiles) {
-    if ($firstFile) {
-        # For the first file, keep the header and change the flag
-        $combinedCsv = Import-Csv -Path $file.FullName
-        $firstFile = $false
-    } else {
-        # For subsequent files, skip the header
-        $tempCsv = Import-Csv -Path $file.FullName
-        $combinedCsv += $tempCsv | Select-Object * -Skip 1
-    }
-}
-
-# Export the combined data to a new CSV file
-$combinedCsv | Export-Csv -Path "CombinedCSV.csv" -NoTypeInformation
-```
-
-## TODO: Additional Improvements
-
-Some services need to instantiate another service to perform a check. For instance, `cloudwatch` will instantiate Prowler's `iam` service to perform the `cloudwatch_cross_account_sharing_disabled` check. When the `iam` service is instantiated, it will perform the `__init__` function, and pull all the information required for that service. This provides an opportunity for an improvement in the above script to group related services together so that the `iam` services (or any other cross-service references) isn't repeatedily instantiated by grouping dependant services together. A complete mapping between these services still needs to be further investigated, but these are the cross-references that have been noted:
-
-* inspector2 needs lambda and ec2
-* cloudwatch needs iam
-* dlm needs ec2

docs/tutorials/pentesting.md

@@ -50,7 +50,6 @@ Several checks analyse resources that are exposed to the Internet, these are:
 - sagemaker_notebook_instance_without_direct_internet_access_configured
 - sns_topics_not_publicly_accessible
 - sqs_queues_not_publicly_accessible
-- network_public_ip_shodan
 
 ...
 
@@ -62,17 +61,8 @@ prowler <provider> --categories internet-exposed
 
 ### Shodan
 
-Prowler allows you check if any public IPs in your Cloud environments are exposed in Shodan with `-N`/`--shodan <shodan_api_key>` option:
+Prowler allows you check if any elastic ip in your AWS Account is exposed in Shodan with `-N`/`--shodan <shodan_api_key>` option:
 
-For example, you can check if any of your AWS EC2 instances has an elastic IP exposed in shodan:
 ```console
-prowler aws -N/--shodan <shodan_api_key> -c ec2_elastic_ip_shodan
-```
-Also, you can check if any of your Azure Subscription has an public IP exposed in shodan:
-```console
-prowler azure -N/--shodan <shodan_api_key> -c network_public_ip_shodan
-```
-And finally, you can check if any of your GCP projects has an public IP address exposed in shodan:
-```console
-prowler gcp -N/--shodan <shodan_api_key> -c compute_public_address_shodan
+prowler aws --shodan <shodan_api_key> -c ec2_elastic_ip_shodan
 ```

docs/tutorials/quick-inventory.md

@@ -1,18 +1,14 @@
 # Quick Inventory
 
 Prowler allows you to execute a quick inventory to extract the number of resources in your provider.
-
-???+ note
-    Currently, it is only available for AWS provider.
+> Currently, it is only available for AWS provider.
 
 
 - You can use option `-i`/`--quick-inventory` to execute it:
 ```sh
 prowler <provider> -i
 ```
-
-???+ note
-    By default, it extracts resources from all the regions, you could use `-f`/`--filter-region` to specify the regions to execute the analysis.
+> By default, it extracts resources from all the regions, you could use `-f`/`--filter-region` to specify the regions to execute the analysis.
 
 - This feature specify both the number of resources for each service and for each resource type.
 

docs/tutorials/reporting.md

@@ -19,12 +19,11 @@ prowler <provider> -M csv json json-asff html -F <custom_report_name>
 ```console
 prowler <provider> -M csv json json-asff html -o <custom_report_directory>
 ```
-???+ note
-    Both flags can be used simultaneously to provide a custom directory and filename.
-    ```console
-    prowler <provider> -M csv json json-asff html \
-            -F <custom_report_name> -o <custom_report_directory>
-    ```
+> Both flags can be used simultaneously to provide a custom directory and filename.
+```console
+prowler <provider> -M csv json json-asff html \
+        -F <custom_report_name> -o <custom_report_directory>
+```
 ## Output timestamp format
 By default, the timestamp format of the output files is ISO 8601. This can be changed with the flag `--unix-timestamp` generating the timestamp fields in pure unix timestamp format.
 
@@ -42,74 +41,50 @@ Hereunder is the structure for each of the supported report formats by Prowler:
 
 ### HTML
 ![HTML Output](../img/output-html.png)
-
 ### CSV
 
-CSV format has a set of common columns for all the providers, and then provider specific columns.
-The common columns are the following:
+The following are the columns present in the CSV format:
 
 - ASSESSMENT_START_TIME
 - FINDING_UNIQUE_ID
 - PROVIDER
-- CHECK_ID
-- CHECK_TITLE
-- CHECK_TYPE
-- STATUS
-- STATUS_EXTENDED
-- SERVICE_NAME
-- SUBSERVICE_NAME
-- SEVERITY
-- RESOURCE_TYPE
-- RESOURCE_DETAILS
-- RESOURCE_TAGS
-- DESCRIPTION
-- RISK
-- RELATED_URL
-- REMEDIATION_RECOMMENDATION_TEXT
-- REMEDIATION_RECOMMENDATION_URL
-- REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
-- REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
-- REMEDIATION_RECOMMENDATION_CODE_CLI
-- REMEDIATION_RECOMMENDATION_CODE_OTHER
-- COMPLIANCE
-- CATEGORIES
-- DEPENDS_ON
-- RELATED_TO
-- NOTES
-
-And then by the provider specific columns:
-
-#### AWS
-
 - PROFILE
 - ACCOUNT_ID
-- ACCOUNT_NAME
-- ACCOUNT_EMAIL
-- ACCOUNT_ARN
-- ACCOUNT_ORG
-- ACCOUNT_TAGS
-- REGION
-- RESOURCE_ID
-- RESOURCE_ARN
-
-#### AZURE
-
-- TENANT_DOMAIN
-- SUBSCRIPTION
-- RESOURCE_ID
-- RESOURCE_NAME
-
-#### GCP
-
-- PROJECT_ID
-- LOCATION
-- RESOURCE_ID
-- RESOURCE_NAME
-
-
-???+ note
-    Since Prowler v3 the CSV column delimiter is the semicolon (`;`)
+-  ACCOUNT_NAME
+-  ACCOUNT_EMAIL
+-  ACCOUNT_ARN
+-  ACCOUNT_ORG
+-  ACCOUNT_TAGS
+-  REGION
+-  CHECK_ID
+-  CHECK_TITLE
+-  CHECK_TYPE
+-  STATUS
+-  STATUS_EXTENDED
+-  SERVICE_NAME
+-  SUBSERVICE_NAME
+-  SEVERITY
+-  RESOURCE_ID
+-  RESOURCE_ARN
+-  RESOURCE_TYPE
+-  RESOURCE_DETAILS
+-  RESOURCE_TAGS
+-  DESCRIPTION
+-  COMPLIANCE
+-  RISK
+-  RELATED_URL
+-  REMEDIATION_RECOMMENDATION_TEXT
+-  REMEDIATION_RECOMMENDATION_URL
+-  REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
+-  REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
+-  REMEDIATION_RECOMMENDATION_CODE_CLI
+-  REMEDIATION_RECOMMENDATION_CODE_OTHER
+-  CATEGORIES
+-  DEPENDS_ON
+-  RELATED_TO
+-  NOTES
 
+> Since Prowler v3 the CSV column delimiter is the semicolon (`;`)
 ### JSON
 
 The following code is an example output of the JSON format:
@@ -206,8 +181,7 @@ The following code is an example output of the JSON format:
 }]
 ```
 
-???+ note
-    Each finding is a `json` object within a list. This has changed in v3 since in v2 the format used was [ndjson](http://ndjson.org/).
+> NOTE: Each finding is a `json` object within a list. This has changed in v3 since in v2 the format used was [ndjson](http://ndjson.org/).
 
 
 ### JSON-OCSF
@@ -468,9 +442,7 @@ Based on [Open Cybersecurity Schema Framework Security Finding v1.0.0-rc.3](http
 }]
 ```
 
-???+ note
-    Each finding is a `json` object.
-
+> NOTE: Each finding is a `json` object.
 ### JSON-ASFF
 
