fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4

docs(unused-services): update docs with sg-check
fix(aws): change check metadata ec2_securitygroup_allow_wide_open_public_ipv4
2026-03-29 19:39:43 +00:00 · 2024-09-06 12:38:57 +02:00 · 2024-09-06 10:15:44 +02:00 · 2024-09-06 10:07:20 +02:00
809 changed files with 7581 additions and 40084 deletions
--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/build-lint-push-containers.yml
@@ -153,7 +153,7 @@ jobs:
        run: |
          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'

@@ -162,6 +162,6 @@ jobs:
        run: |
          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.82.7
+        uses: trufflesecurity/trufflehog@v3.81.10
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/11
+++ b/11
@@ -2,9 +2,9 @@ FROM python:3.12-alpine

 LABEL maintainer="https://github.com/prowler-cloud/prowler"

-# Update system dependencies and install essential tools
+# Update system dependencies
 #hadolint ignore=DL3018
-RUN apk --no-cache upgrade && apk --no-cache add curl git
+RUN apk --no-cache upgrade && apk --no-cache add curl

 # Create nonroot user
 RUN mkdir -p /home/prowler && \
@@ -13,17 +13,18 @@ RUN mkdir -p /home/prowler && \
    chown -R prowler:prowler /home/prowler
 USER prowler

-# Copy necessary files
+# Copy necessary files
 WORKDIR /home/prowler
 COPY prowler/  /home/prowler/prowler/
 COPY dashboard/ /home/prowler/dashboard/
 COPY pyproject.toml /home/prowler
 COPY README.md /home/prowler

-# Install Python dependencies
+# Install dependencies
 ENV HOME='/home/prowler'
 ENV PATH="$HOME/.local/bin:$PATH"
-RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
+#hadolint ignore=DL3013
+RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir .

 # Remove deprecated dash dependencies
--- a/README.md
+++ b/README.md
@@ -63,9 +63,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 457 | 67 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
-| GCP | 77 | 13 -> `prowler gcp --list-services` | 2 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 136 | 17 -> `prowler azure --list-services` | 3 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| AWS | 409 | 67 -> `prowler aws --list-services` | 28 -> `prowler aws --list-compliance` | 7 -> `prowler aws --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 135 | 16 -> `prowler azure --list-services` | 2 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
 | Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |

 # 💻 Installation
--- a/contrib/aws/multi-account-securityhub/README.md
+++ b/contrib/aws/multi-account-securityhub/README.md
@@ -12,11 +12,7 @@ Originally based on [org-multi-account](https://github.com/prowler-cloud/prowler

 ## Architecture Explanation

-The solution is designed to be very simple. Prowler is run via an ECS Task definition that launches a single Fargate container. This Task Definition is executed on a schedule using an EventBridge Rule.
-
-## Prerequisites
-
-This solution assumes that you have a VPC architecture with two redundant subnets that can reach the AWS API endpoints (e.g. PrivateLink, NAT Gateway, etc.).
+ The solution is designed to be very simple. Prowler is run via an ECS Task definition that launches a single Fargate container. This Task Definition is executed on a schedule using an EventBridge Rule.

 ## CloudFormation Templates

@@ -63,9 +59,9 @@ The logs that are generated and sent to Cloudwatch are error logs, and assessmen

 ## Instructions
 1. Create a Private ECR Repository in the account that will host the Prowler container. The Audit account is recommended, but any account can be used.
- 2. Configure the .awsvariables file. Note the ROLE name chosen as it will be the CrossAccountRole.
- 3. Follow the steps from "View Push Commands" to build and upload the container image. Substitute step 2 with the build command provided in the Dockerfile. You need to have Docker and AWS CLI installed, and use the cli to login to the account first.  After upload note the Image URI, as it is required for the CF-Prowler-ECS template. Ensure that you pay attention to the architecture while performing the docker build command. A common mistake is not specifying the architecture and then building on Apple silicon. Your task will fail with  *exec /home/prowler/.local/bin/prowler: exec format error*. 
- 4. Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration)
+ 2.  Configure the .awsvariables file. Note the ROLE name chosen as it will be the CrossAccountRole.
+ 3. Follow the steps from "View Push Commands" to build and upload the container image. You need to have Docker and AWS CLI installed, and use the cli to login to the account first.  After upload note the Image URI, as it is required for the CF-Prowler-ECS template.
+ 4.  Make sure SecurityHub is enabled in every account in AWS Organizations, and that the SecurityHub integration is enabled as explained in [Prowler - Security Hub Integration](https://github.com/prowler-cloud/prowler#security-hub-integration)
 5. Deploy **CF-Prowler-CrossAccountRole.yml** in the Master Account as a single stack. You will have to choose the CrossAccountRole name (ProwlerXA-Role by default) and the ProwlerTaskRoleName (ProwlerECSTask-Role by default)
 6. Deploy **CF-Prowler-CrossAccountRole.yml** in every Member Account as a StackSet. Choose the same CrossAccountName and ProwlerTaskRoleName as the previous step.
 7. Deploy **CF-Prowler-IAM.yml** in the account that will host the Prowler container (the same from step 1).  The following template parameters must be provided:
@@ -95,4 +91,4 @@ If you permission find errors in the CloudWatch logs, the culprit might be a [Se
 ## Upgrading Prowler

 Prowler version is controlled by the PROWLERVER argument in the Dockerfile, change it to the desired version and follow the ECR Push Commands to update the container image.
-Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.
+Old images can be deleted from the ECR Repository after the new image is confirmed to work. They will show as "untagged" as only one image can hold the "latest" tag.
--- a/contrib/aws/multi-account-securityhub/run-prowler-securityhub.sh
+++ b/contrib/aws/multi-account-securityhub/run-prowler-securityhub.sh
@@ -68,7 +68,7 @@ for accountId in ${ACCOUNTS_IN_ORGS}; do
        # Run Prowler
        echo -e "Assessing AWS Account: ${accountId}, using Role: ${ROLE} on $(date)"
        # Pipe stdout to /dev/null to reduce unnecessary Cloudwatch logs
-        prowler aws -R arn:"${PARTITION}":iam::"${accountId}":role/"${ROLE}" --security-hub --send-sh-only-fails -f "${REGION}" > /dev/null
+        prowler aws -R arn:"${PARTITION}":iam::"${accountId}":role/"${ROLE}" -q -S -f "${REGION}" > /dev/null
        TOTAL_SEC=$((SECONDS - START_TIME))
        printf "Completed AWS Account: ${accountId} in %02dh:%02dm:%02ds" $((TOTAL_SEC / 3600)) $((TOTAL_SEC % 3600 / 60)) $((TOTAL_SEC % 60))
        echo ""
--- a/contrib/aws/multi-account-securityhub/templates/CF-Prowler-CrossAccountRole.yml
+++ b/contrib/aws/multi-account-securityhub/templates/CF-Prowler-CrossAccountRole.yml
@@ -60,42 +60,24 @@ Resources:
                Effect: Allow
                Resource: "*"
                Action:
-                  - account:Get*
-                  - appstream:Describe*
-                  - appstream:List*
-                  - backup:List*
-                  - cloudtrail:GetInsightSelectors
-                  - codeartifact:List*
-                  - codebuild:BatchGet*
-                  - cognito-idp:GetUserPoolMfaConfig
-                  - dlm:Get*
-                  - drs:Describe*
-                  - ds:Describe*
-                  - ds:Get*
-                  - ds:List*
-                  - dynamodb:GetResourcePolicy
+                  - ds:ListAuthorizedApplications
                  - ec2:GetEbsEncryptionByDefault
-                  - ec2:GetSnapshotBlockPublicAccessState
-                  - ec2:GetInstanceMetadataDefaults
                  - ecr:Describe*
-                  - ecr:GetRegistryScanningConfiguration
                  - elasticfilesystem:DescribeBackupPolicy
                  - glue:GetConnections
-                  - glue:GetSecurityConfiguration*
+                  - glue:GetSecurityConfiguration
                  - glue:SearchTables
-                  - lambda:GetFunction*
-                  - logs:FilterLogEvents
-                  - lightsail:GetRelationalDatabases
-                  - macie2:GetMacieSession
+                  - lambda:GetFunction
                  - s3:GetAccountPublicAccessBlock
                  - shield:DescribeProtection
                  - shield:GetSubscriptionState
                  - ssm:GetDocument
-                  - ssm-incidents:List*
                  - support:Describe*
                  - tag:GetTagKeys
-                  - wellarchitected:List*
-
+        - PolicyName: Prowler-Security-Hub
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
              - Sid: AllowProwlerSecurityHub
                Effect: Allow
                Resource: "*"
--- a/contrib/aws/multi-account-securityhub/templates/CF-Prowler-ECS.yml
+++ b/contrib/aws/multi-account-securityhub/templates/CF-Prowler-ECS.yml
@@ -62,7 +62,7 @@ Resources:
              awslogs-stream-prefix: ecs
      Cpu: 1024
      ExecutionRoleArn: !Ref ECSExecutionRole
-      Memory: 8192
+      Memory: 2048
      NetworkMode: awsvpc
      TaskRoleArn: !Ref ProwlerTaskRole
      Family: SecurityHubProwlerTask
--- a/contrib/aws/multi-account-securityhub/templates/CF-Prowler-IAM.yml
+++ b/contrib/aws/multi-account-securityhub/templates/CF-Prowler-IAM.yml
@@ -97,15 +97,9 @@ Outputs:
  ECSExecutionRoleARN:
    Description: ARN of the ECS Task Execution Role
    Value: !GetAtt ECSExecutionRole.Arn
-    Export:
-      Name: ECSExecutionRoleArn
  ProwlerTaskRoleARN:
    Description: ARN of the ECS Prowler Task Role
    Value: !GetAtt ProwlerTaskRole.Arn
-    Export:
-      Name: ProwlerTaskRoleArn
  ECSEventRoleARN:
    Description: ARN of the Eventbridge Task Role
    Value: !GetAtt ECSEventRole.Arn
-    Export:
-      Name: ECSEventRoleARN
--- a/dashboard/common_methods.py
+++ b/dashboard/common_methods.py
@@ -2223,232 +2223,3 @@ def get_section_containers_ens(data, section_1, section_2, section_3, section_4)
        section_containers.append(section_container)

