Merge branch 'master' into PRWLR-7512-create-custom-link-component

chore(ui): addressed PR comments
2026-05-17 17:53:27 +00:00 · 2025-07-08 15:16:46 +05:30 · 2025-07-08 14:33:56 +05:30 · 2025-07-08 08:22:04 +05:30 · 2025-07-07 10:56:30 +05:30 · 2025-07-07 10:19:50 +05:30
314 changed files with 4484 additions and 15427 deletions
@@ -6,7 +6,6 @@ on:
      - "master"
    paths:
      - "api/**"
-      - "prowler/**"
      - ".github/workflows/api-build-lint-push-containers.yml"

  # Uncomment the code below to test this action on PRs
@@ -136,6 +136,12 @@ jobs:
        run: |
          poetry check --lock

+      - name: Prevents known compatibility error between lxml and libxml2/libxmlsec versions - https://github.com/xmlsec/python-xmlsec/issues/320
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pip install --force-reinstall --no-binary lxml lxml
+
      - name: Lint with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -1,215 +0,0 @@
-name: Prowler Release Preparation
-
-run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      prowler_version:
-        description: 'Prowler version to release (e.g., 5.9.0)'
-        required: true
-        type: string
-
-env:
-  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}
-
-jobs:
-  prepare-release:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        fetch-depth: 0
-
-    - name: Parse version and determine branch
-      run: |
-        # Validate version format (reusing pattern from sdk-bump-version.yml)
-        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-          MAJOR_VERSION=${BASH_REMATCH[1]}
-          MINOR_VERSION=${BASH_REMATCH[2]}
-          PATCH_VERSION=${BASH_REMATCH[3]}
-
-          # Export version components to environment
-          echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "PATCH_VERSION=${PATCH_VERSION}" >> "${GITHUB_ENV}"
-
-          # Determine branch name (format: v5.9)
-          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
-          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"
-
-          # Calculate UI version (1.X.X format - matches Prowler minor version)
-          UI_VERSION="1.${MINOR_VERSION}.${PATCH_VERSION}"
-          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-
-          # Calculate API version (1.X.X format - one minor version ahead)
-          API_MINOR_VERSION=$((MINOR_VERSION + 1))
-          API_VERSION="1.${API_MINOR_VERSION}.${PATCH_VERSION}"
-          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Prowler version: $PROWLER_VERSION"
-          echo "Branch name: $BRANCH_NAME"
-          echo "UI version: $UI_VERSION"
-          echo "API version: $API_VERSION"
-          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
-        else
-          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
-          exit 1
-        fi
-
-    - name: Checkout existing branch for patch release
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
-          exit 1
-        fi
-
-    - name: Verify version in pyproject.toml
-      run: |
-        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ pyproject.toml version: $CURRENT_VERSION"
-
-    - name: Verify version in prowler/config/config.py
-      run: |
-        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in prowler/config/config.py (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"
-
-    - name: Verify version in api/pyproject.toml
-      run: |
-        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in api/pyproject.toml (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"
-
-    - name: Verify prowler dependency in api/pyproject.toml
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_PROWLER_REF" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Prowler dependency mismatch in api/pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_PROWLER_REF')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
-
-    - name: Verify version in api/src/backend/api/v1/views.py
-      run: |
-        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in views.py (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
-
-    - name: Create release branch for minor release
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        echo "Minor release detected (patch = 0), creating new branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME" || git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "ERROR: Branch $BRANCH_NAME already exists for minor release $PROWLER_VERSION"
-          exit 1
-        fi
-        git checkout -b "$BRANCH_NAME"
-
-    - name: Extract changelog entries
-      run: |
-        set -e
-
-        # Function to extract changelog for a specific version
-        extract_changelog() {
-          local file="$1"
-          local version="$2"
-          local output_file="$3"
-
-          if [ ! -f "$file" ]; then
-            echo "Warning: $file not found, skipping..."
-            touch "$output_file"
-            return
-          fi
-
-          # Extract changelog section for this version
-          awk -v version="$version" '
-            /^## \[v?'"$version"'\]/ { found=1; next }
-            found && /^## \[v?[0-9]+\.[0-9]+\.[0-9]+\]/ { found=0 }
-            found && !/^## \[v?'"$version"'\]/ { print }
-          ' "$file" > "$output_file"
-
-          # Remove --- separators
-          sed -i '/^---$/d' "$output_file"
-
-          # Remove trailing empty lines
-          sed -i '/^$/d' "$output_file"
-        }
-
-        # Extract changelogs
-        echo "Extracting changelog entries..."
-        extract_changelog "prowler/CHANGELOG.md" "$PROWLER_VERSION" "prowler_changelog.md"
-        extract_changelog "api/CHANGELOG.md" "$API_VERSION" "api_changelog.md"
-        extract_changelog "ui/CHANGELOG.md" "$UI_VERSION" "ui_changelog.md"
-
-        # Combine changelogs in order: UI, API, SDK
-        > combined_changelog.md
-
-        if [ -s "ui_changelog.md" ]; then
-          echo "## UI" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat ui_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "api_changelog.md" ]; then
-          echo "## API" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat api_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "prowler_changelog.md" ]; then
-          echo "## SDK" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat prowler_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        echo "Combined changelog preview:"
-        cat combined_changelog.md
-
-    - name: Create draft release
-      uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
-      with:
-        tag_name: ${{ env.PROWLER_VERSION }}
-        name: Prowler ${{ env.PROWLER_VERSION }}
-        body_path: combined_changelog.md
-        draft: true
-        target_commitish: ${{ env.PATCH_VERSION == '0' && 'master' || env.BRANCH_NAME }}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Clean up temporary files
-      run: |
-        rm -f prowler_changelog.md api_changelog.md ui_changelog.md combined_changelog.md
@@ -97,7 +97,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -136,7 +135,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -102,15 +102,8 @@ jobs:
        run: |
          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .

-      - name: Dockerfile - Check if Dockerfile has changed
-        id: dockerfile-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            Dockerfile
-
      - name: Hadolint
-        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013

@@ -136,14 +136,6 @@ If your workstation's architecture is incompatible, you can resolve this by:

 > Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

-### Common Issues with Docker Pull Installation
-
-> [!Note]
-  If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.md) section for more details and examples.
-
-You can find more information in the [Troubleshooting](./docs/troubleshooting.md) section.
-
-
 ### From GitHub

 **Requirements**
@@ -2,55 +2,17 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.10.2] (Prowler v5.9.2)
-
-### Changed
- Optimized queries for resources views [(#8336)](https://github.com/prowler-cloud/prowler/pull/8336)
-
---
-
-## [v1.10.1] (Prowler v5.9.1)
-
-### Fixed
- Calculate failed findings during scans to prevent heavy database queries [(#8322)](https://github.com/prowler-cloud/prowler/pull/8322)
-
---
-
-## [v1.10.0] (Prowler v5.9.0)
+## [v1.10.0] (Prowler UNRELEASED)

 ### Added
 - SSO with SAML support [(#8175)](https://github.com/prowler-cloud/prowler/pull/8175)
- `GET /resources/metadata`, `GET /resources/metadata/latest` and `GET /resources/latest` to expose resource metadata and latest scan results [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
-
-### Changed
- `/processors` endpoints to post-process findings. Currently, only the Mutelist processor is supported to allow to mute findings.
- Optimized the underlying queries for resources endpoints [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- Optimized include parameters for resources view [(#8229)](https://github.com/prowler-cloud/prowler/pull/8229)
- Optimized overview background tasks [(#8300)](https://github.com/prowler-cloud/prowler/pull/8300)
-
-### Fixed
- Search filter for findings and resources [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- RBAC is now applied to `GET /overviews/providers` [(#8277)](https://github.com/prowler-cloud/prowler/pull/8277)
-
-### Changed
- `POST /schedules/daily` returns a `409 CONFLICT` if already created [(#8258)](https://github.com/prowler-cloud/prowler/pull/8258)
-
-### Security
- Enhanced password validation to enforce 12+ character passwords with special characters, uppercase, lowercase, and numbers [(#8225)](https://github.com/prowler-cloud/prowler/pull/8225)

 ---

 ## [v1.9.1] (Prowler v5.8.1)

-### Added
- Custom exception for provider connection errors during scans [(#8234)](https://github.com/prowler-cloud/prowler/pull/8234)
-
-### Changed
- Summary and overview tasks now use a dedicated queue and no longer propagate errors to compliance tasks [(#8214)](https://github.com/prowler-cloud/prowler/pull/8214)
-
 ### Fixed
 - Scan with no resources will not trigger legacy code for findings metadata [(#8183)](https://github.com/prowler-cloud/prowler/pull/8183)
- Invitation email comparison case-insensitive [(#8206)](https://github.com/prowler-cloud/prowler/pull/8206)

 ### Removed
 - Validation of the provider's secret type during updates [(#8197)](https://github.com/prowler-cloud/prowler/pull/8197)
@@ -57,6 +57,10 @@ RUN poetry install --no-root && \

 RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"

+# Prevents known compatibility error between lxml and libxml2/libxmlsec versions.
+# See: https://github.com/xmlsec/python-xmlsec/issues/320
+RUN poetry run pip install --force-reinstall --no-binary lxml lxml
+
 COPY src/backend/ ./backend/
 COPY docker-entrypoint.sh ./docker-entrypoint.sh