 The following code is an example output of the [JSON-ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-syntax.html) format:
@@ -603,5 +575,4 @@ The following code is an example output of the [JSON-ASFF](https://docs.aws.amaz
 }]
 ```
 
-???+ note
-    Each finding is a `json` object within a list.
+> NOTE: Each finding is a `json` object within a list.

mkdocs.yml

@@ -1,43 +1,23 @@
 # Project information
-site_name: Prowler Open Source Documentation
-site_url: https://docs.prowler.com/
+site_name: Prowler Documentation
+site_url: https://docs.prowler.pro/
 site_description: >-
-  Prowler Open Source Documentation
+  Prowler Documentation Site
 
 # Theme Configuration
 theme:
   language: en
-  logo: img/prowler-logo-white.png
+  logo: img/prowler-logo.png
   name: material
-  favicon: favicon.ico
+  favicon: img/prowler-icon.svg
   features:
     - navigation.tabs
     - navigation.tabs.sticky
     - navigation.sections
     - navigation.top
   palette:
-    # Palette toggle for light mode
-    - media: "(prefers-color-scheme: light)"
-      scheme: default
-      primary: black
-      accent: green
-      toggle:
-        icon: material/weather-night
-        name: Switch to dark mode
-    # Palette toggle for dark mode
-    - media: "(prefers-color-scheme: dark)"
-      scheme: slate
-      primary: black
-      accent: green
-      toggle:
-        icon: material/weather-sunny
-        name: Switch to light mode
-
-
-plugins:
-  - search
-  - git-revision-date-localized:
-      enable_creation_date: true
+    primary: black
+    accent: green
 
 edit_uri: "https://github.com/prowler-cloud/prowler/tree/master/docs"
 # Prowler OSS Repository
@@ -58,10 +38,8 @@ nav:
       - Logging: tutorials/logging.md
       - Allowlist: tutorials/allowlist.md
       - Check Aliases: tutorials/check-aliases.md
-      - Custom Metadata: tutorials/custom-checks-metadata.md
       - Ignore Unused Services: tutorials/ignore-unused-services.md
       - Pentesting: tutorials/pentesting.md
-      - Parallel Execution: tutorials/parallel-execution.md
       - Developer Guide: developer-guide/introduction.md
       - AWS:
           - Authentication: tutorials/aws/authentication.md
@@ -78,7 +56,6 @@ nav:
           - Boto3 Configuration: tutorials/aws/boto3-configuration.md
       - Azure:
           - Authentication: tutorials/azure/authentication.md
-          - Non default clouds: tutorials/azure/use-non-default-cloud.md
           - Subscriptions: tutorials/azure/subscriptions.md
       - Google Cloud:
           - Authentication: tutorials/gcp/authentication.md
@@ -94,13 +71,11 @@ nav:
       - Testing:
           - Unit Tests: developer-guide/unit-testing.md
           - Integration Tests: developer-guide/integration-testing.md
-      - Debugging: developer-guide/debugging.md
   - Security: security.md
   - Contact Us: contact.md
   - Troubleshooting: troubleshooting.md
   - About: about.md
-  - Prowler SaaS: https://prowler.com
-
+  - ProwlerPro: https://prowler.pro
 # Customization
 extra:
   consent:
@@ -124,15 +99,11 @@ extra:
       link: https://twitter.com/prowlercloud
 
 # Copyright
-copyright: >
-  Copyright &copy; <script>document.write(new Date().getFullYear())</script> Toni de la Fuente, Maintained by the Prowler Team at ProwlerPro, Inc.</a>
-  </br><a href="#__consent">Change cookie settings</a>
+copyright: Copyright &copy; 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc.</a>
 
 markdown_extensions:
   - abbr
   - admonition
-  - pymdownx.details
-  - pymdownx.superfences
   - attr_list
   - def_list
   - footnotes
@@ -146,8 +117,8 @@ markdown_extensions:
   - pymdownx.caret
   - pymdownx.details
   - pymdownx.emoji:
-      emoji_index: !!python/name:material.extensions.emoji.twemoji
-      emoji_generator: !!python/name:material.extensions.emoji.to_svg
+      emoji_generator: !!python/name:materialx.emoji.to_svg
+      emoji_index: !!python/name:materialx.emoji.twemoji
   - pymdownx.highlight:
       anchor_linenums: true
   - pymdownx.inlinehilite

prowler/__main__.py

@@ -26,10 +26,6 @@ from prowler.lib.check.check import (
 )
 from prowler.lib.check.checks_loader import load_checks_to_execute
 from prowler.lib.check.compliance import update_checks_metadata_with_compliance
-from prowler.lib.check.custom_checks_metadata import (
-    parse_custom_checks_metadata_file,
-    update_checks_metadata,
-)
 from prowler.lib.cli.parser import ProwlerArgumentParser
 from prowler.lib.logger import logger, set_logging_config
 from prowler.lib.outputs.compliance import display_compliance_table
@@ -51,6 +47,7 @@ from prowler.providers.common.audit_info import (
     set_provider_audit_info,
     set_provider_execution_parameters,
 )
+from prowler.providers.common.clean import clean_provider_local_output_directories
 from prowler.providers.common.outputs import set_provider_output_options
 from prowler.providers.common.quick_inventory import run_provider_quick_inventory
 
@@ -71,7 +68,6 @@ def prowler():
     checks_folder = args.checks_folder
     severities = args.severity
     compliance_framework = args.compliance
-    custom_checks_metadata_file = args.custom_checks_metadata_file
 
     if not args.no_banner:
         print_banner(args)
@@ -101,19 +97,9 @@ def prowler():
 
     bulk_compliance_frameworks = bulk_load_compliance_frameworks(provider)
     # Complete checks metadata with the compliance framework specification
-    bulk_checks_metadata = update_checks_metadata_with_compliance(
+    update_checks_metadata_with_compliance(
         bulk_compliance_frameworks, bulk_checks_metadata
     )
-    # Update checks metadata if the --custom-checks-metadata-file is present
-    custom_checks_metadata = None
-    if custom_checks_metadata_file:
-        custom_checks_metadata = parse_custom_checks_metadata_file(
-            provider, custom_checks_metadata_file
-        )
-        bulk_checks_metadata = update_checks_metadata(
-            bulk_checks_metadata, custom_checks_metadata
-        )
-
     if args.list_compliance:
         print_compliance_frameworks(bulk_compliance_frameworks)
         sys.exit()
@@ -189,11 +175,7 @@ def prowler():
     findings = []
     if len(checks_to_execute):
         findings = execute_checks(
-            checks_to_execute,
-            provider,
-            audit_info,
-            audit_output_options,
-            custom_checks_metadata,
+            checks_to_execute, provider, audit_info, audit_output_options
         )
     else:
         logger.error(
@@ -204,23 +186,17 @@ def prowler():
     stats = extract_findings_statistics(findings)
 
     if args.slack:
-        if "SLACK_API_TOKEN" in os.environ and (
-            "SLACK_CHANNEL_NAME" in os.environ or "SLACK_CHANNEL_ID" in os.environ
-        ):
+        if "SLACK_API_TOKEN" in os.environ and "SLACK_CHANNEL_ID" in os.environ:
             _ = send_slack_message(
                 os.environ["SLACK_API_TOKEN"],
-                (
-                    os.environ["SLACK_CHANNEL_NAME"]
-                    if "SLACK_CHANNEL_NAME" in os.environ
-                    else os.environ["SLACK_CHANNEL_ID"]
-                ),
+                os.environ["SLACK_CHANNEL_ID"],
                 stats,
                 provider,
                 audit_info,
             )
         else:
             logger.critical(
-                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack)."
+                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_ID environment variables (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack)."
             )
             sys.exit(1)
 
@@ -271,10 +247,7 @@ def prowler():
         for region in security_hub_regions:
             # Save the regions where AWS Security Hub is enabled
             if verify_security_hub_integration_enabled_per_region(
-                audit_info.audited_partition,
-                region,
-                audit_info.audit_session,
-                audit_info.audited_account,
+                region, audit_info.audit_session
             ):
                 aws_security_enabled_regions.append(region)
 
@@ -329,6 +302,9 @@ def prowler():
     if checks_folder:
         remove_custom_checks_module(checks_folder, provider)
 
+    # clean local directories
+    clean_provider_local_output_directories(args)
+
     # If there are failed findings exit code 3, except if -z is input
     if not args.ignore_exit_code_3 and stats["total_fail"] > 0:
         sys.exit(3)

prowler/compliance/aws/aws_foundational_technical_review_aws.json

@@ -1,693 +0,0 @@
-{
-  "Framework": "AWS-Foundational-Technical-Review",
-  "Version": "",
-  "Provider": "AWS",
-  "Description": "The AWS Foundational Technical Review (FTR) assesses an AWS Partner's solution against a specific set of Amazon Web Services (AWS) best practices around security, performance, and operational processes that are most critical for customer success. Passing the FTR is required to qualify AWS Software Partners for AWS Partner Network (APN) programs such as AWS Competency and AWS Service Ready but any AWS Partner who offers a technology solution may request a FTR review through AWS Partner Central.",
-  "Requirements": [
-    {
-      "Id": "HOST-001",
-      "Name": "Confirm your hosting model",
-      "Description": "To use this FTR checklist you must host all critical application components on AWS. You may use external providers for edge services such as content delivery networks (CDNs) or domain name system (DNS), or corporate identity providers. If you are using any edge services outside AWS, please specify them in the self-assessment.",
-      "Attributes": [
-        {
-          "Section": "Partner-hosted FTR requirements",
-          "Subsection": "Hosting",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "SUP-001",
-      "Name": "Subscribe to the AWS Business Support tier (or higher) for all production AWS accounts or have an action plan to handle issues which require help from AWS Support",
-      "Description": "It is recommended that you subscribe to the AWS Business Support tier or higher (including AWS Partner-Led Support) for all of your AWS production accounts. For more information, refer to Compare AWS Support Plans. If you don't have premium support, you must have an action plan to handle issues which require help from AWS Support. AWS Support provides a mix of tools and technology, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster. AWS Business Support provides additional benefits including access to AWS Trusted Advisor and AWS Personal Health Dashboard and faster response times.",
-      "Attributes": [
-        {
-          "Section": "Partner-hosted FTR requirements",
-          "Subsection": "Support level",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "WAFR-001",
-      "Name": "Conduct periodic architecture reviews (minimum once every year)",
-      "Description": "Conduct periodic architecture reviews of your production workload (at least once per year) using a documented architectural standard that includes AWS-specific best practices. If you have an internally defined standard for your AWS workloads, we recommend you use it for these reviews. If you do not have an internal standard, we recommend you use the AWS Well-Architected Framework.",
-      "Attributes": [
-        {
-          "Section": "Partner-hosted FTR requirements",
-          "Subsection": "Architecture review",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "WAFR-002",
-      "Name": "Review the AWS Shared Responsibility Models for Security and Resiliency",
-      "Description": "Review the AWS Shared Responsibility Model for Security and the AWS Shared Responsibility Model for Resiliency. Ensure that your product’s architecture and operational processes address the customer responsibilities defined in these models. We recommend you to use AWS Resilience Hub to ensure your workload resiliency posture meets your targets and to provide you with operational procedures you may use to address the customer responsibilities.",
-      "Attributes": [
-        {
-          "Section": "Partner-hosted FTR requirements",
-          "Subsection": "Architecture review",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "ARC-001",
-      "Name": "Use root user only by exception",
-      "Description": "The root user has unlimited access to your account and its resources, and using it only by exception helps protect your AWS resources. The AWS root user must not be used for everyday tasks, even administrative ones. Instead, adhere to the best practice of using the root user only to create your first AWS Identity and Access Management (IAM) user. Then securely lock away the root user credentials and use them to perform only a few accounts and service management tasks. To view the tasks that require you to sign in as the root user, see AWS Tasks That Require Root User. FTR does not require you to actively monitor root usage.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "AWS root account",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "ARC-003",
-      "Name": "Enable multi-factor authentication (MFA) on the root user for all AWS accounts",
-      "Description": "Enabling MFA provides an additional layer of protection against unauthorized access to your account. To configure MFA for the root user, follow the instructions for enabling either a virtual MFA or hardware MFA device. If you are using AWS Organizations to create new accounts, the initial password for the root user is set to a random value that is never exposed to you. If you do not recover the password for the root user of these accounts, you do not need to enable MFA on them. For any accounts where you do have access to the root user’s password, you must enable MFA",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "AWS root account",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_root_mfa_enabled",
-        "iam_root_hardware_mfa_enabled"
-      ]
-    },
-    {
-      "Id": "ARC-004",
-      "Name": "Remove access keys for the root user",
-      "Description": "Programmatic access to AWS APIs should never use the root user. It is best not to generate static an access key for the root user. If one already exists, you should transition any processes using that key to use temporary access keys from an AWS Identity and Access Management (IAM) role, or, if necessary, static access keys from an IAM user.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "AWS root account",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_no_root_access_key"
-      ]
-    },
-    {
-      "Id": "ARC-005",
-      "Name": "Develop incident management plans",
-      "Description": "An incident management plan is critical to respond, mitigate, and recover from the potential impact of security incidents. An incident management plan is a structured process for identifying, remediating, and responding in a timely matter to security incidents. An effective incident management plan must be continually iterated upon, remaining current with your cloud operations goal. For more information on developing incident management plan please see Develop incident management plans.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "AWS root account",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "ACOM-001",
-      "Name": "Configure AWS account contacts",
-      "Description": "If an account is not managed by AWS Organizations, alternate account contacts help AWS get in contact with the appropriate personnel if needed. Configure the account’s alternate contacts to point to a group rather than an individual. For example, create separate email distribution lists for billing, operations, and security and configure these as Billing, Security, and Operations contacts in each active AWS account. This ensures that multiple people will receive AWS notifications and be able to respond, even if someone is on vacation, changes roles, or leaves the company.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Communications from AWS",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "ACOM-002",