    return html.Div(section_containers, className="compliance-data-layout")
-
-
-# This function extracts and compares up to two numeric values, ensuring correct sorting for version-like strings.
-def extract_numeric_values(value):
-    numbers = re.findall(r"\d+", str(value))
-    if len(numbers) >= 2:
-        return int(numbers[0]), int(numbers[1])
-    elif len(numbers) == 1:
-        return int(numbers[0]), 0
-    return 0, 0
-
-
-def get_section_containers_kisa_ismsp(data, section_1, section_2):
-    data["STATUS"] = data["STATUS"].apply(map_status_to_icon)
-    data[section_1] = data[section_1].astype(str)
-    data[section_2] = data[section_2].astype(str)
-    data.sort_values(
-        by=section_1,
-        key=lambda x: x.map(extract_numeric_values),
-        ascending=True,
-        inplace=True,
-    )
-
-    findings_counts_section = (
-        data.groupby([section_2, "STATUS"]).size().unstack(fill_value=0)
-    )
-    findings_counts_name = (
-        data.groupby([section_1, "STATUS"]).size().unstack(fill_value=0)
-    )
-
-    section_containers = []
-
-    for name in data[section_1].unique():
-        success_name = (
-            findings_counts_name.loc[name, pass_emoji]
-            if pass_emoji in findings_counts_name.columns
-            else 0
-        )
-        failed_name = (
-            findings_counts_name.loc[name, fail_emoji]
-            if fail_emoji in findings_counts_name.columns
-            else 0
-        )
-
-        fig_name = go.Figure(
-            data=[
-                go.Bar(
-                    name="Failed",
-                    x=[failed_name],
-                    y=[""],
-                    orientation="h",
-                    marker=dict(color="#e77676"),
-                    width=[0.8],
-                ),
-                go.Bar(
-                    name="Success",
-                    x=[success_name],
-                    y=[""],
-                    orientation="h",
-                    marker=dict(color="#45cc6e"),
-                    width=[0.8],
-                ),
-            ]
-        )
-
-        fig_name.update_layout(
-            barmode="stack",
-            margin=dict(l=10, r=10, t=10, b=10),
-            paper_bgcolor="rgba(0,0,0,0)",
-            plot_bgcolor="rgba(0,0,0,0)",
-            showlegend=False,
-            width=350,
-            height=30,
-            xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
-            yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
-            annotations=[
-                dict(
-                    x=success_name + failed_name,
-                    y=0,
-                    xref="x",
-                    yref="y",
-                    text=str(success_name),
-                    showarrow=False,
-                    font=dict(color="#45cc6e", size=14),
-                    xanchor="left",
-                    yanchor="middle",
-                ),
-                dict(
-                    x=0,
-                    y=0,
-                    xref="x",
-                    yref="y",
-                    text=str(failed_name),
-                    showarrow=False,
-                    font=dict(color="#e77676", size=14),
-                    xanchor="right",
-                    yanchor="middle",
-                ),
-            ],
-        )
-
-        graph_name = dcc.Graph(
-            figure=fig_name, config={"staticPlot": True}, className="info-bar"
-        )
-
-        graph_div = html.Div(graph_name, className="graph-section")
-
-        direct_internal_items = []
-
-        for section in data[data[section_1] == name][section_2].unique():
-            specific_data = data[
-                (data[section_1] == name) & (data[section_2] == section)
-            ]
-            success_section = (
-                findings_counts_section.loc[section, pass_emoji]
-                if pass_emoji in findings_counts_section.columns
-                else 0
-            )
-            failed_section = (
-                findings_counts_section.loc[section, fail_emoji]
-                if fail_emoji in findings_counts_section.columns
-                else 0
-            )
-
-            data_table = dash_table.DataTable(
-                data=specific_data.to_dict("records"),
-                columns=[
-                    {"name": i, "id": i}
-                    for i in ["CHECKID", "STATUS", "REGION", "ACCOUNTID", "RESOURCEID"]
-                ],
-                style_table={"overflowX": "auto"},
-                style_as_list_view=True,
-                style_cell={"textAlign": "left", "padding": "5px"},
-            )
-
-            fig_section = go.Figure(
-                data=[
-                    go.Bar(
-                        name="Failed",
-                        x=[failed_section],
-                        y=[""],
-                        orientation="h",
-                        marker=dict(color="#e77676"),
-                    ),
-                    go.Bar(
-                        name="Success",
-                        x=[success_section],
-                        y=[""],
-                        orientation="h",
-                        marker=dict(color="#45cc6e"),
-                    ),
-                ]
-            )
-
-            fig_section.update_layout(
-                barmode="stack",
-                margin=dict(l=10, r=10, t=10, b=10),
-                paper_bgcolor="rgba(0,0,0,0)",
-                plot_bgcolor="rgba(0,0,0,0)",
-                showlegend=False,
-                width=350,
-                height=30,
-                xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
-                yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
-                annotations=[
-                    dict(
-                        x=success_section + failed_section,
-                        y=0,
-                        xref="x",
-                        yref="y",
-                        text=str(success_section),
-                        showarrow=False,
-                        font=dict(color="#45cc6e", size=14),
-                        xanchor="left",
-                        yanchor="middle",
-                    ),
-                    dict(
-                        x=0,
-                        y=0,
-                        xref="x",
-                        yref="y",
-                        text=str(failed_section),
-                        showarrow=False,
-                        font=dict(color="#e77676", size=14),
-                        xanchor="right",
-                        yanchor="middle",
-                    ),
-                ],
-            )
-
-            graph_section = dcc.Graph(
-                figure=fig_section,
-                config={"staticPlot": True},
-                className="info-bar-child",
-            )
-
-            graph_div_section = html.Div(graph_section, className="graph-section-req")
-
-            internal_accordion_item = dbc.AccordionItem(
-                title=section,
-                children=[html.Div([data_table], className="inner-accordion-content")],
-            )
-
-            internal_section_container = html.Div(
-                [
-                    graph_div_section,
-                    dbc.Accordion(
-                        [internal_accordion_item], start_collapsed=True, flush=True
-                    ),
-                ],
-                className="accordion-inner--child",
-            )
-
-            direct_internal_items.append(internal_section_container)
-
-        accordion_item = dbc.AccordionItem(
-            title=f"{name}", children=direct_internal_items
-        )
-        section_container = html.Div(
-            [
-                graph_div,
-                dbc.Accordion([accordion_item], start_collapsed=True, flush=True),
-            ],
-            className="accordion-inner",
-        )
-
-        section_containers.append(section_container)
-
-    return html.Div(section_containers, className="compliance-data-layout")
--- a/dashboard/compliance/kisa_isms_p_2023_aws.py
+++ b/dashboard/compliance/kisa_isms_p_2023_aws.py
@@ -1,25 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            # "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
--- a/dashboard/compliance/kisa_isms_p_2023_korean_aws.py
+++ b/dashboard/compliance/kisa_isms_p_2023_korean_aws.py
@@ -1,25 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            # "REQUIREMENTS_DESCRIPTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SUBDOMAIN", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
--- a/docs/developer-guide/checks.md
+++ b/docs/developer-guide/checks.md
@@ -272,7 +272,7 @@ Each Prowler check has metadata associated which is stored at the same level of
  # Severity holds the check's severity, always in lowercase (critical, high, medium, low or informational)
  "Severity": "critical",
  # ResourceType only for AWS, holds the type from here
-  # https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
+  # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
  "ResourceType": "Other",
  # Description holds the title of the check, for now is the same as CheckTitle
  "Description": "Ensure there are no EC2 AMIs set as Public.",
--- a/docs/developer-guide/introduction.md
+++ b/docs/developer-guide/introduction.md
@@ -14,8 +14,10 @@ Once that is satisfied go ahead and clone your forked repo:
 git clone https://github.com/<your-github-user>/prowler
 cd prowler
 ```
-For isolation and to avoid conflicts with other environments, we recommend using `poetry`, a Python dependency management tool. You can install it by following the instructions [here](https://python-poetry.org/docs/#installation).
-
+For isolation and avoid conflicts with other environments, we recommend usage of `poetry`:
+```
+pip install poetry
+```
 Then install all dependencies including the ones for developers:
 ```
 poetry install --with dev
--- a/docs/index.md
+++ b/docs/index.md
@@ -19,40 +19,14 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 ## Quick Start
 ### Installation

-Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/), thus can be installed as Python package with `Python >= 3.9`:
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/), thus can be installed using pip with `Python >= 3.9`:

-=== "pipx"
-
-    [pipx](https://pipx.pypa.io/stable/) is a tool to install Python applications in isolated environments. It is recommended to use `pipx` for a global installation.
+=== "Generic"

    _Requirements_:

    * `Python >= 3.9`
-    * `pipx` installed: [pipx installation](https://pipx.pypa.io/stable/installation/).
-    * AWS, GCP, Azure and/or Kubernetes credentials
-
-    _Commands_:
-
-    ``` bash
-    pipx install prowler
-    prowler -v
-    ```
-
-    To upgrade Prowler to the latest version, run:
-
-    ``` bash
-    pipx upgrade prowler
-    ```
-
-=== "pip"
-
-    ???+ warning
-        This method is not recommended because it will modify the environment which you choose to install. Consider using [pipx](https://docs.prowler.com/projects/prowler-open-source/en/latest/#__tabbed_1_1) for a global installation.
-
-    _Requirements_:
-
-    * `Python >= 3.9`
-    * `Python pip >= 21.0.0`
+    * `Python pip >= 3.9`
    * AWS, GCP, Azure and/or Kubernetes credentials

    _Commands_:
@@ -62,19 +36,13 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),
    prowler -v
    ```

-    To upgrade Prowler to the latest version, run:
-
-    ``` bash
-    pip install --upgrade prowler
-    ```
-
 === "Docker"

    _Requirements_:

    * Have `docker` installed: https://docs.docker.com/get-docker/.
-    * In the command below, change `-v` to your local directory path in order to access the reports.
    * AWS, GCP, Azure and/or Kubernetes credentials
+    * In the command below, change `-v` to your local directory path in order to access the reports.