@@ -257,7 +257,7 @@ cd src/backend
 python manage.py loaddata api/fixtures/0_dev_users.json --database admin
 ```

-> The default credentials are `dev@prowler.com:Thisisapassword123@` or `dev2@prowler.com:Thisisapassword123@`
+> The default credentials are `dev@prowler.com:thisisapassword123` or `dev2@prowler.com:thisisapassword123`

 ## Run tests

@@ -32,7 +32,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill,overview -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill -E --max-tasks-per-child 1
 }

 start_worker_beat() {
@@ -23,14 +23,12 @@ dependencies = [
  "drf-spectacular==0.27.2",
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
-  "lxml==5.3.2",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.9",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
  "uuid6==2024.7.10",
-  "openai (>=1.82.0,<2.0.0)",
-  "xmlsec==1.3.14"
+  "openai (>=1.82.0,<2.0.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -38,7 +36,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.10.2"
+version = "1.9.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -65,7 +65,5 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
                        role=role,
                        tenant_id=tenant.id,
                    )
-            else:
-                request.session["saml_user_created"] = str(user.id)

        return user
@@ -175,29 +175,6 @@ def create_objects_in_batches(
            model.objects.bulk_create(chunk, batch_size)


-def update_objects_in_batches(
-    tenant_id: str, model, objects: list, fields: list, batch_size: int = 500
-):
-    """
-    Bulk-update model instances in repeated, per-tenant RLS transactions.
-
-    All chunks execute in their own transaction, so no single transaction
-    grows too large.
-
-    Args:
-        tenant_id (str): UUID string of the tenant under which to set RLS.
-        model: Django model class whose `.objects.bulk_update()` will be called.
-        objects (list): List of model instances (saved) to bulk-update.
-        fields (list): List of field names to update.
-        batch_size (int): Maximum number of objects per bulk_update call.
-    """
-    total = len(objects)
-    for start in range(0, total, batch_size):
-        chunk = objects[start : start + batch_size]
-        with rls_transaction(value=tenant_id, parameter=POSTGRES_TENANT_VAR):
-            model.objects.bulk_update(chunk, fields, batch_size)
-
-
 # Postgres Enums


@@ -552,15 +529,3 @@ class IntegrationTypeEnum(EnumType):
 class IntegrationTypeEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("integration_type", *args, **kwargs)
-
-
-# Postgres enum definition for Processor type
-
-
-class ProcessorTypeEnum(EnumType):
-    enum_type_name = "processor_type"
-
-
-class ProcessorTypeEnumField(PostgresEnumField):
-    def __init__(self, *args, **kwargs):
-        super().__init__("processor_type", *args, **kwargs)
@@ -57,11 +57,6 @@ class TaskInProgressException(TaskManagementError):
        super().__init__()


-# Provider connection errors
-class ProviderConnectionError(Exception):
-    """Base exception for provider connection errors."""
-
-
 def custom_exception_handler(exc, context):
    if isinstance(exc, django_validation_error):
        if hasattr(exc, "error_dict"):
@@ -78,21 +73,3 @@ def custom_exception_handler(exc, context):
                message_item["message"] for message_item in exc.detail["messages"]
            ]
    return exception_handler(exc, context)
-
-
-class ConflictException(APIException):
-    status_code = status.HTTP_409_CONFLICT
-    default_detail = "A conflict occurred. The resource already exists."
-    default_code = "conflict"
-
-    def __init__(self, detail=None, code=None, pointer=None):
-        error_detail = {
-            "detail": detail or self.default_detail,
-            "status": self.status_code,
-            "code": self.default_code,
-        }
-
-        if pointer:
-            error_detail["source"] = {"pointer": pointer}
-
-        super().__init__(detail=[error_detail])
@@ -1,6 +1,5 @@
 from datetime import date, datetime, timedelta, timezone

-from dateutil.parser import parse
 from django.conf import settings
 from django.db.models import Q
 from django_filters.rest_framework import (
@@ -29,7 +28,6 @@ from api.models import (
    Invitation,
    Membership,
    PermissionChoices,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
@@ -340,8 +338,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
    tags = CharFilter(method="filter_tag")
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    scan = UUIDFilter(field_name="provider__scan", lookup_expr="exact")
-    scan__in = UUIDInFilter(field_name="provider__scan", lookup_expr="in")

    class Meta:
        model = Resource
@@ -356,82 +352,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
            "updated_at": ["gte", "lte"],
        }

-    def filter_queryset(self, queryset):
-        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
-            self.data.get("updated_at")
-            or self.data.get("updated_at__date")
-            or self.data.get("updated_at__gte")
-            or self.data.get("updated_at__lte")
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": "At least one date filter is required: filter[updated_at], filter[updated_at.gte], "
-                        "or filter[updated_at.lte].",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "required",
-                    }
-                ]
-            )
-
-        gte_date = (
-            parse(self.data.get("updated_at__gte")).date()
-            if self.data.get("updated_at__gte")
-            else datetime.now(timezone.utc).date()
-        )
-        lte_date = (
-            parse(self.data.get("updated_at__lte")).date()
-            if self.data.get("updated_at__lte")
-            else datetime.now(timezone.utc).date()
-        )
-
-        if abs(lte_date - gte_date) > timedelta(
-            days=settings.FINDINGS_MAX_DAYS_IN_RANGE
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"The date range cannot exceed {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        return super().filter_queryset(queryset)
-
-    def filter_tag_key(self, queryset, name, value):
-        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))
-
-    def filter_tag_value(self, queryset, name, value):
-        return queryset.filter(Q(tags__value=value) | Q(tags__value__icontains=value))
-
-    def filter_tag(self, queryset, name, value):
-        # We won't know what the user wants to filter on just based on the value,
-        # and we don't want to build special filtering logic for every possible
-        # provider tag spec, so we'll just do a full text search
-        return queryset.filter(tags__text_search=value)
-
-
-class LatestResourceFilter(ProviderRelationshipFilterSet):
-    tag_key = CharFilter(method="filter_tag_key")
-    tag_value = CharFilter(method="filter_tag_value")
-    tag = CharFilter(method="filter_tag")
-    tags = CharFilter(method="filter_tag")
-
-    class Meta:
-        model = Resource
-        fields = {
-            "provider": ["exact", "in"],
-            "uid": ["exact", "icontains"],
-            "name": ["exact", "icontains"],
-            "region": ["exact", "icontains", "in"],
-            "service": ["exact", "icontains", "in"],
-            "type": ["exact", "icontains", "in"],
-        }
-
    def filter_tag_key(self, queryset, name, value):
        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))

@@ -784,12 +704,3 @@ class IntegrationFilter(FilterSet):
        fields = {
            "inserted_at": ["date", "gte", "lte"],
        }
-
-
-class ProcessorFilter(FilterSet):
-    processor_type = ChoiceFilter(choices=Processor.ProcessorChoices.choices)
-    processor_type__in = ChoiceInFilter(
-        choices=Processor.ProcessorChoices.choices,
-        field_name="processor_type",
-        lookup_expr="in",
-    )
@@ -3,7 +3,7 @@
    "model": "api.user",
    "pk": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devie Prowlerson",
      "email": "dev@prowler.com",
@@ -16,7 +16,7 @@
    "model": "api.user",
    "pk": "b6493a3a-c997-489b-8b99-278bf74de9f6",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devietoo Prowlerson",
      "email": "dev2@prowler.com",
@@ -1,34 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import PostgresEnumMigration, ProcessorTypeEnum, register_enum
-from api.models import Processor
-
-ProcessorTypeEnumMigration = PostgresEnumMigration(
-    enum_name="processor_type",
-    enum_values=tuple(
-        processor_type[0] for processor_type in Processor.ProcessorChoices.choices
-    ),
-)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0032_saml"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            ProcessorTypeEnumMigration.create_enum_type,
-            reverse_code=ProcessorTypeEnumMigration.drop_enum_type,
-        ),
-        migrations.RunPython(
-            partial(register_enum, enum_class=ProcessorTypeEnum),
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
@@ -1,88 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-26 13:04
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-from api.rls import RowLevelSecurityConstraint
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0033_processors_enum"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Processor",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "processor_type",
-                    api.db_utils.ProcessorTypeEnumField(
-                        choices=[("mutelist", "Mutelist")]
-                    ),
-                ),
-                ("configuration", models.JSONField(default=dict)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "processors",
-                "abstract": False,
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "id"], name="processor_tenant_id_idx"
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "processor_type"],
-                        name="processor_tenant_type_idx",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_processor",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="scan",
-            name="processor",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="scans",
-                related_query_name="scan",
-                to="api.processor",
-            ),
-        ),
-    ]
@@ -1,22 +0,0 @@
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0034_processors"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="muted_reason",
-            field=models.TextField(
-                blank=True,
-                max_length=500,
-                null=True,
-                validators=[django.core.validators.MinLengthValidator(3)],
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0035_finding_muted_reason"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-                columns="tenant_id, finding_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0036_rfm_tenant_finding_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0037_rfm_tenant_finding_index_parent"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="resource",
-            name="failed_findings_count",
-            field=models.IntegerField(default=0),
-        )
-    ]
@@ -1,20 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0038_resource_failed_findings_count"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0039_resource_resources_failed_findings_idx"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-                columns="tenant_id, resource_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0040_rfm_tenant_resource_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,23 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0041_rfm_tenant_resource_parent_partitions"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="scan",
-            index=models.Index(
-                condition=models.Q(("state", "completed")),
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                include=("id",),
-                name="scans_prov_ins_desc_idx",
-            ),
-        ),
-    ]
@@ -34,7 +34,6 @@ from api.db_utils import (
    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
-    ProcessorTypeEnumField,
    ProviderEnumField,
    ProviderSecretTypeEnumField,
    ScanTriggerEnumField,
@@ -410,6 +409,20 @@ class Scan(RowLevelSecurityProtectedModel):
    name = models.CharField(
        blank=True, null=True, max_length=100, validators=[MinLengthValidator(3)]
    )
+    provider = models.ForeignKey(
+        Provider,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+    )
+    task = models.ForeignKey(
+        Task,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+        null=True,
+        blank=True,
+    )
    trigger = ScanTriggerEnumField(
        choices=TriggerChoices.choices,
    )
@@ -428,28 +441,8 @@ class Scan(RowLevelSecurityProtectedModel):
        PeriodicTask, on_delete=models.SET_NULL, null=True, blank=True
    )
    output_location = models.CharField(blank=True, null=True, max_length=200)
-    provider = models.ForeignKey(
-        Provider,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-    )
-    task = models.ForeignKey(
-        Task,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
-    )
-    processor = models.ForeignKey(
-        "Processor",
-        on_delete=models.SET_NULL,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
-    )
+
+    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "scans"
@@ -476,13 +469,6 @@ class Scan(RowLevelSecurityProtectedModel):
                condition=Q(state=StateChoices.COMPLETED),
                name="scans_prov_state_ins_desc_idx",
            ),
-            # TODO This might replace `scans_prov_state_ins_desc_idx` completely. Review usage
-            models.Index(
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                condition=Q(state=StateChoices.COMPLETED),
-                include=["id"],
-                name="scans_prov_ins_desc_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -568,8 +554,6 @@ class Resource(RowLevelSecurityProtectedModel):
    details = models.TextField(blank=True, null=True)
    partition = models.TextField(blank=True, null=True)

-    failed_findings_count = models.IntegerField(default=0)
-
    # Relationships
    tags = models.ManyToManyField(
        ResourceTag,
@@ -616,10 +600,6 @@ class Resource(RowLevelSecurityProtectedModel):
                fields=["tenant_id", "provider_id"],
                name="resources_tenant_provider_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
        ]

        constraints = [
@@ -718,9 +698,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    check_id = models.CharField(max_length=100, blank=False, null=False)
    check_metadata = models.JSONField(default=dict, null=False)
    muted = models.BooleanField(default=False, null=False)
-    muted_reason = models.TextField(
-        blank=True, null=True, validators=[MinLengthValidator(3)], max_length=500
-    )
    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Denormalize resource data for performance
@@ -862,16 +839,6 @@ class ResourceFindingMapping(PostgresPartitionedModel, RowLevelSecurityProtected
        #   - tenant_id
        #   - id

-        indexes = [
-            models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ]
        constraints = [
            models.UniqueConstraint(
                fields=("tenant_id", "resource_id", "finding_id"),
@@ -976,11 +943,6 @@ class Invitation(RowLevelSecurityProtectedModel):
        null=True,
    )

-    def save(self, *args, **kwargs):
-        if self.email:
-            self.email = self.email.strip().lower()
-        super().save(*args, **kwargs)
-
    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "invitations"

@@ -1506,7 +1468,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            ),
        ]

-    def clean(self, old_email_domain=None, is_create=False):
+    def clean(self, old_email_domain=None):
        # Domain must not contain @
        if "@" in self.email_domain:
            raise ValidationError({"email_domain": "Domain must not contain @"})
@@ -1530,25 +1492,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
                {"tenant": "There is a problem with your email domain."}
            )

-        # The entityID must be unique in the system
-        idp_settings = self._parsed_metadata
-        entity_id = idp_settings.get("entity_id")
-
-        if entity_id:
-            # Find any SocialApp with this entityID
-            q = SocialApp.objects.filter(provider="saml", provider_id=entity_id)
-
-            # If updating, exclude our own SocialApp from the check
-            if not is_create:
-                q = q.exclude(client_id=old_email_domain)
-            else:
-                q = q.exclude(client_id=self.email_domain)
-
-            if q.exists():
-                raise ValidationError(
-                    {"metadata_xml": "There is a problem with your metadata."}
-                )
-
    def save(self, *args, **kwargs):
        self.email_domain = self.email_domain.strip().lower()
        is_create = not SAMLConfiguration.objects.filter(pk=self.pk).exists()
@@ -1561,8 +1504,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            old_email_domain = None
            old_metadata_xml = None

-        self._parsed_metadata = self._parse_metadata()
-        self.clean(old_email_domain, is_create)
+        self.clean(old_email_domain)
        super().save(*args, **kwargs)

        if is_create or (
@@ -1580,12 +1522,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            email_domain=self.email_domain, defaults={"tenant": self.tenant}
        )

-    def delete(self, *args, **kwargs):
-        super().delete(*args, **kwargs)
-
-        SocialApp.objects.filter(provider="saml", client_id=self.email_domain).delete()
-        SAMLDomainIndex.objects.filter(email_domain=self.email_domain).delete()
-
    def _parse_metadata(self):
        """
        Parse the raw IdP metadata XML and extract:
@@ -1605,8 +1541,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):

        # Entity ID
        entity_id = root.attrib.get("entityID")
-        if not entity_id:
-            raise ValidationError({"metadata_xml": "Missing entityID in metadata."})

        # SSO endpoint (must exist)
        sso = root.find(".//md:IDPSSODescriptor/md:SingleSignOnService", ns)
@@ -1645,8 +1579,9 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
        Create or update the corresponding SocialApp based on email_domain.
        If the domain changed, update the matching SocialApp.
        """
+        idp_settings = self._parse_metadata()
        settings_dict = SOCIALACCOUNT_PROVIDERS["saml"].copy()
-        settings_dict["idp"] = self._parsed_metadata
+        settings_dict["idp"] = idp_settings

        current_site = Site.objects.get(id=settings.SITE_ID)

@@ -1662,7 +1597,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            social_app.client_id = client_id
            social_app.name = name
            social_app.settings = settings_dict
-            social_app.provider_id = self._parsed_metadata["entity_id"]
+            social_app.provider_id = idp_settings["entity_id"]
            social_app.save()
            social_app.sites.set([current_site])
        else:
@@ -1671,7 +1606,7 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
                client_id=client_id,
                name=name,
                settings=settings_dict,
-                provider_id=self._parsed_metadata["entity_id"],
+                provider_id=idp_settings["entity_id"],
            )
            social_app.sites.set([current_site])

@@ -1850,42 +1785,3 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "lighthouse-configurations"
-
-
-class Processor(RowLevelSecurityProtectedModel):
-    class ProcessorChoices(models.TextChoices):
-        MUTELIST = "mutelist", _("Mutelist")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    processor_type = ProcessorTypeEnumField(choices=ProcessorChoices.choices)
-    configuration = models.JSONField(default=dict)
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "processors"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "id"],
-                name="processor_tenant_id_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "processor_type"],
-                name="processor_tenant_type_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "processors"
@@ -11,7 +11,7 @@ def test_basic_authentication():
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password@1"
+    test_password = "test_password"

    # Check that a 401 is returned when no basic authentication is provided
    no_auth_response = client.get(reverse("provider-list"))
@@ -108,7 +108,7 @@ def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fi
    user1_email = "user1@testing.com"
    user2_email = "user2@testing.com"

-    password = "Thisisapassword123@"
+    password = "thisisapassword123"

    user1_response = client.post(
        reverse("user-list"),
@@ -187,7 +187,7 @@ class TestTokenSwitchTenant:
        client = APIClient()

        test_user = "test_email@prowler.com"
-        test_password = "Test_password1@"
+        test_password = "test_password"

        # Check that we can create a new user without any kind of authentication
        user_creation_response = client.post(
@@ -17,7 +17,7 @@ def test_delete_provider_without_executing_task(
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password1@"
+    test_password = "test_password"

    prowler_task = tasks_fixture[0]
    task_mock = Mock()
@@ -1,4 +1,4 @@
-from unittest.mock import MagicMock, patch
+from unittest.mock import MagicMock

 import pytest
 from allauth.socialaccount.models import SocialLogin
@@ -54,24 +54,3 @@ class TestProwlerSocialAccountAdapter:
        adapter.pre_social_login(rf.get("/"), sociallogin)

        sociallogin.connect.assert_not_called()
-
-    def test_save_user_saml_sets_session_flag(self, rf):
-        adapter = ProwlerSocialAccountAdapter()
-        request = rf.get("/")
-        request.session = {}
-
-        sociallogin = MagicMock(spec=SocialLogin)
-        sociallogin.provider = MagicMock()
-        sociallogin.provider.id = "saml"
-        sociallogin.account = MagicMock()
-        sociallogin.account.extra_data = {}
-
-        mock_user = MagicMock()
-        mock_user.id = 123
-
-        with patch("api.adapters.super") as mock_super:
-            with patch("api.adapters.transaction"):
-                with patch("api.adapters.MainRouter"):
-                    mock_super.return_value.save_user.return_value = mock_user
-                    adapter.save_user(request, sociallogin)
-                    assert request.session["saml_user_created"] == "123"
@@ -13,7 +13,6 @@ from api.db_utils import (
    enum_to_choices,
    generate_random_token,
    one_week_from_now,
-    update_objects_in_batches,
 )
 from api.models import Provider

@@ -228,88 +227,3 @@ class TestCreateObjectsInBatches:

        qs = Provider.objects.filter(tenant=tenant)
        assert qs.count() == total
-
-
-@pytest.mark.django_db
-class TestUpdateObjectsInBatches:
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def make_provider_instances(self, tenant, count):
-        """
-        Return a list of `count` unsaved Provider instances for the given tenant.
-        """
-        base_uid = 2000
-        return [
-            Provider(
-                tenant=tenant,
-                uid=str(base_uid + i),
-                provider=Provider.ProviderChoices.AWS,
-            )
-            for i in range(count)
-        ]
-
-    def test_exact_multiple_of_batch(self, tenant):
-        total = 6
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        # Fetch them back, mutate the `uid` field, then update in batches
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_non_multiple_of_batch(self, tenant):
-        total = 7
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_batch_size_default(self, tenant):
-        default_size = settings.DJANGO_DELETION_BATCH_SIZE
-        total = default_size + 2
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        # Update without specifying batch_size (uses default)
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
@@ -3,7 +3,7 @@ from allauth.socialaccount.models import SocialApp
 from django.core.exceptions import ValidationError

 from api.db_router import MainRouter
-from api.models import Resource, ResourceTag, SAMLConfiguration, SAMLDomainIndex
+from api.models import Resource, ResourceTag, SAMLConfiguration, Tenant


@pytest.mark.django_db
@@ -142,8 +142,8 @@ class TestSAMLConfigurationModel:
    </md:EntityDescriptor>
    """

-    def test_creates_valid_configuration(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_creates_valid_configuration(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant A")
        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="ssoexample.com",
            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
@@ -153,8 +153,8 @@ class TestSAMLConfigurationModel:
        assert config.email_domain == "ssoexample.com"
        assert SocialApp.objects.filter(client_id="ssoexample.com").exists()

-    def test_email_domain_with_at_symbol_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_email_domain_with_at_symbol_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant B")
        config = SAMLConfiguration(
            email_domain="invalid@domain.com",
            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
@@ -168,8 +168,9 @@ class TestSAMLConfigurationModel:
        assert "email_domain" in errors
        assert "Domain must not contain @" in errors["email_domain"][0]

-    def test_duplicate_email_domain_fails(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
+    def test_duplicate_email_domain_fails(self):
+        tenant1 = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant C1")
+        tenant2 = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant C2")

        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="duplicate.com",
@@ -190,8 +191,8 @@ class TestSAMLConfigurationModel:
        assert "tenant" in errors
        assert "There is a problem with your email domain." in errors["tenant"][0]

-    def test_duplicate_tenant_config_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_duplicate_tenant_config_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant D")

        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
            email_domain="unique1.com",
@@ -215,8 +216,8 @@ class TestSAMLConfigurationModel:
            in errors["tenant"][0]
        )

-    def test_invalid_metadata_xml_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_invalid_metadata_xml_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant E")
        config = SAMLConfiguration(
            email_domain="brokenxml.com",
            metadata_xml="<bad<xml>",
@@ -231,8 +232,8 @@ class TestSAMLConfigurationModel:
        assert "Invalid XML" in errors["metadata_xml"][0]
        assert "not well-formed" in errors["metadata_xml"][0]

-    def test_metadata_missing_sso_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_metadata_missing_sso_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant F")
        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
                <md:IDPSSODescriptor></md:IDPSSODescriptor>
                </md:EntityDescriptor>"""
@@ -249,8 +250,8 @@ class TestSAMLConfigurationModel:
        assert "metadata_xml" in errors
        assert "Missing SingleSignOnService" in errors["metadata_xml"][0]

-    def test_metadata_missing_certificate_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
+    def test_metadata_missing_certificate_fails(self):
+        tenant = Tenant.objects.using(MainRouter.admin_db).create(name="Tenant G")
        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
                    <md:IDPSSODescriptor>
                        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/sso"/>
@@ -268,59 +269,3 @@ class TestSAMLConfigurationModel:
        errors = exc_info.value.message_dict
        assert "metadata_xml" in errors
        assert "X509Certificate" in errors["metadata_xml"][0]
-
-    def test_deletes_saml_configuration_and_related_objects(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        email_domain = "deleteme.com"
-
-        # Create the configuration
-        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain=email_domain,
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        # Verify that the SocialApp and SAMLDomainIndex exist
-        assert SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-        # Delete the configuration
-        config.delete()
-
-        # Verify that the configuration and its related objects are deleted
-        assert (
-            not SAMLConfiguration.objects.using(MainRouter.admin_db)
-            .filter(pk=config.pk)
-            .exists()
-        )
-        assert not SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            not SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-    def test_duplicate_entity_id_fails_on_creation(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
-        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="first.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant1,
-        )
-
-        config = SAMLConfiguration(
-            email_domain="second.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant2,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.save()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "There is a problem with your metadata." in errors["metadata_xml"][0]
@@ -1,7 +1,6 @@
 from unittest.mock import ANY, Mock, patch

 import pytest
-from conftest import TODAY
 from django.urls import reverse
 from rest_framework import status

@@ -61,7 +60,7 @@ class TestUserViewSet:
    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_rbac.post(
@@ -75,7 +74,7 @@ class TestUserViewSet:
    ):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_no_permissions_rbac.post(
@@ -322,7 +321,7 @@ class TestProviderViewSet:
@pytest.mark.django_db
 class TestLimitedVisibility:
    TEST_EMAIL = "rbac@rbac.com"
-    TEST_PASSWORD = "Thisisapassword123@"
+    TEST_PASSWORD = "thisisapassword123"

    @pytest.fixture
    def limited_admin_user(
@@ -410,87 +409,3 @@ class TestLimitedVisibility:
        assert (
            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
        )
-
-    def test_overviews_providers(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-
-    @pytest.mark.parametrize(
-        "endpoint_name",
-        [
-            "findings",
-            "findings_severity",
-        ],
-    )
-    def test_overviews_findings(
-        self,
-        endpoint_name,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        values = response.json()["data"]["attributes"].values()
-        assert any(value > 0 for value in values)
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]["attributes"].values()
-        assert all(value == 0 for value in data)
-
-    def test_overviews_services(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
@@ -131,21 +131,6 @@ class TestInitializeProwlerProvider:
        initialize_prowler_provider(provider)
        mock_return_prowler_provider.return_value.assert_called_once_with(key="value")

-    @patch("api.utils.return_prowler_provider")
-    def test_initialize_prowler_provider_with_mutelist(
-        self, mock_return_prowler_provider
-    ):
-        provider = MagicMock()
-        provider.secret.secret = {"key": "value"}
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-        mock_return_prowler_provider.return_value = MagicMock()
-
-        initialize_prowler_provider(provider, mutelist_processor)
-        mock_return_prowler_provider.return_value.assert_called_once_with(
-            key="value", mutelist_content={"key": "value"}
-        )
-

 class TestProwlerProviderConnectionTest:
    @patch("api.utils.return_prowler_provider")
@@ -215,25 +200,6 @@ class TestGetProwlerProviderKwargs:
        expected_result = {**secret_dict, **expected_extra_kwargs}
        assert result == expected_result

-    def test_get_prowler_provider_kwargs_with_mutelist(self):
-        provider_uid = "provider_uid"
-        secret_dict = {"key": "value"}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.AWS.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider, mutelist_processor)
-
-        expected_result = {**secret_dict, "mutelist_content": {"key": "value"}}
-        assert result == expected_result
-
    def test_get_prowler_provider_kwargs_unsupported_provider(self):
        # Setup
        provider_uid = "provider_uid"
@@ -288,7 +254,7 @@ class TestValidateInvitation:

            assert result == invitation
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_validation_error(self):
@@ -303,7 +269,7 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_not_found(self):
@@ -318,7 +284,7 @@ class TestValidateInvitation:

            assert exc_info.value.detail == "Invitation is not valid."
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_expired(self, invitation):
@@ -366,27 +332,5 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="different@example.com"
-            )
-
-    def test_valid_invitation_uppercase_email(self):
-        """Test that validate_invitation works with case-insensitive email lookup."""
-        uppercase_email = "USER@example.com"
-
-        invitation = MagicMock(spec=Invitation)
-        invitation.token = "VALID_TOKEN"
-        invitation.email = uppercase_email
-        invitation.expires_at = datetime.now(timezone.utc) + timedelta(days=1)
-        invitation.state = Invitation.State.PENDING
-        invitation.tenant = MagicMock()
-
-        with patch("api.utils.Invitation.objects.using") as mock_using:
-            mock_db = mock_using.return_value
-            mock_db.get.return_value = invitation
-
-            result = validate_invitation("VALID_TOKEN", "user@example.com")
-
-            assert result == invitation
-            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="different@example.com"
            )
@@ -14,13 +14,7 @@ import jwt
 import pytest
 from allauth.socialaccount.models import SocialAccount, SocialApp
 from botocore.exceptions import ClientError, NoCredentialsError
-from conftest import (
-    API_JSON_CONTENT_TYPE,
-    TEST_PASSWORD,
-    TEST_USER,
-    TODAY,
-    today_after_n_days,
-)
+from conftest import API_JSON_CONTENT_TYPE, TEST_PASSWORD, TEST_USER
 from django.conf import settings
 from django.http import JsonResponse
 from django.test import RequestFactory
@@ -35,7 +29,6 @@ from api.models import (
    Integration,
    Invitation,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -53,6 +46,14 @@ from api.models import (
 from api.rls import Tenant
 from api.v1.views import ComplianceOverviewViewSet, TenantFinishACSView

+TODAY = str(datetime.today().date())
+
+
+def today_after_n_days(n_days: int) -> str:
+    return datetime.strftime(
+        datetime.today().date() + timedelta(days=n_days), "%Y-%m-%d"
+    )
+

 class TestViewSet:
    def test_security_headers(self, client):
@@ -91,7 +92,7 @@ class TestUserViewSet:
    def test_users_create(self, client):
        valid_user_payload = {
            "name": "test",
-            "password": "NewPassword123!",
+            "password": "newpassword123",
            "email": "NeWuSeR@example.com",
        }
        response = client.post(
@@ -132,10 +133,6 @@ class TestUserViewSet:
            "password1",  # Common password and too similar to a common password
            "dev12345",  # Similar to username
            ("querty12" * 9) + "a",  # Too long, 73 characters
-            "NewPassword123",  # No special character
-            "newpassword123@",  # No uppercase letter
-            "NEWPASSWORD123",  # No lowercase letter
-            "NewPassword@",  # No number
        ],
    )
    def test_users_create_invalid_passwords(self, authenticated_client, password):
@@ -166,7 +163,7 @@ class TestUserViewSet:
        # First user created; no errors should occur
        user_payload = {
            "name": "test_email_validator",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "nonexistentemail@prowler.com",
        }
        response = authenticated_client.post(
@@ -176,7 +173,7 @@ class TestUserViewSet:

        user_payload = {
            "name": "test_email_validator",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": email,
        }
        response = authenticated_client.post(
@@ -269,10 +266,6 @@ class TestUserViewSet:
            # Fails UserAttributeSimilarityValidator (too similar to email)
            "dev12345",
            "test@prowler.com",
-            "NewPassword123",  # No special character
-            "newpassword123@",  # No uppercase letter
-            "NEWPASSWORD123",  # No lowercase letter
-            "NewPassword@",  # No number
        ],
    )
    def test_users_partial_update_invalid_password(
@@ -2964,21 +2957,12 @@ class TestTaskViewSet:
@pytest.mark.django_db
 class TestResourceViewSet:
    def test_resources_list_none(self, authenticated_client):
-        response = authenticated_client.get(
-            reverse("resource-list"), {"filter[updated_at]": TODAY}
-        )
+        response = authenticated_client.get(reverse("resource-list"))
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == 0

-    def test_resources_list_no_date_filter(self, authenticated_client):
-        response = authenticated_client.get(reverse("resource-list"))
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-        assert response.json()["errors"][0]["code"] == "required"
-
    def test_resources_list(self, authenticated_client, resources_fixture):
-        response = authenticated_client.get(
-            reverse("resource-list"), {"filter[updated_at]": TODAY}
-        )
+        response = authenticated_client.get(reverse("resource-list"))
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == len(resources_fixture)

@@ -2999,8 +2983,7 @@ class TestResourceViewSet:
        findings_fixture,
    ):
        response = authenticated_client.get(
-            reverse("resource-list"),
-            {"include": include_values, "filter[updated_at]": TODAY},
+            reverse("resource-list"), {"include": include_values}
        )
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == len(resources_fixture)
@@ -3028,9 +3011,8 @@ class TestResourceViewSet:
                ("region.icontains", "west", 1),
                ("service", "ec2", 2),
                ("service.icontains", "ec", 2),
-                ("inserted_at.gte", today_after_n_days(-1), 3),
-                ("updated_at.gte", today_after_n_days(-1), 3),
-                ("updated_at.lte", today_after_n_days(1), 3),
+                ("inserted_at.gte", "2024-01-01 00:00:00", 3),
+                ("updated_at.lte", "2024-01-01 00:00:00", 0),
                ("type.icontains", "prowler", 2),
                # provider filters
                ("provider_type", "aws", 3),
@@ -3050,8 +3032,7 @@ class TestResourceViewSet:
                ("tags", "multi word", 1),
                # full text search on resource
                ("search", "arn", 3),
-                # To improve search efficiency, full text search is not fully applicable
-                # ("search", "def1", 1),
+                ("search", "def1", 1),
                # full text search on resource tags
                ("search", "multi word", 1),
                ("search", "key2", 2),
@@ -3066,42 +3047,14 @@ class TestResourceViewSet:
        filter_value,
        expected_count,
    ):
-        filters = {f"filter[{filter_name}]": filter_value}
-        if "updated_at" not in filter_name:
-            filters["filter[updated_at]"] = TODAY
        response = authenticated_client.get(
            reverse("resource-list"),
-            filters,
+            {f"filter[{filter_name}]": filter_value},
        )

        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == expected_count

-    def test_resource_filter_by_scan_id(
-        self, authenticated_client, resources_fixture, scans_fixture
-    ):
-        response = authenticated_client.get(
-            reverse("resource-list"),
-            {"filter[scan]": scans_fixture[0].id},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 2
-
-    def test_resource_filter_by_scan_id_in(
-        self, authenticated_client, resources_fixture, scans_fixture
-    ):
-        response = authenticated_client.get(
-            reverse("resource-list"),
-            {
-                "filter[scan.in]": [
-                    scans_fixture[0].id,
-                    scans_fixture[1].id,
-                ]
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 2
-
    def test_resource_filter_by_provider_id_in(
        self, authenticated_client, resources_fixture
    ):
@@ -3111,8 +3064,7 @@ class TestResourceViewSet:
                "filter[provider.in]": [
                    resources_fixture[0].provider.id,
                    resources_fixture[1].provider.id,
-                ],
-                "filter[updated_at]": TODAY,
+                ]
            },
        )
        assert response.status_code == status.HTTP_200_OK
@@ -3149,13 +3101,13 @@ class TestResourceViewSet:
    )
    def test_resources_sort(self, authenticated_client, sort_field):
        response = authenticated_client.get(
-            reverse("resource-list"), {"filter[updated_at]": TODAY, "sort": sort_field}
+            reverse("resource-list"), {"sort": sort_field}
        )
        assert response.status_code == status.HTTP_200_OK

    def test_resources_sort_invalid(self, authenticated_client):
        response = authenticated_client.get(
-            reverse("resource-list"), {"filter[updated_at]": TODAY, "sort": "invalid"}
+            reverse("resource-list"), {"sort": "invalid"}
        )
        assert response.status_code == status.HTTP_400_BAD_REQUEST
        assert response.json()["errors"][0]["code"] == "invalid"
@@ -3188,100 +3140,6 @@ class TestResourceViewSet:
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND

-    def test_resources_metadata_retrieve(
-        self, authenticated_client, resources_fixture, backfill_scan_metadata_fixture
-    ):
-        resource_1, *_ = resources_fixture
-        response = authenticated_client.get(
-            reverse("resource-metadata"),
-            {"filter[updated_at]": resource_1.updated_at.strftime("%Y-%m-%d")},
-        )
-        data = response.json()
-
-        expected_services = {"ec2", "s3"}
-        expected_regions = {"us-east-1", "eu-west-1"}
-        expected_resource_types = {"prowler-test"}
-
-        assert data["data"]["type"] == "resources-metadata"
-        assert data["data"]["id"] is None