-      "Name": "Set account contact information including the root user email address to email addresses and phone numbers owned by your company",
-      "Description": "Using company owned email addresses and phone numbers for contact information enables you to access them even if the individuals whom they belong to are no longer with your organization",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Communications from AWS",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-001",
-      "Name": "Enable multi-factor authentication (MFA) for all Human Identities with AWS access",
-      "Description": "You must require any human identities to authenticate using MFA before accessing your AWS accounts. Typically, this means enabling MFA within your corporate identity provider. If you have existing legacy IAM users you must enable MFA for console access for those principals as well. Enabling MFA for IAM users provides an additional layer of security. With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP). Users must provide both their normal credentials (user name and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device (for example, it can run in an app on a smartphone). Please note that machine identities do not require MFA.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_root_mfa_enabled",
-        "iam_root_hardware_mfa_enabled",
-        "iam_user_hardware_mfa_enabled",
-        "iam_user_mfa_enabled_console_access",
-        "iam_administrator_access_with_mfa"
-      ]
-    },
-    {
-      "Id": "IAM-002",
-      "Name": "Monitor and secure static AWS Identity and Access Management (IAM) credentials",
-      "Description": "Use temporary IAM credentials retrieved by assuming a role whenever possible. In cases where it is infeasible to use IAM roles, implement the following controls to reduce the risk these credentials are misused: Rotate IAM access keys regularly (recommended at least every 90 days). Maintain an inventory of all static keys and where they are used and remove unused access keys. Implement monitoring of AWS CloudTrail logs to detect anomalous activity or other potential misuse (e.g. using AWS GuardDuty.) Define a runbook or SOP for revoking credentials in the event you detect misuse.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_rotate_access_key_90_days",
-        "iam_user_accesskey_unused",
-        "iam_user_with_temporary_credentials",
-        "guardduty_is_enabled",
-        "guardduty_no_high_severity_findings"
-      ]
-    },
-    {
-      "Id": "IAM-003",
-      "Name": "Use strong password policy",
-      "Description": "Enforce a strong password policy, and educate users to avoid common or re-used passwords. For IAM users, you can create a password policy for your account on the Account Settings page of the IAM console. You can use the password policy to define password requirements, such as minimum length and whether it requires non-alphabetic characters, and so on. For more information, see Setting an Account Password Policy for IAM users.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_password_policy_expires_passwords_within_90_days_or_less",
-        "iam_password_policy_lowercase",
-        "iam_password_policy_minimum_length_14",
-        "iam_password_policy_number",
-        "iam_password_policy_reuse_24",
-        "iam_password_policy_symbol",
-        "iam_password_policy_uppercase"
-      ]
-    },
-    {
-      "Id": "IAM-004",
-      "Name": "Create individual identities (no shared credentials) for anyone who needs AWS access",
-      "Description": "Create individual entities and give unique security credentials and permissions to each user accessing your account. With individual entities and no shared credentials, you can audit the activity of each user.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-005",
-      "Name": "Use IAM roles and its temporary security credentials to provide access to third parties.",
-      "Description": "Do not provision IAM users and share those credentials with people outside of your organization. Any external services that need to make AWS API calls against your account (for example, a monitoring solution that accesses your account's AWS CloudWatch metrics) must use a cross-account role. For more information, refer to Providing access to AWS accounts owned by third parties.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-006",
-      "Name": "Grant least privilege access",
-      "Description": "You must follow the standard security advice of granting least privilege. Grant only the access that identities require by allowing access to specific actions on specific AWS resources under specific conditions. Rely on groups and identity attributes to dynamically set permissions at scale, rather than defining permissions for individual users. For example, you can allow a group of developers access to manage only resources for their project. This way, when a developer is removed from the group, access for the developer is revoked everywhere that group was used for access control, without requiring any changes to the access policies.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_policy_attached_only_to_group_or_roles"
-      ]
-    },
-    {
-      "Id": "IAM-007",
-      "Name": "Manage access based on life cycle",
-      "Description": "Integrate access controls with operator and application lifecycle and your centralized federation provider and IAM. For example, remove a user’s access when they leave the organization or change roles.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-008",
-      "Name": "Audit identities quarterly",
-      "Description": "Auditing the identities that are configured in your identity provider and IAM helps ensure that only authorized identities have access to your workload. For example, remove people that leave the organization, and remove cross-account roles that are no longer required. Have a process in place to periodically audit permissions to the services accessed by an IAM entity. This helps you identify the policies you needto modify to remove any unused permissions. For more information, see Refining permissions in AWS using last accessed information.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-009",
-      "Name": "Do not embed credentials in application code",
-      "Description": "Ensure that all credentials used by your applications (for example, IAM access keys and database passwords) are never included in your application's source code or committed to source control in any way.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-0010",
-      "Name": "Store secrets securely.",
-      "Description": "Encrypt all secrets in transit and at rest, define fine-grained access controls that only allow access to specific identities, and log access to secrets in an audit log. We recommend you use a purpose-built secret management service such as AWS Secrets Manager, AWS Systems Manager Parameter Store, or an AWS Partner solution, but internally developed solutions that meet these requirements are also acceptable.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-0011",
-      "Name": "Encrypt all end user/customer credentials and hash passwords at rest.",
-      "Description": "If you are storing end user/customer credentials in a database that you manage, encrypt credentials at rest and hash passwords. As an alternative, AWS recommends using a user-identity synchronization service, such as Amazon Cognito or an equivalent AWS Partner solution.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "IAM-0012",
-      "Name": "Use temporary credentials",
-      "Description": "Use temporary security credentials to access AWS resources. For machine identities within AWS (for example, Amazon Elastic Compute Cloud (Amazon EC2) instances or AWS Lambda functions), always use IAM roles to acquire temporary security credentials. For machine identities running outside of AWS, use IAM Roles Anywhere or securely store static AWS access keys that are only used to assume an IAM role.For human identities, use AWS IAM Identity Center or other identity federation solutions where possible. If you must use static AWS access keys for human users, require MFA for all access, including the AWS Management Console, and AWS Command Line Interface (AWS CLI).",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Identity and Access Management",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "iam_rotate_access_key_90_days",
-        "iam_user_accesskey_unused",
-        "iam_user_with_temporary_credentials",
-        "iam_policy_attached_only_to_group_or_roles",
-        "iam_role_administratoraccess_policy",
-        "iam_role_cross_account_readonlyaccess_policy",
-        "iam_role_cross_service_confused_deputy_prevention",
-        "iam_root_hardware_mfa_enabled",
-        "iam_root_mfa_enabled",
-        "iam_root_hardware_mfa_enabled",
-        "iam_user_hardware_mfa_enabled",
-        "iam_user_mfa_enabled_console_access",
-        "iam_administrator_access_with_mfa"
-      ]
-    },
-    {
-      "Id": "SECOPS-001",
-      "Name": "Perform vulnerability management",
-      "Description": "Define a mechanism and frequency to scan and patch for vulnerabilities in your dependencies, and in your operating systems to help protect against new threats. Scan and patch your dependencies, and your operating systems on a defined schedule. Software vulnerability management is essential to keeping your system secure from threat actors. Embedding vulnerability assessments early into your continuous integration/continuous delivery (CI/CD) pipeline allows you to prioritize remediation of any security vulnerabilities detected. The solution you need to achieve this varies according to the AWS services that you are consuming. To check for vulnerabilities in software running in Amazon EC2 instances, you can add Amazon Inspector to your pipeline to cause your build to fail if Inspector detects vulnerabilities. You can also use open source products such as OWASP Dependency-Check, Snyk, OpenVAS, package managers and AWS Partner tools for vulnerability management.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Operational security",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist",
-        "accessanalyzer_enabled_without_findings",
-        "guardduty_no_high_severity_findings"
-      ]
-    },
-    {
-      "Id": "NETSEC-001",
-      "Name": "Implement the least permissive rules for all Amazon EC2 security groups",
-      "Description": "All Amazon EC2 security groups should restrict access to the greatest degree possible. At a minimum, do the following: Ensure that no security groups allow ingress from 0.0.0.0/0 to port 22 or 3389 (CIS 5.2) Ensure that the default security group of every VPC restricts all traffic (CIS 5.3/Security Control EC2.2)",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Network Security",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "ec2_ami_public",
-        "ec2_instance_public_ip",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
-        "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434",
-        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23",
-        "ec2_securitygroup_allow_wide_open_public_ipv4",
-        "ec2_securitygroup_default_restrict_traffic",
-        "ec2_securitygroup_not_used",
-        "ec2_securitygroup_with_many_ingress_egress_rules"
-      ]
-    },
-    {
-      "Id": "NETSEC-002",
-      "Name": "Restrict resources in public subnets",
-      "Description": "Do not place resources in public subnets of your VPC unless they must receive network traffic from public sources. Public subnets are subnets associated with a route table that has a route to an internet gateway.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Network Security",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "vpc_subnet_no_public_ip_by_default",
-        "vpc_subnet_separate_private_public",
-        "vpc_endpoint_connections_trust_boundaries",
-        "vpc_endpoint_services_allowed_principals_trust_boundaries",
-        "workspaces_vpc_2private_1public_subnets_nat"
-      ]
-    },
-    {
-      "Id": "BAR-001",
-      "Name": "Configure automatic data backups",
-      "Description": "You must perform regular backups to a durable storage service. Backups ensure that you have the ability to recover from administrative, logical, or physical error scenarios. Configure backups to be taken automatically based on a periodic schedule, or by changes in the dataset. RDS instances, EBS volumes, DynamoDB tables, and S3 objects can all be configured for automatic backup. AWS Backup, AWS Marketplace solutions or third-party solutions can also be used. If objects in S3 bucket are write-once-read-many (WORM), compensating controls such as object lock can be used meet this requirement. If it is customers’ responsibility to backup their data, it must be clearly stated in the documentation and the Partner must provide clear instructions on how to backup the data.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Backups and recovery",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "backup_plans_exist",
-        "backup_reportplans_exist",
-        "backup_vaults_encrypted",
-        "backup_vaults_exist",
-        "efs_have_backup_enabled",
-        "rds_instance_backup_enabled"
-      ]
-    },
-    {
-      "Id": "BAR-002",
-      "Name": "Periodically recover data to verify the integrity of your backup process",
-      "Description": "To confirm that your backup process meets your recovery time objectives (RTO) and recovery point objectives (RPO), run a recovery test on a regular schedule and after making significant changes to your cloud environment. For more information, refer to Getting Started - Backup and Restore with AWS.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Backups and recovery",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-001",
-      "Name": "Define a Recovery Point Objective (RPO)",
-      "Description": "To confirm that your backup process meets your recovery time objectives (RTO) and recovery point objectives (RPO), run a recovery test on a regular schedule and after making significant changes to your cloud environment. For more information, refer to Getting Started - Backup and Restore with AWS.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-002",
-      "Name": "Establish a Recovery Time Objective (RTO)",
-      "Description": "Define an RTO that meets your organization’s needs and expectations. RTO is the maximum acceptable delay your organization will accept between the interruption and restoration of service.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-004",
-      "Name": "Resiliency Testing",
-      "Description": "Test resiliency to ensure that RTO and RPO are met, both periodically (minimum every 12 months) and after major updates. The resiliency test must include accidental data loss, instance failures, and Availability Zone (AZ) failures. At least one resilience test that meets RTO and RPO requirements must be completed prior to FTR approval. You can use AWS Resilience Hub to test and verify your workloads to see if it meets its resilience target. AWS Resilience Hub works with AWS Fault Injection Service (AWS FIS) , a chaos engineering service, to provide fault-injection simulations of real-world failures to validate the application recovers within the resilience targets you defined. AWS Resilience Hub also provides API operations for you to integrate its resilience assessment and testing into your CI/CD pipelines for ongoing resilience validation. Including resilience validation in CI/CD pipelines helps make sure that changes to the workload’s underlying infrastructure don't compromise resilience.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-005",
-      "Name": "Communicate customer responsibilities for resilience",