    _Commands_:

@@ -86,21 +54,41 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),
    --env AWS_SESSION_TOKEN toniblyx/prowler:latest
    ```

+=== "Ubuntu"
+
+    _Requirements for Ubuntu 20.04.3 LTS_:
+
+    * AWS, GCP, Azure and/or Kubernetes credentials
+    * Install python 3.9 with: `sudo apt-get install python3.9`
+    * Remove python 3.8 to avoid conflicts if you can: `sudo apt-get remove python3.8`
+    * Make sure you have the python3 distutils package installed: `sudo apt-get install python3-distutils`
+    * To make sure you use pip for 3.9 get the get-pip script with: `curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py`
+    * Execute it with the proper python version: `sudo python3.9 get-pip.py`
+    * Now you should have pip for 3.9 ready: `pip3.9 --version`
+
+    _Commands_:
+
+    ```
+    pip3.9 install prowler
+    export PATH=$PATH:/home/$HOME/.local/bin/
+    prowler -v
+    ```
+
 === "GitHub"

    _Requirements for Developers_:

-    * `git`
-    * `poetry` installed: [poetry installation](https://python-poetry.org/docs/#installation).
    * AWS, GCP, Azure and/or Kubernetes credentials
+    * `git`, `Python >= 3.9`, `pip` and `poetry` installed (`pip install poetry`)

    _Commands_:

    ```
    git clone https://github.com/prowler-cloud/prowler
    cd prowler
+    poetry shell
    poetry install
-    poetry run python prowler.py -v
+    python prowler.py -v
    ```
    ???+ note
        If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
@@ -109,33 +97,15 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),

    _Requirements_:

-    * `Python >= 3.9`
    * AWS, GCP, Azure and/or Kubernetes credentials
+    * Latest Amazon Linux 2 should come with Python 3.9 already installed however it may need pip. Install Python pip 3.9 with: `sudo yum install -y python3-pip`.
+    * Make sure setuptools for python is already installed with: `pip3 install setuptools`

    _Commands_:

    ```
-    python3 -m pip install --user pipx
-    python3 -m pipx ensurepath
-    pipx install prowler
-    prowler -v
-    ```
-
-=== "Ubuntu"
-
-    _Requirements_:
-
-    * `Ubuntu 23.04` or above, if you are using an older version of Ubuntu check [pipx installation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#__tabbed_1_1) and ensure you have `Python >= 3.9`.
-    * `Python >= 3.9`
-    * AWS, GCP, Azure and/or Kubernetes credentials
-
-    _Commands_:
-
-    ``` bash
-    sudo apt update
-    sudo apt install pipx
-    pipx ensurepath
-    pipx install prowler
+    pip3.9 install prowler
+    export PATH=$PATH:/home/$HOME/.local/bin/
    prowler -v
    ```

@@ -155,7 +125,7 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),

 === "AWS CloudShell"

-    After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [[2]](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v4 in AWS CloudShell:
+    After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [2](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v4 in AWS CloudShell:

    _Requirements_:

@@ -163,13 +133,11 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),

    _Commands_:

-    ```bash
+    ```
    sudo bash
    adduser prowler
    su prowler
-    python3 -m pip install --user pipx
-    python3 -m pipx ensurepath
-    pipx install prowler
+    pip install prowler
    cd /tmp
    prowler aws
    ```
@@ -185,12 +153,9 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),

    _Commands_:

-    ```bash
-    python3 -m pip install --user pipx
-    python3 -m pipx ensurepath
-    pipx install prowler
-    cd /tmp
-    prowler azure --az-cli-auth
+    ```
+    pip install prowler
+    prowler -v
    ```

 ## Prowler container versions
--- a/docs/tutorials/configuration_file.md
+++ b/docs/tutorials/configuration_file.md
@@ -13,53 +13,52 @@ The following list includes all the AWS checks with configurable variables that

 | Check Name                                                    | Value                                            | Type            |
 |---------------------------------------------------------------|--------------------------------------------------|-----------------|
-| `acm_certificates_expiration_check`                           | `days_to_expire_threshold`                       | Integer         |
-| `appstream_fleet_maximum_session_duration`                    | `max_session_duration_seconds`                   | Integer         |
-| `appstream_fleet_session_disconnect_timeout`                  | `max_disconnect_timeout_in_seconds`              | Integer         |
+| `iam_user_accesskey_unused`                                   | `max_unused_access_keys_days`                    | Integer         |
+| `iam_user_console_access_unused`                              | `max_console_access_days`                        | Integer         |
+| `ec2_elastic_ip_shodan`                                       | `shodan_api_key`                                 | String          |
+| `ec2_securitygroup_with_many_ingress_egress_rules`            | `max_security_group_rules`                       | Integer         |
+| `ec2_instance_older_than_specific_days`                       | `max_ec2_instance_age_in_days`                   | Integer         |
+| `ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports`| `ec2_sg_high_risk_ports`                 | List of Integer |
+| `vpc_endpoint_connections_trust_boundaries`                   | `trusted_account_ids`                            | List of Strings |
+| `vpc_endpoint_services_allowed_principals_trust_boundaries`   | `trusted_account_ids`                            | List of Strings |
+| `cloudwatch_log_group_retention_policy_specific_days_enabled` | `log_group_retention_days`                       | Integer         |
 | `appstream_fleet_session_idle_disconnect_timeout`             | `max_idle_disconnect_timeout_in_seconds`         | Integer         |
+| `appstream_fleet_session_disconnect_timeout`                  | `max_disconnect_timeout_in_seconds`              | Integer         |
+| `appstream_fleet_maximum_session_duration`                    | `max_session_duration_seconds`                   | Integer         |
+| `awslambda_function_using_supported_runtimes`                 | `obsolete_lambda_runtimes`                       | Integer         |
+| `organizations_scp_check_deny_regions`                        | `organizations_enabled_regions`                  | List of Strings |
+| `organizations_delegated_administrators`                      | `organizations_trusted_delegated_administrators` | List of Strings |
+| `ecr_repositories_scan_vulnerabilities_in_latest_image`       | `ecr_repository_vulnerability_minimum_severity`  | String          |
+| `trustedadvisor_premium_support_plan_subscribed`              | `verify_premium_support_plans`                   | Boolean         |
+| `config_recorder_all_regions_enabled`                         | `mute_non_default_regions`                       | Boolean         |
+| `drs_job_exist`                                               | `mute_non_default_regions`                       | Boolean         |
+| `guardduty_is_enabled`                                        | `mute_non_default_regions`                       | Boolean         |
+| `securityhub_enabled`                                         | `mute_non_default_regions`                       | Boolean         |
+| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_entropy`  | Integer         |
+| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_minutes`  | Integer         |
+| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_actions`  | List of Strings |
+| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_entropy`           | Integer         |
+| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_minutes`           | Integer         |
+| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_actions`           | List of Strings |
+| `codebuild_project_no_secrets_in_variables`                   | `excluded_sensitive_environment_variables`       | List of Strings |
+| `rds_instance_backup_enabled`                                 | `check_rds_instance_replicas`                    | Boolean         |
+| `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_interface_types`                    | List of Strings |
+| `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_instance_owners`                    | List of Strings |
+| `acm_certificates_expiration_check`                           | `days_to_expire_threshold`                       | Integer         |
+| `eks_control_plane_logging_all_types_enabled`                 | `eks_required_log_types`                         | List of Strings |
+| `eks_cluster_uses_a_supported_version`                        | `eks_cluster_oldest_version_supported`           | String          |
+| `elbv2_is_in_multiple_az`                                     | `elbv2_min_azs`                                  | Integer         |
+| `elb_is_in_multiple_az`                                       | `elb_min_azs`                                    | Integer         |
 | `autoscaling_find_secrets_ec2_launch_configuration`           | `secrets_ignore_patterns`                        | List of Strings |
 | `awslambda_function_no_secrets_in_code`                       | `secrets_ignore_patterns`                        | List of Strings |
 | `awslambda_function_no_secrets_in_variables`                  | `secrets_ignore_patterns`                        | List of Strings |
-| `awslambda_function_using_supported_runtimes`                 | `obsolete_lambda_runtimes`                       | Integer         |
-| `awslambda_function_vpc_is_in_multi_azs`                      | `lambda_min_azs`                                 | Integer         |
 | `cloudformation_stack_outputs_find_secrets`                   | `secrets_ignore_patterns`                        | List of Strings |
-| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_actions`           | List of Strings |
-| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_entropy`           | Integer         |
-| `cloudtrail_threat_detection_enumeration`                     | `threat_detection_enumeration_minutes`           | Integer         |
-| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_actions`  | List of Strings |
-| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_entropy`  | Integer         |
-| `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_minutes`  | Integer         |
 | `cloudwatch_log_group_no_secrets_in_logs`                     | `secrets_ignore_patterns`                        | List of Strings |
-| `cloudwatch_log_group_retention_policy_specific_days_enabled` | `log_group_retention_days`                       | Integer         |
-| `codebuild_project_no_secrets_in_variables`                   | `excluded_sensitive_environment_variables`       | List of Strings |
 | `codebuild_project_no_secrets_in_variables`                   | `secrets_ignore_patterns`                        | List of Strings |
-| `config_recorder_all_regions_enabled`                         | `mute_non_default_regions`                       | Boolean         |
-| `drs_job_exist`                                               | `mute_non_default_regions`                       | Boolean         |
-| `ec2_elastic_ip_shodan`                                       | `shodan_api_key`                                 | String          |
-| `ec2_instance_older_than_specific_days`                       | `max_ec2_instance_age_in_days`                   | Integer         |
 | `ec2_instance_secrets_user_data`                              | `secrets_ignore_patterns`                        | List of Strings |
 | `ec2_launch_template_no_secrets`                              | `secrets_ignore_patterns`                        | List of Strings |
-| `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_instance_owners`                    | List of Strings |
-| `ec2_securitygroup_allow_ingress_from_internet_to_any_port`   | `ec2_allowed_interface_types`                    | List of Strings |
-| `ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports`| `ec2_sg_high_risk_ports`                 | List of Integer |
-| `ec2_securitygroup_with_many_ingress_egress_rules`            | `max_security_group_rules`                       | Integer         |
 | `ecs_task_definitions_no_environment_secrets`                 | `secrets_ignore_patterns`                        | List of Strings |
-| `ecr_repositories_scan_vulnerabilities_in_latest_image`       | `ecr_repository_vulnerability_minimum_severity`  | String          |
-| `eks_cluster_uses_a_supported_version`                        | `eks_cluster_oldest_version_supported`           | String          |
-| `eks_control_plane_logging_all_types_enabled`                 | `eks_required_log_types`                         | List of Strings |
-| `elb_is_in_multiple_az`                                       | `elb_min_azs`                                    | Integer         |
-| `elbv2_is_in_multiple_az`                                     | `elbv2_min_azs`                                  | Integer         |
-| `guardduty_is_enabled`                                        | `mute_non_default_regions`                       | Boolean         |
-| `iam_user_accesskey_unused`                                   | `max_unused_access_keys_days`                    | Integer         |
-| `iam_user_console_access_unused`                              | `max_console_access_days`                        | Integer         |
-| `organizations_delegated_administrators`                      | `organizations_trusted_delegated_administrators` | List of Strings |
-| `organizations_scp_check_deny_regions`                        | `organizations_enabled_regions`                  | List of Strings |
-| `rds_instance_backup_enabled`                                 | `check_rds_instance_replicas`                    | Boolean         |
-| `securityhub_enabled`                                         | `mute_non_default_regions`                       | Boolean         |
 | `ssm_document_secrets`                                        | `secrets_ignore_patterns`                        | List of Strings |
-| `trustedadvisor_premium_support_plan_subscribed`              | `verify_premium_support_plans`                   | Boolean         |
-| `vpc_endpoint_connections_trust_boundaries`                   | `trusted_account_ids`                            | List of Strings |
-| `vpc_endpoint_services_allowed_principals_trust_boundaries`   | `trusted_account_ids`                            | List of Strings |