-        assert set(data["data"]["attributes"]["services"]) == expected_services
-        assert set(data["data"]["attributes"]["regions"]) == expected_regions
-        assert set(data["data"]["attributes"]["types"]) == expected_resource_types
-
-    def test_resources_metadata_resource_filter_retrieve(
-        self, authenticated_client, resources_fixture, backfill_scan_metadata_fixture
-    ):
-        resource_1, *_ = resources_fixture
-        response = authenticated_client.get(
-            reverse("resource-metadata"),
-            {
-                "filter[region]": "eu-west-1",
-                "filter[updated_at]": resource_1.updated_at.strftime("%Y-%m-%d"),
-            },
-        )
-        data = response.json()
-
-        expected_services = {"s3"}
-        expected_regions = {"eu-west-1"}
-        expected_resource_types = {"prowler-test"}
-
-        assert data["data"]["type"] == "resources-metadata"
-        assert data["data"]["id"] is None
-        assert set(data["data"]["attributes"]["services"]) == expected_services
-        assert set(data["data"]["attributes"]["regions"]) == expected_regions
-        assert set(data["data"]["attributes"]["types"]) == expected_resource_types
-
-    def test_resources_metadata_future_date(self, authenticated_client):
-        response = authenticated_client.get(
-            reverse("resource-metadata"),
-            {"filter[updated_at]": "2048-01-01"},
-        )
-        data = response.json()
-        assert data["data"]["type"] == "resources-metadata"
-        assert data["data"]["id"] is None
-        assert data["data"]["attributes"]["services"] == []
-        assert data["data"]["attributes"]["regions"] == []
-        assert data["data"]["attributes"]["types"] == []
-
-    def test_resources_metadata_invalid_date(self, authenticated_client):
-        response = authenticated_client.get(
-            reverse("resource-metadata"),
-            {"filter[updated_at]": "2048-01-011"},
-        )
-        assert response.json() == {
-            "errors": [
-                {
-                    "detail": "Enter a valid date.",
-                    "status": "400",
-                    "source": {"pointer": "/data/attributes/updated_at"},
-                    "code": "invalid",
-                }
-            ]
-        }
-
-    def test_resources_latest(self, authenticated_client, latest_scan_resource):
-        response = authenticated_client.get(
-            reverse("resource-latest"),
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-        assert (
-            response.json()["data"][0]["attributes"]["uid"] == latest_scan_resource.uid
-        )
-
-    def test_resources_metadata_latest(
-        self, authenticated_client, latest_scan_resource
-    ):
-        response = authenticated_client.get(
-            reverse("resource-metadata_latest"),
-        )
-        assert response.status_code == status.HTTP_200_OK
-        attributes = response.json()["data"]["attributes"]
-
-        assert attributes["services"] == [latest_scan_resource.service]
-        assert attributes["regions"] == [latest_scan_resource.region]
-        assert attributes["types"] == [latest_scan_resource.type]
-

@pytest.mark.django_db
 class TestFindingViewSet:
@@ -3380,7 +3238,7 @@ class TestFindingViewSet:
                ("search", "dev-qa", 1),
                ("search", "orange juice", 1),
                # full text search on resource
-                ("search", "ec2", 1),
+                ("search", "ec2", 2),
                # full text search on finding tags (disabled for now)
                # ("search", "value2", 2),
                # Temporary disabled until we implement tag filtering in the UI
@@ -4091,7 +3949,7 @@ class TestInvitationViewSet:

        data = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": invitation.email,
        }
        assert invitation.state == Invitation.State.PENDING.value
@@ -4183,7 +4041,7 @@ class TestInvitationViewSet:

        data = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": new_email,
        }

@@ -5188,8 +5046,6 @@ class TestComplianceOverviewViewSet:
            assert "description" in attributes
            assert "status" in attributes

-    # TODO: This test may fail randomly because requirements are not ordered
-    @pytest.mark.xfail
    def test_compliance_overview_requirements_manual(
        self, authenticated_client, compliance_requirements_overviews_fixture
    ):
@@ -5496,30 +5352,6 @@ class TestScheduleViewSet:
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND

-    @patch("api.v1.views.Task.objects.get")
-    def test_schedule_daily_already_scheduled(
-        self,
-        mock_task_get,
-        authenticated_client,
-        providers_fixture,
-        tasks_fixture,
-    ):
-        provider, *_ = providers_fixture
-        prowler_task = tasks_fixture[0]
-        mock_task_get.return_value = prowler_task
-        json_payload = {
-            "provider_id": str(provider.id),
-        }
-        response = authenticated_client.post(
-            reverse("schedule-daily"), data=json_payload, format="json"
-        )
-        assert response.status_code == status.HTTP_202_ACCEPTED
-
-        response = authenticated_client.post(
-            reverse("schedule-daily"), data=json_payload, format="json"
-        )
-        assert response.status_code == status.HTTP_409_CONFLICT
-

@pytest.mark.django_db
 class TestIntegrationViewSet:
@@ -6137,13 +5969,11 @@ class TestSAMLConfigurationViewSet:

@pytest.mark.django_db
 class TestTenantFinishACSView:
-    def test_dispatch_skips_if_user_not_authenticated(self, monkeypatch):
-        monkeypatch.setenv("AUTH_URL", "http://localhost")
+    def test_dispatch_skips_if_user_not_authenticated(self):
        request = RequestFactory().get(
            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
        )
        request.user = type("Anonymous", (), {"is_authenticated": False})()
-        request.session = {}

        with patch(
            "allauth.socialaccount.providers.saml.views.get_app_or_404"
@@ -6160,13 +5990,11 @@ class TestTenantFinishACSView:

        assert response.status_code in [200, 302]

-    def test_dispatch_skips_if_social_app_not_found(self, users_fixture, monkeypatch):
-        monkeypatch.setenv("AUTH_URL", "http://localhost")
+    def test_dispatch_skips_if_social_app_not_found(self, users_fixture):
        request = RequestFactory().get(
            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
        )
        request.user = users_fixture[0]
-        request.session = {}

        with patch(
            "allauth.socialaccount.providers.saml.views.get_app_or_404"
@@ -6200,7 +6028,7 @@ class TestTenantFinishACSView:
                "firstName": ["John"],
                "lastName": ["Doe"],
                "organization": ["testing_company"],
-                "userType": ["no_permissions"],
+                "userType": ["saml_default_role"],
            },
        )

@@ -6208,7 +6036,6 @@ class TestTenantFinishACSView:
            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
        )
        request.user = user
-        request.session = {}

        with (
            patch(
@@ -6255,7 +6082,7 @@ class TestTenantFinishACSView:
        assert user.name == "John Doe"
        assert user.company_name == "testing_company"

-        role = Role.objects.using(MainRouter.admin_db).get(name="no_permissions")
+        role = Role.objects.using(MainRouter.admin_db).get(name="saml_default_role")
        assert role.tenant == tenants_fixture[0]

        assert (
@@ -6275,44 +6102,6 @@ class TestTenantFinishACSView:
        user.company_name = original_company
        user.save()

-    def test_rollback_saml_user_when_error_occurs(self, users_fixture, monkeypatch):
-        """Test that a user is properly deleted when created during SAML flow and an error occurs"""
-        monkeypatch.setenv("AUTH_URL", "http://localhost")
-
-        # Create a test user to simulate one created during SAML flow
-        test_user = User.objects.using(MainRouter.admin_db).create(
-            email="testuser@example.com", name="Test User"
-        )
-
-        request = RequestFactory().get(
-            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
-        )
-        request.user = users_fixture[0]
-        request.session = {"saml_user_created": test_user.id}
-
-        # Force an exception to trigger rollback
-        with patch(
-            "allauth.socialaccount.providers.saml.views.get_app_or_404"
-        ) as mock_get_app:
-            mock_get_app.side_effect = Exception("Test error")
-
-            view = TenantFinishACSView.as_view()
-            response = view(request, organization_slug="testtenant")
-
-            # Verify the user was deleted
-            assert (
-                not User.objects.using(MainRouter.admin_db)
-                .filter(id=test_user.id)
-                .exists()
-            )
-
-            # Verify session was cleaned up
-            assert "saml_user_created" not in request.session
-
-            # Verify proper redirect
-            assert response.status_code == 302
-            assert "sso_saml_failed=true" in response.url
-

@pytest.mark.django_db
 class TestLighthouseConfigViewSet:
@@ -6644,186 +6433,3 @@ class TestLighthouseConfigViewSet:
            reverse("lighthouseconfiguration-connection", kwargs={"pk": "random_id"})
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
-
-
-@pytest.mark.django_db
-class TestProcessorViewSet:
-    valid_mutelist_configuration = """Mutelist:
-    Accounts:
-      '*':
-        Checks:
-            iam_user_hardware_mfa_enabled:
-                Regions:
-                    - '*'
-                Resources:
-                    - '*'
-    """
-
-    def test_list_processors(self, authenticated_client, processor_fixture):
-        response = authenticated_client.get(reverse("processor-list"))
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-
-    def test_retrieve_processor(self, authenticated_client, processor_fixture):
-        processor = processor_fixture
-        response = authenticated_client.get(
-            reverse("processor-detail", kwargs={"pk": processor.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-
-    def test_create_processor_valid(self, authenticated_client):
-        payload = {
-            "data": {
-                "type": "processors",
-                "attributes": {
-                    "processor_type": "mutelist",
-                    "configuration": self.valid_mutelist_configuration,
-                },
-            },
-        }
-        response = authenticated_client.post(
-            reverse("processor-list"),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-
-    @pytest.mark.parametrize(
-        "invalid_configuration",
-        [
-            None,
-            "",
-            "invalid configuration",
-            {"invalid": "configuration"},
-        ],
-    )
-    def test_create_processor_invalid(
-        self, authenticated_client, invalid_configuration
-    ):
-        payload = {
-            "data": {
-                "type": "processors",
-                "attributes": {
-                    "processor_type": "mutelist",
-                    "configuration": invalid_configuration,
-                },
-            },
-        }
-        response = authenticated_client.post(
-            reverse("processor-list"),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-
-    def test_update_processor_valid(self, authenticated_client, processor_fixture):
-        processor = processor_fixture
-        payload = {
-            "data": {
-                "type": "processors",
-                "id": str(processor.id),
-                "attributes": {
-                    "configuration": {
-                        "Mutelist": {
-                            "Accounts": {
-                                "1234567890": {
-                                    "Checks": {
-                                        "iam_user_hardware_mfa_enabled": {
-                                            "Regions": ["*"],
-                                            "Resources": ["*"],
-                                        }
-                                    }
-                                }
-                            }
-                        }
-                    },
-                },
-            },
-        }
-        response = authenticated_client.patch(
-            reverse("processor-detail", kwargs={"pk": processor.id}),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_200_OK
-        processor.refresh_from_db()
-        assert (
-            processor.configuration["Mutelist"]["Accounts"]["1234567890"]
-            == payload["data"]["attributes"]["configuration"]["Mutelist"]["Accounts"][
-                "1234567890"
-            ]
-        )
-
-    @pytest.mark.parametrize(
-        "invalid_configuration",
-        [
-            None,
-            "",
-            "invalid configuration",
-            {"invalid": "configuration"},
-        ],
-    )
-    def test_update_processor_invalid(
-        self, authenticated_client, processor_fixture, invalid_configuration
-    ):
-        processor = processor_fixture
-        payload = {
-            "data": {
-                "type": "processors",
-                "id": str(processor.id),
-                "attributes": {
-                    "configuration": invalid_configuration,
-                },
-            },
-        }
-        response = authenticated_client.patch(
-            reverse("processor-detail", kwargs={"pk": processor.id}),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-
-    def test_delete_processor(self, authenticated_client, processor_fixture):
-        processor = processor_fixture
-        response = authenticated_client.delete(
-            reverse("processor-detail", kwargs={"pk": processor.id})
-        )
-        assert response.status_code == status.HTTP_204_NO_CONTENT
-        assert not Processor.objects.filter(id=processor.id).exists()
-
-    def test_processors_filters(self, authenticated_client, processor_fixture):
-        response = authenticated_client.get(
-            reverse("processor-list"),
-            {"filter[processor_type]": "mutelist"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-        assert response.json()["data"][0]["attributes"]["processor_type"] == "mutelist"
-
-    def test_processors_filters_invalid(self, authenticated_client):
-        response = authenticated_client.get(
-            reverse("processor-list"),
-            {"filter[processor_type]": "invalid"},
-        )
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-
-    def test_processors_create_another_with_same_type(
-        self, authenticated_client, processor_fixture
-    ):
-        pass
-
-        payload = {
-            "data": {
-                "type": "processors",
-                "attributes": {
-                    "processor_type": "mutelist",
-                    "configuration": self.valid_mutelist_configuration,
-                },
-            },
-        }
-        response = authenticated_client.post(
-            reverse("processor-list"),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
@@ -7,7 +7,7 @@ from rest_framework.exceptions import NotFound, ValidationError

 from api.db_router import MainRouter
 from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Processor, Provider, Resource
+from api.models import Invitation, Provider, Resource
 from api.v1.serializers import FindingMetadataSerializer
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
@@ -83,14 +83,11 @@ def return_prowler_provider(
    return prowler_provider


-def get_prowler_provider_kwargs(
-    provider: Provider, mutelist_processor: Processor | None = None
-) -> dict:
+def get_prowler_provider_kwargs(provider: Provider) -> dict:
    """Get the Prowler provider kwargs based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secret.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
        dict: The provider kwargs for the corresponding provider class.
@@ -108,24 +105,16 @@ def get_prowler_provider_kwargs(
        }
    elif provider.provider == Provider.ProviderChoices.KUBERNETES.value:
        prowler_provider_kwargs = {**prowler_provider_kwargs, "context": provider.uid}
-
-    if mutelist_processor:
-        mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
-        if mutelist_content:
-            prowler_provider_kwargs["mutelist_content"] = mutelist_content
-
    return prowler_provider_kwargs


 def initialize_prowler_provider(
    provider: Provider,
-    mutelist_processor: Processor | None = None,
 ) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
@@ -133,7 +122,7 @@ def initialize_prowler_provider(
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
-    prowler_provider_kwargs = get_prowler_provider_kwargs(provider, mutelist_processor)
+    prowler_provider_kwargs = get_prowler_provider_kwargs(provider)
    return prowler_provider(**prowler_provider_kwargs)


@@ -198,7 +187,7 @@ def validate_invitation(
        # Admin DB connector is used to bypass RLS protection since the invitation belongs to a tenant the user
        # is not a member of yet
        invitation = Invitation.objects.using(MainRouter.admin_db).get(
-            token=invitation_token, email__iexact=email
+            token=invitation_token, email=email
        )
    except Invitation.DoesNotExist:
        if raise_not_found:
@@ -24,32 +24,20 @@ class PaginateByPkMixin:
        request,  # noqa: F841
        base_queryset,
        manager,
-        select_related: list | None = None,
-        prefetch_related: list | None = None,
+        select_related: list[str] | None = None,
+        prefetch_related: list[str] | None = None,
    ) -> Response:
-        """
-        Paginate a queryset by primary key.
-
-        This method is useful when you want to paginate a queryset that has been
-        filtered or annotated in a way that would be lost if you used the default
-        pagination method.
-        """
        pk_list = base_queryset.values_list("id", flat=True)
        page = self.paginate_queryset(pk_list)
        if page is None:
            return Response(self.get_serializer(base_queryset, many=True).data)

        queryset = manager.filter(id__in=page)
-
        if select_related:
            queryset = queryset.select_related(*select_related)
        if prefetch_related:
            queryset = queryset.prefetch_related(*prefetch_related)

-        # Optimize tags loading, if applicable
-        if hasattr(self, "_optimize_tags_loading"):
-            queryset = self._optimize_tags_loading(queryset)
-
        queryset = sorted(queryset, key=lambda obj: page.index(obj.id))

        serialized = self.get_serializer(queryset, many=True).data
@@ -1,23 +0,0 @@
-import yaml
-from rest_framework_json_api import serializers
-from rest_framework_json_api.serializers import ValidationError
-
-
-class BaseValidateSerializer(serializers.Serializer):
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
-
-
-class YamlOrJsonField(serializers.JSONField):
-    def to_internal_value(self, data):
-        if isinstance(data, str):
-            try:
-                data = yaml.safe_load(data)
-            except yaml.YAMLError as exc:
-                raise serializers.ValidationError("Invalid YAML format") from exc
-        return super().to_internal_value(data)
@@ -1,7 +1,19 @@
 from drf_spectacular.utils import extend_schema_field
 from rest_framework_json_api import serializers
+from rest_framework_json_api.serializers import ValidationError

-from api.v1.serializer_utils.base import BaseValidateSerializer
+
+class BaseValidateSerializer(serializers.Serializer):
+    def validate(self, data):
+        if hasattr(self, "initial_data"):
+            initial_data = set(self.initial_data.keys()) - {"id", "type"}
+            unknown_keys = initial_data - set(self.fields.keys())
+            if unknown_keys:
+                raise ValidationError(f"Invalid fields: {unknown_keys}")
+        return data
+
+
+# Integrations


 class S3ConfigSerializer(BaseValidateSerializer):
@@ -1,21 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-
-from api.v1.serializer_utils.base import YamlOrJsonField
-
-from prowler.lib.mutelist.mutelist import mutelist_schema
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "Mutelist",
-                "properties": {"Mutelist": mutelist_schema},
-                "additionalProperties": False,
-            },
-        ]
-    }
-)
-class ProcessorConfigField(YamlOrJsonField):
-    pass
@@ -7,9 +7,7 @@ from django.contrib.auth.models import update_last_login
 from django.contrib.auth.password_validation import validate_password
 from drf_spectacular.utils import extend_schema_field
 from jwt.exceptions import InvalidKeyError
-from rest_framework.validators import UniqueTogetherValidator
 from rest_framework_json_api import serializers
-from rest_framework_json_api.relations import SerializerMethodResourceRelatedField
 from rest_framework_json_api.serializers import ValidationError
 from rest_framework_simplejwt.exceptions import TokenError
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
@@ -23,7 +21,6 @@ from api.models import (
    InvitationRoleRelationship,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -47,9 +44,7 @@ from api.v1.serializer_utils.integrations import (
    IntegrationCredentialField,
    S3ConfigSerializer,
 )
-from api.v1.serializer_utils.processors import ProcessorConfigField
 from api.v1.serializer_utils.providers import ProviderSecretField
-from prowler.lib.mutelist.mutelist import Mutelist

 # Tokens

@@ -862,7 +857,6 @@ class ScanSerializer(RLSSerializer):
            "completed_at",
            "scheduled_at",
            "next_scan_at",
-            "processor",
            "url",
        ]

@@ -1000,12 +994,8 @@ class ResourceSerializer(RLSSerializer):

    tags = serializers.SerializerMethodField()
    type_ = serializers.CharField(read_only=True)
-    failed_findings_count = serializers.IntegerField(read_only=True)

-    findings = SerializerMethodResourceRelatedField(
-        many=True,
-        read_only=True,
-    )
+    findings = serializers.ResourceRelatedField(many=True, read_only=True)

    class Meta:
        model = Resource
@@ -1021,7 +1011,6 @@ class ResourceSerializer(RLSSerializer):
            "tags",
            "provider",
            "findings",
-            "failed_findings_count",
            "url",
        ]
        extra_kwargs = {
@@ -1031,8 +1020,8 @@ class ResourceSerializer(RLSSerializer):
        }

    included_serializers = {
-        "findings": "api.v1.serializers.FindingIncludeSerializer",
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
+        "findings": "api.v1.serializers.FindingSerializer",
+        "provider": "api.v1.serializers.ProviderSerializer",
    }

    @extend_schema_field(
@@ -1043,10 +1032,6 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1056,17 +1041,10 @@ class ResourceSerializer(RLSSerializer):
        fields["type"] = type_
        return fields

-    def get_findings(self, obj):
-        return (
-            obj.latest_findings
-            if hasattr(obj, "latest_findings")
-            else obj.findings.all()
-        )
-

 class ResourceIncludeSerializer(RLSSerializer):
    """
-    Serializer for the included Resource model.
+    Serializer for the Resource model.
    """

    tags = serializers.SerializerMethodField()
@@ -1099,10 +1077,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1113,17 +1087,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        return fields


-class ResourceMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    types = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    # Temporarily disabled until we implement tag filtering in the UI
-    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "resources-metadata"
-
-
 class FindingSerializer(RLSSerializer):
    """
    Serializer for the Finding model.
@@ -1147,7 +1110,6 @@ class FindingSerializer(RLSSerializer):
            "updated_at",
            "first_seen_at",
            "muted",
-            "muted_reason",
            "url",
            # Relationships
            "scan",
@@ -1160,28 +1122,6 @@ class FindingSerializer(RLSSerializer):
    }


-class FindingIncludeSerializer(RLSSerializer):
-    """
-    Serializer for the include Finding model.
-    """
-
-    class Meta:
-        model = Finding
-        fields = [
-            "id",
-            "uid",
-            "status",
-            "severity",
-            "check_id",
-            "check_metadata",
-            "inserted_at",
-            "updated_at",
-            "first_seen_at",
-            "muted",
-            "muted_reason",
-        ]
-
-
 # To be removed when the related endpoint is removed as well
 class FindingDynamicFilterSerializer(serializers.Serializer):
    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
@@ -2132,128 +2072,6 @@ class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
        return super().update(instance, validated_data)


-# Processors
-
-
-class ProcessorSerializer(RLSSerializer):
-    """
-    Serializer for the Processor model.
-    """
-
-    configuration = ProcessorConfigField()
-
-    class Meta:
-        model = Processor
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-            "url",
-        ]
-
-
-class ProcessorCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-        validators = [
-            UniqueTogetherValidator(
-                queryset=Processor.objects.all(),
-                fields=["processor_type"],
-                message="A processor with the same type already exists.",
-            )
-        ]
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = attrs.get("processor_type")
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
-class ProcessorUpdateSerializer(BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = self.instance.processor_type
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
 # SSO


@@ -18,7 +18,6 @@ from api.v1.views import (
    LighthouseConfigViewSet,
    MembershipViewSet,
    OverviewViewSet,
-    ProcessorViewSet,
    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
    ProviderSecretViewSet,
@@ -57,7 +56,6 @@ router.register(
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
 router.register(r"integrations", IntegrationViewSet, basename="integration")
-router.register(r"processors", ProcessorViewSet, basename="processor")
 router.register(r"saml-config", SAMLConfigurationViewSet, basename="saml-config")
 router.register(
    r"lighthouse-configurations",
@@ -1,5 +1,4 @@
 import glob
-import logging
 import os
 from datetime import datetime, timedelta, timezone
 from urllib.parse import urljoin
@@ -11,7 +10,6 @@ from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
 from allauth.socialaccount.providers.saml.views import FinishACSView, LoginView
 from botocore.exceptions import ClientError, NoCredentialsError, ParamValidationError
 from celery.result import AsyncResult
-from config.custom_logging import BackendLogger
 from config.env import env
 from config.settings.social_login import (
    GITHUB_OAUTH_CALLBACK_URL,
@@ -22,7 +20,7 @@ from django.conf import settings as django_settings
 from django.contrib.postgres.aggregates import ArrayAgg
 from django.contrib.postgres.search import SearchQuery
 from django.db import transaction
-from django.db.models import Count, F, Prefetch, Q, Subquery, Sum
+from django.db.models import Count, Exists, F, OuterRef, Prefetch, Q, Sum
 from django.db.models.functions import Coalesce
 from django.http import HttpResponse
 from django.shortcuts import redirect
@@ -78,9 +76,7 @@ from api.filters import (
    IntegrationFilter,
    InvitationFilter,
    LatestFindingFilter,
-    LatestResourceFilter,
    MembershipFilter,
-    ProcessorFilter,
    ProviderFilter,
    ProviderGroupFilter,
    ProviderSecretFilter,
@@ -94,13 +90,13 @@ from api.filters import (
    UserFilter,
 )
 from api.models import (
+    ComplianceOverview,
    ComplianceRequirementOverview,
    Finding,
    Integration,
    Invitation,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -108,7 +104,6 @@ from api.models import (
    Resource,
    ResourceFindingMapping,
    ResourceScanSummary,
-    ResourceTag,
    Role,
    RoleProviderGroupRelationship,
    SAMLConfiguration,
@@ -155,9 +150,6 @@ from api.v1.serializers import (
    OverviewProviderSerializer,
    OverviewServiceSerializer,
    OverviewSeveritySerializer,
-    ProcessorCreateSerializer,
-    ProcessorSerializer,
-    ProcessorUpdateSerializer,
    ProviderCreateSerializer,
    ProviderGroupCreateSerializer,
    ProviderGroupMembershipSerializer,
@@ -168,7 +160,6 @@ from api.v1.serializers import (
    ProviderSecretUpdateSerializer,
    ProviderSerializer,
    ProviderUpdateSerializer,
-    ResourceMetadataSerializer,
    ResourceSerializer,
    RoleCreateSerializer,
    RoleProviderGroupRelationshipSerializer,
@@ -194,8 +185,6 @@ from api.v1.serializers import (
    UserUpdateSerializer,
 )

-logger = logging.getLogger(BackendLogger.API)
-
 CACHE_DECORATOR = cache_control(
    max_age=django_settings.CACHE_MAX_AGE,
    stale_while_revalidate=django_settings.CACHE_STALE_WHILE_REVALIDATE,
@@ -292,7 +281,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.10.2"
+        spectacular_settings.VERSION = "1.9.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -358,11 +347,6 @@ class SchemaView(SpectacularAPIView):
                "description": "Endpoints for managing Lighthouse configurations, including creation, retrieval, "
                "updating, and deletion of configurations such as OpenAI keys, models, and business context.",
            },
-            {
-                "name": "Processor",
-                "description": "Endpoints for managing post-processors used to process Prowler findings, including "
-                "registration, configuration, and deletion of post-processing actions.",
-            },
        ]
        return super().get(request, *args, **kwargs)

@@ -565,27 +549,11 @@ class SAMLConfigurationViewSet(BaseRLSViewSet):


 class TenantFinishACSView(FinishACSView):
-    def _rollback_saml_user(self, request):
-        """Helper function to rollback SAML user if it was just created and validation fails"""
-        saml_user_id = request.session.get("saml_user_created")
-        if saml_user_id:
-            User.objects.using(MainRouter.admin_db).filter(id=saml_user_id).delete()
-            request.session.pop("saml_user_created", None)
-
    def dispatch(self, request, organization_slug):
-        try:
-            super().dispatch(request, organization_slug)
-        except Exception as e:
-            logger.error(f"SAML dispatch failed: {e}")
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
-
+        response = super().dispatch(request, organization_slug)
        user = getattr(request, "user", None)
        if not user or not user.is_authenticated:
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
+            return response

        # Defensive check to avoid edge case failures due to inconsistent or incomplete data in the database
        # This handles scenarios like partially deleted or missing related objects
@@ -606,11 +574,8 @@ class TenantFinishACSView(FinishACSView):
            SocialApp.DoesNotExist,
            SocialAccount.DoesNotExist,
            User.DoesNotExist,
-        ) as e:
-            logger.error(f"SAML user is not authenticated: {e}")
-            self._rollback_saml_user(request)
-            callback_url = env.str("AUTH_URL")
-            return redirect(f"{callback_url}?sso_saml_failed=true")
+        ):
+            return response

        extra = social_account.extra_data
        user.first_name = (
@@ -632,9 +597,9 @@ class TenantFinishACSView(FinishACSView):
            .tenant
        )
        role_name = (
-            extra.get("userType", ["no_permissions"])[0].strip()
+            extra.get("userType", ["saml_default_role"])[0].strip()
            if extra.get("userType")
-            else "no_permissions"
+            else "saml_default_role"
        )
        try:
            role = Role.objects.using(MainRouter.admin_db).get(
@@ -682,7 +647,6 @@ class TenantFinishACSView(FinishACSView):
        )
        callback_url = env.str("SAML_SSO_CALLBACK_URL")
        redirect_url = f"{callback_url}?id={saml_token.id}"
-        request.session.pop("saml_user_created", None)

        return redirect(redirect_url)

@@ -1885,14 +1849,6 @@ class TaskViewSet(BaseRLSViewSet):
        summary="List all resources",
        description="Retrieve a list of all resources with options for filtering by various criteria. Resources are "
        "objects that are discovered by Prowler. They can be anything from a single host to a whole VPC.",
-        parameters=[
-            OpenApiParameter(
-                name="filter[updated_at]",
-                description="At least one of the variations of the `filter[updated_at]` filter must be provided.",
-                required=True,
-                type=OpenApiTypes.DATE,
-            )
-        ],
    ),
    retrieve=extend_schema(
        tags=["Resource"],
@@ -1900,43 +1856,15 @@ class TaskViewSet(BaseRLSViewSet):
        description="Fetch detailed information about a specific resource by their ID. A Resource is an object that "
        "is discovered by Prowler. It can be anything from a single host to a whole VPC.",
    ),
-    metadata=extend_schema(
-        tags=["Resource"],
-        summary="Retrieve metadata values from resources",
-        description="Fetch unique metadata values from a set of resources. This is useful for dynamic filtering.",
-        parameters=[
-            OpenApiParameter(
-                name="filter[updated_at]",
-                description="At least one of the variations of the `filter[updated_at]` filter must be provided.",
-                required=True,
-                type=OpenApiTypes.DATE,
-            )
-        ],
-        filters=True,
-    ),
-    latest=extend_schema(
-        tags=["Resource"],
-        summary="List the latest resources",
-        description="Retrieve a list of the latest resources from the latest scans for each provider with options for "
-        "filtering by various criteria.",
-        filters=True,
-    ),
-    metadata_latest=extend_schema(
-        tags=["Resource"],
-        summary="Retrieve metadata values from the latest resources",
-        description="Fetch unique metadata values from a set of resources from the latest scans for each provider. "
-        "This is useful for dynamic filtering.",
-        filters=True,
-    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
-class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
-    queryset = Resource.all_objects.all()
+class ResourceViewSet(BaseRLSViewSet):
+    queryset = Resource.objects.all()
    serializer_class = ResourceSerializer
    http_method_names = ["get"]
    filterset_class = ResourceFilter
-    ordering = ["-failed_findings_count", "-updated_at"]
+    ordering = ["-inserted_at"]
    ordering_fields = [
        "provider_uid",
        "uid",
@@ -1947,14 +1875,6 @@ class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
        "inserted_at",
        "updated_at",
    ]
-    prefetch_for_includes = {
-        "__all__": [],
-        "provider": [
-            Prefetch(
-                "provider", queryset=Provider.all_objects.select_related("resources")
-            )
-        ],
-    }
    # RBAC required permissions (implicit -> MANAGE_PROVIDERS enable unlimited visibility or check the visibility of
    # the provider through the provider group)
    required_permissions = []
@@ -1963,284 +1883,41 @@ class ResourceViewSet(PaginateByPkMixin, BaseRLSViewSet):
        user_roles = get_role(self.request.user)
        if user_roles.unlimited_visibility:
            # User has unlimited visibility, return all scans
-            queryset = Resource.all_objects.filter(tenant_id=self.request.tenant_id)
+            queryset = Resource.objects.filter(tenant_id=self.request.tenant_id)
        else:
            # User lacks permission, filter providers based on provider groups associated with the role
-            queryset = Resource.all_objects.filter(
+            queryset = Resource.objects.filter(
                tenant_id=self.request.tenant_id, provider__in=get_providers(user_roles)
            )

        search_value = self.request.query_params.get("filter[search]", None)
        if search_value:
+            # Django's ORM will build a LEFT JOIN and OUTER JOIN on the "through" table, resulting in duplicates
+            # The duplicates then require a `distinct` query
            search_query = SearchQuery(
                search_value, config="simple", search_type="plain"
            )
            queryset = queryset.filter(
-                Q(text_search=search_query) | Q(tags__text_search=search_query)
+                Q(tags__key=search_value)
+                | Q(tags__value=search_value)
+                | Q(tags__text_search=search_query)
+                | Q(tags__key__contains=search_value)
+                | Q(tags__value__contains=search_value)
+                | Q(uid=search_value)
+                | Q(name=search_value)
+                | Q(region=search_value)
+                | Q(service=search_value)
+                | Q(type=search_value)
+                | Q(text_search=search_query)
+                | Q(uid__contains=search_value)
+                | Q(name__contains=search_value)
+                | Q(region__contains=search_value)
+                | Q(service__contains=search_value)
+                | Q(type__contains=search_value)
            ).distinct()

        return queryset

-    def _optimize_tags_loading(self, queryset):
-        """Optimize tags loading with prefetch_related to avoid N+1 queries"""
-        # Use prefetch_related to load all tags in a single query
-        return queryset.prefetch_related(
-            Prefetch(
-                "tags",
-                queryset=ResourceTag.objects.filter(
-                    tenant_id=self.request.tenant_id
-                ).select_related(),
-                to_attr="prefetched_tags",
-            )
-        )
-
-    def _should_prefetch_findings(self) -> bool:
-        fields_param = self.request.query_params.get("fields[resources]", "")
-        include_param = self.request.query_params.get("include", "")
-        return (
-            fields_param == ""
-            or "findings" in fields_param.split(",")
-            or "findings" in include_param.split(",")
-        )
-
-    def _get_findings_prefetch(self):
-        findings_queryset = Finding.all_objects.defer("scan", "resources").filter(
-            tenant_id=self.request.tenant_id
-        )
-        return [Prefetch("findings", queryset=findings_queryset)]
-
-    def get_serializer_class(self):
-        if self.action in ["metadata", "metadata_latest"]:
-            return ResourceMetadataSerializer
-        return super().get_serializer_class()
-
-    def get_filterset_class(self):
-        if self.action in ["latest", "metadata_latest"]:
-            return LatestResourceFilter
-        return ResourceFilter
-
-    def filter_queryset(self, queryset):
-        # Do not apply filters when retrieving specific resource
-        if self.action == "retrieve":
-            return queryset
-        return super().filter_queryset(queryset)
-
-    def list(self, request, *args, **kwargs):
-        filtered_queryset = self.filter_queryset(self.get_queryset())
-        return self.paginate_by_pk(
-            request,
-            filtered_queryset,
-            manager=Resource.all_objects,
-            select_related=["provider"],
-            prefetch_related=(
-                self._get_findings_prefetch()
-                if self._should_prefetch_findings()
-                else []
-            ),
-        )
-
-    def retrieve(self, request, *args, **kwargs):
-        queryset = self._optimize_tags_loading(self.get_queryset())
-        instance = get_object_or_404(queryset, pk=kwargs.get("pk"))
-        mapping_ids = list(
-            ResourceFindingMapping.objects.filter(
-                resource=instance, tenant_id=request.tenant_id
-            ).values_list("finding_id", flat=True)
-        )
-        latest_findings = (
-            Finding.all_objects.filter(id__in=mapping_ids, tenant_id=request.tenant_id)
-            .order_by("uid", "-inserted_at")
-            .distinct("uid")
-        )
-        setattr(instance, "latest_findings", latest_findings)
-        serializer = self.get_serializer(instance)
-        return Response(serializer.data, status=status.HTTP_200_OK)
-
-    @action(detail=False, methods=["get"], url_name="latest")
-    def latest(self, request):
-        tenant_id = request.tenant_id
-        filtered_queryset = self.filter_queryset(self.get_queryset())
-
-        latest_scans = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id,
-                state=StateChoices.COMPLETED,
-            )
-            .order_by("provider_id", "-inserted_at")
-            .distinct("provider_id")
-            .values("provider_id")
-        )
-
-        filtered_queryset = filtered_queryset.filter(
-            provider_id__in=Subquery(latest_scans)
-        )
-
-        return self.paginate_by_pk(
-            request,
-            filtered_queryset,
-            manager=Resource.all_objects,
-            select_related=["provider"],
-            prefetch_related=(
-                self._get_findings_prefetch()
-                if self._should_prefetch_findings()
-                else []
-            ),
-        )
-
-    @action(detail=False, methods=["get"], url_name="metadata")
-    def metadata(self, request):
-        # Force filter validation
-        self.filter_queryset(self.get_queryset())
-
-        tenant_id = request.tenant_id
-        query_params = request.query_params
-
-        queryset = ResourceScanSummary.objects.filter(tenant_id=tenant_id)
-
-        if scans := query_params.get("filter[scan__in]") or query_params.get(
-            "filter[scan]"
-        ):
-            queryset = queryset.filter(scan_id__in=scans.split(","))
-        else:
-            exact = query_params.get("filter[inserted_at]")
-            gte = query_params.get("filter[inserted_at__gte]")
-            lte = query_params.get("filter[inserted_at__lte]")
-
-            date_filters = {}
-            if exact:
-                date = parse_date(exact)
-                datetime_start = datetime.combine(
-                    date, datetime.min.time(), tzinfo=timezone.utc
-                )
-                datetime_end = datetime_start + timedelta(days=1)