-      "Description": "Clearly define your customers’ responsibility for backup, recovery, and availability. At a minimum, your product documentation or customer agreements should cover the following: Responsibility the customer has for backing up the data stored in your solution. Instructions for backing up data or configuring optional features in your product for data protection, if applicable. Options customers have for configuring the availability of your product.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-006",
-      "Name": "Architect your product to meet availability targets and uptime service level agreements (SLAs)",
-      "Description": "If you publish or privately agree to availability targets or uptime SLAs, ensure that your architecture and operational processes are designed to support them. Additionally, provide clear guidance to customers on any configuration required to achieve the targets or SLAs.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RES-007",
-      "Name": "Define a customer communication plan for outages",
-      "Description": "Establish a plan for communicating information about system outages to your customers both during and after incidents. Your communication should not include any data that was provided by AWS under a non-disclosure agreement (NDA).",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Resiliency",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "S3-001",
-      "Name": "Review all Amazon S3 buckets to determine appropriate access levels",
-      "Description": "You must ensure that buckets that require public access have been reviewed to determine if public read or write access is needed and if appropriate controls are in place to control public access. When assigning access permissions, follow the principle of least privilege, an AWS best practice. For more information, refer to overview of managing access.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Amazon S3 bucket access",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "s3_bucket_acl_prohibited",
-        "s3_bucket_default_encryption",
-        "s3_bucket_kms_encryption",
-        "s3_bucket_level_public_access_block",
-        "s3_bucket_object_lock",
-        "s3_bucket_policy_public_write_access",
-        "s3_bucket_public_access",
-        "s3_bucket_public_list_acl",
-        "s3_bucket_public_write_acl",
-        "s3_bucket_secure_transport_policy",
-        "s3_bucket_server_access_logging_enabled"
-      ]
-    },
-    {
-      "Id": "CAA-001",
-      "Name": "Use cross-account roles to access customer AWS accounts",
-      "Description": "Cross-account roles reduce the amount of sensitive information AWS Partners need to store for their customers.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-007",
-      "Name": "Provide guidance or an automated setup mechanism (for example, an AWS CloudFormation template) for creating cross-account roles with the minimum required privileges",
-      "Description": "The policy created for cross-account access in customer accounts must follow the principle of least privilege. The AWS Partner must provide a role-policy document or an automated setup mechanism (for example, an AWS CloudFormation template) for the customers to use to ensure that the roles are created with minimum required privileges. For more information, refer to the AWS Partner Network (APN) blog posts.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-002",
-      "Name": "Use an external ID with cross-account roles to access customer accounts",
-      "Description": "An external ID allows the user that is assuming the role to assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances. The primary function of the external ID is to address and prevent the confused deputy problem.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-004",
-      "Name": "Use a value you generate (not something provided by the customer) for the external ID",
-      "Description": "When configuring cross-account access using IAM roles, you must use a value you generate for the external ID, instead of one provided by the customer, to ensure the integrity of the cross-account role configuration. A partner-generated external ID ensures that malicious parties cannot impersonate a customer's configuration and enforces uniqueness and format consistency across all customers. If you are not generating an external ID today we recommend implementing a process that generates a random unique value (such as a Universally Unique Identifier) for the external ID that a customer uses to set up a cross-account role.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-005",
-      "Name": "Ensure that all external IDs are unique.",
-      "Description": "The external IDs used must be unique across all customers. Re-using external IDs for different customers does not solve the confused deputy problem and runs the risk of customer A being able to view data of customer B by using the role ARN and the external ID of customer B. To resolve this, we recommend implementing a process that ensures a random unique value, such as a Universally Unique Identifier, is generated for the external ID that a customer would use to setup a cross account role.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-006",
-      "Name": "Provide read-only access to external ID to customers",
-      "Description": "Customers must not be able to set or influence external IDs. When the external ID is editable, it is possible for one customer to impersonate the configuration of another. For example, when the external ID is editable, customer A can create a cross account role setup using customer B’s role ARN and external ID, granting customer A access to customer B’s data. Remediation of this item involves making the external ID a view-only field, ensuring that the external ID cannot be changed to impersonate the setup of another customer.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "CAA-003",
-      "Name": "Deprecate any historical use of customer-provided IAM credentials",
-      "Description": "If your application provides legacy support for the use of static IAM credentials for cross-account access, the application's user interface and customer documentation must make it clear that this method is deprecated. Existing customers should be encouraged to switch to cross-account role based-access, and collection of credentials should be disabled for new customers.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Cross-account access",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "SDAT-001",
-      "Name": "Identify sensitive data (for example, Personally Identifiable Information (PII) and Protected Health Information (PHI))",
-      "Description": "Data classification enables you to determine which data needs to be protected and how. Based on the workload and the data it processes, identify the data that is not common public knowledge.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Sensitive data",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "SDAT-002",
-      "Name": "Encrypt all sensitive data at rest",
-      "Description": "Encryption maintains the confidentiality of sensitive data even when it gets stolen or the network through which it is transmitted becomes compromised.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Sensitive data",
-          "Type": "Automated"
-        }
-      ],
-      "Checks": [
-        "sns_topics_kms_encryption_at_rest_enabled",
-        "athena_workgroup_encryption",
-        "cloudtrail_kms_encryption_enabled",
-        "dynamodb_accelerator_cluster_encryption_enabled",
-        "dynamodb_tables_kms_cmk_encryption_enabled",
-        "efs_encryption_at_rest_enabled",
-        "opensearch_service_domains_encryption_at_rest_enabled"
-      ]
-    },
-    {
-      "Id": "SDAT-003",
-      "Name": "Only use protocols with encryption when transmitting sensitive data outside of your VPC",
-      "Description": "Encryption maintains data confidentiality even when the network through which it is transmitted becomes compromised.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Sensitive data",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    },
-    {
-      "Id": "RCVP-001",
-      "Name": "Establish a process to ensure that all required compliance standards are met",
-      "Description": "If you advertise that your product meets specific compliance standards, you must have an internal process for ensuring compliance. Examples of compliance standards include Payment Card Industry Data Security Standard (PCI DSS) PCI DSS, Federal Risk and Authorization Management Program (FedRAMP)FedRAMP, and U.S. Health Insurance Portability and Accountability Act (HIPAA)HIPAA. Applicable compliance standards are determined by various factors, such as what types of data the solution stores or transmits and which geographic regions the solution supports.",
-      "Attributes": [
-        {
-          "Section": "Architectural and Operational Controls",
-          "Subsection": "Regulatory compliance validation process",
-          "Type": "Manual"
-        }
-      ],
-      "Checks": []
-    }
-  ]
-}

prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json

@@ -719,7 +719,7 @@
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",

prowler/compliance/aws/cis_1.4_aws.json

@@ -1168,7 +1168,7 @@
       "Id": "5.2",
       "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
       "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
       ],

prowler/compliance/aws/cis_1.5_aws.json

@@ -1252,7 +1252,7 @@
       "Id": "5.2",
       "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
       "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
       ],
@@ -1275,7 +1275,7 @@
       "Id": "5.3",
       "Description": "Ensure no security groups allow ingress from ::/0 to remote server administration ports",
       "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
       ],

prowler/compliance/aws/cis_2.0_aws.json

@@ -468,6 +468,27 @@
     },
     {
       "Id": "2.1.1",
+      "Description": "Ensure all S3 buckets employ encryption-at-rest",
+      "Checks": [
+        "s3_bucket_default_encryption"
+      ],
+      "Attributes": [
+        {
+          "Section": "2.1. Simple Storage Service (S3)",
+          "Profile": "Level 2",
+          "AssessmentStatus": "Automated",
+          "Description": "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest.",
+          "RationaleStatement": "Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.",
+          "ImpactStatement": "Amazon S3 buckets with default bucket encryption using SSE-KMS cannot be used as destination buckets for Amazon S3 server access logging. Only SSE-S3 default encryption is supported for server access log destination buckets.",
+          "RemediationProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Click edit on `Default Encryption`. 5. Select either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 6. Click `Save` 7. Repeat for all the buckets in your AWS account lacking encryption.  **From Command Line:**  Run either  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}' ```  or  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"aws:kms\",\"KMSMasterKeyID\": \"aws/s3\"}}]}' ```  **Note:** the KMSMasterKeyID can be set to the master key of your choosing; aws/s3 is an AWS preconfigured default.",
+          "AuditProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Verify that `Default Encryption` is enabled, and displays either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 5. Repeat for all the buckets in your AWS account.  **From Command Line:**  1. Run command to list buckets ``` aws s3 ls ``` 2. For each bucket, run  ``` aws s3api get-bucket-encryption --bucket <bucket name> ``` 3. Verify that either  ``` \"SSEAlgorithm\": \"AES256\" ```  or  ``` \"SSEAlgorithm\": \"aws:kms\"```  is displayed.",
+          "AdditionalInformation": "S3 bucket encryption only applies to objects as they are placed in the bucket. Enabling S3 bucket encryption does **not** encrypt objects previously stored within the bucket.",
+          "References": "https://docs.aws.amazon.com/AmazonS3/latest/user-guide/default-bucket-encryption.html:https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-related-resources"
+        }
+      ]
+    },
+    {
+      "Id": "2.1.2",
       "Description": "Ensure S3 Bucket Policy is set to deny HTTP requests",
       "Checks": [
         "s3_bucket_secure_transport_policy"
@@ -488,7 +509,7 @@
       ]
     },
     {
-      "Id": "2.1.2",
+      "Id": "2.1.3",
       "Description": "Ensure MFA Delete is enabled on S3 buckets",
       "Checks": [
         "s3_bucket_no_mfa_delete"
@@ -509,7 +530,7 @@
       ]
     },
     {
-      "Id": "2.1.3",
+      "Id": "2.1.4",
       "Description": "Ensure all data in Amazon S3 has been discovered, classified and secured when required.",
       "Checks": [
         "macie_is_enabled"
@@ -530,7 +551,7 @@
       ]
     },
     {
-      "Id": "2.1.4",
+      "Id": "2.1.5",
       "Description": "Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'",
       "Checks": [
         "s3_bucket_level_public_access_block",
@@ -1250,7 +1271,7 @@
       "Id": "5.2",
       "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports",
       "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
       ],
@@ -1273,7 +1294,7 @@
       "Id": "5.3",
       "Description": "Ensure no security groups allow ingress from ::/0 to remote server administration ports",
       "Checks": [
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
       ],

prowler/compliance/aws/cisa_aws.json

@@ -134,7 +134,7 @@
         "vpc_endpoint_connections_trust_boundaries",
         "ec2_securitygroup_default_restrict_traffic",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports"
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
       ]
     },
     {
@@ -297,7 +297,7 @@
         "vpc_flow_logs_enabled",
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports"
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port"
       ]
     },
     {

prowler/compliance/aws/mitre_attack_aws.json

@@ -29,8 +29,7 @@
         "securityhub_enabled",
         "elbv2_waf_acl_attached",
         "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist",
+        "inspector2_findings_exist",
         "awslambda_function_not_publicly_accessible",
         "ec2_instance_public_ip"
       ],
@@ -106,7 +105,7 @@
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -577,8 +576,7 @@
         "config_recorder_all_regions_enabled",
         "securityhub_enabled",
         "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
       ],
       "Attributes": [
         {
@@ -739,8 +737,7 @@
         "iam_user_hardware_mfa_enabled",
         "iam_user_mfa_enabled_console_access",
         "securityhub_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist"
+        "inspector2_findings_exist"
       ],
       "Attributes": [
         {
@@ -1022,7 +1019,7 @@
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1468,7 +1465,7 @@
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1648,7 +1645,7 @@
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
@@ -1895,12 +1892,11 @@
         "networkfirewall_in_all_vpc",
         "elbv2_waf_acl_attached",
         "guardduty_is_enabled",
-        "inspector2_is_enabled",
-        "inspector2_active_findings_exist",
+        "inspector2_findings_exist",
         "ec2_networkacl_allow_ingress_any_port",
         "ec2_networkacl_allow_ingress_tcp_port_22",
         "ec2_networkacl_allow_ingress_tcp_port_3389",
-        "ec2_securitygroup_allow_ingress_from_internet_to_all_ports",
+        "ec2_securitygroup_allow_ingress_from_internet_to_any_port",
         "ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21",
         "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",

prowler/compliance/aws/soc2_aws.json

@@ -13,7 +13,7 @@
           "ItemId": "cc_1_1",
           "Section": "CC1.0 - Common Criteria Related to Control Environment",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -27,7 +27,7 @@
           "ItemId": "cc_1_2",
           "Section": "CC1.0 - Common Criteria Related to Control Environment",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -41,7 +41,7 @@
           "ItemId": "cc_1_3",