 ## Azure
@@ -158,7 +157,6 @@ aws:
    ]

  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # AWS SSM Configuration (aws.ssm_documents_set_as_public)
  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
--- a/poetry.lock
+++ b/poetry.lock
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -15,6 +15,8 @@ from prowler.config.config import (
 )
 from prowler.lib.banner import print_banner
 from prowler.lib.check.check import (
+    bulk_load_checks_metadata,
+    bulk_load_compliance_frameworks,
    exclude_checks_to_run,
    exclude_services_to_run,
    execute_checks,
@@ -34,12 +36,10 @@ from prowler.lib.check.check import (
 )
 from prowler.lib.check.checks_loader import load_checks_to_execute
 from prowler.lib.check.compliance import update_checks_metadata_with_compliance
-from prowler.lib.check.compliance_models import Compliance
 from prowler.lib.check.custom_checks_metadata import (
    parse_custom_checks_metadata_file,
    update_checks_metadata,
 )
-from prowler.lib.check.models import CheckMetadata
 from prowler.lib.cli.parser import ProwlerArgumentParser
 from prowler.lib.logger import logger, set_logging_config
 from prowler.lib.outputs.asff.asff import ASFF
@@ -54,7 +54,6 @@ from prowler.lib.outputs.compliance.compliance import display_compliance_table
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
 from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
 from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
-from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
    AzureMitreAttack,
@@ -69,12 +68,8 @@ from prowler.lib.outputs.slack.slack import Slack
 from prowler.lib.outputs.summary_table import display_summary_table
 from prowler.providers.aws.lib.s3.s3 import S3
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHub
-from prowler.providers.aws.models import AWSOutputOptions
-from prowler.providers.azure.models import AzureOutputOptions
 from prowler.providers.common.provider import Provider
 from prowler.providers.common.quick_inventory import run_provider_quick_inventory
-from prowler.providers.gcp.models import GCPOutputOptions
-from prowler.providers.kubernetes.models import KubernetesOutputOptions


 def prowler():
@@ -136,7 +131,7 @@ def prowler():

    # Load checks metadata
    logger.debug("Loading checks metadata from .metadata.json files")
-    bulk_checks_metadata = CheckMetadata.get_bulk(provider)
+    bulk_checks_metadata = bulk_load_checks_metadata(provider)

    if args.list_categories:
        print_categories(list_categories(bulk_checks_metadata))
@@ -146,7 +141,7 @@ def prowler():
    # Load compliance frameworks
    logger.debug("Loading compliance frameworks from .json files")

-    bulk_compliance_frameworks = Compliance.get_bulk(provider)
+    bulk_compliance_frameworks = bulk_load_compliance_frameworks(provider)
    # Complete checks metadata with the compliance framework specification
    bulk_checks_metadata = update_checks_metadata_with_compliance(
        bulk_compliance_frameworks, bulk_checks_metadata
@@ -195,7 +190,7 @@ def prowler():
        sys.exit()

    # Provider to scan
-    Provider.init_global_provider(args)
+    Provider.set_global_provider(args)
    global_provider = Provider.get_global_provider()

    # Print Provider Credentials
@@ -229,8 +224,7 @@ def prowler():
    # Once the provider is set and we have the eventual checks based on the resource identifier,
    # it is time to check what Prowler's checks are going to be executed
    checks_from_resources = global_provider.get_checks_to_execute_by_audit_resources()
-    # Intersect checks from resources with checks to execute so we only run the checks that apply to the resources with the specified ARNs or tags
-    if getattr(args, "resource_arn", None) or getattr(args, "resource_tag", None):
+    if checks_from_resources:
        checks_to_execute = checks_to_execute.intersection(checks_from_resources)

    # Sort final check list
@@ -240,22 +234,7 @@ def prowler():
    global_provider.mutelist = args.mutelist_file

    # Setup Output Options
-    if provider == "aws":
-        output_options = AWSOutputOptions(
-            args, bulk_checks_metadata, global_provider.identity
-        )
-    elif provider == "azure":
-        output_options = AzureOutputOptions(
-            args, bulk_checks_metadata, global_provider.identity
-        )
-    elif provider == "gcp":
-        output_options = GCPOutputOptions(
-            args, bulk_checks_metadata, global_provider.identity
-        )
-    elif provider == "kubernetes":
-        output_options = KubernetesOutputOptions(
-            args, bulk_checks_metadata, global_provider.identity
-        )
+    global_provider.output_options = (args, bulk_checks_metadata)

    # Run the quick inventory for the provider if available
    if hasattr(args, "quick_inventory") and args.quick_inventory:
@@ -271,7 +250,6 @@ def prowler():
            global_provider,
            custom_checks_metadata,
            args.config_file,
-            output_options,
        )
    else:
        logger.error(
@@ -279,7 +257,7 @@ def prowler():
        )

    # Prowler Fixer
-    if output_options.fixer:
+    if global_provider.output_options.fixer:
        print(f"{Style.BRIGHT}\nRunning Prowler Fixer, please wait...{Style.RESET_ALL}")
        # Check if there are any FAIL findings
        if any("FAIL" in finding.status for finding in findings):
@@ -325,8 +303,7 @@ def prowler():
    # TODO: this part is needed since the checks generates a Check_Report_XXX and the output uses Finding
    # This will be refactored for the outputs generate directly the Finding
    finding_outputs = [
-        Finding.generate_output(global_provider, finding, output_options)
-        for finding in findings
+        Finding.generate_output(global_provider, finding) for finding in findings
    ]

    generated_outputs = {"regular": [], "compliance": []}
@@ -334,8 +311,8 @@ def prowler():
    if args.output_formats:
        for mode in args.output_formats:
            filename = (
-                f"{output_options.output_directory}/"
-                f"{output_options.output_filename}"
+                f"{global_provider.output_options.output_directory}/"
+                f"{global_provider.output_options.output_filename}"
            )
            if mode == "csv":
                csv_output = CSV(
@@ -377,16 +354,16 @@ def prowler():
                )

    # Compliance Frameworks
-    input_compliance_frameworks = set(output_options.output_modes).intersection(
-        get_available_compliance_frameworks(provider)
-    )
+    input_compliance_frameworks = set(
+        global_provider.output_options.output_modes
+    ).intersection(get_available_compliance_frameworks(provider))
    if provider == "aws":
        for compliance_name in input_compliance_frameworks:
            if compliance_name.startswith("cis_"):
                # Generate CIS Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                cis = AWSCIS(
                    findings=finding_outputs,
@@ -399,8 +376,8 @@ def prowler():
            elif compliance_name == "mitre_attack_aws":
                # Generate MITRE ATT&CK Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                mitre_attack = AWSMitreAttack(
                    findings=finding_outputs,
@@ -413,8 +390,8 @@ def prowler():
            elif compliance_name.startswith("ens_"):
                # Generate ENS Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                ens = AWSENS(
                    findings=finding_outputs,
@@ -427,8 +404,8 @@ def prowler():
            elif compliance_name.startswith("aws_well_architected_framework"):
                # Generate AWS Well-Architected Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                aws_well_architected = AWSWellArchitected(
                    findings=finding_outputs,
@@ -441,8 +418,8 @@ def prowler():
            elif compliance_name.startswith("iso27001_"):
                # Generate ISO27001 Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                iso27001 = AWSISO27001(
                    findings=finding_outputs,
@@ -452,24 +429,10 @@ def prowler():
                )
                generated_outputs["compliance"].append(iso27001)
                iso27001.batch_write_data_to_file()
-            elif compliance_name.startswith("kisa"):
-                # Generate KISA-ISMS-P Finding Object
-                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
-                )
-                kisa_ismsp = AWSKISAISMSP(
-                    findings=finding_outputs,
-                    compliance=bulk_compliance_frameworks[compliance_name],
-                    create_file_descriptor=True,
-                    file_path=filename,
-                )
-                generated_outputs["compliance"].append(kisa_ismsp)
-                kisa_ismsp.batch_write_data_to_file()
            else:
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                generic_compliance = GenericCompliance(
                    findings=finding_outputs,
@@ -485,8 +448,8 @@ def prowler():
            if compliance_name.startswith("cis_"):
                # Generate CIS Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                cis = AzureCIS(
                    findings=finding_outputs,
@@ -499,8 +462,8 @@ def prowler():
            elif compliance_name == "mitre_attack_azure":
                # Generate MITRE ATT&CK Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                mitre_attack = AzureMitreAttack(
                    findings=finding_outputs,
@@ -512,8 +475,8 @@ def prowler():
                mitre_attack.batch_write_data_to_file()
            else:
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                generic_compliance = GenericCompliance(
                    findings=finding_outputs,
@@ -529,8 +492,8 @@ def prowler():
            if compliance_name.startswith("cis_"):
                # Generate CIS Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                cis = GCPCIS(
                    findings=finding_outputs,
@@ -543,8 +506,8 @@ def prowler():
            elif compliance_name == "mitre_attack_gcp":
                # Generate MITRE ATT&CK Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                mitre_attack = GCPMitreAttack(
                    findings=finding_outputs,
@@ -556,8 +519,8 @@ def prowler():
                mitre_attack.batch_write_data_to_file()
            else:
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                generic_compliance = GenericCompliance(
                    findings=finding_outputs,
@@ -573,8 +536,8 @@ def prowler():
            if compliance_name.startswith("cis_"):
                # Generate CIS Finding Object
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                cis = KubernetesCIS(
                    findings=finding_outputs,
@@ -586,8 +549,8 @@ def prowler():
                cis.batch_write_data_to_file()
            else:
                filename = (
-                    f"{output_options.output_directory}/compliance/"
-                    f"{output_options.output_filename}_{compliance_name}.csv"
+                    f"{global_provider.output_options.output_directory}/compliance/"
+                    f"{global_provider.output_options.output_filename}_{compliance_name}.csv"
                )
                generic_compliance = GenericCompliance(
                    findings=finding_outputs,
@@ -630,7 +593,7 @@ def prowler():
                aws_partition=global_provider.identity.partition,
                aws_session=global_provider.session.current_session,
                findings=asff_output.data,
-                send_only_fails=output_options.send_sh_only_fails,
+                send_only_fails=global_provider.output_options.send_sh_only_fails,
                aws_security_hub_available_regions=security_hub_regions,
            )
            # Send the findings to Security Hub
@@ -656,7 +619,7 @@ def prowler():
        display_summary_table(
            findings,
            global_provider,
-            output_options,
+            global_provider.output_options,
        )
        # Only display compliance table if there are findings (not all MANUAL) and it is a default execution
        if (
@@ -675,13 +638,13 @@ def prowler():
                    findings,
                    bulk_checks_metadata,
                    compliance,
-                    output_options.output_filename,
-                    output_options.output_directory,
+                    global_provider.output_options.output_filename,
+                    global_provider.output_options.output_directory,
                    compliance_overview,
                )
            if compliance_overview:
                print(
-                    f"\nDetailed compliance results are in {Fore.YELLOW}{output_options.output_directory}/compliance/{Style.RESET_ALL}\n"
+                    f"\nDetailed compliance results are in {Fore.YELLOW}{global_provider.output_options.output_directory}/compliance/{Style.RESET_ALL}\n"
                )