-                date_filters["scan_id__gte"] = uuid7_start(
-                    datetime_to_uuid7(datetime_start)
-                )
-                date_filters["scan_id__lt"] = uuid7_start(
-                    datetime_to_uuid7(datetime_end)
-                )
-            else:
-                if gte:
-                    date_start = parse_date(gte)
-                    datetime_start = datetime.combine(
-                        date_start, datetime.min.time(), tzinfo=timezone.utc
-                    )
-                    date_filters["scan_id__gte"] = uuid7_start(
-                        datetime_to_uuid7(datetime_start)
-                    )
-                if lte:
-                    date_end = parse_date(lte)
-                    datetime_end = datetime.combine(
-                        date_end + timedelta(days=1),
-                        datetime.min.time(),
-                        tzinfo=timezone.utc,
-                    )
-                    date_filters["scan_id__lt"] = uuid7_start(
-                        datetime_to_uuid7(datetime_end)
-                    )
-
-            if date_filters:
-                queryset = queryset.filter(**date_filters)
-
-        if service_filter := query_params.get("filter[service]") or query_params.get(
-            "filter[service__in]"
-        ):
-            queryset = queryset.filter(service__in=service_filter.split(","))
-        if region_filter := query_params.get("filter[region]") or query_params.get(
-            "filter[region__in]"
-        ):
-            queryset = queryset.filter(region__in=region_filter.split(","))
-        if resource_type_filter := query_params.get("filter[type]") or query_params.get(
-            "filter[type__in]"
-        ):
-            queryset = queryset.filter(
-                resource_type__in=resource_type_filter.split(",")
-            )
-
-        services = list(
-            queryset.values_list("service", flat=True).distinct().order_by("service")
-        )
-        regions = list(
-            queryset.values_list("region", flat=True).distinct().order_by("region")
-        )
-        resource_types = list(
-            queryset.values_list("resource_type", flat=True)
-            .exclude(resource_type__isnull=True)
-            .exclude(resource_type__exact="")
-            .distinct()
-            .order_by("resource_type")
-        )
-
-        result = {
-            "services": services,
-            "regions": regions,
-            "types": resource_types,
-        }
-
-        serializer = self.get_serializer(data=result)
-        serializer.is_valid(raise_exception=True)
-        return Response(serializer.data)
-
-    @action(
-        detail=False,
-        methods=["get"],
-        url_name="metadata_latest",
-        url_path="metadata/latest",
-    )
-    def metadata_latest(self, request):
-        tenant_id = request.tenant_id
-        query_params = request.query_params
-
-        latest_scans_queryset = (
-            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
-            .order_by("provider_id", "-inserted_at")
-            .distinct("provider_id")
-        )
-
-        queryset = ResourceScanSummary.objects.filter(
-            tenant_id=tenant_id,
-            scan_id__in=latest_scans_queryset.values_list("id", flat=True),
-        )
-
-        if service_filter := query_params.get("filter[service]") or query_params.get(
-            "filter[service__in]"
-        ):
-            queryset = queryset.filter(service__in=service_filter.split(","))
-        if region_filter := query_params.get("filter[region]") or query_params.get(
-            "filter[region__in]"
-        ):
-            queryset = queryset.filter(region__in=region_filter.split(","))
-        if resource_type_filter := query_params.get("filter[type]") or query_params.get(
-            "filter[type__in]"
-        ):
-            queryset = queryset.filter(
-                resource_type__in=resource_type_filter.split(",")
-            )
-
-        services = list(
-            queryset.values_list("service", flat=True).distinct().order_by("service")
-        )
-        regions = list(
-            queryset.values_list("region", flat=True).distinct().order_by("region")
-        )
-        resource_types = list(
-            queryset.values_list("resource_type", flat=True)
-            .exclude(resource_type__isnull=True)
-            .exclude(resource_type__exact="")
-            .distinct()
-            .order_by("resource_type")
-        )
-
-        result = {
-            "services": services,
-            "regions": regions,
-            "types": resource_types,
-        }
-
-        serializer = self.get_serializer(data=result)
-        serializer.is_valid(raise_exception=True)
-        return Response(serializer.data)
-

@extend_schema_view(
    list=extend_schema(
@@ -2359,7 +2036,17 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
                search_value, config="simple", search_type="plain"
            )

-            queryset = queryset.filter(text_search=search_query)
+            resource_match = Resource.all_objects.filter(
+                text_search=search_query,
+                id__in=ResourceFindingMapping.objects.filter(
+                    resource_id=OuterRef("pk"),
+                    tenant_id=tenant_id,
+                ).values("resource_id"),
+            )
+
+            queryset = queryset.filter(
+                Q(text_search=search_query) | Q(Exists(resource_match))
+            )

        return queryset

@@ -3495,7 +3182,7 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
 )
@method_decorator(CACHE_DECORATOR, name="list")
 class OverviewViewSet(BaseRLSViewSet):
-    queryset = ScanSummary.objects.all()
+    queryset = ComplianceOverview.objects.all()
    http_method_names = ["get"]
    ordering = ["-inserted_at"]
    # RBAC required permissions (implicit -> MANAGE_PROVIDERS enable unlimited visibility or check the visibility of
@@ -3506,10 +3193,19 @@ class OverviewViewSet(BaseRLSViewSet):
        role = get_role(self.request.user)
        providers = get_providers(role)

-        if not role.unlimited_visibility:
-            self.allowed_providers = providers
+        def _get_filtered_queryset(model):
+            if role.unlimited_visibility:
+                return model.all_objects.filter(tenant_id=self.request.tenant_id)
+            return model.all_objects.filter(
+                tenant_id=self.request.tenant_id, scan__provider__in=providers
+            )

-        return ScanSummary.all_objects.filter(tenant_id=self.request.tenant_id)
+        if self.action == "providers":
+            return _get_filtered_queryset(Finding)
+        elif self.action in ("findings", "findings_severity", "services"):
+            return _get_filtered_queryset(ScanSummary)
+        else:
+            return super().get_queryset()

    def get_serializer_class(self):
        if self.action == "providers":
@@ -3542,24 +3238,18 @@ class OverviewViewSet(BaseRLSViewSet):
    @action(detail=False, methods=["get"], url_name="providers")
    def providers(self, request):
        tenant_id = self.request.tenant_id
-        queryset = self.get_queryset()
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
        )

        findings_aggregated = (
-            queryset.filter(scan_id__in=latest_scan_ids)
+            ScanSummary.all_objects.filter(
+                tenant_id=tenant_id, scan_id__in=latest_scan_ids
+            )
            .values(
                "scan__provider_id",
                provider=F("scan__provider__provider"),
@@ -3595,7 +3285,7 @@ class OverviewViewSet(BaseRLSViewSet):
            )

        return Response(
-            self.get_serializer(overview, many=True).data,
+            OverviewProviderSerializer(overview, many=True).data,
            status=status.HTTP_200_OK,
        )

@@ -3604,16 +3294,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3650,16 +3333,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3679,7 +3355,7 @@ class OverviewViewSet(BaseRLSViewSet):
        for item in severity_counts:
            severity_data[item["severity"]] = item["count"]

-        serializer = self.get_serializer(severity_data)
+        serializer = OverviewSeveritySerializer(severity_data)
        return Response(serializer.data, status=status.HTTP_200_OK)

    @action(detail=False, methods=["get"], url_name="services")
@@ -3687,16 +3363,9 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = self.request.tenant_id
        queryset = self.get_queryset()
        filtered_queryset = self.filter_queryset(queryset)
-        provider_filter = (
-            {"provider__in": self.allowed_providers}
-            if hasattr(self, "allowed_providers")
-            else {}
-        )

        latest_scan_ids = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-            )
+            Scan.all_objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
@@ -3714,7 +3383,7 @@ class OverviewViewSet(BaseRLSViewSet):
            .order_by("service")
        )

-        serializer = self.get_serializer(services_data, many=True)
+        serializer = OverviewServiceSerializer(services_data, many=True)

        return Response(serializer.data, status=status.HTTP_200_OK)

@@ -3914,54 +3583,3 @@ class LighthouseConfigViewSet(BaseRLSViewSet):
                )
            },
        )
-
-
-@extend_schema_view(
-    list=extend_schema(
-        tags=["Processor"],
-        summary="List all processors",
-        description="Retrieve a list of all configured processors with options for filtering by various criteria.",
-    ),
-    retrieve=extend_schema(
-        tags=["Processor"],
-        summary="Retrieve processor details",
-        description="Fetch detailed information about a specific processor by its ID.",
-    ),
-    create=extend_schema(
-        tags=["Processor"],
-        summary="Create a new processor",
-        description="Register a new processor with the system, providing necessary configuration details. There can "
-        "only be one processor of each type per tenant.",
-    ),
-    partial_update=extend_schema(
-        tags=["Processor"],
-        summary="Partially update a processor",
-        description="Modify certain fields of an existing processor without affecting other settings.",
-    ),
-    destroy=extend_schema(
-        tags=["Processor"],
-        summary="Delete a processor",
-        description="Remove a processor from the system by its ID.",
-    ),
-)
-@method_decorator(CACHE_DECORATOR, name="list")
-@method_decorator(CACHE_DECORATOR, name="retrieve")
-class ProcessorViewSet(BaseRLSViewSet):
-    queryset = Processor.objects.all()
-    serializer_class = ProcessorSerializer
-    http_method_names = ["get", "post", "patch", "delete"]
-    filterset_class = ProcessorFilter
-    ordering = ["processor_type", "-inserted_at"]
-    # RBAC required permissions
-    required_permissions = [Permissions.MANAGE_ACCOUNT]
-
-    def get_queryset(self):
-        queryset = Processor.objects.filter(tenant_id=self.request.tenant_id)
-        return queryset
-
-    def get_serializer_class(self):
-        if self.action == "create":
-            return ProcessorCreateSerializer
-        elif self.action == "partial_update":
-            return ProcessorUpdateSerializer
-        return super().get_serializer_class()
@@ -1,5 +1,3 @@
-import string
-
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext as _

@@ -22,89 +20,3 @@ class MaximumLengthValidator:
        return _(
            f"Your password must contain no more than {self.max_length} characters."
        )
-
-
-class SpecialCharactersValidator:
-    def __init__(self, special_characters=None, min_special_characters=1):
-        # Use string.punctuation if no custom characters provided
-        self.special_characters = special_characters or string.punctuation
-        self.min_special_characters = min_special_characters
-
-    def validate(self, password, user=None):
-        if (
-            sum(1 for char in password if char in self.special_characters)
-            < self.min_special_characters
-        ):
-            raise ValidationError(
-                _("This password must contain at least one special character."),
-                code="password_no_special_characters",
-                params={
-                    "special_characters": self.special_characters,
-                    "min_special_characters": self.min_special_characters,
-                },
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least one special character from: {self.special_characters}"
-        )
-
-
-class UppercaseValidator:
-    def __init__(self, min_uppercase=1):
-        self.min_uppercase = min_uppercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isupper()) < self.min_uppercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_uppercase)d uppercase letter."
-                ),
-                code="password_no_uppercase_letters",
-                params={"min_uppercase": self.min_uppercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_uppercase} uppercase letter."
-        )
-
-
-class LowercaseValidator:
-    def __init__(self, min_lowercase=1):
-        self.min_lowercase = min_lowercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.islower()) < self.min_lowercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_lowercase)d lowercase letter."
-                ),
-                code="password_no_lowercase_letters",
-                params={"min_lowercase": self.min_lowercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_lowercase} lowercase letter."
-        )
-
-
-class NumericValidator:
-    def __init__(self, min_numeric=1):
-        self.min_numeric = min_numeric
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isdigit()) < self.min_numeric:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_numeric)d numeric character."
-                ),
-                code="password_no_numeric_characters",
-                params={"min_numeric": self.min_numeric},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_numeric} numeric character."
-        )
@@ -159,30 +159,6 @@ AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
-    {
-        "NAME": "api.validators.SpecialCharactersValidator",
-        "OPTIONS": {
-            "min_special_characters": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.UppercaseValidator",
-        "OPTIONS": {
-            "min_uppercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.LowercaseValidator",
-        "OPTIONS": {
-            "min_lowercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.NumericValidator",
-        "OPTIONS": {
-            "min_numeric": 1,
-        },
-    },
 ]

 SIMPLE_JWT = {
@@ -4,7 +4,6 @@ from config.env import env
 IGNORED_EXCEPTIONS = [
    # Provider is not connected due to credentials errors
    "is not connected",
-    "ProviderConnectionError",
    # Authentication Errors from AWS
    "InvalidToken",
    "AccessDeniedException",
@@ -17,7 +16,7 @@ IGNORED_EXCEPTIONS = [
    "InternalServerErrorException",
    "AccessDenied",
    "No Shodan API Key",  # Shodan Check
-    "RequestLimitExceeded",  # For now, we don't want to log the RequestLimitExceeded errors
+    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
    "ThrottlingException",
    "Rate exceeded",
    "SubscriptionRequiredException",
@@ -43,9 +42,7 @@ IGNORED_EXCEPTIONS = [
    "AWSAccessKeyIDInvalidError",
    "AWSSessionTokenExpiredError",
    "EndpointConnectionError",  # AWS Service is not available in a region
-    # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an
-    # unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    "Pool is closed",
+    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
    # Authentication Errors from GCP
    "ClientAuthenticationError",
    "AuthorizationFailed",
@@ -74,7 +71,7 @@ IGNORED_EXCEPTIONS = [

 def before_send(event, hint):
    """
-    before_send handles the Sentry events in order to send them or not
+    before_send handles the Sentry events in order to sent them or not
    """
    # Ignore logs with the ignored_exceptions
    # https://docs.python.org/3/library/logging.html#logrecord-objects
@@ -23,13 +23,11 @@ from api.models import (
    Invitation,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
-    ResourceTagMapping,
    Role,
    SAMLConfiguration,
    SAMLDomainIndex,
@@ -46,19 +44,12 @@ from api.v1.serializers import TokenSerializer
 from prowler.lib.check.models import Severity
 from prowler.lib.outputs.finding import Status

-TODAY = str(datetime.today().date())
 API_JSON_CONTENT_TYPE = "application/vnd.api+json"
 NO_TENANT_HTTP_STATUS = status.HTTP_401_UNAUTHORIZED
 TEST_USER = "dev@prowler.com"
 TEST_PASSWORD = "testing_psswd"


-def today_after_n_days(n_days: int) -> str:
-    return datetime.strftime(
-        datetime.today().date() + timedelta(days=n_days), "%Y-%m-%d"
-    )
-
-
@pytest.fixture(scope="module")
 def enforce_test_user_db_connection(django_db_setup, django_db_blocker):
    """Ensure tests use the test user for database connections."""
@@ -400,19 +391,6 @@ def providers_fixture(tenants_fixture):
    return provider1, provider2, provider3, provider4, provider5, provider6


-@pytest.fixture
-def processor_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-    processor = Processor.objects.create(
-        tenant_id=tenant.id,
-        processor_type="mutelist",
-        configuration="Mutelist:\n  Accounts:\n    *:\n      Checks:\n        iam_user_hardware_mfa_enabled:\n         "
-        " Regions:\n            - *\n          Resources:\n            - *",
-    )
-
-    return processor
-
-
@pytest.fixture
 def provider_groups_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -662,7 +640,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
-            "servicename": "ec2",
        },
        first_seen_at="2024-01-02T00:00:00Z",
    )
@@ -689,7 +666,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
-            "servicename": "s3",
        },
        first_seen_at="2024-01-02T00:00:00Z",
        muted=True,
@@ -1145,69 +1121,6 @@ def latest_scan_finding(authenticated_client, providers_fixture, resources_fixtu
    return finding


-@pytest.fixture(scope="function")
-def latest_scan_resource(authenticated_client, providers_fixture):
-    provider = providers_fixture[0]
-    tenant_id = str(providers_fixture[0].tenant_id)
-    scan = Scan.objects.create(
-        name="latest completed scan for resource",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant_id=tenant_id,
-    )
-    resource = Resource.objects.create(
-        tenant_id=tenant_id,
-        provider=provider,
-        uid="latest_resource_uid",
-        name="Latest Resource",
-        region="us-east-1",
-        service="ec2",
-        type="instance",
-        metadata='{"test": "metadata"}',
-        details='{"test": "details"}',
-    )
-
-    resource_tag = ResourceTag.objects.create(
-        tenant_id=tenant_id,
-        key="environment",
-        value="test",
-    )
-    ResourceTagMapping.objects.create(
-        tenant_id=tenant_id,
-        resource=resource,
-        tag=resource_tag,
-    )
-
-    finding = Finding.objects.create(
-        tenant_id=tenant_id,
-        uid="test_finding_uid_latest",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status extended ",
-        impact=Severity.critical,
-        impact_extended="test impact extended",
-        severity=Severity.critical,
-        raw_result={
-            "status": Status.FAIL,
-            "impact": Severity.critical,
-            "severity": Severity.critical,
-        },
-        tags={"test": "latest"},
-        check_id="test_check_id_latest",
-        check_metadata={
-            "CheckId": "test_check_id_latest",
-            "Description": "test description latest",
-        },
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-
-    backfill_resource_scan_summaries(tenant_id, str(scan.id))
-    return resource
-
-
@pytest.fixture
 def saml_setup(tenants_fixture):
    tenant_id = tenants_fixture[0].id
@@ -2,10 +2,10 @@ import json
 from datetime import datetime, timedelta, timezone

 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.tasks import perform_scheduled_scan_task

 from api.db_utils import rls_transaction
-from api.exceptions import ConflictException
 from api.models import Provider, Scan, StateChoices


@@ -24,9 +24,15 @@ def schedule_provider_scan(provider_instance: Provider):
    if PeriodicTask.objects.filter(
        interval=schedule, name=task_name, task="scan-perform-scheduled"
    ).exists():
-        raise ConflictException(
-            detail="There is already a scheduled scan for this provider.",
-            pointer="/data/attributes/provider_id",
+        raise ValidationError(
+            [
+                {
+                    "detail": "There is already a scheduled scan for this provider.",
+                    "status": 400,
+                    "source": {"pointer": "/data/attributes/provider_id"},
+                    "code": "invalid",
+                }
+            ]
        )

    with rls_transaction(tenant_id):
@@ -1,29 +1,22 @@
 import json
 import time
-from collections import defaultdict
 from copy import deepcopy
 from datetime import datetime, timezone

 from celery.utils.log import get_task_logger
 from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
 from django.db import IntegrityError, OperationalError
-from django.db.models import Case, Count, IntegerField, Prefetch, Sum, When
+from django.db.models import Case, Count, IntegerField, Sum, When
 from tasks.utils import CustomEncoder

 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import (
-    create_objects_in_batches,
-    rls_transaction,
-    update_objects_in_batches,
-)
-from api.exceptions import ProviderConnectionError
+from api.db_utils import create_objects_in_batches, rls_transaction
 from api.models import (
    ComplianceRequirementOverview,
    Finding,
-    Processor,
    Provider,
    Resource,
    ResourceScanSummary,
@@ -108,10 +101,7 @@ def _store_resources(


 def perform_prowler_scan(
-    tenant_id: str,
-    scan_id: str,
-    provider_id: str,
-    checks_to_execute: list[str] | None = None,
+    tenant_id: str, scan_id: str, provider_id: str, checks_to_execute: list[str] = None
 ):
    """
    Perform a scan using Prowler and store the findings and resources in the database.
@@ -142,28 +132,14 @@ def perform_prowler_scan(
        scan_instance.started_at = datetime.now(tz=timezone.utc)
        scan_instance.save()

-    # Find the mutelist processor if it exists
-    with rls_transaction(tenant_id):
-        try:
-            mutelist_processor = Processor.objects.get(
-                tenant_id=tenant_id, processor_type=Processor.ProcessorChoices.MUTELIST
-            )
-        except Processor.DoesNotExist:
-            mutelist_processor = None
-        except Exception as e:
-            logger.error(f"Error processing mutelist rules: {e}")
-            mutelist_processor = None
-
    try:
        with rls_transaction(tenant_id):
            try:
-                prowler_provider = initialize_prowler_provider(
-                    provider_instance, mutelist_processor
-                )
+                prowler_provider = initialize_prowler_provider(provider_instance)
                provider_instance.connected = True
            except Exception as e:
                provider_instance.connected = False
-                exc = ProviderConnectionError(
+                exc = ValueError(
                    f"Provider {provider_instance.provider} is not connected: {e}"
                )
            finally:
@@ -183,7 +159,6 @@ def perform_prowler_scan(
        resource_cache = {}
        tag_cache = {}
        last_status_cache = {}
-        resource_failed_findings_cache = defaultdict(int)

        for progress, findings in prowler_scan.scan():
            for finding in findings:
@@ -209,9 +184,6 @@ def perform_prowler_scan(
                                    },
                                )
                                resource_cache[resource_uid] = resource_instance
-
-                                # Initialize all processed resources in the cache
-                                resource_failed_findings_cache[resource_uid] = 0
                            else:
                                resource_instance = resource_cache[resource_uid]

@@ -302,9 +274,6 @@ def perform_prowler_scan(
                    if not last_first_seen_at:
                        last_first_seen_at = datetime.now(tz=timezone.utc)

-                    # If the finding is muted at this time the reason must be the configured Mutelist
-                    muted_reason = "Muted by mutelist" if finding.muted else None
-
                    # Create the finding
                    finding_instance = Finding.objects.create(
                        tenant_id=tenant_id,
@@ -320,16 +289,10 @@ def perform_prowler_scan(
                        scan=scan_instance,
                        first_seen_at=last_first_seen_at,
                        muted=finding.muted,
-                        muted_reason=muted_reason,
                        compliance=finding.compliance,
                    )
                    finding_instance.add_resources([resource_instance])

-                    # Increment failed_findings_count cache if the finding status is FAIL and not muted
-                    if status == FindingStatus.FAIL and not finding.muted:
-                        resource_uid = finding.resource_uid
-                        resource_failed_findings_cache[resource_uid] += 1
-
                # Update scan resource summaries
                scan_resource_cache.add(
                    (
@@ -347,24 +310,6 @@ def perform_prowler_scan(

        scan_instance.state = StateChoices.COMPLETED

-        # Update failed_findings_count for all resources in batches if scan completed successfully
-        if resource_failed_findings_cache:
-            resources_to_update = []
-            for resource_uid, failed_count in resource_failed_findings_cache.items():
-                if resource_uid in resource_cache:
-                    resource_instance = resource_cache[resource_uid]
-                    resource_instance.failed_findings_count = failed_count
-                    resources_to_update.append(resource_instance)
-
-            if resources_to_update:
-                update_objects_in_batches(
-                    tenant_id=tenant_id,
-                    model=Resource,
-                    objects=resources_to_update,
-                    fields=["failed_findings_count"],
-                    batch_size=1000,
-                )
-
    except Exception as e:
        logger.error(f"Error performing scan {scan_id}: {e}")
        exception = e
@@ -417,9 +362,6 @@ def aggregate_findings(tenant_id: str, scan_id: str):
    changed, unchanged). The results are grouped by `check_id`, `service`, `severity`, and `region`.
    These aggregated metrics are then stored in the `ScanSummary` table.

-    Additionally, it updates the failed_findings_count field for each resource based on the most
-    recent findings for each finding.uid.
-
    Args:
        tenant_id (str): The ID of the tenant to which the scan belongs.
        scan_id (str): The ID of the scan for which findings need to be aggregated.
@@ -588,27 +530,18 @@ def create_compliance_requirements(tenant_id: str, scan_id: str):
            prowler_provider = return_prowler_provider(provider_instance)

        # Get check status data by region from findings
-        findings = (
-            Finding.all_objects.filter(scan_id=scan_id, muted=False)
-            .only("id", "check_id", "status")
-            .prefetch_related(
-                Prefetch(
-                    "resources",
-                    queryset=Resource.objects.only("id", "region"),
-                    to_attr="small_resources",
-                )
-            )
-            .iterator(chunk_size=1000)
-        )
-
        check_status_by_region = {}
        with rls_transaction(tenant_id):
+            findings = Finding.objects.filter(scan_id=scan_id, muted=False)
            for finding in findings:
-                for resource in finding.small_resources:
+                # Get region from resources
+                for resource in finding.resources.all():
                    region = resource.region
-                    current_status = check_status_by_region.setdefault(region, {})
-                    if current_status.get(finding.check_id) != "FAIL":
-                        current_status[finding.check_id] = finding.status
+                    region_dict = check_status_by_region.setdefault(region, {})
+                    current_status = region_dict.get(finding.check_id)
+                    if current_status == "FAIL":
+                        continue
+                    region_dict[finding.check_id] = finding.status

        try:
            # Try to get regions from provider
@@ -37,26 +37,6 @@ from prowler.lib.outputs.finding import Finding as FindingOutput
 logger = get_task_logger(__name__)


-def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str):
-    """
-    Helper function to perform tasks after a scan is completed.
-
-    Args:
-        tenant_id (str): The tenant ID under which the scan was performed.
-        scan_id (str): The ID of the scan that was performed.
-        provider_id (str): The primary key of the Provider instance that was scanned.
-    """
-    create_compliance_requirements_task.apply_async(
-        kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
-    )
-    chain(
-        perform_scan_summary_task.si(tenant_id=tenant_id, scan_id=scan_id),
-        generate_outputs_task.si(
-            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
-        ),
-    ).apply_async()
-
-
@shared_task(base=RLSTask, name="provider-connection-check")
@set_tenant
 def check_provider_connection_task(provider_id: str):
@@ -123,7 +103,13 @@ def perform_scan_task(
        checks_to_execute=checks_to_execute,
    )

-    _perform_scan_complete_tasks(tenant_id, scan_id, provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_id),
+        create_compliance_requirements_task.si(tenant_id=tenant_id, scan_id=scan_id),
+        generate_outputs.si(
+            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result

@@ -228,12 +214,20 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
                scheduler_task_id=periodic_task_instance.id,
            )

-    _perform_scan_complete_tasks(tenant_id, str(scan_instance.id), provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_instance.id),
+        create_compliance_requirements_task.si(
+            tenant_id=tenant_id, scan_id=str(scan_instance.id)
+        ),
+        generate_outputs.si(
+            scan_id=str(scan_instance.id), provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result


-@shared_task(name="scan-summary", queue="overview")
+@shared_task(name="scan-summary")
 def perform_scan_summary_task(tenant_id: str, scan_id: str):
    return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)

@@ -249,7 +243,7 @@ def delete_tenant_task(tenant_id: str):
    queue="scan-reports",
 )
@set_tenant(keep_tenant=True)
-def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
+def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
    """
    Process findings in batches and generate output files in multiple formats.

@@ -387,7 +381,7 @@ def backfill_scan_resource_summaries_task(tenant_id: str, scan_id: str):
    return backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(base=RLSTask, name="scan-compliance-overviews", queue="overview")
+@shared_task(base=RLSTask, name="scan-compliance-overviews")
 def create_compliance_requirements_task(tenant_id: str, scan_id: str):
    """
    Creates detailed compliance requirement records for a scan.
@@ -3,9 +3,9 @@ from unittest.mock import patch

 import pytest
 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.beat import schedule_provider_scan

-from api.exceptions import ConflictException
 from api.models import Scan


@@ -48,8 +48,8 @@ class TestScheduleProviderScan:
        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
            schedule_provider_scan(provider_instance)

-        # Now, try scheduling again, should raise ConflictException
-        with pytest.raises(ConflictException) as exc_info:
+        # Now, try scheduling again, should raise ValidationError
+        with pytest.raises(ValidationError) as exc_info:
            schedule_provider_scan(provider_instance)

        assert "There is already a scheduled scan for this provider." in str(
@@ -3,10 +3,9 @@ from pathlib import Path
 from unittest.mock import MagicMock, patch

 import pytest
-from tasks.tasks import _perform_scan_complete_tasks, generate_outputs_task
+from tasks.tasks import generate_outputs


-# TODO Move this to outputs/reports jobs
@pytest.mark.django_db
 class TestGenerateOutputs:
    def setup_method(self):
@@ -18,7 +17,7 @@ class TestGenerateOutputs:
        with patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter:
            mock_filter.return_value.exists.return_value = False

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -100,7 +99,7 @@ class TestGenerateOutputs:
            mock_compress.return_value = "/tmp/zipped.zip"
            mock_upload.return_value = "s3://bucket/zipped.zip"

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -151,7 +150,7 @@ class TestGenerateOutputs:
                True,
            ]

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id="scan",
                provider_id="provider",
                tenant_id=self.tenant_id,
@@ -209,7 +208,7 @@ class TestGenerateOutputs:
                    {"aws": [(lambda x: True, MagicMock())]},
                ),
            ):
-                generate_outputs_task(
+                generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -277,7 +276,7 @@ class TestGenerateOutputs:
                    }
                },
            ):
-                result = generate_outputs_task(
+                result = generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -347,7 +346,7 @@ class TestGenerateOutputs:
        ):
            mock_summary.return_value.exists.return_value = True

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -408,31 +407,9 @@ class TestGenerateOutputs:
                ),
            ):
                with caplog.at_level("ERROR"):
-                    generate_outputs_task(
+                    generate_outputs(
                        scan_id=self.scan_id,
                        provider_id=self.provider_id,
                        tenant_id=self.tenant_id,
                    )
                    assert "Error deleting output files" in caplog.text
-
-
-class TestScanCompleteTasks:
-    @patch("tasks.tasks.create_compliance_requirements_task.apply_async")
-    @patch("tasks.tasks.perform_scan_summary_task.si")
-    @patch("tasks.tasks.generate_outputs_task.si")
-    def test_scan_complete_tasks(
-        self, mock_outputs_task, mock_scan_summary_task, mock_compliance_tasks
-    ):
-        _perform_scan_complete_tasks("tenant-id", "scan-id", "provider-id")
-        mock_compliance_tasks.assert_called_once_with(
-            kwargs={"tenant_id": "tenant-id", "scan_id": "scan-id"},
-        )
-        mock_scan_summary_task.assert_called_once_with(
-            scan_id="scan-id",
-            tenant_id="tenant-id",
-        )
-        mock_outputs_task.assert_called_once_with(
-            scan_id="scan-id",
-            provider_id="provider-id",
-            tenant_id="tenant-id",
-        )
@@ -1,4 +1,5 @@
 # Standard library imports
+import csv
 import glob
 import json
 import os
@@ -19,6 +20,7 @@ from dash.dependencies import Input, Output
 # Config import
 from dashboard.config import (
    critical_color,
+    encoding_format,
    fail_color,
    folder_path_overview,
    high_color,
@@ -44,7 +46,6 @@ from dashboard.lib.dropdowns import (
    create_table_row_dropdown,
 )
 from dashboard.lib.layouts import create_layout_overview
-from prowler.lib.logger import logger

 # Suppress warnings
 warnings.filterwarnings("ignore")
@@ -54,13 +55,11 @@ warnings.filterwarnings("ignore")
 csv_files = []

 for file in glob.glob(os.path.join(folder_path_overview, "*.csv")):
-    try:
-        df = pd.read_csv(file, sep=";")
-        num_rows = len(df)
+    with open(file, "r", newline="", encoding=encoding_format) as csvfile:
+        reader = csv.reader(csvfile)
+        num_rows = sum(1 for row in reader)
        if num_rows > 1:
            csv_files.append(file)
-    except Exception:
-        logger.error(f"Error reading file {file}")


 # Import logos providers
@@ -192,13 +191,7 @@ else:
        data.rename(columns={"RESOURCE_ID": "RESOURCE_UID"}, inplace=True)

    # Remove dupplicates on the finding_uid colummn but keep the last one taking into account the timestamp
-    data["DATE"] = data["TIMESTAMP"].dt.date
-    data = (
-        data.sort_values("TIMESTAMP")
-        .groupby(["DATE", "FINDING_UID"], as_index=False)
-        .last()
-    )
-    data["TIMESTAMP"] = pd.to_datetime(data["TIMESTAMP"])
+    data = data.sort_values("TIMESTAMP").drop_duplicates("FINDING_UID", keep="last")

    data["ASSESSMENT_TIME"] = data["TIMESTAMP"].dt.strftime("%Y-%m-%d")
    data_valid = pd.DataFrame()
@@ -1,6 +1,6 @@
-# Extending Prowler Lighthouse AI
+# Extending Prowler Lighthouse

-This guide helps developers customize and extend Prowler Lighthouse AI by adding or modifying AI agents.
+This guide helps developers customize and extend Prowler Lighthouse by adding or modifying AI agents.

 ## Understanding AI Agents

@@ -13,7 +13,7 @@ AI agents fall into two main categories:
 - **Autonomous Agents**: Freely chooses from available tools to complete tasks, adapting their approach based on context. They decide which tools to use and when.
 - **Workflow Agents**: Follows structured paths with predefined logic. They execute specific tool sequences and can include conditional logic.

-Prowler Lighthouse AI is an autonomous agent - selecting the right tool(s) based on the users query.
+Prowler Lighthouse is an autonomous agent - selecting the right tool(s) based on the users query.

 ???+ note
    To learn more about AI agents, read [Anthropic's blog post on building effective agents](https://www.anthropic.com/engineering/building-effective-agents).
@@ -24,15 +24,15 @@ The autonomous nature of agents depends on the underlying LLM. Autonomous agents

 After evaluating multiple LLM providers (OpenAI, Gemini, Claude, LLama) based on tool calling features and response accuracy, we recommend using the `gpt-4o` model.

-## Prowler Lighthouse AI Architecture
+## Prowler Lighthouse Architecture

-Prowler Lighthouse AI uses a multi-agent architecture orchestrated by the [Langgraph-Supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor) library.
+Prowler Lighthouse uses a multi-agent architecture orchestrated by the [Langgraph-Supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor) library.

 ### Architecture Components

 <img src="../../tutorials/img/lighthouse-architecture.png" alt="Prowler Lighthouse architecture">

-Prowler Lighthouse AI integrates with the NextJS application:
+Prowler Lighthouse integrates with the NextJS application:

 - The [Langgraph-Supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor) library integrates directly with NextJS
 - The system uses the authenticated user session to interact with the Prowler API server
@@ -74,7 +74,7 @@ Modifying the supervisor prompt allows you to:

 The supervisor agent and all specialized agents are defined in the `route.ts` file. The supervisor agent uses [langgraph-supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor), while other agents use the prebuilt [create-react-agent](https://langchain-ai.github.io/langgraphjs/how-tos/create-react-agent/).

-To add new capabilities or all Lighthouse AI to interact with other APIs, create additional specialized agents:
+To add new capabilities or all Lighthouse to interact with other APIs, create additional specialized agents:

 1. First determine what the new agent would do. Create a detailed prompt defining the agent's purpose and capabilities. You can see an example from [here](https://github.com/prowler-cloud/prowler/blob/master/ui/lib/lighthouse/prompts.ts#L359-L385).
 ???+ note
@@ -491,15 +491,11 @@ The provided credentials must have the appropriate permissions to perform all th

 ## Infrastructure as Code (IaC)

-Prowler's Infrastructure as Code (IaC) provider enables you to scan local or remote infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks and requires no cloud authentication for local scans.
+Prowler's Infrastructure as Code (IaC) provider enables you to scan local infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks and requires no cloud authentication.

 ### Authentication

- For local scans, no authentication is required.
- For remote repository scans, authentication can be provided via:
-    - [**GitHub Username and Personal Access Token (PAT)**](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic)
-    - [**GitHub OAuth App Token**](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)
-    - [**Git URL**](https://git-scm.com/docs/git-clone#_git_urls)
+The IaC provider does not require any authentication or credentials since it scans local files directly. This makes it ideal for CI/CD pipelines and local development environments.

 ### Supported Frameworks

@@ -519,3 +515,27 @@ The IaC provider leverages Checkov to support multiple frameworks, including:
 - Kustomize
 - OpenAPI
 - SAST, SCA (Software Composition Analysis)
+
+### Usage
+
+To run Prowler with the IaC provider, use the `iac` flag. You can specify the directory to scan, frameworks to include, and paths to exclude.
+
+#### Basic Example
+
+```console
+prowler iac --scan-path ./my-iac-directory
+```
+
+#### Specify Frameworks
+
+Scan only Terraform and Kubernetes files:
+
+```console
+prowler iac --scan-path ./my-iac-directory --frameworks terraform kubernetes
+```
+
+#### Exclude Paths
+
+```console
+prowler iac --scan-path ./my-iac-directory --exclude-path ./my-iac-directory/test,./my-iac-directory/examples
+```
@@ -614,23 +614,12 @@ prowler github --github-app-id app_id --github-app-key app_key

 #### Infrastructure as Code (IaC)

-Prowler's Infrastructure as Code (IaC) provider enables you to scan local or remote infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks, allowing you to assess your code before deployment.
+Prowler's Infrastructure as Code (IaC) provider enables you to scan local infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks, allowing you to assess your code before deployment.