           "Section": "CC1.0 - Common Criteria Related to Control Environment",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -62,7 +62,7 @@
           "ItemId": "cc_1_4",
           "Section": "CC1.0 - Common Criteria Related to Control Environment",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -76,7 +76,7 @@
           "ItemId": "cc_1_5",
           "Section": "CC1.0 - Common Criteria Related to Control Environment",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -90,7 +90,7 @@
           "ItemId": "cc_2_1",
           "Section": "CC2.0 - Common Criteria Related to Communication and Information",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -109,7 +109,7 @@
           "ItemId": "cc_2_2",
           "Section": "CC2.0 - Common Criteria Related to Communication and Information",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -123,7 +123,7 @@
           "ItemId": "cc_2_3",
           "Section": "CC2.0 - Common Criteria Related to Communication and Information",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -137,7 +137,7 @@
           "ItemId": "cc_3_1",
           "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -155,7 +155,7 @@
           "ItemId": "cc_3_2",
           "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -175,7 +175,7 @@
           "ItemId": "cc_3_3",
           "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -189,7 +189,7 @@
           "ItemId": "cc_3_4",
           "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
           "Service": "config",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -205,7 +205,7 @@
           "ItemId": "cc_4_1",
           "Section": "CC4.0 - Monitoring Activities",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -219,7 +219,7 @@
           "ItemId": "cc_4_2",
           "Section": "CC4.0 - Monitoring Activities",
           "Service": "guardduty",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -236,7 +236,7 @@
           "ItemId": "cc_5_1",
           "Section": "CC5.0 - Control Activities",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -250,7 +250,7 @@
           "ItemId": "cc_5_2",
           "Section": "CC5.0 - Control Activities",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -264,7 +264,7 @@
           "ItemId": "cc_5_3",
           "Section": "CC5.0 - Control Activities",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -278,7 +278,7 @@
           "ItemId": "cc_6_1",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "s3",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -294,7 +294,7 @@
           "ItemId": "cc_6_2",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "rds",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -310,7 +310,7 @@
           "ItemId": "cc_6_3",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "iam",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -328,7 +328,7 @@
           "ItemId": "cc_6_4",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -342,7 +342,7 @@
           "ItemId": "cc_6_5",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -356,7 +356,7 @@
           "ItemId": "cc_6_6",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "ec2",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -372,7 +372,7 @@
           "ItemId": "cc_6_7",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "acm",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -388,7 +388,7 @@
           "ItemId": "cc_6_8",
           "Section": "CC6.0 - Logical and Physical Access",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -405,7 +405,7 @@
           "ItemId": "cc_7_1",
           "Section": "CC7.0 - System Operations",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -424,7 +424,7 @@
           "ItemId": "cc_7_2",
           "Section": "CC7.0 - System Operations",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -460,7 +460,7 @@
           "ItemId": "cc_7_3",
           "Section": "CC7.0 - System Operations",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -492,7 +492,7 @@
           "ItemId": "cc_7_4",
           "Section": "CC7.0 - System Operations",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -523,7 +523,7 @@
           "ItemId": "cc_7_5",
           "Section": "CC7.0 - System Operations",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -537,7 +537,7 @@
           "ItemId": "cc_8_1",
           "Section": "CC8.0 - Change Management",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -553,7 +553,7 @@
           "ItemId": "cc_9_1",
           "Section": "CC9.0 - Risk Mitigation",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -567,7 +567,7 @@
           "ItemId": "cc_9_2",
           "Section": "CC9.0 - Risk Mitigation",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -581,7 +581,7 @@
           "ItemId": "cc_a_1_1",
           "Section": "CCA1.0 - Additional Criterial for Availability",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -595,7 +595,7 @@
           "ItemId": "cc_a_1_2",
           "Section": "CCA1.0 - Additional Criterial for Availability",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -626,7 +626,7 @@
           "ItemId": "cc_a_1_3",
           "Section": "CCA1.0 - Additional Criterial for Availability",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -640,7 +640,7 @@
           "ItemId": "cc_c_1_1",
           "Section": "CCC1.0 - Additional Criterial for Confidentiality",
           "Service": "aws",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -656,7 +656,7 @@
           "ItemId": "cc_c_1_2",
           "Section": "CCC1.0 - Additional Criterial for Confidentiality",
           "Service": "s3",
-          "Type": "automated"
+          "Soc_Type": "automated"
         }
       ],
       "Checks": [
@@ -672,7 +672,7 @@
           "ItemId": "p_1_1",
           "Section": "P1.0 - Privacy Criteria Related to Notice and Communication of Objectives Related to Privacy",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -686,7 +686,7 @@
           "ItemId": "p_2_1",
           "Section": "P2.0 - Privacy Criteria Related to Choice and Consent",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -700,7 +700,7 @@
           "ItemId": "p_3_1",
           "Section": "P3.0 - Privacy Criteria Related to Collection",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -714,7 +714,7 @@
           "ItemId": "p_3_2",
           "Section": "P3.0 - Privacy Criteria Related to Collection",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -728,7 +728,7 @@
           "ItemId": "p_4_1",
           "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -742,7 +742,7 @@
           "ItemId": "p_4_2",
           "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -756,7 +756,7 @@
           "ItemId": "p_4_3",
           "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -770,7 +770,7 @@
           "ItemId": "p_5_1",
           "Section": "P5.0 - Privacy Criteria Related to Access",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -784,7 +784,7 @@
           "ItemId": "p_5_2",
           "Section": "P5.0 - Privacy Criteria Related to Access",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -798,7 +798,7 @@
           "ItemId": "p_6_1",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -812,7 +812,7 @@
           "ItemId": "p_6_2",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -826,7 +826,7 @@
           "ItemId": "p_6_3",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -840,7 +840,7 @@
           "ItemId": "p_6_4",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -854,7 +854,7 @@
           "ItemId": "p_6_5",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -868,7 +868,7 @@
           "ItemId": "p_6_6",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -882,7 +882,7 @@
           "ItemId": "p_6_7",
           "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -896,7 +896,7 @@
           "ItemId": "p_7_1",
           "Section": "P7.0 - Privacy Criteria Related to Quality",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []
@@ -910,7 +910,7 @@
           "ItemId": "p_8_1",
           "Section": "P8.0 - Privacy Criteria Related to Monitoring and Enforcement",
           "Service": "aws",
-          "Type": "manual"
+          "Soc_Type": "manual"
         }
       ],
       "Checks": []

prowler/config/aws_allowlist.yaml

@@ -38,9 +38,6 @@ Allowlist:
             - "aws-controltower-ReadOnlyExecutionRole"
             - "AWSControlTower_VPCFlowLogsRole"
             - "AWSControlTowerExecution"
-            - "AWSAFTAdmin"
-            - "AWSAFTExecution"
-            - "AWSAFTService"
         "iam_policy_*":
           Regions:
             - "*"

prowler/config/config.py

@@ -11,7 +11,7 @@ from prowler.lib.logger import logger
 
 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.16.6"
+prowler_version = "3.11.1"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 html_logo_img = "https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png"
 square_logo_img = "https://user-images.githubusercontent.com/38561120/235905862-9ece5bd7-9aa3-4e48-807a-3a9035eb8bfb.png"
@@ -22,9 +22,6 @@ gcp_logo = "https://user-images.githubusercontent.com/38561120/235928332-eb4accd
 orange_color = "\033[38;5;208m"
 banner_color = "\033[1;92m"
 
-# Severities
-valid_severities = ["critical", "high", "medium", "low", "informational"]
-
 # Compliance
 actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
 
@@ -73,9 +70,7 @@ def check_current_version():
         if latest_version != prowler_version:
             return f"{prowler_version_string} (latest is {latest_version}, upgrade for the latest features)"
         else:
-            return (
-                f"{prowler_version_string} (You are running the latest version, yay!)"
-            )
+            return f"{prowler_version_string} (it is the latest version, yay!)"
     except requests.RequestException:
         return f"{prowler_version_string}"
     except Exception:

prowler/config/config.yaml

@@ -2,7 +2,7 @@
 aws:
 
   # AWS Global Configuration
-  # aws.allowlist_non_default_regions --> Set to True to allowlist failed findings in non-default regions for AccessAnalyzer, GuardDuty, SecurityHub, DRS and Config
+  # aws.allowlist_non_default_regions --> Set to True to allowlist failed findings in non-default regions for GuardDuty, SecurityHub, DRS and Config
   allowlist_non_default_regions: False
   # If you want to allowlist/mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w allowlist.yaml`:
   # Allowlist:
@@ -52,34 +52,25 @@ aws:
   # aws.awslambda_function_using_supported_runtimes
   obsolete_lambda_runtimes:
     [
-      "java8",
-      "go1.x",
-      "provided",
       "python3.6",
       "python2.7",
-      "python3.7",
       "nodejs4.3",
       "nodejs4.3-edge",
       "nodejs6.10",
       "nodejs",
       "nodejs8.10",
       "nodejs10.x",
-      "nodejs12.x",
-      "nodejs14.x",
-      "dotnet5.0",
       "dotnetcore1.0",
       "dotnetcore2.0",
       "dotnetcore2.1",
-      "dotnetcore3.1",
       "ruby2.5",
-      "ruby2.7",
     ]
 
   # AWS Organizations
   # organizations_scp_check_deny_regions
   # organizations_enabled_regions: [
-  #   "eu-central-1",
-  #   "eu-west-1",
+  #   'eu-central-1',
+  #   'eu-west-1',
   #   "us-east-1"
   # ]
   organizations_enabled_regions: []
@@ -96,27 +87,8 @@ aws:
   # trustedadvisor_premium_support_plan_subscribed
   verify_premium_support_plans: True
 
-  # AWS RDS
-  # aws.rds_instance_backup_enabled
-  # Whether to check RDS instance replicas or not
-  check_rds_instance_replicas: False
-
 # Azure Configuration
 azure:
-  # Azure Network Configuration
-  # azure.network_public_ip_shodan
-  shodan_api_key: null
-
-  # Azure App Service
-  # azure.app_ensure_php_version_is_latest
-  php_latest_version: "8.2"
-  # azure.app_ensure_python_version_is_latest
-  python_latest_version: "3.12"
-  # azure.app_ensure_java_version_is_latest
-  java_latest_version: "17"
 
 # GCP Configuration
 gcp:
-  # GCP Compute Configuration
-  # gcp.compute_public_address_shodan
-  shodan_api_key: null

prowler/config/custom_checks_metadata_example.yaml

@@ -1,15 +0,0 @@
-CustomChecksMetadata:
-  aws:
-    Checks:
-      s3_bucket_level_public_access_block:
-        Severity: high
-      s3_bucket_no_mfa_delete:
-        Severity: high
-  azure:
-    Checks:
-      storage_infrastructure_encryption_is_enabled:
-        Severity: medium
-  gcp:
-    Checks:
-      compute_instance_public_ip:
-        Severity: critical

prowler/lib/banner.py

@@ -4,7 +4,7 @@ from prowler.config.config import banner_color, orange_color, prowler_version, t
 
 
 def print_banner(args):
-    banner = rf"""{banner_color}                         _
+    banner = f"""{banner_color}                         _
  _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |

prowler/lib/check/check.py

@@ -16,7 +16,6 @@ from colorama import Fore, Style
 import prowler
 from prowler.config.config import orange_color
 from prowler.lib.check.compliance_models import load_compliance_framework
-from prowler.lib.check.custom_checks_metadata import update_check_metadata
 from prowler.lib.check.models import Check, load_check_metadata
 from prowler.lib.logger import logger
 from prowler.lib.outputs.outputs import report
@@ -67,9 +66,9 @@ def bulk_load_compliance_frameworks(provider: str) -> dict:
                         # cis_v1.4_aws.json --> cis_v1.4_aws
                         compliance_framework_name = filename.split(".json")[0]
                         # Store the compliance info
-                        bulk_compliance_frameworks[compliance_framework_name] = (
-                            load_compliance_framework(file_path)
-                        )
+                        bulk_compliance_frameworks[
+                            compliance_framework_name
+                        ] = load_compliance_framework(file_path)
     except Exception as e:
         logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
 
@@ -107,20 +106,14 @@ def exclude_services_to_run(
 
 # Load checks from checklist.json
 def parse_checks_from_file(input_file: str, provider: str) -> set:
-    """parse_checks_from_file returns a set of checks read from the given file"""
-    try:
-        checks_to_execute = set()
-        with open_file(input_file) as f:
-            json_file = parse_json_file(f)
+    checks_to_execute = set()
+    with open_file(input_file) as f:
+        json_file = parse_json_file(f)
 
-        for check_name in json_file[provider]:
-            checks_to_execute.add(check_name)
+    for check_name in json_file[provider]:
+        checks_to_execute.add(check_name)
 
-        return checks_to_execute
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
+    return checks_to_execute
 
 
 # Load checks from custom folder
@@ -217,7 +210,7 @@ def print_categories(categories: set):
     singular_string = f"\nThere is {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available category.\n"
 
     message = plural_string if categories_num > 1 else singular_string
-    for category in sorted(categories):
+    for category in categories:
         print(f"- {category}")
 
     print(message)
@@ -246,7 +239,7 @@ def print_compliance_frameworks(
     singular_string = f"\nThere is {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Framework.\n"
     message = plural_string if frameworks_num > 1 else singular_string
 
-    for framework in sorted(bulk_compliance_frameworks.keys()):
+    for framework in bulk_compliance_frameworks.keys():
         print(f"- {framework}")
 
     print(message)
@@ -316,7 +309,7 @@ def print_checks(
 def parse_checks_from_compliance_framework(
     compliance_frameworks: list, bulk_compliance_frameworks: dict
 ) -> list:
-    """parse_checks_from_compliance_framework returns a set of checks from the given compliance_frameworks"""
+    """Parse checks from compliance frameworks specification"""
     checks_to_execute = set()
     try:
         for framework in compliance_frameworks:
@@ -423,7 +416,6 @@ def execute_checks(
     provider: str,
     audit_info: Any,
     audit_output_options: Provider_Output_Options,
-    custom_checks_metadata: Any,
 ) -> list:
     # List to store all the check's findings
     all_findings = []
@@ -469,7 +461,6 @@ def execute_checks(
                     audit_info,
                     services_executed,
                     checks_executed,
-                    custom_checks_metadata,
                 )
                 all_findings.extend(check_findings)
 
@@ -515,7 +506,6 @@ def execute_checks(
                         audit_info,
                         services_executed,
                         checks_executed,
-                        custom_checks_metadata,
                     )
                     all_findings.extend(check_findings)
 
@@ -541,7 +531,6 @@ def execute(
     audit_info: Any,
     services_executed: set,
     checks_executed: set,
-    custom_checks_metadata: Any,
 ):
     # Import check module
     check_module_path = (
@@ -552,10 +541,6 @@ def execute(
     check_to_execute = getattr(lib, check_name)
     c = check_to_execute()
 
-    # Update check metadata to reflect that in the outputs
-    if custom_checks_metadata and custom_checks_metadata["Checks"].get(c.CheckID):
-        c = update_check_metadata(c, custom_checks_metadata["Checks"][c.CheckID])
-
     # Run check
     check_findings = run_check(c, audit_output_options)
 
@@ -613,32 +598,22 @@ def update_audit_metadata(
         )
 
 
-def recover_checks_from_service(service_list: list, provider: str) -> set:
-    """
-    Recover all checks from the selected provider and service
+def recover_checks_from_service(service_list: list, provider: str) -> list:
+    checks = set()
+    service_list = [
+        "awslambda" if service == "lambda" else service for service in service_list
+    ]
+    for service in service_list:
+        modules = recover_checks_from_provider(provider, service)
+        if not modules:
+            logger.error(f"Service '{service}' does not have checks.")
 
-    Returns a set of checks from the given services
-    """
-    try:
-        checks = set()
-        service_list = [
-            "awslambda" if service == "lambda" else service for service in service_list
-        ]
-        for service in service_list:
-            service_checks = recover_checks_from_provider(provider, service)
-            if not service_checks:
-                logger.error(f"Service '{service}' does not have checks.")
-
-            else:
-                for check in service_checks:
-                    # Recover check name and module name from import path
-                    # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
-                    check_name = check[0].split(".")[-1]
-                    # If the service is present in the group list passed as parameters
-                    # if service_name in group_list: checks_from_arn.add(check_name)
-                    checks.add(check_name)
-        return checks
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-        )
+        else:
+            for check_module in modules:
+                # Recover check name and module name from import path
+                # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
+                check_name = check_module[0].split(".")[-1]
+                # If the service is present in the group list passed as parameters
+                # if service_name in group_list: checks_from_arn.add(check_name)
+                checks.add(check_name)
+    return checks

prowler/lib/check/checks_loader.py

@@ -1,6 +1,5 @@
 from colorama import Fore, Style
 
-from prowler.config.config import valid_severities
 from prowler.lib.check.check import (
     parse_checks_from_compliance_framework,
     parse_checks_from_file,
@@ -11,6 +10,7 @@ from prowler.lib.logger import logger
 
 
 # Generate the list of checks to execute
+# PENDING Test for this function
 def load_checks_to_execute(
     bulk_checks_metadata: dict,
     bulk_compliance_frameworks: dict,
@@ -22,116 +22,80 @@ def load_checks_to_execute(
     categories: set,
     provider: str,
 ) -> set:
-    """Generate the list of checks to execute based on the cloud provider and the input arguments given"""
-    try:
-        # Local subsets
-        checks_to_execute = set()
-        check_aliases = {}
-        check_severities = {key: [] for key in valid_severities}
-        check_categories = {}
+    """Generate the list of checks to execute based on the cloud provider and input arguments specified"""
+    checks_to_execute = set()
 
-        # First, loop over the bulk_checks_metadata to extract the needed subsets
-        for check, metadata in bulk_checks_metadata.items():
-            try:
-                # Aliases
-                for alias in metadata.CheckAliases:
-                    if alias not in check_aliases:
-                        check_aliases[alias] = []
-                    check_aliases[alias].append(check)
+    # Handle if there are checks passed using -c/--checks
+    if check_list:
+        for check_name in check_list:
+            checks_to_execute.add(check_name)
 
-                # Severities
-                if metadata.Severity:
-                    check_severities[metadata.Severity].append(check)
+    # Handle if there are some severities passed using --severity
+    elif severities:
+        for check in bulk_checks_metadata:
+            # Check check's severity
+            if bulk_checks_metadata[check].Severity in severities:
+                checks_to_execute.add(check)
 
-                # Categories
-                for category in metadata.Categories:
-                    if category not in check_categories:
-                        check_categories[category] = []
-                    check_categories[category].append(check)
-            except Exception as error:
-                logger.error(
-                    f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-                )
-
-        # Handle if there are checks passed using -c/--checks
-        if check_list:
-            for check_name in check_list:
-                checks_to_execute.add(check_name)
-
-        # Handle if there are some severities passed using --severity
-        elif severities:
-            for severity in severities:
-                checks_to_execute.update(check_severities[severity])
-
-            if service_list:
-                checks_to_execute = (
-                    recover_checks_from_service(service_list, provider)
-                    & checks_to_execute
-                )
-
-        # Handle if there are checks passed using -C/--checks-file
-        elif checks_file:
+    # Handle if there are checks passed using -C/--checks-file
+    elif checks_file:
+        try:
             checks_to_execute = parse_checks_from_file(checks_file, provider)
+        except Exception as e:
+            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
 
-        # Handle if there are services passed using -s/--services
-        elif service_list:
-            checks_to_execute = recover_checks_from_service(service_list, provider)
+    # Handle if there are services passed using -s/--services
+    elif service_list:
+        checks_to_execute = recover_checks_from_service(service_list, provider)
 
-        # Handle if there are compliance frameworks passed using --compliance
-        elif compliance_frameworks:
+    # Handle if there are compliance frameworks passed using --compliance
+    elif compliance_frameworks:
+        try:
             checks_to_execute = parse_checks_from_compliance_framework(
                 compliance_frameworks, bulk_compliance_frameworks
             )
+        except Exception as e:
+            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
 
-        # Handle if there are categories passed using --categories
-        elif categories:
-            for category in categories:
-                checks_to_execute.update(check_categories[category])
+    # Handle if there are categories passed using --categories
+    elif categories:
+        for cat in categories:
+            for check in bulk_checks_metadata:
+                # Check check's categories
+                if cat in bulk_checks_metadata[check].Categories:
+                    checks_to_execute.add(check)
 
-        # If there are no checks passed as argument
-        else:
+    # If there are no checks passed as argument
+    else:
+        try:
             # Get all check modules to run with the specific provider
             checks = recover_checks_from_provider(provider)
-
+        except Exception as e:
+            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
+        else:
             for check_info in checks:
                 # Recover check name from import path (last part)
                 # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
                 check_name = check_info[0]
                 checks_to_execute.add(check_name)
 
-        # Check Aliases
-        checks_to_execute = update_checks_to_execute_with_aliases(
-            checks_to_execute, check_aliases
-        )
+    # Get Check Aliases mapping
+    check_aliases = {}
+    for check, metadata in bulk_checks_metadata.items():
+        for alias in metadata.CheckAliases:
+            check_aliases[alias] = check
 
-        return checks_to_execute
-
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
-        return checks_to_execute
-
-
-def update_checks_to_execute_with_aliases(
-    checks_to_execute: set, check_aliases: dict
-) -> set:
-    """update_checks_to_execute_with_aliases returns the checks_to_execute updated using the check aliases."""
     # Verify if any input check is an alias of another check
-    try:
-        new_checks_to_execute = checks_to_execute.copy()
-        for input_check in checks_to_execute:
-            if input_check in check_aliases:
-                # Remove input check name and add the real one
-                new_checks_to_execute.remove(input_check)
-                for alias in check_aliases[input_check]:
-                    if alias not in new_checks_to_execute:
-                        new_checks_to_execute.add(alias)
-                        print(
-                            f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{alias}{Style.RESET_ALL}..."
-                        )
-        return new_checks_to_execute
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-        )
+    for input_check in checks_to_execute:
+        if (
+            input_check in check_aliases
+            and check_aliases[input_check] not in checks_to_execute
+        ):
+            # Remove input check name and add the real one
+            checks_to_execute.remove(input_check)
+            checks_to_execute.add(check_aliases[input_check])
+            print(
+                f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{check_aliases[input_check]}{Style.RESET_ALL}...\n"
+            )
+
+    return checks_to_execute

prowler/lib/check/compliance.py

@@ -53,14 +53,14 @@ def update_checks_metadata_with_compliance(
                     check_compliance.append(compliance)
             # Create metadata for Manual Control
             manual_check_metadata = {
-                "Provider": framework.Provider.lower(),
+                "Provider": "aws",
                 "CheckID": "manual_check",
                 "CheckTitle": "Manual Check",
                 "CheckType": [],
                 "ServiceName": "",
                 "SubServiceName": "",
                 "ResourceIdTemplate": "",
-                "Severity": "low",
+                "Severity": "",
                 "ResourceType": "",
                 "Description": "",
                 "Risk": "",

prowler/lib/check/compliance_models.py

@@ -46,20 +46,18 @@ class ENS_Requirement_Attribute(BaseModel):
     Tipo: ENS_Requirement_Attribute_Tipos
     Nivel: ENS_Requirement_Attribute_Nivel
     Dimensiones: list[ENS_Requirement_Attribute_Dimensiones]
-    ModoEjecucion: str
-    Dependencias: list[str]
 
 
 # Generic Compliance Requirement Attribute
 class Generic_Compliance_Requirement_Attribute(BaseModel):
     """Generic Compliance Requirement Attribute"""
 
-    ItemId: Optional[str]
+    ItemId: str
     Section: Optional[str]
     SubSection: Optional[str]
     SubGroup: Optional[str]
-    Service: Optional[str]
-    Type: Optional[str]
+    Service: str
+    Soc_Type: Optional[str]
 
 
 class CIS_Requirement_Attribute_Profile(str):
@@ -89,7 +87,6 @@ class CIS_Requirement_Attribute(BaseModel):
     RemediationProcedure: str
     AuditProcedure: str
     AdditionalInformation: str
-    DefaultValue: Optional[str]
     References: str
 
 
@@ -154,9 +151,9 @@ class Compliance_Requirement(BaseModel):
         Union[
             CIS_Requirement_Attribute,
             ENS_Requirement_Attribute,
+            Generic_Compliance_Requirement_Attribute,
             ISO27001_2013_Requirement_Attribute,
             AWS_Well_Architected_Requirement_Attribute,
-            Generic_Compliance_Requirement_Attribute,
         ]
     ]
     Checks: list[str]

prowler/lib/check/custom_checks_metadata.py

@@ -1,77 +0,0 @@
-import sys
-
-import yaml
-from jsonschema import validate
-
-from prowler.config.config import valid_severities
-from prowler.lib.logger import logger
-
-custom_checks_metadata_schema = {
-    "type": "object",
-    "properties": {
-        "Checks": {
-            "type": "object",
-            "patternProperties": {
-                ".*": {
-                    "type": "object",
-                    "properties": {
-                        "Severity": {
-                            "type": "string",
-                            "enum": valid_severities,
-                        }
-                    },
-                    "required": ["Severity"],
-                    "additionalProperties": False,
-                }
-            },
-            "additionalProperties": False,
-        }
-    },
-    "required": ["Checks"],
-    "additionalProperties": False,
-}
-
-
-def parse_custom_checks_metadata_file(provider: str, parse_custom_checks_metadata_file):
-    """parse_custom_checks_metadata_file returns the custom_checks_metadata object if it is valid, otherwise aborts the execution returning the ValidationError."""
-    try:
-        with open(parse_custom_checks_metadata_file) as f:
-            custom_checks_metadata = yaml.safe_load(f)["CustomChecksMetadata"][provider]
-            validate(custom_checks_metadata, schema=custom_checks_metadata_schema)
-        return custom_checks_metadata
-    except Exception as error:
-        logger.critical(
-            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
-        )
-        sys.exit(1)
-
-
-def update_checks_metadata(bulk_checks_metadata, custom_checks_metadata):
-    """update_checks_metadata returns the bulk_checks_metadata with the check's metadata updated based on the custom_checks_metadata provided."""
-    try:
-        # Update checks metadata from CustomChecksMetadata file
-        for check, custom_metadata in custom_checks_metadata["Checks"].items():
-            check_metadata = bulk_checks_metadata.get(check)
-            if check_metadata:
-                bulk_checks_metadata[check] = update_check_metadata(
-                    check_metadata, custom_metadata
-                )
-        return bulk_checks_metadata
-    except Exception as error:
-        logger.critical(
-            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
-        )
-        sys.exit(1)
-
-
-def update_check_metadata(check_metadata, custom_metadata):
-    """update_check_metadata updates the check_metadata fields present in the custom_metadata and returns the updated version of the check_metadata. If some field is not present or valid the check_metadata is returned with the original fields."""
-    try:
-        if custom_metadata:
-            for attribute in custom_metadata:
-                try:
-                    setattr(check_metadata, attribute, custom_metadata[attribute])
-                except ValueError:
-                    pass
-    finally:
-        return check_metadata

prowler/lib/check/models.py

@@ -1,12 +1,10 @@
 import os
-import re
 import sys
 from abc import ABC, abstractmethod