    # If custom checks were passed, remove the modules
--- a/prowler/compliance/aws/kisa_isms_p_2023_aws.json
+++ b/prowler/compliance/aws/kisa_isms_p_2023_aws.json
--- a/prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json
+++ b/prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json
--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -11,7 +11,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "4.5.0"
+prowler_version = "4.4.0"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 square_logo_img = "https://prowler.com/wp-content/uploads/logo-html.png"
 aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
--- a/prowler/config/config.yaml
+++ b/prowler/config/config.yaml
@@ -57,13 +57,7 @@ aws:
        8088,
    ]

-  # AWS ECS Configuration
-  # aws.ecs_service_fargate_latest_platform_version
-  fargate_linux_latest_version: "1.4.0"
-  fargate_windows_latest_version: "1.0.0"
-
  # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-  # AWS SSM Configuration (aws.ssm_documents_set_as_public)
  # Single account environment: No action required. The AWS account number will be automatically added by the checks.
  # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
  # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
@@ -107,8 +101,6 @@ aws:
      "ruby2.5",
      "ruby2.7",
    ]
-  # aws.awslambda_function_vpc_is_in_multi_azs
-  lambda_min_azs: 2

  # AWS Organizations
  # aws.organizations_scp_check_deny_regions
@@ -335,8 +327,8 @@ aws:
  elbv2_min_azs: 2


-  # AWS Secrets Configuration
-  # Patterns to ignore in the secrets checks
+  # Known secrets to ignore on detection
+  # this will include a list of regex patterns to ignore on detection
  secrets_ignore_patterns: []

 # Azure Configuration
--- a/prowler/exceptions/exceptions.py
+++ b/prowler/exceptions/exceptions.py
@@ -5,6 +5,8 @@ class ProwlerException(Exception):
        (1901, "UnexpectedError"): {
            "message": "Unexpected error occurred.",
            "remediation": "Please review the error message and try again.",
+            "file": "{file}",
+            "provider": "{provider}",
        }
    }

--- a/prowler/lib/check/check.py
+++ b/prowler/lib/check/check.py
@@ -6,6 +6,7 @@ import re
 import shutil
 import sys
 import traceback
+from pkgutil import walk_packages
 from types import ModuleType
 from typing import Any

@@ -14,15 +15,76 @@ from colorama import Fore, Style

 import prowler
 from prowler.config.config import orange_color
+from prowler.lib.check.compliance_models import load_compliance_framework
 from prowler.lib.check.custom_checks_metadata import update_check_metadata
-from prowler.lib.check.models import Check
-from prowler.lib.check.utils import recover_checks_from_provider
+from prowler.lib.check.models import Check, CheckMetadata, load_check_metadata
 from prowler.lib.logger import logger
 from prowler.lib.outputs.outputs import report
 from prowler.lib.utils.utils import open_file, parse_json_file, print_boxes
 from prowler.providers.common.models import Audit_Metadata


+# Load all checks metadata
+def bulk_load_checks_metadata(provider: str) -> dict[str, CheckMetadata]:
+    """
+    Load the metadata of all checks for a given provider reading the check's metadata files.
+    Args:
+        provider (str): The name of the provider.
+    Returns:
+        dict[str, CheckMetadata]: A dictionary containing the metadata of all checks, with the CheckID as the key.
+    """
+
+    bulk_check_metadata = {}
+    checks = recover_checks_from_provider(provider)
+    # Build list of check's metadata files
+    for check_info in checks:
+        # Build check path name
+        check_name = check_info[0]
+        check_path = check_info[1]
+        # Ignore fixer files
+        if check_name.endswith("_fixer"):
+            continue
+        # Append metadata file extension
+        metadata_file = f"{check_path}/{check_name}.metadata.json"
+        # Load metadata
+        check_metadata = load_check_metadata(metadata_file)
+        bulk_check_metadata[check_metadata.CheckID] = check_metadata
+
+    return bulk_check_metadata
+
+
+# Bulk load all compliance frameworks specification
+def bulk_load_compliance_frameworks(provider: str) -> dict:
+    """Bulk load all compliance frameworks specification into a dict"""
+    try:
+        bulk_compliance_frameworks = {}
+        available_compliance_framework_modules = list_compliance_modules()
+        for compliance_framework in available_compliance_framework_modules:
+            if provider in compliance_framework.name:
+                compliance_specification_dir_path = (
+                    f"{compliance_framework.module_finder.path}/{provider}"
+                )
+
+                # for compliance_framework in available_compliance_framework_modules:
+                for filename in os.listdir(compliance_specification_dir_path):
+                    file_path = os.path.join(
+                        compliance_specification_dir_path, filename
+                    )
+                    # Check if it is a file and ti size is greater than 0
+                    if os.path.isfile(file_path) and os.stat(file_path).st_size > 0:
+                        # Open Compliance file in JSON
+                        # cis_v1.4_aws.json --> cis_v1.4_aws
+                        compliance_framework_name = filename.split(".json")[0]
+                        # Store the compliance info
+                        bulk_compliance_frameworks[compliance_framework_name] = (
+                            load_compliance_framework(file_path)
+                        )
+    except Exception as e:
+        logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
+
+    return bulk_compliance_frameworks
+
+
 # Exclude checks to run
 def exclude_checks_to_run(checks_to_execute: set, excluded_checks: list) -> set:
    for check in excluded_checks:
@@ -319,12 +381,100 @@ def parse_checks_from_compliance_framework(
    return checks_to_execute


+def recover_checks_from_provider(
+    provider: str, service: str = None, include_fixers: bool = False
+) -> list[tuple]:
+    """
+    Recover all checks from the selected provider and service
+
+    Returns a list of tuples with the following format (check_name, check_path)
+    """
+    try:
+        checks = []
+        modules = list_modules(provider, service)
+        for module_name in modules:
+            # Format: "prowler.providers.{provider}.services.{service}.{check_name}.{check_name}"
+            check_module_name = module_name.name
+            # We need to exclude common shared libraries in services
+            if (
+                check_module_name.count(".") == 6
+                and "lib" not in check_module_name
+                and (not check_module_name.endswith("_fixer") or include_fixers)
+            ):
+                check_path = module_name.module_finder.path
+                # Check name is the last part of the check_module_name
+                check_name = check_module_name.split(".")[-1]
+                check_info = (check_name, check_path)
+                checks.append(check_info)
+    except ModuleNotFoundError:
+        logger.critical(f"Service {service} was not found for the {provider} provider.")
+        sys.exit(1)
+    except Exception as e:
+        logger.critical(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}")
+        sys.exit(1)
+    else:
+        return checks
+
+
+def list_compliance_modules():
+    """
+    list_compliance_modules returns the available compliance frameworks and returns their path
+    """
+    # This module path requires the full path including "prowler."
+    module_path = "prowler.compliance"
+    return walk_packages(
+        importlib.import_module(module_path).__path__,
+        importlib.import_module(module_path).__name__ + ".",
+    )
+
+
+# List all available modules in the selected provider and service
+def list_modules(provider: str, service: str):
+    # This module path requires the full path including "prowler."
+    module_path = f"prowler.providers.{provider}.services"
+    if service:
+        module_path += f".{service}"
+    return walk_packages(
+        importlib.import_module(module_path).__path__,
+        importlib.import_module(module_path).__name__ + ".",
+    )
+
+
 # Import an input check using its path
 def import_check(check_path: str) -> ModuleType:
    lib = importlib.import_module(f"{check_path}")
    return lib