 ```console
 # Scan a directory for IaC files
 prowler iac --scan-path ./my-iac-directory

-# Scan a remote GitHub repository (public or private)
-prowler iac --scan-repository-url https://github.com/user/repo.git
-
-# Authenticate to a private repo with GitHub username and PAT
-prowler iac --scan-repository-url https://github.com/user/repo.git \
-  --github-username <username> --personal-access-token <token>
-
-# Authenticate to a private repo with OAuth App Token
-prowler iac --scan-repository-url https://github.com/user/repo.git \
-  --oauth-app-token <oauth_token>
-
 # Specify frameworks to scan (default: all)
 prowler iac --scan-path ./my-iac-directory --frameworks terraform kubernetes

@@ -639,10 +628,8 @@ prowler iac --scan-path ./my-iac-directory --exclude-path ./my-iac-directory/tes
 ```

 ???+ note
-    - `--scan-path` and `--scan-repository-url` are mutually exclusive; only one can be specified at a time.
-    - For remote repository scans, authentication can be provided via CLI flags or environment variables (`GITHUB_OAUTH_APP_TOKEN`, `GITHUB_USERNAME`, `GITHUB_PERSONAL_ACCESS_TOKEN`). CLI flags take precedence.
-    - The IaC provider does not require cloud authentication for local scans.
-    - It is ideal for CI/CD pipelines and local development environments.
+    - The IaC provider does not require cloud authentication
+    - It is ideal for CI/CD pipelines and local development environments
    - For more details on supported frameworks and rules, see the [Checkov documentation](https://www.checkov.io/1.Welcome/Quick%20Start.html)

 See more details about IaC scanning in the [IaC Tutorial](tutorials/iac/getting-started-iac.md) section.
@@ -12,34 +12,3 @@


 See section [Logging](./tutorials/logging.md) for further information or [contact us](./contact.md).
-
-## Common Issues with Docker Compose Installation
-
- **Problem adding AWS Provider using "Connect assuming IAM Role" in Docker (see [GitHub Issue #7745](https://github.com/prowler-cloud/prowler/issues/7745))**:
-
-    When running Prowler App via Docker, you may encounter errors such as `Provider not set`, `AWS assume role error - Unable to locate credentials`, or `Provider has no secret` when trying to add an AWS Provider using the "Connect assuming IAM Role" option. This typically happens because the container does not have access to the necessary AWS credentials or profiles.
-
-    **Workaround:**
-
-      - Ensure your AWS credentials and configuration are available to the Docker container. You can do this by mounting your local `.aws` directory into the container. For example, in your `docker-compose.yaml`, add the following volume to the relevant services:
-
-      ```yaml
-      volumes:
-        - "${HOME}/.aws:/home/prowler/.aws:ro"
-      ```
-      This should be added to the `api`, `worker`, and `worker-beat` services.
-
-    - Create or update your `~/.aws/config` and `~/.aws/credentials` files with the appropriate profiles and roles. For example:
-
-      ```ini
-      [profile prowler-profile]
-      role_arn = arn:aws:iam::<account-id>:role/ProwlerScan
-      source_profile = default
-      ```
-      And set the environment variable in your `.env` file:
-
-      ```env
-      AWS_PROFILE=prowler-profile
-      ```
-
-    - If you are scanning multiple AWS accounts, you may need to add multiple profiles to your AWS config. Note that this workaround is mainly for local testing; for production or multi-account setups, follow the [CloudFormation Template guide](https://github.com/prowler-cloud/prowler/issues/7745) and ensure the correct IAM roles and permissions are set up in each account.
@@ -78,7 +78,6 @@ The following list includes all the Azure checks with configurable variables tha
 | `app_ensure_python_version_is_latest`                         | `python_latest_version`                          | String          |
 | `app_ensure_java_version_is_latest`                           | `java_latest_version`                            | String          |
 | `sqlserver_recommended_minimal_tls_version`                   | `recommended_minimal_tls_versions`               | List of Strings |
-| `defender_attack_path_notifications_properly_configured`           | `defender_attack_path_minimal_risk_level`        | String          |


 ## GCP
@@ -27,18 +27,18 @@ prowler github --oauth-app-token oauth_token
 ```