 from dataclasses import dataclass
 
-from pydantic import BaseModel, ValidationError, validator
+from pydantic import BaseModel, ValidationError
 
-from prowler.config.config import valid_severities
 from prowler.lib.logger import logger
 
 
@@ -58,29 +56,6 @@ class Check_Metadata_Model(BaseModel):
     # store the compliance later if supplied
     Compliance: list = None
 
-    @validator("Categories", each_item=True, pre=True, always=True)
-    def valid_category(value):
-        if not isinstance(value, str):
-            raise ValueError("Categories must be a list of strings")
-        value_lower = value.lower()
-        if not re.match("^[a-z-]+$", value_lower):
-            raise ValueError(
-                f"Invalid category: {value}. Categories can only contain lowercase letters and hyphen '-'"
-            )
-        return value_lower
-
-    @validator("Severity", pre=True, always=True)
-    def severity_to_lower(severity):
-        return severity.lower()
-
-    @validator("Severity")
-    def valid_severity(severity):
-        if severity not in valid_severities:
-            raise ValueError(
-                f"Invalid severity: {severity}. Severity must be one of {', '.join(valid_severities)}"
-            )
-        return severity
-
 
 class Check(ABC, Check_Metadata_Model):
     """Prowler Check"""

prowler/lib/cli/parser.py

@@ -7,7 +7,6 @@ from prowler.config.config import (
     check_current_version,
     default_config_file_path,
     default_output_directory,
-    valid_severities,
 )
 from prowler.providers.common.arguments import (
     init_providers_parser,
@@ -50,7 +49,6 @@ Detailed documentation at https://docs.prowler.cloud
         self.__init_exclude_checks_parser__()
         self.__init_list_checks_parser__()
         self.__init_config_parser__()
-        self.__init_custom_checks_metadata_parser__()
 
         # Init Providers Arguments
         init_providers_parser(self)
@@ -222,11 +220,11 @@ Detailed documentation at https://docs.prowler.cloud
         group.add_argument(
             "-s", "--services", nargs="+", help="List of services to be executed."
         )
-        common_checks_parser.add_argument(
+        group.add_argument(
             "--severity",
             nargs="+",
-            help=f"List of severities to be executed {valid_severities}",
-            choices=valid_severities,
+            help="List of severities to be executed [informational, low, medium, high, critical]",
+            choices=["informational", "low", "medium", "high", "critical"],
         )
         group.add_argument(
             "--compliance",
@@ -288,15 +286,3 @@ Detailed documentation at https://docs.prowler.cloud
             default=default_config_file_path,
             help="Set configuration file path",
         )
-
-    def __init_custom_checks_metadata_parser__(self):
-        # CustomChecksMetadata
-        custom_checks_metadata_subparser = (
-            self.common_providers_parser.add_argument_group("Custom Checks Metadata")
-        )
-        custom_checks_metadata_subparser.add_argument(
-            "--custom-checks-metadata-file",
-            nargs="?",
-            default=None,
-            help="Path for the custom checks metadata YAML file. See example prowler/config/custom_checks_metadata_example.yaml for reference and format. See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/",
-        )

prowler/lib/outputs/compliance.py

@@ -11,7 +11,6 @@ from prowler.lib.outputs.models import (
     Check_Output_CSV_AWS_CIS,
     Check_Output_CSV_AWS_ISO27001_2013,
     Check_Output_CSV_AWS_Well_Architected,
-    Check_Output_CSV_AZURE_CIS,
     Check_Output_CSV_ENS_RD2022,
     Check_Output_CSV_GCP_CIS,
     Check_Output_CSV_Generic_Compliance,
@@ -36,7 +35,6 @@ def add_manual_controls(output_options, audit_info, file_descriptors):
             manual_finding.region = ""
             manual_finding.location = ""
             manual_finding.project_id = ""
-            manual_finding.subscription = ""
             fill_compliance(
                 output_options, manual_finding, audit_info, file_descriptors
             )
@@ -84,10 +82,6 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                             Requirements_Attributes_Dimensiones=",".join(
                                 attribute.Dimensiones
                             ),
-                            Requirements_Attributes_ModoEjecucion=attribute.ModoEjecucion,
-                            Requirements_Attributes_Dependencias=",".join(
-                                attribute.Dependencias
-                            ),
                             Status=finding.status,
                             StatusExtended=finding.status_extended,
                             ResourceId=finding.resource_id,
@@ -167,36 +161,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                 csv_header = generate_csv_fields(
                                     Check_Output_CSV_GCP_CIS
                                 )
-                            elif compliance.Provider == "Azure":
-                                compliance_row = Check_Output_CSV_AZURE_CIS(
-                                    Provider=finding.check_metadata.Provider,
-                                    Description=compliance.Description,
-                                    Subscription=finding.subscription,
-                                    AssessmentDate=outputs_unix_timestamp(
-                                        output_options.unix_timestamp, timestamp
-                                    ),
-                                    Requirements_Id=requirement_id,
-                                    Requirements_Description=requirement_description,
-                                    Requirements_Attributes_Section=attribute.Section,
-                                    Requirements_Attributes_Profile=attribute.Profile,
-                                    Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
-                                    Requirements_Attributes_Description=attribute.Description,
-                                    Requirements_Attributes_RationaleStatement=attribute.RationaleStatement,
-                                    Requirements_Attributes_ImpactStatement=attribute.ImpactStatement,
-                                    Requirements_Attributes_RemediationProcedure=attribute.RemediationProcedure,
-                                    Requirements_Attributes_AuditProcedure=attribute.AuditProcedure,
-                                    Requirements_Attributes_AdditionalInformation=attribute.AdditionalInformation,
-                                    Requirements_Attributes_DefaultValue=attribute.DefaultValue,
-                                    Requirements_Attributes_References=attribute.References,
-                                    Status=finding.status,
-                                    StatusExtended=finding.status_extended,
-                                    ResourceId=finding.resource_id,
-                                    ResourceName=finding.resource_name,
-                                    CheckId=finding.check_metadata.CheckID,
-                                )
-                                csv_header = generate_csv_fields(
-                                    Check_Output_CSV_AZURE_CIS
-                                )
+
             elif (
                 "AWS-Well-Architected-Framework" in compliance.Framework
                 and compliance.Provider == "AWS"
@@ -304,19 +269,11 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                         attributes_categories = ""
                         attributes_values = ""
                         attributes_comments = ""
-                        attributes_aws_services = ", ".join(
-                            attribute.AWSService for attribute in requirement.Attributes
-                        )
-                        attributes_categories = ", ".join(
-                            attribute.Category for attribute in requirement.Attributes
-                        )
-                        attributes_values = ", ".join(
-                            attribute.Value for attribute in requirement.Attributes
-                        )
-                        attributes_comments = ", ".join(
-                            attribute.Comment for attribute in requirement.Attributes
-                        )
-
+                        for attribute in requirement.Attributes:
+                            attributes_aws_services += attribute.AWSService + "\n"
+                            attributes_categories += attribute.Category + "\n"
+                            attributes_values += attribute.Value + "\n"
+                            attributes_comments += attribute.Comment + "\n"
                         compliance_row = Check_Output_MITRE_ATTACK(
                             Provider=finding.check_metadata.Provider,
                             Description=compliance.Description,
@@ -373,7 +330,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                 Requirements_Attributes_SubSection=attribute.SubSection,
                                 Requirements_Attributes_SubGroup=attribute.SubGroup,
                                 Requirements_Attributes_Service=attribute.Service,
-                                Requirements_Attributes_Type=attribute.Type,
+                                Requirements_Attributes_Soc_Type=attribute.Soc_Type,
                                 Status=finding.status,
                                 StatusExtended=finding.status_extended,
                                 ResourceId=finding.resource_id,
@@ -444,8 +401,7 @@ def display_compliance_table(
                                         "Bajo": 0,
                                     }
                                 if finding.status == "FAIL":
-                                    if attribute.Tipo != "recomendacion":
-                                        fail_count += 1
+                                    fail_count += 1
                                     marcos[marco_categoria][
                                         "Estado"
                                     ] = f"{Fore.RED}NO CUMPLE{Style.RESET_ALL}"
@@ -487,8 +443,8 @@ def display_compliance_table(
                 )
                 overview_table = [
                     [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
                     ]
                 ]
                 print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -582,8 +538,8 @@ def display_compliance_table(
                 )
                 overview_table = [
                     [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                     ]
                 ]
                 print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -653,8 +609,8 @@ def display_compliance_table(
                 )
                 overview_table = [
                     [
-                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                     ]
                 ]
                 print(tabulate(overview_table, tablefmt="rounded_grid"))

prowler/lib/outputs/file_descriptors.py

@@ -12,27 +12,28 @@ from prowler.config.config import (
 from prowler.lib.logger import logger
 from prowler.lib.outputs.html import add_html_header
 from prowler.lib.outputs.models import (
+    Aws_Check_Output_CSV,
+    Azure_Check_Output_CSV,
     Check_Output_CSV_AWS_CIS,
     Check_Output_CSV_AWS_ISO27001_2013,
     Check_Output_CSV_AWS_Well_Architected,
-    Check_Output_CSV_AZURE_CIS,
     Check_Output_CSV_ENS_RD2022,
     Check_Output_CSV_GCP_CIS,
     Check_Output_CSV_Generic_Compliance,
     Check_Output_MITRE_ATTACK,
+    Gcp_Check_Output_CSV,
     generate_csv_fields,
 )
 from prowler.lib.utils.utils import file_exists, open_file
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.azure.lib.audit_info.models import Azure_Audit_Info
-from prowler.providers.common.outputs import get_provider_output_model
 from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info
 
 
 def initialize_file_descriptor(
     filename: str,
     output_mode: str,
-    audit_info: Any,
+    audit_info: AWS_Audit_Info,
     format: Any = None,
 ) -> TextIOWrapper:
     """Open/Create the output file. If needed include headers or the required format"""
@@ -74,15 +75,27 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
             for output_mode in output_modes:
                 if output_mode == "csv":
                     filename = f"{output_directory}/{output_filename}{csv_file_suffix}"
-                    output_model = get_provider_output_model(
-                        audit_info.__class__.__name__
-                    )
-                    file_descriptor = initialize_file_descriptor(
-                        filename,
-                        output_mode,
-                        audit_info,
-                        output_model,
-                    )
+                    if isinstance(audit_info, AWS_Audit_Info):
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Aws_Check_Output_CSV,
+                        )
+                    if isinstance(audit_info, Azure_Audit_Info):
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Azure_Check_Output_CSV,
+                        )
+                    if isinstance(audit_info, GCP_Audit_Info):
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Gcp_Check_Output_CSV,
+                        )
                     file_descriptors.update({output_mode: file_descriptor})
 
                 elif output_mode == "json":
@@ -109,22 +122,13 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
                     file_descriptors.update({output_mode: file_descriptor})
 
                 elif isinstance(audit_info, GCP_Audit_Info):
-                    filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
-                    if "cis_" in output_mode:
+                    if output_mode == "cis_2.0_gcp":
+                        filename = f"{output_directory}/{output_filename}_cis_2.0_gcp{csv_file_suffix}"
                         file_descriptor = initialize_file_descriptor(
                             filename, output_mode, audit_info, Check_Output_CSV_GCP_CIS
                         )
                         file_descriptors.update({output_mode: file_descriptor})
-                elif isinstance(audit_info, Azure_Audit_Info):
-                    filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
-                    if "cis_" in output_mode:
-                        file_descriptor = initialize_file_descriptor(
-                            filename,
-                            output_mode,
-                            audit_info,
-                            Check_Output_CSV_AZURE_CIS,
-                        )
-                        file_descriptors.update({output_mode: file_descriptor})
+
                 elif isinstance(audit_info, AWS_Audit_Info):
                     if output_mode == "json-asff":
                         filename = f"{output_directory}/{output_filename}{json_asff_file_suffix}"
@@ -132,62 +136,87 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
                             filename, output_mode, audit_info
                         )
                         file_descriptors.update({output_mode: file_descriptor})
-                    else:  # Compliance frameworks
+
+                    elif output_mode == "ens_rd2022_aws":
+                        filename = f"{output_directory}/{output_filename}_ens_rd2022_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_ENS_RD2022,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif output_mode == "cis_1.5_aws":
+                        filename = f"{output_directory}/{output_filename}_cis_1.5_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename, output_mode, audit_info, Check_Output_CSV_AWS_CIS
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif output_mode == "cis_1.4_aws":
+                        filename = f"{output_directory}/{output_filename}_cis_1.4_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename, output_mode, audit_info, Check_Output_CSV_AWS_CIS