+def run_check(check: Check, verbose: bool = False, only_logs: bool = False) -> list:
+    """
+    Run the check and return the findings
+    Args:
+        check (Check): check class
+        output_options (Any): output options
+    Returns:
+        list: list of findings
+    """
+    findings = []
+    if verbose:
+        print(
+            f"\nCheck ID: {check.CheckID} - {Fore.MAGENTA}{check.ServiceName}{Fore.YELLOW} [{check.Severity}]{Style.RESET_ALL}"
+        )
+    logger.debug(f"Executing check: {check.CheckID}")
+    try:
+        findings = check.execute()
+    except Exception as error:
+        if not only_logs:
+            print(
+                f"Something went wrong in {check.CheckID}, please use --log-level ERROR"
+            )
+        logger.error(
+            f"{check.CheckID} -- {error.__class__.__name__}[{traceback.extract_tb(error.__traceback__)[-1].lineno}]: {error}"
+        )
+    finally:
+        return findings
+
+
 def run_fixer(check_findings: list) -> int:
    """
    Run the fixer for the check if it exists and there are any FAIL findings
@@ -406,7 +556,6 @@ def execute_checks(
    global_provider: Any,
    custom_checks_metadata: Any,
    config_file: str,
-    output_options: Any,
 ) -> list:
    # List to store all the check's findings
    all_findings = []
@@ -442,42 +591,18 @@ def execute_checks(
                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    # Set verbose flag
-    verbose = False
-    if hasattr(output_options, "verbose"):
-        verbose = output_options.verbose
-    elif hasattr(output_options, "fixer"):
-        verbose = output_options.fixer
-
    # Execution with the --only-logs flag
-    if output_options.only_logs:
+    if global_provider.output_options.only_logs:
        for check_name in checks_to_execute:
            # Recover service from check name
            service = check_name.split("_")[0]
            try:
-                try:
-                    # Import check module
-                    check_module_path = f"prowler.providers.{global_provider.type}.services.{service}.{check_name}.{check_name}"
-                    lib = import_check(check_module_path)
-                    # Recover functions from check
-                    check_to_execute = getattr(lib, check_name)
-                    check = check_to_execute()
-                except ModuleNotFoundError:
-                    logger.error(
-                        f"Check '{check_name}' was not found for the {global_provider.type.upper()} provider"
-                    )
-                    continue
-                if verbose:
-                    print(
-                        f"\nCheck ID: {check.CheckID} - {Fore.MAGENTA}{check.ServiceName}{Fore.YELLOW} [{check.Severity}]{Style.RESET_ALL}"
-                    )
                check_findings = execute(
-                    check,
+                    service,
+                    check_name,
                    global_provider,
                    custom_checks_metadata,
-                    output_options,
                )
-                report(check_findings, global_provider, output_options)
                all_findings.extend(check_findings)

                # Update Audit Status
@@ -535,31 +660,12 @@ def execute_checks(
                    f"-> Scanning {orange_color}{service}{Style.RESET_ALL} service"
                )
                try:
-                    try:
-                        # Import check module
-                        check_module_path = f"prowler.providers.{global_provider.type}.services.{service}.{check_name}.{check_name}"
-                        lib = import_check(check_module_path)
-                        # Recover functions from check
-                        check_to_execute = getattr(lib, check_name)
-                        check = check_to_execute()
-                    except ModuleNotFoundError:
-                        logger.error(
-                            f"Check '{check_name}' was not found for the {global_provider.type.upper()} provider"
-                        )
-                        continue
-                    if verbose:
-                        print(
-                            f"\nCheck ID: {check.CheckID} - {Fore.MAGENTA}{check.ServiceName}{Fore.YELLOW} [{check.Severity}]{Style.RESET_ALL}"
-                        )
                    check_findings = execute(
-                        check,
+                        service,
+                        check_name,
                        global_provider,
                        custom_checks_metadata,
-                        output_options,
                    )
-
-                    report(check_findings, global_provider, output_options)
-
                    all_findings.extend(check_findings)
                    services_executed.add(service)
                    checks_executed.add(check_name)
@@ -582,79 +688,51 @@ def execute_checks(
                    )
                bar()
            bar.title = f"-> {Fore.GREEN}Scan completed!{Style.RESET_ALL}"
-
-    # Custom report interface
-    if os.environ.get("PROWLER_REPORT_LIB_PATH"):
-        try:
-            logger.info("Using custom report interface ...")
-            lib = os.environ["PROWLER_REPORT_LIB_PATH"]
-            outputs_module = importlib.import_module(lib)
-            custom_report_interface = getattr(outputs_module, "report")
-
-            # TODO: review this call and see if we can remove the global_provider.output_options since it is contained in the global_provider
-            custom_report_interface(check_findings, output_options, global_provider)
-        except Exception:
-            sys.exit(1)
-
    return all_findings


 def execute(
-    check: Check,
+    service: str,
+    check_name: str,
    global_provider: Any,
    custom_checks_metadata: Any,
-    output_options: Any = None,
 ):
-    """
-    Execute the check and report the findings
-
-    Args:
-        service (str): service name
-        check_name (str): check name
-        global_provider (Any): provider object
-        custom_checks_metadata (Any): custom checks metadata
-        output_options (Any): output options, depending on the provider
-
-    Returns:
-        list: list of findings
-    """
    try:
+        # Import check module
+        check_module_path = f"prowler.providers.{global_provider.type}.services.{service}.{check_name}.{check_name}"
+        lib = import_check(check_module_path)
+        # Recover functions from check
+        check_to_execute = getattr(lib, check_name)
+        check_class = check_to_execute()
+
        # Update check metadata to reflect that in the outputs
        if custom_checks_metadata and custom_checks_metadata["Checks"].get(
-            check.CheckID
+            check_class.CheckID
        ):
-            check = update_check_metadata(
-                check, custom_checks_metadata["Checks"][check.CheckID]
+            check_class = update_check_metadata(
+                check_class, custom_checks_metadata["Checks"][check_class.CheckID]
            )

-        only_logs = False
-        if hasattr(output_options, "only_logs"):
-            only_logs = output_options.only_logs
-
-        # Execute the check
-        check_findings = []
-        logger.debug(f"Executing check: {check.CheckID}")
-        try:
-            check_findings = check.execute()
-        except Exception as error:
-            if not only_logs:
-                print(
-                    f"Something went wrong in {check.CheckID}, please use --log-level ERROR"
-                )
-            logger.error(
-                f"{check.CheckID} -- {error.__class__.__name__}[{traceback.extract_tb(error.__traceback__)[-1].lineno}]: {error}"
-            )
+        # Run check
+        verbose = (
+            global_provider.output_options.verbose
+            or global_provider.output_options.fixer
+        )
+        check_findings = run_check(
+            check_class, verbose, global_provider.output_options.only_logs
+        )

        # Exclude findings per status
-        if hasattr(output_options, "status") and output_options.status:
+        if global_provider.output_options.status:
            check_findings = [
                finding
                for finding in check_findings
-                if finding.status in output_options.status
+                if finding.status in global_provider.output_options.status
            ]

-        # Before returning the findings, we need to apply the mute list logic
+        # Mutelist findings
        if hasattr(global_provider, "mutelist") and global_provider.mutelist.mutelist:
+            # TODO: make this prettier
            is_finding_muted_args = {}
            if global_provider.type == "aws":
                is_finding_muted_args["aws_account_id"] = (
@@ -669,9 +747,27 @@ def execute(
                    **is_finding_muted_args
                )

+        # Refactor(Outputs)
+        # Report the check's findings
+        report(check_findings, global_provider)
+
+        # Refactor(Outputs)
+        if os.environ.get("PROWLER_REPORT_LIB_PATH"):
+            try:
+                logger.info("Using custom report interface ...")
+                lib = os.environ["PROWLER_REPORT_LIB_PATH"]
+                outputs_module = importlib.import_module(lib)
+                custom_report_interface = getattr(outputs_module, "report")
+
+                # TODO: review this call and see if we can remove the global_provider.output_options since it is contained in the global_provider
+                custom_report_interface(
+                    check_findings, global_provider.output_options, global_provider
+                )
+            except Exception:
+                sys.exit(1)
    except ModuleNotFoundError:
        logger.error(
-            f"Check '{check.CheckID}' was not found for the {global_provider.type.upper()} provider"
+            f"Check '{check_name}' was not found for the {global_provider.type.upper()} provider"
        )
        check_findings = []
    except Exception as error:
@@ -701,3 +797,34 @@ def update_audit_metadata(
        logger.error(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
        )
+
+
+def recover_checks_from_service(service_list: list, provider: str) -> set:
+    """
+    Recover all checks from the selected provider and service
+
+    Returns a set of checks from the given services
+    """
+    try:
+        checks = set()
+        service_list = [
+            "awslambda" if service == "lambda" else service for service in service_list
+        ]
+        for service in service_list:
+            service_checks = recover_checks_from_provider(provider, service)
+            if not service_checks:
+                logger.error(f"Service '{service}' does not have checks.")
+
+            else:
+                for check in service_checks:
+                    # Recover check name and module name from import path
+                    # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
+                    check_name = check[0].split(".")[-1]
+                    # If the service is present in the group list passed as parameters
+                    # if service_name in group_list: checks_from_arn.add(check_name)
+                    checks.add(check_name)
+        return checks
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+        )
--- a/prowler/lib/check/checks_loader.py
+++ b/prowler/lib/check/checks_loader.py
@@ -4,8 +4,6 @@ from prowler.config.config import valid_severities
 from prowler.lib.check.check import (
    parse_checks_from_compliance_framework,
    parse_checks_from_file,
-)
-from prowler.lib.check.utils import (
    recover_checks_from_provider,
    recover_checks_from_service,
 )
--- a/prowler/lib/check/compliance_models.py
+++ b/prowler/lib/check/compliance_models.py
@@ -1,11 +1,9 @@
-import os
 import sys
 from enum import Enum
 from typing import Optional, Union

 from pydantic import BaseModel, ValidationError, root_validator

-from prowler.lib.check.utils import list_compliance_modules
 from prowler.lib.logger import logger


@@ -169,19 +167,6 @@ class Mitre_Requirement(BaseModel):
    Checks: list[str]


-# KISA-ISMS-P Requirement Attribute
-class KISA_ISMSP_Requirement_Attribute(BaseModel):
-    """KISA ISMS-P Requirement Attribute"""
-
-    Domain: str
-    Subdomain: str
-    Section: str
-    AuditChecklist: Optional[list[str]]
-    RelatedRegulations: Optional[list[str]]
-    AuditEvidence: Optional[list[str]]
-    NonComplianceCases: Optional[list[str]]
-
-
 # Base Compliance Model
 # TODO: move this to compliance folder
 class Compliance_Requirement(BaseModel):
@@ -196,7 +181,6 @@ class Compliance_Requirement(BaseModel):
            ENS_Requirement_Attribute,
            ISO27001_2013_Requirement_Attribute,
            AWS_Well_Architected_Requirement_Attribute,
-            KISA_ISMSP_Requirement_Attribute,
            # Generic_Compliance_Requirement_Attribute must be the last one since it is the fallback for generic compliance framework
            Generic_Compliance_Requirement_Attribute,
        ]
@@ -322,36 +306,6 @@ class Compliance(BaseModel):

        return requirement

-    @staticmethod
-    def get_bulk(provider: str) -> dict:
-        """Bulk load all compliance frameworks specification into a dict"""
-        try:
-            bulk_compliance_frameworks = {}
-            available_compliance_framework_modules = list_compliance_modules()
-            for compliance_framework in available_compliance_framework_modules:
-                if provider in compliance_framework.name:
-                    compliance_specification_dir_path = (
-                        f"{compliance_framework.module_finder.path}/{provider}"
-                    )
-                    # for compliance_framework in available_compliance_framework_modules:
-                    for filename in os.listdir(compliance_specification_dir_path):
-                        file_path = os.path.join(
-                            compliance_specification_dir_path, filename
-                        )
-                        # Check if it is a file and ti size is greater than 0
-                        if os.path.isfile(file_path) and os.stat(file_path).st_size > 0:
-                            # Open Compliance file in JSON
-                            # cis_v1.4_aws.json --> cis_v1.4_aws
-                            compliance_framework_name = filename.split(".json")[0]
-                            # Store the compliance info
-                            bulk_compliance_frameworks[compliance_framework_name] = (
-                                load_compliance_framework(file_path)
-                            )
-        except Exception as e:
-            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
-
-        return bulk_compliance_frameworks
-