 ### GitHub App Credentials
-Use GitHub App credentials by specifying the App ID and the private key path.
+Use GitHub App credentials by specifying the App ID and the private key.

 ```console
-prowler github --github-app-id app_id --github-app-key-path app_key_path
+prowler github --github-app-id app_id --github-app-key app_key
 ```

 ### Automatic Login Method Detection
 If no login method is explicitly provided, Prowler will automatically attempt to authenticate using environment variables in the following order of precedence:

 1. `GITHUB_PERSONAL_ACCESS_TOKEN`
-2. `GITHUB_OAUTH_APP_TOKEN`
-3. `GITHUB_APP_ID` and `GITHUB_APP_KEY` (where the key is the content of the private key file)
+2. `OAUTH_APP_TOKEN`
+3. `GITHUB_APP_ID` and `GITHUB_APP_KEY`

 ???+ note
  Ensure the corresponding environment variables are set up before running Prowler for automatic detection if you don't plan to specify the login method.
@@ -1,209 +0,0 @@
-# Getting Started with GitHub Authentication
-
-This guide explains how to set up authentication with GitHub for Prowler. The documentation covers credential retrieval processes for each supported authentication method.
-
-## Prerequisites
-
- GitHub account
- Token creation permissions (organization-level access requires admin permissions)
-
-## Authentication Methods
-
-### 1. Personal Access Token (PAT)
-
-Personal Access Tokens provide the simplest GitHub authentication method and support individual user authentication or testing scenarios.
-
-#### How to Create a Personal Access Token
-
-1. **Navigate to GitHub Settings**
-    - Open [GitHub](https://github.com) and sign in
-    - Click the profile picture in the top right corner
-    - Select "Settings" from the dropdown menu
-
-2. **Access Developer Settings**
-    - Scroll down the left sidebar
-    - Click "Developer settings"
-
-3. **Generate New Token**
-    - Click "Personal access tokens"
-    - Select "Tokens (classic)"
-    - Click "Generate new token"
-
-4. **Configure Token Permissions**
-    To enable Prowler functionality, configure the following scopes:
-    - `repo`: Full control of private repositories
-    - `read:org`: Read organization and team membership
-    - `read:user`: Read user profile data
-    - `read:discussion`: Read discussions
-    - `read:enterprise`: Read enterprise data (if applicable)
-
-5. **Copy and Store the Token**
-    - Copy the generated token immediately (GitHub displays tokens only once)
-    - Store tokens securely using environment variables
-
-#### How to Use Personal Access Tokens
-
-Choose one of the following methods:
-
-**Command-line flag:**
-
-```console
-prowler github --personal-access-token your_token_here
-```
-
-**Environment variable:**
-
-```console
-export GITHUB_PERSONAL_ACCESS_TOKEN="your_token_here"
-prowler github
-```
-
-### 2. OAuth App Token
-
-OAuth Apps enable applications to act on behalf of users with explicit consent.
-
-#### How to Create an OAuth App
-
-1. **Navigate to Developer Settings**
-    - Open GitHub Settings → Developer settings
-    - Click "OAuth Apps"
-
-2. **Register New Application**
-    - Click "New OAuth App"
-    - Complete the required fields:
-        - **Application name**: Descriptive application name
-        - **Homepage URL**: Application homepage
-        - **Authorization callback URL**: User redirection URL after authorization
-
-3. **Obtain Authorization Code**
-    - Request authorization code (replace `{app_id}` with the application ID):
-   ```
-   https://github.com/login/oauth/authorize?client_id={app_id}
-   ```
-
-4. **Exchange Code for Token**
-    - Exchange authorization code for access token (replace `{app_id}`, `{secret}`, and `{code}`):
-   ```
-   https://github.com/login/oauth/access_token?code={code}&client_id={app_id}&client_secret={secret}
-   ```
-
-#### How to Use OAuth Tokens
-
-Choose one of the following methods:
-
-**Command-line flag:**
-
-```console
-prowler github --oauth-app-token your_oauth_token
-```
-
-**Environment variable:**
-
-```console
-export GITHUB_OAUTH_APP_TOKEN="your_oauth_token"
-prowler github
-```
-
-### 3. GitHub App Credentials
-
-GitHub Apps provide the recommended integration method for accessing multiple repositories or organizations.
-
-#### How to Create a GitHub App
-
-1. **Navigate to Developer Settings**
-    - Open GitHub Settings → Developer settings
-    - Click "GitHub Apps"
-
-2. **Create New GitHub App**
-    - Click "New GitHub App"
-    - Complete the required fields:
-        - **GitHub App name**: Unique application name
-        - **Homepage URL**: Application homepage
-        - **Webhook URL**: Webhook payload URL (optional)
-        - **Permissions**: Application permission requirements
-
-3. **Configure Permissions**
-    To enable Prowler functionality, configure these permissions:
-    - **Repository permissions**:
-        - Contents (Read)
-        - Metadata (Read)
-        - Pull requests (Read)
-    - **Organization permissions**:
-        - Members (Read)
-        - Administration (Read)
-    - **Account permissions**:
-        - Email addresses (Read)
-
-4. **Generate Private Key**
-    - Scroll to the "Private keys" section after app creation
-    - Click "Generate a private key"
-    - Download the `.pem` file and store securely
-
-5. **Record App ID**
-    - Locate the App ID at the top of the GitHub App settings page
-
-#### How to Install the GitHub App
-
-1. **Install Application**
-    - Navigate to GitHub App settings
-    - Click "Install App" in the left sidebar
-    - Select the target account/organization
-    - Choose specific repositories or select "All repositories"
-
-#### How to Use GitHub App Credentials
-
-Choose one of the following methods:
-
-**Command-line flags:**
-
-```console
-prowler github --github-app-id your_app_id --github-app-key /path/to/private-key.pem
-```
-
-**Environment variables:**
-
-```console
-export GITHUB_APP_ID="your_app_id"
-export GITHUB_APP_KEY="private-key-content"
-prowler github
-```
-
-## Best Practices
-
-### Security Considerations
-
-Implement the following security measures:
-
- **Secure Credential Storage**: Store credentials using environment variables instead of hardcoding tokens
- **Secrets Management**: Use dedicated secrets management systems in production environments
- **Regular Token Rotation**: Rotate tokens and keys regularly
- **Least Privilege Principle**: Grant only minimum required permissions
- **Permission Auditing**: Review and audit permissions regularly
- **Token Expiration**: Set appropriate expiration times for tokens
- **Usage Monitoring**: Monitor token usage and revoke unused tokens
-
-### Authentication Method Selection
-
-Choose the appropriate method based on use case:
-
- **Personal Access Token**: Individual use, testing, or simple automation
- **OAuth App Token**: Applications requiring user consent and delegation
- **GitHub App**: Production integrations, especially for organizations
-
-## Troubleshooting Common Issues
-
-### Insufficient Permissions
- Verify token/app has necessary scopes/permissions
- Check organization restrictions on third-party applications
-
-### Token Expiration
- Confirm token has not expired
- Verify fine-grained tokens have correct resource access
-
-### Rate Limiting
- GitHub implements API call rate limits
- Consider GitHub Apps for higher rate limits
-
-### Organization Settings
- Some organizations restrict third-party applications
- Contact organization administrator if access is denied
@@ -1,6 +1,6 @@
 # Getting Started with the IaC Provider

-Prowler's Infrastructure as Code (IaC) provider enables you to scan local or remote infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks, allowing you to assess your code before deployment.
+Prowler's Infrastructure as Code (IaC) provider enables you to scan local infrastructure code for security and compliance issues using [Checkov](https://www.checkov.io/). This provider supports a wide range of IaC frameworks, allowing you to assess your code before deployment.