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif (
+                        output_mode
+                        == "aws_well_architected_framework_security_pillar_aws"
+                    ):
+                        filename = f"{output_directory}/{output_filename}_aws_well_architected_framework_security_pillar_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_AWS_Well_Architected,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif (
+                        output_mode
+                        == "aws_well_architected_framework_reliability_pillar_aws"
+                    ):
+                        filename = f"{output_directory}/{output_filename}_aws_well_architected_framework_reliability_pillar_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_AWS_Well_Architected,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif output_mode == "iso27001_2013_aws":
+                        filename = f"{output_directory}/{output_filename}_iso27001_2013_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_AWS_ISO27001_2013,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    elif output_mode == "mitre_attack_aws":
+                        filename = f"{output_directory}/{output_filename}_mitre_attack_aws{csv_file_suffix}"
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_MITRE_ATTACK,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
+
+                    else:
+                        # Generic Compliance framework
                         filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
-                        if output_mode == "ens_rd2022_aws":
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_CSV_ENS_RD2022,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
-
-                        elif "cis_" in output_mode:
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_CSV_AWS_CIS,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
-
-                        elif "aws_well_architected_framework" in output_mode:
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_CSV_AWS_Well_Architected,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
-
-                        elif output_mode == "iso27001_2013_aws":
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_CSV_AWS_ISO27001_2013,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
-
-                        elif output_mode == "mitre_attack_aws":
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_MITRE_ATTACK,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
-
-                        else:
-                            # Generic Compliance framework
-                            file_descriptor = initialize_file_descriptor(
-                                filename,
-                                output_mode,
-                                audit_info,
-                                Check_Output_CSV_Generic_Compliance,
-                            )
-                            file_descriptors.update({output_mode: file_descriptor})
+                        file_descriptor = initialize_file_descriptor(
+                            filename,
+                            output_mode,
+                            audit_info,
+                            Check_Output_CSV_Generic_Compliance,
+                        )
+                        file_descriptors.update({output_mode: file_descriptor})
 
     except Exception as error:
         logger.error(

prowler/lib/outputs/html.py

@@ -1,4 +1,3 @@
-import html
 import importlib
 import sys
 from os import path
@@ -31,9 +30,9 @@ def add_html_header(file_descriptor, audit_info):
         <!DOCTYPE html>
     <html lang="en">
     <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
     <!-- Required meta tags -->
-    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <style>
         .read-more {
             color: #00f;
@@ -49,7 +48,7 @@ def add_html_header(file_descriptor, audit_info):
     </style>
     <!-- Bootstrap CSS -->
     <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css"
-        integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous" />
+        integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
     <!-- https://datatables.net/download/index with jQuery, DataTables, Buttons, SearchPanes, and Select //-->
     <link rel="stylesheet" type="text/css"
         href="https://cdn.datatables.net/v/dt/jqc-1.12.4/dt-1.10.25/b-1.7.1/sp-1.4.0/sl-1.3.3/datatables.min.css" />
@@ -79,13 +78,13 @@ def add_html_header(file_descriptor, audit_info):
     <div class="container-fluid">
         <div class="row mt-3">
         <div class="col-md-4">
-            <a href=\""""
+            <a href="""
             + html_logo_url
-            + """\"><img class="float-left card-img-left mt-4 mr-4 ml-4"
-                        src=\""""
+            + """><img class="float-left card-img-left mt-4 mr-4 ml-4"
+                        src="""
             + html_logo_img
-            + """\"
-                        alt="prowler-logo" /></a>
+            + """
+                        alt="prowler-logo"></a>
             <div class="card">
             <div class="card-header">
                 Report Information
@@ -183,13 +182,13 @@ def fill_html(file_descriptor, finding, output_options):
                     <td>{finding.check_metadata.Severity}</td>
                     <td>{finding.check_metadata.ServiceName}</td>
                     <td>{finding.location.lower() if isinstance(finding, Check_Report_GCP) else finding.region if isinstance(finding, Check_Report_AWS) else ""}</td>
-                    <td>{finding.check_metadata.CheckID.replace("_", "<wbr />_")}</td>
+                    <td>{finding.check_metadata.CheckID.replace("_", "<wbr>_")}</td>
                     <td>{finding.check_metadata.CheckTitle}</td>
-                    <td>{finding.resource_id.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr />_")}</td>
+                    <td>{finding.resource_id.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr>_")}</td>
                     <td>{parse_html_string(unroll_tags(finding.resource_tags))}</td>
-                    <td>{finding.status_extended.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr />_")}</td>
-                    <td><p class="show-read-more">{html.escape(finding.check_metadata.Risk)}</p></td>
-                    <td><p class="show-read-more">{html.escape(finding.check_metadata.Remediation.Recommendation.Text)}</p> <a class="read-more" href="{finding.check_metadata.Remediation.Recommendation.Url}"><i class="fas fa-external-link-alt"></i></a></td>
+                    <td>{finding.status_extended.replace("<", "&lt;").replace(">", "&gt;").replace("_", "<wbr>_")}</td>
+                    <td><p class="show-read-more">{finding.check_metadata.Risk}</p></td>
+                    <td><p class="show-read-more">{finding.check_metadata.Remediation.Recommendation.Text}</p> <a class="read-more" href="{finding.check_metadata.Remediation.Recommendation.Url}"><i class="fas fa-external-link-alt"></i></a></td>
                     <td><p class="show-read-more">{parse_html_string(unroll_dict(get_check_compliance(finding, finding.check_metadata.Provider, output_options)))}</p></td>
                 </tr>
                 """
@@ -248,6 +247,8 @@ def add_html_footer(output_filename, output_directory):
             </table>
         </div>
     </div>
+    </div>
+    </div>
     <!-- Table search and paginator -->
     <!-- Optional JavaScript -->
     <!-- jQuery first, then Popper.js, then Bootstrap JS -->
@@ -337,9 +338,8 @@ def add_html_footer(output_filename, output_directory):
 def get_aws_html_assessment_summary(audit_info):
     try:
         if isinstance(audit_info, AWS_Audit_Info):
-            profile = (
-                audit_info.profile if audit_info.profile is not None else "default"
-            )
+            if not audit_info.profile:
+                audit_info.profile = "ENV"
             if isinstance(audit_info.audited_regions, list):
                 audited_regions = " ".join(audit_info.audited_regions)
             elif not audit_info.audited_regions:
@@ -361,7 +361,7 @@ def get_aws_html_assessment_summary(audit_info):
                         </li>
                         <li class="list-group-item">
                             <b>AWS-CLI Profile:</b> """
-                + profile
+                + audit_info.profile
                 + """
                         </li>
                         <li class="list-group-item">
@@ -406,7 +406,7 @@ def get_azure_html_assessment_summary(audit_info):
         if isinstance(audit_info, Azure_Audit_Info):
             printed_subscriptions = []
             for key, value in audit_info.identity.subscriptions.items():
-                intermediate = f"{key} : {value}"
+                intermediate = key + " : " + value
                 printed_subscriptions.append(intermediate)
 
             # check if identity is str(coming from SP) or dict(coming from browser or)

prowler/lib/outputs/json.py

@@ -31,7 +31,6 @@ from prowler.lib.outputs.models import (
     unroll_dict_to_list,
 )
 from prowler.lib.utils.utils import hash_sha512, open_file, outputs_unix_timestamp
-from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 
 
 def fill_json_asff(finding_output, audit_info, finding, output_options):
@@ -51,9 +50,9 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
         finding_output.GeneratorId = "prowler-" + finding.check_metadata.CheckID
         finding_output.AwsAccountId = audit_info.audited_account
         finding_output.Types = finding.check_metadata.CheckType
-        finding_output.FirstObservedAt = finding_output.UpdatedAt = (
-            finding_output.CreatedAt
-        ) = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
+        finding_output.FirstObservedAt = (
+            finding_output.UpdatedAt
+        ) = finding_output.CreatedAt = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
         finding_output.Severity = Severity(
             Label=finding.check_metadata.Severity.upper()
         )
@@ -100,17 +99,7 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
         if not finding.check_metadata.Remediation.Recommendation.Url:
             finding.check_metadata.Remediation.Recommendation.Url = "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"
         finding_output.Remediation = {
-            "Recommendation": {
-                "Text": (
-                    (
-                        finding.check_metadata.Remediation.Recommendation.Text[:509]
-                        + "..."
-                    )
-                    if len(finding.check_metadata.Remediation.Recommendation.Text) > 512
-                    else finding.check_metadata.Remediation.Recommendation.Text
-                ),
-                "Url": finding.check_metadata.Remediation.Recommendation.Url,
-            }
+            "Recommendation": finding.check_metadata.Remediation.Recommendation
         }
 
         return finding_output
@@ -166,11 +155,6 @@ def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCS
         aws_org_uid = ""
         account = None
         org = None
-        profile = ""
-        if isinstance(audit_info, AWS_Audit_Info):
-            profile = (
-                audit_info.profile if audit_info.profile is not None else "default"
-            )
         if (
             hasattr(audit_info, "organizations_metadata")
             and audit_info.organizations_metadata
@@ -265,7 +249,9 @@ def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCS
             original_time=outputs_unix_timestamp(
                 output_options.unix_timestamp, timestamp
             ),
-            profiles=[profile],
+            profiles=[audit_info.profile]
+            if hasattr(audit_info, "organizations_metadata")
+            else [],
         )
         compliance = Compliance_OCSF(
             status=generate_json_ocsf_status(finding.status),

prowler/lib/outputs/models.py

@@ -24,8 +24,7 @@ def get_check_compliance(finding, provider, output_options):
                 compliance_fw = compliance.Framework
                 if compliance.Version:
                     compliance_fw = f"{compliance_fw}-{compliance.Version}"
-                # compliance.Provider == "Azure" or "GCP" or "AWS"
-                if compliance.Provider.upper() == provider.upper():
+                if compliance.Provider == provider.upper():
                     if compliance_fw not in check_compliance:
                         check_compliance[compliance_fw] = []
                     for requirement in compliance.Requirements:
@@ -56,9 +55,9 @@ def generate_provider_output_csv(
             data["resource_name"] = finding.resource_name
             data["subscription"] = finding.subscription
             data["tenant_domain"] = audit_info.identity.domain
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
             data["compliance"] = unroll_dict(
                 get_check_compliance(finding, provider, output_options)
             )
@@ -69,9 +68,9 @@ def generate_provider_output_csv(
             data["resource_name"] = finding.resource_name
             data["project_id"] = finding.project_id
             data["location"] = finding.location.lower()
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
             data["compliance"] = unroll_dict(
                 get_check_compliance(finding, provider, output_options)
             )
@@ -83,9 +82,9 @@ def generate_provider_output_csv(
             data["region"] = finding.region
             data["resource_id"] = finding.resource_id
             data["resource_arn"] = finding.resource_arn
-            data["finding_unique_id"] = (
-                f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
-            )
+            data[
+                "finding_unique_id"
+            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
             data["compliance"] = unroll_dict(
                 get_check_compliance(finding, provider, output_options)
             )
@@ -537,8 +536,6 @@ class Check_Output_CSV_ENS_RD2022(BaseModel):
     Requirements_Attributes_Nivel: str
     Requirements_Attributes_Tipo: str
     Requirements_Attributes_Dimensiones: str
-    Requirements_Attributes_ModoEjecucion: str
-    Requirements_Attributes_Dependencias: Optional[str]
     Status: str
     StatusExtended: str
     ResourceId: str
@@ -602,35 +599,6 @@ class Check_Output_CSV_GCP_CIS(BaseModel):
     CheckId: str
 
 
-class Check_Output_CSV_AZURE_CIS(BaseModel):
-    """
-    Check_Output_CSV_CIS generates a finding's output in CSV CIS format.
-    """
-
-    Provider: str
-    Description: str
-    Subscription: str
-    AssessmentDate: str
-    Requirements_Id: str
-    Requirements_Description: str
-    Requirements_Attributes_Section: str
-    Requirements_Attributes_Profile: str
-    Requirements_Attributes_AssessmentStatus: str
-    Requirements_Attributes_Description: str
-    Requirements_Attributes_RationaleStatement: str
-    Requirements_Attributes_ImpactStatement: str
-    Requirements_Attributes_RemediationProcedure: str
-    Requirements_Attributes_AuditProcedure: str
-    Requirements_Attributes_AdditionalInformation: str
-    Requirements_Attributes_DefaultValue: str
-    Requirements_Attributes_References: str
-    Status: str
-    StatusExtended: str
-    ResourceId: str
-    ResourceName: str
-    CheckId: str
-
-
 class Check_Output_CSV_Generic_Compliance(BaseModel):
     """
     Check_Output_CSV_Generic_Compliance generates a finding's output in CSV Generic Compliance format.
@@ -646,8 +614,8 @@ class Check_Output_CSV_Generic_Compliance(BaseModel):
     Requirements_Attributes_Section: Optional[str]
     Requirements_Attributes_SubSection: Optional[str]
     Requirements_Attributes_SubGroup: Optional[str]
-    Requirements_Attributes_Service: Optional[str]
-    Requirements_Attributes_Type: Optional[str]
+    Requirements_Attributes_Service: str
+    Requirements_Attributes_Soc_Type: Optional[str]
     Status: str
     StatusExtended: str
     ResourceId: str