 # Testing Pending
 def load_compliance_framework(
--- a/prowler/lib/check/models.py
+++ b/prowler/lib/check/models.py
@@ -7,7 +7,6 @@ from dataclasses import dataclass
 from pydantic import BaseModel, ValidationError, validator

 from prowler.config.config import valid_severities
-from prowler.lib.check.utils import recover_checks_from_provider
 from prowler.lib.logger import logger


@@ -130,34 +129,6 @@ class CheckMetadata(BaseModel):
            )
        return severity

-    @staticmethod
-    def get_bulk(provider: str) -> dict[str, "CheckMetadata"]:
-        """
-        Load the metadata of all checks for a given provider reading the check's metadata files.
-        Args:
-            provider (str): The name of the provider.
-        Returns:
-            dict[str, CheckMetadata]: A dictionary containing the metadata of all checks, with the CheckID as the key.
-        """
-
-        bulk_check_metadata = {}
-        checks = recover_checks_from_provider(provider)
-        # Build list of check's metadata files
-        for check_info in checks:
-            # Build check path name
-            check_name = check_info[0]
-            check_path = check_info[1]
-            # Ignore fixer files
-            if check_name.endswith("_fixer"):
-                continue
-            # Append metadata file extension
-            metadata_file = f"{check_path}/{check_name}.metadata.json"
-            # Load metadata
-            check_metadata = load_check_metadata(metadata_file)
-            bulk_check_metadata[check_metadata.CheckID] = check_metadata
-
-        return bulk_check_metadata
-

 class Check(ABC, CheckMetadata):
    """Prowler Check"""
--- a/prowler/lib/check/utils.py
+++ b/prowler/lib/check/utils.py
@@ -1,95 +0,0 @@
-import importlib
-import sys
-from pkgutil import walk_packages
-
-from prowler.lib.logger import logger
-
-
-def recover_checks_from_provider(
-    provider: str, service: str = None, include_fixers: bool = False
-) -> list[tuple]:
-    """
-    Recover all checks from the selected provider and service
-
-    Returns a list of tuples with the following format (check_name, check_path)
-    """
-    try:
-        checks = []
-        modules = list_modules(provider, service)
-        for module_name in modules:
-            # Format: "prowler.providers.{provider}.services.{service}.{check_name}.{check_name}"
-            check_module_name = module_name.name
-            # We need to exclude common shared libraries in services
-            if (
-                check_module_name.count(".") == 6
-                and "lib" not in check_module_name
-                and (not check_module_name.endswith("_fixer") or include_fixers)
-            ):
-                check_path = module_name.module_finder.path
-                # Check name is the last part of the check_module_name
-                check_name = check_module_name.split(".")[-1]
-                check_info = (check_name, check_path)
-                checks.append(check_info)
-    except ModuleNotFoundError:
-        logger.critical(f"Service {service} was not found for the {provider} provider.")
-        sys.exit(1)
-    except Exception as e:
-        logger.critical(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}")
-        sys.exit(1)
-    else:
-        return checks
-
-
-# List all available modules in the selected provider and service
-def list_modules(provider: str, service: str):
-    # This module path requires the full path including "prowler."
-    module_path = f"prowler.providers.{provider}.services"
-    if service:
-        module_path += f".{service}"
-    return walk_packages(
-        importlib.import_module(module_path).__path__,
-        importlib.import_module(module_path).__name__ + ".",
-    )
-
-
-def recover_checks_from_service(service_list: list, provider: str) -> set:
-    """
-    Recover all checks from the selected provider and service
-
-    Returns a set of checks from the given services
-    """
-    try:
-        checks = set()
-        service_list = [
-            "awslambda" if service == "lambda" else service for service in service_list
-        ]
-        for service in service_list:
-            service_checks = recover_checks_from_provider(provider, service)
-            if not service_checks:
-                logger.error(f"Service '{service}' does not have checks.")
-
-            else:
-                for check in service_checks:
-                    # Recover check name and module name from import path
-                    # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
-                    check_name = check[0].split(".")[-1]
-                    # If the service is present in the group list passed as parameters
-                    # if service_name in group_list: checks_from_arn.add(check_name)
-                    checks.add(check_name)
-        return checks
-    except Exception as error:
-        logger.error(
-            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-        )
-
-
-def list_compliance_modules():
-    """
-    list_compliance_modules returns the available compliance frameworks and returns their path
-    """
-    # This module path requires the full path including "prowler."
-    module_path = "prowler.compliance"
-    return walk_packages(
-        importlib.import_module(module_path).__path__,
-        importlib.import_module(module_path).__name__ + ".",
-    )
--- a/prowler/lib/outputs/asff/asff.py
+++ b/prowler/lib/outputs/asff/asff.py
@@ -89,11 +89,7 @@ class ASFF(Output):
                        CreatedAt=timestamp,
                        Severity=Severity(Label=finding.severity.value),
                        Title=finding.check_title,
-                        Description=(
-                            (finding.status_extended[:1000] + "...")
-                            if len(finding.status_extended) > 1000
-                            else finding.status_extended
-                        ),
+                        Description=finding.description,
                        Resources=[
                            Resource(
                                Id=finding.resource_uid,
--- a/prowler/lib/outputs/compliance/compliance.py
+++ b/prowler/lib/outputs/compliance/compliance.py
@@ -7,7 +7,6 @@ from prowler.lib.outputs.compliance.ens.ens import get_ens_table
 from prowler.lib.outputs.compliance.generic.generic_table import (
    get_generic_compliance_table,
 )
-from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp import get_kisa_ismsp_table
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack import (
    get_mitre_attack_table,
 )
@@ -63,15 +62,6 @@ def display_compliance_table(
                output_directory,
                compliance_overview,
            )
-        elif "kisa_isms_" in compliance_framework:
-            get_kisa_ismsp_table(
-                findings,
-                bulk_checks_metadata,
-                compliance_framework,
-                output_filename,
-                output_directory,
-                compliance_overview,
-            )
        else:
            get_generic_compliance_table(
                findings,
--- a/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp.py
+++ b/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp.py
@@ -1,89 +0,0 @@
-from colorama import Fore, Style
-from tabulate import tabulate
-
-from prowler.config.config import orange_color
-
-
-def get_kisa_ismsp_table(
-    findings: list,
-    bulk_checks_metadata: dict,
-    compliance_framework: str,
-    output_filename: str,
-    output_directory: str,
-    compliance_overview: bool,
-):
-    sections = {}
-    kisa_ismsp_compliance_table = {
-        "Provider": [],
-        "Section": [],
-        "Status": [],
-        "Muted": [],
-    }
-    pass_count = []
-    fail_count = []
-    muted_count = []
-    for index, finding in enumerate(findings):
-        check = bulk_checks_metadata[finding.check_metadata.CheckID]
-        check_compliances = check.Compliance
-        for compliance in check_compliances:
-            if (
-                compliance.Framework.startswith("KISA")
-                and compliance.Version in compliance_framework
-            ):
-                for requirement in compliance.Requirements:
-                    for attribute in requirement.Attributes:
-                        section = attribute.Section
-                        # Check if Section exists
-                        if section not in sections:
-                            sections[section] = {
-                                "Status": f"{Fore.GREEN}PASS{Style.RESET_ALL}",
-                                "Muted": 0,
-                            }
-                        if finding.muted:
-                            if index not in muted_count:
-                                muted_count.append(index)
-                                sections[section]["Muted"] += 1
-                        else:
-                            if finding.status == "FAIL" and index not in fail_count:
-                                fail_count.append(index)
-                            elif finding.status == "PASS" and index not in pass_count:
-                                pass_count.append(index)
-
-    # Add results to table
-    sections = dict(sorted(sections.items()))
-    for section in sections:
-        kisa_ismsp_compliance_table["Provider"].append(compliance.Provider)
-        kisa_ismsp_compliance_table["Section"].append(section)
-        kisa_ismsp_compliance_table["Muted"].append(
-            f"{orange_color}{sections[section]['Muted']}{Style.RESET_ALL}"
-        )
-    if len(fail_count) + len(pass_count) + len(muted_count) > 1:
-        print(
-            f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
-        )
-        overview_table = [
-            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
-            ]
-        ]
-        print(tabulate(overview_table, tablefmt="rounded_grid"))
-        if not compliance_overview:
-            print(
-                f"\nFramework {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Results:"
-            )
-            print(
-                tabulate(
-                    kisa_ismsp_compliance_table,
-                    headers="keys",
-                    tablefmt="rounded_grid",
-                )
-            )
-            print(
-                f"{Style.BRIGHT}* Only sections containing results appear.{Style.RESET_ALL}"
-            )
-            print(f"\nDetailed results of {compliance_framework.upper()} are in:")
-            print(
-                f" - CSV: {output_directory}/compliance/{output_filename}_{compliance_framework}.csv\n"
-            )
--- a/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp_aws.py
+++ b/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp_aws.py
@@ -1,93 +0,0 @@
-from prowler.lib.check.compliance_models import Compliance
-from prowler.lib.outputs.compliance.compliance_output import ComplianceOutput
-from prowler.lib.outputs.compliance.kisa_ismsp.models import AWSKISAISMSPModel
-from prowler.lib.outputs.finding import Finding
-
-
-class AWSKISAISMSP(ComplianceOutput):
-    """
-    This class represents the AWS KISA-ISMS-P compliance output.
-
-    Attributes:
-        - _data (list): A list to store transformed data from findings.
-        - _file_descriptor (TextIOWrapper): A file descriptor to write data to a file.
-
-    Methods:
-        - transform: Transforms findings into AWS KISA-ISMS-P compliance format.
-    """
-
-    def transform(
-        self,
-        findings: list[Finding],
-        compliance: Compliance,
-        compliance_name: str,
-    ) -> None:
-        """
-        Transforms a list of findings into AWS KISA-ISMS-P compliance format.
-
-        Parameters:
-            - findings (list): A list of findings.
-            - compliance (Compliance): A compliance model.
-            - compliance_name (str): The name of the compliance model.
-
-        Returns:
-            - None
-        """
-        for finding in findings:
-            # Get the compliance requirements for the finding
-            finding_requirements = finding.compliance.get(compliance_name, [])
-            for requirement in compliance.Requirements:
-                if requirement.Id in finding_requirements:
-                    for attribute in requirement.Attributes:
-                        compliance_row = AWSKISAISMSPModel(
-                            Provider=finding.provider,
-                            Description=compliance.Description,
-                            AccountId=finding.account_uid,
-                            Region=finding.region,
-                            AssessmentDate=str(finding.timestamp),
-                            Requirements_Id=requirement.Id,
-                            Requirements_Name=requirement.Name,
-                            Requirements_Description=requirement.Description,
-                            Requirements_Attributes_Domain=attribute.Domain,
-                            Requirements_Attributes_Subdomain=attribute.Subdomain,
-                            Requirements_Attributes_Section=attribute.Section,
-                            Requirements_Attributes_AuditChecklist=attribute.AuditChecklist,
-                            Requirements_Attributes_RelatedRegulations=attribute.RelatedRegulations,
-                            Requirements_Attributes_AuditEvidence=attribute.AuditEvidence,
-                            Requirements_Attributes_NonComplianceCases=attribute.NonComplianceCases,
-                            Status=finding.status,
-                            StatusExtended=finding.status_extended,
-                            ResourceId=finding.resource_uid,
-                            ResourceName=finding.resource_name,
-                            CheckId=finding.check_id,
-                            Muted=finding.muted,
-                        )
-                        self._data.append(compliance_row)
-        # Add manual requirements to the compliance output
-        for requirement in compliance.Requirements:
-            if not requirement.Checks:
-                for attribute in requirement.Attributes:
-                    compliance_row = AWSKISAISMSPModel(
-                        Provider=compliance.Provider.lower(),
-                        Description=compliance.Description,
-                        AccountId="",
-                        Region="",
-                        AssessmentDate=str(finding.timestamp),
-                        Requirements_Id=requirement.Id,
-                        Requirements_Name=requirement.Name,
-                        Requirements_Description=requirement.Description,
-                        Requirements_Attributes_Domain=attribute.Domain,
-                        Requirements_Attributes_Subdomain=attribute.Subdomain,
-                        Requirements_Attributes_Section=attribute.Section,
-                        Requirements_Attributes_AuditChecklist=attribute.AuditChecklist,
-                        Requirements_Attributes_RelatedRegulations=attribute.RelatedRegulations,
-                        Requirements_Attributes_AuditEvidence=attribute.AuditEvidence,
-                        Requirements_Attributes_NonComplianceCases=attribute.NonComplianceCases,
-                        Status="MANUAL",
-                        StatusExtended="Manual check",
-                        ResourceId="manual_check",
-                        ResourceName="Manual check",
-                        CheckId="manual",
-                        Muted=False,
-                    )
-                    self._data.append(compliance_row)
--- a/prowler/lib/outputs/compliance/kisa_ismsp/models.py
+++ b/prowler/lib/outputs/compliance/kisa_ismsp/models.py
@@ -1,31 +0,0 @@
-from typing import Optional
-
-from pydantic import BaseModel
-
-
-class AWSKISAISMSPModel(BaseModel):
-    """
-    The AWS KISA-ISMS-P Model outputs findings in a format compliant with the AWS KISA-ISMS-P standard
-    """
-
-    Provider: str
-    Description: str
-    AccountId: str
-    Region: str
-    AssessmentDate: str
-    Requirements_Id: str
-    Requirements_Name: str
-    Requirements_Description: str
-    Requirements_Attributes_Domain: str
-    Requirements_Attributes_Subdomain: str
-    Requirements_Attributes_Section: str
-    Requirements_Attributes_AuditChecklist: Optional[list[str]]
-    Requirements_Attributes_RelatedRegulations: Optional[list[str]]
-    Requirements_Attributes_AuditEvidence: Optional[list[str]]
-    Requirements_Attributes_NonComplianceCases: Optional[list[str]]
-    Status: str
-    StatusExtended: str
-    ResourceId: str
-    ResourceName: str
-    CheckId: str
-    Muted: bool
--- a/prowler/lib/outputs/finding.py
+++ b/prowler/lib/outputs/finding.py
@@ -88,37 +88,29 @@ class Finding(BaseModel):