 ## Supported Frameworks

@@ -23,50 +23,21 @@ The IaC provider leverages Checkov to support multiple frameworks, including:

 ## How It Works

- The IaC provider scans your local directory (or a specified path) for supported IaC files, or scan a remote repository.
- No cloud credentials or authentication are required for local scans.
- For remote repository scans, authentication can be provided via [git URL](https://git-scm.com/docs/git-clone#_git_urls), CLI flags or environment variables.
+- The IaC provider scans your local directory (or a specified path) for supported IaC files.
+- No cloud credentials or authentication are required.
 - Mutelist logic is handled by Checkov, not Prowler.
 - Results are output in the same formats as other Prowler providers (CSV, JSON, HTML, etc.).

 ## Usage

-To run Prowler with the IaC provider, use the `iac` argument. You can specify the directory or repository to scan, frameworks to include, and paths to exclude.
+To run Prowler with the IaC provider, use the `iac` argument. You can specify the directory to scan, frameworks to include, and paths to exclude.

-### Scan a Local Directory (default)
+### Basic Example

 ```sh
 prowler iac --scan-path ./my-iac-directory
 ```

-### Scan a Remote GitHub Repository
-
-```sh
-prowler iac --scan-repository-url https://github.com/user/repo.git
-```
-
-#### Authentication for Remote Private Repositories
-
-You can provide authentication for private repositories using one of the following methods:
-
- **GitHub Username and Personal Access Token (PAT):**
-  ```sh
-  prowler iac --scan-repository-url https://github.com/user/repo.git \
-    --github-username <username> --personal-access-token <token>
-  ```
- **GitHub OAuth App Token:**
-  ```sh
-  prowler iac --scan-repository-url https://github.com/user/repo.git \
-    --oauth-app-token <oauth_token>
-  ```
- If not provided via CLI, the following environment variables will be used (in order of precedence):
-    - `GITHUB_OAUTH_APP_TOKEN`
-    - `GITHUB_USERNAME` and `GITHUB_PERSONAL_ACCESS_TOKEN`
- If neither CLI flags nor environment variables are set, the scan will attempt to clone without authentication or using the provided in the  [git URL](https://git-scm.com/docs/git-clone#_git_urls).
-
-#### Mutually Exclusive Flags
- `--scan-path` and `--scan-repository-url` are mutually exclusive. Only one can be specified at a time.
-
 ### Specify Frameworks

 Scan only Terraform and Kubernetes files:
@@ -91,8 +62,6 @@ prowler iac --scan-path ./iac --output-formats csv json html

 ## Notes

- The IaC provider does not require cloud authentication for local scans.
- For remote repository scans, authentication is optional but required for private repos.
- CLI flags override environment variables for authentication.
+- The IaC provider does not require cloud authentication.
 - It is ideal for CI/CD pipelines and local development environments.
 - For more details on supported frameworks and rules, see the [Checkov documentation](https://www.checkov.io/1.Welcome/Quick%20Start.html).
@@ -1,12 +1,12 @@
-# Prowler Lighthouse AI
+# Prowler Lighthouse

-Prowler Lighthouse AI is a Cloud Security Analyst chatbot that helps you understand, prioritize, and remediate security findings in your cloud environments. It's designed to provide security expertise for teams without dedicated resources, acting as your 24/7 virtual cloud security analyst.
+Prowler Lighthouse is an AI Cloud Security Analyst chatbot that helps you understand, prioritize, and remediate security findings in your cloud environments. It's designed to provide security expertise for teams without dedicated resources, acting as your 24/7 virtual cloud security analyst.

 <img src="../img/lighthouse-intro.png" alt="Prowler Lighthouse">

 ## How It Works

-Prowler Lighthouse AI uses OpenAI's language models and integrates with your Prowler security findings data.
+Prowler Lighthouse uses OpenAI's language models and integrates with your Prowler security findings data.

 Here's what's happening behind the scenes:

@@ -14,28 +14,28 @@ Here's what's happening behind the scenes:
 - It uses a ["supervisor" architecture](https://langchain-ai.lang.chat/langgraphjs/tutorials/multi_agent/agent_supervisor/) that interacts with different agents for specialized tasks. For example, `findings_agent` can analyze detected security findings, while `overview_agent` provides a summary of connected cloud accounts.
 - The system connects to OpenAI models to understand, fetch the right data, and respond to the user's query.
 ???+ note
-    Lighthouse AI is tested against `gpt-4o` and `gpt-4o-mini` OpenAI models.
+    Lighthouse is tested against `gpt-4o` and `gpt-4o-mini` OpenAI models.
 - The supervisor agent is the main contact point. It is what users interact with directly from the chat interface. It coordinates with other agents to answer users' questions comprehensively.

-<img src="../img/lighthouse-architecture.png" alt="Lighthouse AI Architecture">
+<img src="../img/lighthouse-architecture.png" alt="Lighthouse Architecture">

 ???+ note
    All agents can only read relevant security data. They cannot modify your data or access sensitive information like configured secrets or tenant details.

 ## Set up

-Getting started with Prowler Lighthouse AI is easy:
+Getting started with Prowler Lighthouse is easy:

 1. Go to the configuration page in your Prowler dashboard.
 2. Enter your OpenAI API key.
 3. Select your preferred model. The recommended one for best results is `gpt-4o`.
 4. (Optional) Add business context to improve response quality and prioritization.

-<img src="../img/lighthouse-config.png" alt="Lighthouse AI Configuration">
+<img src="../img/lighthouse-config.png" alt="Lighthouse Configuration">

 ### Adding Business Context

-The optional business context field lets you provide additional information to help Lighthouse AI understand your environment and priorities, including:
+The optional business context field lets you provide additional information to help Lighthouse understand your environment and priorities, including:

 - Your organization's cloud security goals
 - Information about account owners or responsible teams
@@ -46,7 +46,7 @@ Better context leads to more relevant responses and prioritization that aligns w

 ## Capabilities

-Prowler Lighthouse AI is designed to be your AI security team member, with capabilities including:
+Prowler Lighthouse is designed to be your AI security team member, with capabilities including:

 ### Natural Language Querying

@@ -70,7 +70,7 @@ Get tailored step-by-step instructions for fixing security issues:

 ### Enhanced Context and Analysis

-Lighthouse AI can provide additional context to help you understand the findings:
+Lighthouse can provide additional context to help you understand the findings:

 - Explain security concepts related to findings in simple terms
 - Provide risk assessments based on your environment and context
@@ -82,20 +82,20 @@ Lighthouse AI can provide additional context to help you understand the findings

 ## Important Notes

-Prowler Lighthouse AI is powerful, but there are limitations:
+Prowler Lighthouse is powerful, but there are limitations:

 - **Continuous improvement**: Please report any issues, as the feature may make mistakes or encounter errors, despite extensive testing.
- **Access limitations**: Lighthouse AI can only access data the logged-in user can view. If you can't see certain information, Lighthouse AI can't see it either.
- **NextJS session dependence**: If your Prowler application session expires or logs out, Lighthouse AI will error out. Refresh and log back in to continue.
+- **Access limitations**: Lighthouse can only access data the logged-in user can view. If you can't see certain information, Lighthouse can't see it either.
+- **NextJS session dependence**: If your Prowler application session expires or logs out, Lighthouse will error out. Refresh and log back in to continue.
 - **Response quality**: The response quality depends on the selected OpenAI model. For best results, use gpt-4o.

 ### Getting Help

-If you encounter issues with Prowler Lighthouse AI or have suggestions for improvements, please [reach out through our Slack channel](https://goto.prowler.com/slack).
+If you encounter issues with Prowler Lighthouse or have suggestions for improvements, please [reach out through our Slack channel](https://goto.prowler.com/slack).

 ### What Data Is Shared to OpenAI?

-The following API endpoints are accessible to Prowler Lighthouse AI. Data from the following API endpoints could be shared with OpenAI depending on the scope of user's query:
+The following API endpoints are accessible to Prowler Lighthouse. Data from the following API endpoints could be shared with OpenAI depending on the scope of user's query:

 #### Accessible API Endpoints

@@ -139,7 +139,7 @@ The following API endpoints are accessible to Prowler Lighthouse AI. Data from t

 #### Excluded API Endpoints

-Not all Prowler API endpoints are integrated with Lighthouse AI. They are intentionally excluded for the following reasons:
+Not all Prowler API endpoints are integrated with Lighthouse. They are intentionally excluded for the following reasons:

 - OpenAI/other LLM providers shouldn't have access to sensitive data (like fetching provider secrets and other sensitive config)
 - Users queries don't need responses from those API endpoints (ex: tasks, tenant details, downloading zip file, etc.)
@@ -173,7 +173,7 @@ Not all Prowler API endpoints are integrated with Lighthouse AI. They are intent
 - List all tasks - `/api/v1/tasks`
 - Retrieve data from a specific task - `/api/v1/tasks/{id}`

-**Lighthouse AI Configuration:**
+**Lighthouse Configuration:**

 - List OpenAI configuration - `/api/v1/lighthouse-config`
 - Retrieve OpenAI key and configuration - `/api/v1/lighthouse-config/{id}`
@@ -187,7 +187,7 @@ Not all Prowler API endpoints are integrated with Lighthouse AI. They are intent

 During feature development, we evaluated other LLM models.

- **Claude AI** - Claude models have [tier-based ratelimits](https://docs.anthropic.com/en/api/rate-limits#requirements-to-advance-tier). For Lighthouse AI to answer slightly complex questions, there are a handful of API calls to the LLM provider within few seconds. With Claude's tiering system, users must purchase $400 credits or convert their subscription to monthly invoicing after talking to their sales team. This pricing may not suit all Prowler users.
+- **Claude AI** - Claude models have [tier-based ratelimits](https://docs.anthropic.com/en/api/rate-limits#requirements-to-advance-tier). For Lighthouse to answer slightly complex questions, there are a handful of API calls to the LLM provider within few seconds. With Claude's tiering system, users must purchase $400 credits or convert their subscription to monthly invoicing after talking to their sales team. This pricing may not suit all Prowler users.
 - **Gemini Models** - Gemini lacks a solid tool calling feature like OpenAI. It calls functions recursively until exceeding limits. Gemini-2.5-Pro-Experimental is better than previous models regarding tool calling and responding, but it's still experimental.
 - **Deepseek V3** - Doesn't support system prompt messages.

@@ -197,8 +197,8 @@ Context windows are limited. While demo data fits inside the context window, que

 **3. Is my security data shared with OpenAI?**

-Minimal data is shared to generate useful responses. Agents can access security findings and remediation details when needed. Provider secrets are protected by design and cannot be read. The OpenAI key configured with Lighthouse AI is only accessible to our NextJS server and is never sent to LLMs. Resource metadata (names, tags, account/project IDs, etc) may be shared with OpenAI based on your query requirements.
+Minimal data is shared to generate useful responses. Agents can access security findings and remediation details when needed. Provider secrets are protected by design and cannot be read. The Lighthouse key is only accessible to our NextJS server and is never sent to LLMs. Resource metadata (names, tags, account/project IDs, etc) may be shared with OpenAI based on your query requirements.

-**4. Can the Lighthouse AI change my cloud environment?**
+**4. Can the Lighthouse change my cloud environment?**

 No. The agent doesn't have the tools to make the changes, even if the configured cloud provider API keys contain permissions to modify resources.
@@ -107,9 +107,6 @@ nav:
          - Getting Started: tutorials/microsoft365/getting-started-m365.md
          - Authentication: tutorials/microsoft365/authentication.md
          - Use of PowerShell: tutorials/microsoft365/use-of-powershell.md
-      - GitHub:
-          - Authentication: tutorials/github/authentication.md
-          - Getting Started: tutorials/github/getting-started-github.md
      - IaC:
          - Getting Started: tutorials/iac/getting-started-iac.md
  - Developer Guide:
@@ -2,60 +2,26 @@

 All notable changes to the **Prowler SDK** are documented in this file.

-## [v5.9.2] (Prowler v5.9.2)
-
-### Fixed
- Use the correct resource name in `defender_domain_dkim_enabled` check [(#8334)](https://github.com/prowler-cloud/prowler/pull/8334)
-
---
-
-## [v5.9.0] (Prowler v5.9.0)
+## [v5.9.0] (Prowler UNRELEASED)

 ### Added
 - `storage_smb_channel_encryption_with_secure_algorithm` check for Azure provider [(#8123)](https://github.com/prowler-cloud/prowler/pull/8123)
- `storage_smb_protocol_version_is_latest` check for Azure provider [(#8128)](https://github.com/prowler-cloud/prowler/pull/8128)
 - `vm_backup_enabled` check for Azure provider [(#8182)](https://github.com/prowler-cloud/prowler/pull/8182)
 - `vm_linux_enforce_ssh_authentication` check for Azure provider [(#8149)](https://github.com/prowler-cloud/prowler/pull/8149)
 - `vm_ensure_using_approved_images` check for Azure provider [(#8168)](https://github.com/prowler-cloud/prowler/pull/8168)
 - `vm_scaleset_associated_load_balancer` check for Azure provider [(#8181)](https://github.com/prowler-cloud/prowler/pull/8181)
- `defender_attack_path_notifications_properly_configured` check for Azure provider [(#8245)](https://github.com/prowler-cloud/prowler/pull/8245)
- `entra_intune_enrollment_sign_in_frequency_every_time` check for M365 provider [(#8223)](https://github.com/prowler-cloud/prowler/pull/8223)
- Support for remote repository scanning in IaC provider [(#8193)](https://github.com/prowler-cloud/prowler/pull/8193)
- Add `test_connection` method to GitHub provider [(#8248)](https://github.com/prowler-cloud/prowler/pull/8248)

 ### Changed
- Refactor the Azure Defender get security contact configuration method to use the API REST endpoint instead of the SDK [(#8241)](https://github.com/prowler-cloud/prowler/pull/8241)

 ### Fixed
- Title & description wording for `iam_user_accesskey_unused` check for AWS provider [(#8233)](https://github.com/prowler-cloud/prowler/pull/8233)
- Add GitHub provider to lateral panel in documentation and change -h environment variable output [(#8246)](https://github.com/prowler-cloud/prowler/pull/8246)
- Show `m365_identity_type` and `m365_identity_id` in cloud reports [(#8247)](https://github.com/prowler-cloud/prowler/pull/8247)
- Ensure `is_service_role` only returns `True` for service roles [(#8274)](https://github.com/prowler-cloud/prowler/pull/8274)
- Update DynamoDB check metadata to fix broken link [(#8273)](https://github.com/prowler-cloud/prowler/pull/8273)
- Show correct count of findings in Dashboard Security Posture page [(#8270)](https://github.com/prowler-cloud/prowler/pull/8270)
- Add Check's metadata service name validator [(#8289)](https://github.com/prowler-cloud/prowler/pull/8289)
- Use subscription ID in Azure mutelist [(#8290)](https://github.com/prowler-cloud/prowler/pull/8290)
- `ServiceName` field in Network Firewall checks metadata [(#8280)](https://github.com/prowler-cloud/prowler/pull/8280)
- Update `entra_users_mfa_capable` check to use the correct resource name and ID [(#8288)](https://github.com/prowler-cloud/prowler/pull/8288)
- Handle multiple services and severities while listing checks [(#8302)](https://github.com/prowler-cloud/prowler/pull/8302)
- Handle `tenant_id` for M365 Mutelist [(#8306)](https://github.com/prowler-cloud/prowler/pull/8306)
-
---
-
-## [v5.8.2] (Prowler 5.8.2)
-
-### Fixed
- Fix error in Dashboard Overview page when reading CSV files [(#8257)](https://github.com/prowler-cloud/prowler/pull/8257)

 ---

 ## [v5.8.1] (Prowler 5.8.1)

 ### Fixed
- Detect wildcarded ARNs in sts:AssumeRole policy resources [(#8164)](https://github.com/prowler-cloud/prowler/pull/8164)
- List all streams and `firehose_stream_encrypted_at_rest` logic [(#8213)](https://github.com/prowler-cloud/prowler/pull/8213)
- Allow empty values for http_endpoint in templates [(#8184)](https://github.com/prowler-cloud/prowler/pull/8184)
- Convert all Azure Storage models to Pydantic models to avoid serialization issues [(#8222)](https://github.com/prowler-cloud/prowler/pull/8222)
+- fix(iam): detect wildcarded ARNs in sts:AssumeRole policy resources [(#8164)](https://github.com/prowler-cloud/prowler/pull/8164)
+- fix(ec2): allow empty values for http_endpoint in templates [(#8184)](https://github.com/prowler-cloud/prowler/pull/8184)

 ---

@@ -12,7 +12,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "5.9.2"
+prowler_version = "5.9.0"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 square_logo_img = "https://prowler.com/wp-content/uploads/logo-html.png"
 aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
@@ -430,10 +430,6 @@ azure:
  # TODO: create common config
  shodan_api_key: null

-  # Configurable minimal risk level for attack path notifications
-  # azure.defender_attack_path_notifications_properly_configured
-  defender_attack_path_minimal_risk_level: "High"
-
  # Azure App Service
  # azure.app_ensure_php_version_is_latest
  php_latest_version: "8.2"
@@ -635,13 +635,7 @@ def execute(
                is_finding_muted_args["account_name"] = (
                    global_provider.identity.account_name
                )
-            elif global_provider.type == "m365":
-                is_finding_muted_args["tenant_id"] = global_provider.identity.tenant_id
            for finding in check_findings:
-                if global_provider.type == "azure":
-                    is_finding_muted_args["subscription_id"] = (
-                        global_provider.identity.subscriptions.get(finding.subscription)
-                    )
                is_finding_muted_args["finding"] = finding
                finding.muted = global_provider.mutelist.is_finding_muted(
                    **is_finding_muted_args
@@ -66,15 +66,16 @@ def load_checks_to_execute(
                checks_to_execute.update(check_severities[severity])

            if service_list:
-                checks_from_services = set()
                for service in service_list:
-                    service_checks = CheckMetadata.list(
-                        bulk_checks_metadata=bulk_checks_metadata,
-                        service=service,
+                    checks_to_execute = (
+                        set(
+                            CheckMetadata.list(
+                                bulk_checks_metadata=bulk_checks_metadata,
+                                service=service,
+                            )
+                        )
+                        & checks_to_execute
                    )
-                    checks_from_services.update(service_checks)
-                checks_to_execute = checks_from_services & checks_to_execute
-
        # Handle if there are checks passed using -C/--checks-file
        elif checks_file:
            checks_to_execute = parse_checks_from_file(checks_file, provider)
@@ -149,36 +149,6 @@ class CheckMetadata(BaseModel):
            raise ValueError("ResourceType must be a non-empty string")
        return resource_type

-    @validator("ServiceName", pre=True, always=True)
-    def validate_service_name(cls, service_name, values):
-        if not service_name:
-            raise ValueError("ServiceName must be a non-empty string")
-
-        check_id = values.get("CheckID")
-        if check_id:
-            service_from_check_id = check_id.split("_")[0]
-            if service_name != service_from_check_id:
-                raise ValueError(
-                    f"ServiceName {service_name} does not belong to CheckID {check_id}"
-                )
-            if not service_name.islower():
-                raise ValueError(f"ServiceName {service_name} must be in lowercase")
-
-        return service_name
-
-    @validator("CheckID", pre=True, always=True)
-    def valid_check_id(cls, check_id):
-        if not check_id:
-            raise ValueError("CheckID must be a non-empty string")
-
-        if check_id:
-            if "-" in check_id:
-                raise ValueError(
-                    f"CheckID {check_id} contains a hyphen, which is not allowed"
-                )
-
-        return check_id
-
    @staticmethod
    def get_bulk(provider: str) -> dict[str, "CheckMetadata"]:
        """
@@ -283,14 +283,16 @@ class Finding(BaseModel):
                output_data["region"] = check_output.location

            elif provider.type == "iac":
-                output_data["auth_method"] = provider.auth_method
+                output_data["auth_method"] = "local"  # Until we support remote repos
                output_data["account_uid"] = "iac"
                output_data["account_name"] = "iac"
                output_data["resource_name"] = check_output.resource_name
                output_data["resource_uid"] = check_output.resource_name
                output_data["region"] = check_output.resource_path
                output_data["resource_line_range"] = check_output.resource_line_range
-                output_data["framework"] = check_output.check_metadata.ServiceName
+                output_data["framework"] = (
+                    check_output.check_metadata.ServiceName
+                )  # TODO: can we get the framework from the check_output?

            # check_output Unique ID
            # TODO: move this to a function
@@ -710,7 +710,7 @@ class HTML(Output):
                        <ul class="list-group
                        list-group-flush">
                            <li class="list-group-item">
-                                {"<b>IAC repository URL:</b> " + provider.scan_repository_url if provider.scan_repository_url else "<b>IAC path:</b> " + provider.scan_path}
+                                <b>IAC path:</b> {provider.scan_path}
                            </li>
                        </ul>
                    </div>
@@ -723,7 +723,7 @@ class HTML(Output):
                        <ul class="list-group
                        list-group-flush">
                            <li class="list-group-item">
-                                <b>IAC authentication method:</b> {provider.auth_method}
+                                <b>IAC authentication method:</b> local
                            </li>
                        </ul>
                    </div>
@@ -55,12 +55,8 @@ def display_summary_table(
            entity_type = "Tenant Domain"
            audited_entities = provider.identity.tenant_domain
        elif provider.type == "iac":
-            if provider.scan_repository_url:
-                entity_type = "Repository"
-                audited_entities = provider.scan_repository_url
-            else:
-                entity_type = "Directory"
-                audited_entities = provider.scan_path
+            entity_type = "Directory"
+            audited_entities = provider.scan_path

        # Check if there are findings and that they are not all MANUAL
        if findings and not all(finding.status == "MANUAL" for finding in findings):
@@ -4024,7 +4024,6 @@
          "eu-west-2",
          "eu-west-3",
          "il-central-1",
-          "me-central-1",
          "me-south-1",
          "sa-east-1",
          "us-east-1",
@@ -4762,7 +4761,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -4809,7 +4807,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -4856,7 +4853,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -4903,7 +4899,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -4949,7 +4944,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -6151,7 +6145,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -8252,7 +8245,6 @@
          "eu-central-1",
          "eu-north-1",
          "eu-west-1",
-          "eu-west-2",
          "us-east-1",
          "us-east-2",
          "us-west-2"
@@ -9691,7 +9683,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -9918,7 +9909,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -9928,8 +9918,6 @@
          "ap-southeast-2",
          "ap-southeast-3",
          "ap-southeast-4",
-          "ap-southeast-5",
-          "ap-southeast-7",
          "ca-central-1",
          "ca-west-1",
          "eu-central-1",
@@ -9943,7 +9931,6 @@
          "il-central-1",
          "me-central-1",
          "me-south-1",
-          "mx-central-1",
          "sa-east-1",
          "us-east-1",
          "us-east-2",
@@ -12138,15 +12125,6 @@
        ]
      }
    },
-    "workspaces-instances": {
-      "regions": {
-        "aws": [
-          "ap-northeast-2"
-        ],
-        "aws-cn": [],
-        "aws-us-gov": []
-      }
-    },
    "workspaces-web": {
      "regions": {
        "aws": [
@@ -8,7 +8,7 @@
  "CheckType": [
    "IAM"
  ],
-  "ServiceName": "apigatewayv2",
+  "ServiceName": "apigateway",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
@@ -8,7 +8,7 @@
  "CheckType": [
    "Logging and Monitoring"
  ],
-  "ServiceName": "apigatewayv2",
+  "ServiceName": "apigateway",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
@@ -3,7 +3,7 @@
  "CheckID": "documentdb_cluster_backup_enabled",
  "CheckTitle": "Check if DocumentDB Clusters have backup enabled.",
  "CheckType": [],
-  "ServiceName": "documentdb",
+  "ServiceName": "DocumentDB",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:aws:rds:region:account-id:db-cluster",
  "Severity": "medium",
@@ -12,7 +12,7 @@
  "ResourceType": "AwsDynamoDbTable",
  "Description": "Check if DynamoDB table has encryption at rest enabled using CMK KMS.",
  "Risk": "All user data stored in Amazon DynamoDB is fully encrypted at rest. This functionality helps reduce the operational burden and complexity involved in protecting sensitive data.",
-  "RelatedUrl": "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html",
+  "RelatedUrl": "https://docs.aws.amazon.com/amazondynamodbdb/latest/developerguide/EncryptionAtRest.html",
  "Remediation": {
    "Code": {
      "CLI": "",
@@ -22,7 +22,7 @@
    },
    "Recommendation": {
      "Text": "Specify an encryption key when you create a new table or switch the encryption keys on an existing table by using the AWS Management Console.",
-      "Url": "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html"
+      "Url": "https://docs.aws.amazon.com/amazondynamodbdb/latest/developerguide/EncryptionAtRest.html"
    }
  },
  "Categories": [
@@ -25,47 +25,18 @@ class Firehose(AWSService):
    def _list_delivery_streams(self, regional_client):
        logger.info("Firehose - Listing delivery streams...")
        try:
-            # Manual pagination using ExclusiveStartDeliveryStreamName
-            # This ensures we get all streams alphabetically without duplicates
-            exclusive_start_delivery_stream_name = None
-            processed_streams = set()
-
-            while True:
-                kwargs = {}
-                if exclusive_start_delivery_stream_name:
-                    kwargs["ExclusiveStartDeliveryStreamName"] = (
-                        exclusive_start_delivery_stream_name
+            for stream_name in regional_client.list_delivery_streams()[
+                "DeliveryStreamNames"
+            ]:
+                stream_arn = f"arn:{self.audited_partition}:firehose:{regional_client.region}:{self.audited_account}:deliverystream/{stream_name}"
+                if not self.audit_resources or (
+                    is_resource_filtered(stream_arn, self.audit_resources)
+                ):
+                    self.delivery_streams[stream_arn] = DeliveryStream(
+                        arn=stream_arn,
+                        name=stream_name,
+                        region=regional_client.region,
                    )
-
-                response = regional_client.list_delivery_streams(**kwargs)
-                stream_names = response.get("DeliveryStreamNames", [])
-
-                for stream_name in stream_names:
-                    if stream_name in processed_streams:
-                        continue
-
-                    processed_streams.add(stream_name)
-                    stream_arn = f"arn:{self.audited_partition}:firehose:{regional_client.region}:{self.audited_account}:deliverystream/{stream_name}"
-
-                    if not self.audit_resources or (
-                        is_resource_filtered(stream_arn, self.audit_resources)
-                    ):
-                        self.delivery_streams[stream_arn] = DeliveryStream(
-                            arn=stream_arn,
-                            name=stream_name,
-                            region=regional_client.region,
-                        )
-
-                if not response.get("HasMoreDeliveryStreams", False):
-                    break
-
-                # Set the starting point for the next page (last stream name from current batch)
-                # ExclusiveStartDeliveryStreamName will start after this stream alphabetically
-                if stream_names:
-                    exclusive_start_delivery_stream_name = stream_names[-1]
-                else:
-                    break
-
        except ClientError as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -90,45 +61,13 @@ class Firehose(AWSService):
            describe_stream = self.regional_clients[
                stream.region
            ].describe_delivery_stream(DeliveryStreamName=stream.name)
-
            encryption_config = describe_stream.get(
                "DeliveryStreamDescription", {}
            ).get("DeliveryStreamEncryptionConfiguration", {})
-
            stream.kms_encryption = EncryptionStatus(
                encryption_config.get("Status", "DISABLED")
            )
            stream.kms_key_arn = encryption_config.get("KeyARN", "")
-
-            stream.delivery_stream_type = describe_stream.get(
-                "DeliveryStreamDescription", {}
-            ).get("DeliveryStreamType", "")
-
-            source_config = describe_stream.get("DeliveryStreamDescription", {}).get(
-                "Source", {}
-            )
-            stream.source = Source(
-                direct_put=DirectPutSourceDescription(
-                    troughput_hint_in_mb_per_sec=source_config.get(
-                        "DirectPutSourceDescription", {}
-                    ).get("TroughputHintInMBPerSec", 0)
-                ),
-                kinesis_stream=KinesisStreamSourceDescription(
-                    kinesis_stream_arn=source_config.get(
-                        "KinesisStreamSourceDescription", {}
-                    ).get("KinesisStreamARN", "")
-                ),
-                msk=MSKSourceDescription(
-                    msk_cluster_arn=source_config.get("MSKSourceDescription", {}).get(
-                        "MSKClusterARN", ""
-                    )
-                ),
-                database=DatabaseSourceDescription(
-                    endpoint=source_config.get("DatabaseSourceDescription", {}).get(
-                        "Endpoint", ""
-                    )
-                ),
-            )
        except ClientError as error:
            logger.error(
                f"{stream.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -146,39 +85,6 @@ class EncryptionStatus(Enum):
    DISABLING_FAILED = "DISABLING_FAILED"


-class DirectPutSourceDescription(BaseModel):
-    """Model for the DirectPut source of a Firehose stream"""
-
-    troughput_hint_in_mb_per_sec: int = Field(default_factory=int)
-
-
-class KinesisStreamSourceDescription(BaseModel):
-    """Model for the KinesisStream source of a Firehose stream"""
-
-    kinesis_stream_arn: str = Field(default_factory=str)
-
-
-class MSKSourceDescription(BaseModel):
-    """Model for the MSK source of a Firehose stream"""
-
-    msk_cluster_arn: str = Field(default_factory=str)
-
-
-class DatabaseSourceDescription(BaseModel):
-    """Model for the Database source of a Firehose stream"""
-
-    endpoint: str = Field(default_factory=str)
-
-
-class Source(BaseModel):
-    """Model for the source of a Firehose stream"""
-
-    direct_put: Optional[DirectPutSourceDescription]
-    kinesis_stream: Optional[KinesisStreamSourceDescription]
-    msk: Optional[MSKSourceDescription]
-    database: Optional[DatabaseSourceDescription]
-
-
 class DeliveryStream(BaseModel):
    """Model for a Firehose Delivery Stream"""

@@ -188,5 +94,3 @@ class DeliveryStream(BaseModel):
    kms_key_arn: Optional[str] = Field(default_factory=str)
    kms_encryption: Optional[str] = Field(default_factory=str)
    tags: Optional[List[Dict[str, str]]] = Field(default_factory=list)
-    delivery_stream_type: Optional[str] = Field(default_factory=str)
-    source: Source = Field(default_factory=Source)
@@ -3,8 +3,6 @@ from typing import List
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.firehose.firehose_client import firehose_client
 from prowler.providers.aws.services.firehose.firehose_service import EncryptionStatus
-from prowler.providers.aws.services.kinesis.kinesis_client import kinesis_client
-from prowler.providers.aws.services.kinesis.kinesis_service import EncryptionType


 class firehose_stream_encrypted_at_rest(Check):
@@ -24,22 +22,14 @@ class firehose_stream_encrypted_at_rest(Check):
        findings = []
        for stream in firehose_client.delivery_streams.values():
            report = Check_Report_AWS(metadata=self.metadata(), resource=stream)
-            report.status = "FAIL"
-            report.status_extended = f"Firehose Stream {stream.name} does not have at rest encryption enabled or the source stream is not encrypted."
+            report.status = "PASS"
+            report.status_extended = (
+                f"Firehose Stream {stream.name} does have at rest encryption enabled."
+            )

-            # Encrypted Kinesis Stream source
-            if stream.delivery_stream_type == "KinesisStreamAsSource":
-                source_stream = kinesis_client.streams.get(
-                    stream.source.kinesis_stream.kinesis_stream_arn
-                )
-                if source_stream.encrypted_at_rest != EncryptionType.NONE:
-                    report.status = "PASS"
-                    report.status_extended = f"Firehose Stream {stream.name} does not have at rest encryption enabled but the source stream {source_stream.name} has at rest encryption enabled."
-
-            # Check if the stream has encryption enabled directly
-            elif stream.kms_encryption == EncryptionStatus.ENABLED:
-                report.status = "PASS"
-                report.status_extended = f"Firehose Stream {stream.name} does have at rest encryption enabled."
+            if stream.kms_encryption != EncryptionStatus.ENABLED:
+                report.status = "FAIL"
+                report.status_extended = f"Firehose Stream {stream.name} does not have at rest encryption enabled."

            findings.append(report)

@@ -13,28 +13,38 @@ from prowler.providers.aws.lib.service.service import AWSService

 def is_service_role(role):
    try:
-        statements = role.get("AssumeRolePolicyDocument", {}).get("Statement", [])
-        if not isinstance(statements, list):
-            statements = [statements]
-
-        for statement in statements:
-            if statement.get("Effect") != "Allow" or not any(
-                action in statement.get("Action", [])
-                for action in ("sts:AssumeRole", "sts:*", "*")
-            ):
-                return False
-
-            principal = statement.get("Principal", {})
-            if set(principal.keys()) != {"Service"}:
-                return False
-
-        return True
-
+        if "Statement" in role["AssumeRolePolicyDocument"]:
+            if isinstance(role["AssumeRolePolicyDocument"]["Statement"], list):
+                for statement in role["AssumeRolePolicyDocument"]["Statement"]:
+                    if (
+                        statement["Effect"] == "Allow"
+                        and (
+                            "sts:AssumeRole" in statement["Action"]
+                            or "sts:*" in statement["Action"]
+                            or "*" in statement["Action"]
+                        )
+                        # This is what defines a service role
+                        and "Service" in statement["Principal"]
+                    ):
+                        return True
+            else:
+                statement = role["AssumeRolePolicyDocument"]["Statement"]
+                if (
+                    statement["Effect"] == "Allow"
+                    and (
+                        "sts:AssumeRole" in statement["Action"]
+                        or "sts:*" in statement["Action"]
+                        or "*" in statement["Action"]
+                    )
+                    # This is what defines a service role
+                    and "Service" in statement["Principal"]
+                ):
+                    return True
    except Exception as error:
        logger.error(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
        )
-        return False
+    return False


 class IAM(AWSService):
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "iam_user_accesskey_unused",
-  "CheckTitle": "Ensure unused User Access Keys are disabled",
+  "CheckTitle": "Ensure User Access Keys unused are disabled",
  "CheckType": [
    "Software and Configuration Checks"
  ],
@@ -10,7 +10,7 @@
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
  "ResourceType": "AwsIamUser",
-  "Description": "Ensure unused User Access Keys are disabled",
+  "Description": "Ensure User Access Keys unused are disabled",
  "Risk": "To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.",
  "RelatedUrl": "",
  "Remediation": {
@@ -3,7 +3,7 @@
  "CheckID": "networkfirewall_deletion_protection",
  "CheckTitle": "Ensure that Deletion Protection safety feature is enabled for your Amazon VPC network firewalls.",
  "CheckType": [],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -3,7 +3,7 @@
  "CheckID": "networkfirewall_in_all_vpc",
  "CheckTitle": "Ensure all VPCs have Network Firewall enabled",
  "CheckType": [],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -5,7 +5,7 @@
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53"
  ],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -5,7 +5,7 @@
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls"
  ],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -5,7 +5,7 @@
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls"
  ],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -5,7 +5,7 @@
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls"
  ],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall/firewall-name",
  "Severity": "medium",
@@ -5,7 +5,7 @@
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53"
  ],
-  "ServiceName": "networkfirewall",
+  "ServiceName": "network-firewall",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:network-firewall::account-id:firewall-policy/policy-name",
  "Severity": "medium",
@@ -3,7 +3,7 @@
  "CheckID": "ssmincidents_enabled_with_plans",
  "CheckTitle": "Ensure SSM Incidents is enabled with response plans.",
  "CheckType": [],
-  "ServiceName": "ssmincidents",
+  "ServiceName": "ssm",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:aws:ssm:region:account-id:document/document-name",
  "Severity": "low",
@@ -3,7 +3,7 @@
  "CheckID": "trustedadvisor_premium_support_plan_subscribed",
  "CheckTitle": "Check if a Premium support plan is subscribed",
  "CheckType": [],
-  "ServiceName": "trustedadvisor",
+  "ServiceName": "support",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:aws:iam::AWS_ACCOUNT_NUMBER:root",
  "Severity": "low",
@@ -7,16 +7,9 @@ class AzureMutelist(Mutelist):
    def is_finding_muted(
        self,
        finding: Check_Report_Azure,
-        subscription_id: str,
    ) -> bool:
        return self.is_muted(
-            subscription_id,  # support Azure Subscription ID in mutelist
-            finding.check_metadata.CheckID,
-            finding.location,
-            finding.resource_name,
-            unroll_dict(unroll_tags(finding.resource_tags)),
-        ) or self.is_muted(
-            finding.subscription,  # support Azure Subscription Name in mutelist
+            finding.subscription,
            finding.check_metadata.CheckID,
            finding.location,
            finding.resource_name,
@@ -1,3 +1,5 @@
+import re
+
 from prowler.lib.check.models import Check, Check_Report_Azure
 from prowler.providers.azure.services.defender.defender_client import defender_client

@@ -8,17 +10,21 @@ class defender_additional_email_configured_with_a_security_contact(Check):

        for (
            subscription_name,
-            security_contact_configurations,
-        ) in defender_client.security_contact_configurations.items():
-            for contact_configuration in security_contact_configurations.values():
-                report = Check_Report_Azure(
-                    metadata=self.metadata(), resource=contact_configuration
-                )
+            security_contacts,
+        ) in defender_client.security_contacts.items():
+            for contact in security_contacts.values():
+                report = Check_Report_Azure(metadata=self.metadata(), resource=contact)
+                report.status = "PASS"
                report.subscription = subscription_name
+                report.status_extended = f"There is another correct email configured for subscription {subscription_name}."

-                if len(contact_configuration.emails) > 0:
-                    report.status = "PASS"
-                    report.status_extended = f"There is another correct email configured for subscription {subscription_name}."
+                emails = contact.emails.split(";")
+
+                for email in emails:
+                    if re.fullmatch(
+                        r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b", email
+                    ):
+                        break
                else:
                    report.status = "FAIL"
                    report.status_extended = f"There is not another correct email configured for subscription {subscription_name}."
@@ -1,30 +0,0 @@
-{
-  "Provider": "azure",
-  "CheckID": "defender_attack_path_notifications_properly_configured",
-  "CheckTitle": "Ensure that email notifications for attack paths are enabled with minimal risk level",
-  "CheckType": [],
-  "ServiceName": "defender",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "",
-  "Severity": "medium",
-  "ResourceType": "AzureEmailNotifications",
-  "Description": "Ensure that Microsoft Defender for Cloud is configured to send email notifications for attack paths identified in the Azure subscription with an appropriate minimal risk level.",
-  "Risk": "If attack path notifications are not enabled, security teams may not be promptly informed about exploitable attack sequences, increasing the risk of delayed mitigation and potential breaches.",
-  "RelatedUrl": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications",
-      "Terraform": ""
-    },
-    "Recommendation": {
-      "Text": "Enable attack path email notifications in Microsoft Defender for Cloud to ensure that security teams are notified when potential attack paths are identified. Configure the minimal risk level as appropriate for your organization.",
-      "Url": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
@@ -1,51 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_Azure
-from prowler.providers.azure.services.defender.defender_client import defender_client
-
-
-class defender_attack_path_notifications_properly_configured(Check):
-    """
-    Ensure that email notifications for attack paths are enabled.
-
-    This check evaluates whether Microsoft Defender for Cloud is configured to send email notifications for attack paths in each Azure subscription.
-    - PASS: Notifications are enabled for attack paths with a risk level set (not None) and equal or higher than the configured minimum.
-    - FAIL: Notifications are not enabled for attack paths in the subscription or the risk level is too low.
-    """
-
-    def execute(self) -> list[Check_Report_Azure]:
-        findings = []
-
-        # Get the minimal risk level from config, default to 'High'
-        risk_levels = ["Low", "Medium", "High", "Critical"]
-        min_risk_level = defender_client.audit_config.get(
-            "defender_attack_path_minimal_risk_level", "High"
-        )
-        if min_risk_level not in risk_levels:
-            min_risk_level = "High"
-        min_risk_index = risk_levels.index(min_risk_level)
-
-        for (
-            subscription_name,
-            security_contact_configurations,
-        ) in defender_client.security_contact_configurations.items():
-            for contact_configuration in security_contact_configurations.values():
-                report = Check_Report_Azure(
-                    metadata=self.metadata(), resource=contact_configuration
-                )
-                report.subscription = subscription_name
-                actual_risk_level = getattr(
-                    contact_configuration, "attack_path_minimal_risk_level", None
-                )
-                if not actual_risk_level or actual_risk_level not in risk_levels:
-                    report.status = "FAIL"
-                    report.status_extended = f"Attack path notifications are not enabled in subscription {subscription_name} for security contact {contact_configuration.name}."
-                else:
-                    actual_risk_index = risk_levels.index(actual_risk_level)
-                    if actual_risk_index <= min_risk_index:
-                        report.status = "PASS"
-                        report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} for security contact {contact_configuration.name}."
-                    else:
-                        report.status = "FAIL"
-                        report.status_extended = f"Attack path notifications are enabled with minimal risk level {actual_risk_level} in subscription {subscription_name} for security contact {contact_configuration.name}."
-                findings.append(report)
-
-        return findings
@@ -8,22 +8,20 @@ class defender_ensure_notify_alerts_severity_is_high(Check):

        for (
            subscription_name,
-            security_contact_configurations,
-        ) in defender_client.security_contact_configurations.items():
-            for contact_configuration in security_contact_configurations.values():
-                report = Check_Report_Azure(
-                    metadata=self.metadata(), resource=contact_configuration
-                )
+            security_contacts,
+        ) in defender_client.security_contacts.items():
+            for contact in security_contacts.values():
+                report = Check_Report_Azure(metadata=self.metadata(), resource=contact)
                report.subscription = subscription_name
                report.status = "FAIL"
                report.status_extended = f"Notifications are not enabled for alerts with a minimum severity of high or lower in subscription {subscription_name}."

                if (
-                    contact_configuration.alert_minimal_severity
-                    and contact_configuration.alert_minimal_severity != "Critical"
+                    contact.alert_notifications_minimal_severity != "Critical"
+                    and contact.alert_notifications_minimal_severity != ""
                ):
                    report.status = "PASS"
-                    report.status_extended = f"Notifications are enabled for alerts with a minimum severity of high or lower ({contact_configuration.alert_minimal_severity}) in subscription {subscription_name}."
+                    report.status_extended = f"Notifications are enabled for alerts with a minimum severity of high or lower ({contact.alert_notifications_minimal_severity}) in subscription {subscription_name}."

                findings.append(report)

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
sumit_chaturvedi	98047e690d	Merge branch 'master' into PRWLR-7512-create-custom-link-component	2025-07-08 15:16:46 +05:30
sumit_chaturvedi	fa11e98a55	chore(ui): addressed PR comments	2025-07-08 14:33:56 +05:30
sumit_chaturvedi	ff691f1d37	Merge branch 'master' into PRWLR-7512-create-custom-link-component # Conflicts: # ui/CHANGELOG.md	2025-07-08 08:22:04 +05:30
sumit_chaturvedi	819c9306ee	docs: changelog update	2025-07-07 10:56:30 +05:30
sumit_chaturvedi	bfc72170c5	feat(ui): create CustomLink component decoupled from CustomButton	2025-07-07 10:19:50 +05:30