    @classmethod
    def generate_output(
-        cls, provider: Provider, check_output: Check_Report, output_options
+        cls, provider: Provider, check_output: Check_Report
    ) -> "Finding":
        """Generates the output for a finding based on the provider and output options

        Args:
            provider (Provider): the provider object
            check_output (Check_Report): the check output object
-            output_options: the output options object, depending on the provider
        Returns:
            finding_output (Finding): the finding output object

        """
+        output_options = provider.output_options
        # TODO: think about get_provider_data_mapping
        provider_data_mapping = get_provider_data_mapping(provider)
-
        # TODO: move fill_common_finding_data
-        unix_timestamp = False
-        if hasattr(output_options, "unix_timestamp"):
-            unix_timestamp = output_options.unix_timestamp
-
-        common_finding_data = fill_common_finding_data(check_output, unix_timestamp)
+        common_finding_data = fill_common_finding_data(
+            check_output, output_options.unix_timestamp
+        )
        output_data = {}
        output_data.update(provider_data_mapping)
        output_data.update(common_finding_data)
-
-        bulk_checks_metadata = {}
-        if hasattr(output_options, "bulk_checks_metadata"):
-            bulk_checks_metadata = output_options.bulk_checks_metadata
-
        output_data["compliance"] = get_check_compliance(
-            check_output, provider.type, bulk_checks_metadata
+            check_output, provider.type, output_options.bulk_checks_metadata
        )
        try:
            if provider.type == "aws":
--- a/prowler/lib/outputs/ocsf/ocsf.py
+++ b/prowler/lib/outputs/ocsf/ocsf.py
@@ -9,6 +9,7 @@ from py_ocsf_models.events.findings.detection_finding import (
 from py_ocsf_models.events.findings.finding import ActivityID, FindingInformation
 from py_ocsf_models.objects.account import Account, TypeID
 from py_ocsf_models.objects.cloud import Cloud
+from py_ocsf_models.objects.container import Container
 from py_ocsf_models.objects.group import Group
 from py_ocsf_models.objects.metadata import Metadata
 from py_ocsf_models.objects.organization import Organization
@@ -36,7 +37,7 @@ class OCSF(Output):
        - transform(findings: List[Finding]) -> None: Transforms the findings into the OCSF Detection Finding format.
        - batch_write_data_to_file() -> None: Writes the findings to a file using the OCSF Detection Finding format using the `Output._file_descriptor`.
        - get_account_type_id_by_provider(provider: str) -> TypeID: Returns the TypeID based on the provider.
-        - get_finding_status_id(muted: bool) -> StatusID: Returns the StatusID based on the muted value.
+        - get_finding_status_id(status: str, muted: bool) -> StatusID: Returns the StatusID based on the status and muted values.

    References:
        - OCSF: https://schema.ocsf.io/1.2.0/classes/detection_finding
@@ -58,24 +59,21 @@ class OCSF(Output):
                finding_severity = getattr(
                    SeverityID, finding.severity.capitalize(), SeverityID.Unknown
                )
-                finding_status = self.get_finding_status_id(finding.muted)
+                finding_status = self.get_finding_status_id(
+                    finding.status, finding.muted
+                )

                detection_finding = DetectionFinding(
-                    message=finding.status_extended,
                    activity_id=finding_activity.value,
                    activity_name=finding_activity.name,
                    finding_info=FindingInformation(
-                        created_time_dt=finding.timestamp,
-                        created_time=int(finding.timestamp.timestamp()),
+                        created_time=finding.timestamp,
                        desc=finding.description,
                        title=finding.check_title,
                        uid=finding.finding_uid,
-                        name=finding.resource_name,
                        product_uid="prowler",
-                        types=[finding.check_type],
                    ),
-                    time_dt=finding.timestamp,
-                    time=int(finding.timestamp.timestamp()),
+                    event_time=finding.timestamp,
                    remediation=Remediation(
                        desc=finding.remediation_recommendation_text,
                        references=list(
@@ -98,51 +96,31 @@ class OCSF(Output):
                    status_code=finding.status,
                    status_detail=finding.status_extended,
                    risk_details=finding.risk,
-                    resources=(
-                        [
-                            ResourceDetails(
-                                labels=unroll_dict_to_list(finding.resource_tags),
-                                name=finding.resource_name,
-                                uid=finding.resource_uid,
-                                group=Group(name=finding.service_name),
-                                type=finding.resource_type,
-                                # TODO: this should be included only if using the Cloud profile
-                                cloud_partition=finding.partition,
-                                region=finding.region,
-                                data={"details": finding.resource_details},
-                            )
-                        ]
-                        if finding.provider != "kubernetes"
-                        else [
-                            ResourceDetails(
-                                labels=unroll_dict_to_list(finding.resource_tags),
-                                name=finding.resource_name,
-                                uid=finding.resource_uid,
-                                group=Group(name=finding.service_name),
-                                type=finding.resource_type,
-                                data={"details": finding.resource_details},
-                                namespace=finding.region.replace("namespace: ", ""),
-                            )
-                        ]
-                    ),
+                    resources=[
+                        ResourceDetails(
+                            labels=unroll_dict_to_list(finding.resource_tags),
+                            name=finding.resource_name,
+                            uid=finding.resource_uid,
+                            group=Group(name=finding.service_name),
+                            type=finding.resource_type,
+                            # TODO: this should be included only if using the Cloud profile
+                            cloud_partition=finding.partition,
+                            region=finding.region,
+                            data={"details": finding.resource_details},
+                        )
+                    ],
                    metadata=Metadata(
                        event_code=finding.check_id,
                        product=Product(
-                            uid="prowler",
                            name="Prowler",
                            vendor_name="Prowler",
                            version=finding.prowler_version,
                        ),
-                        profiles=(
-                            ["cloud", "datetime"]
-                            if finding.provider != "kubernetes"
-                            else ["container", "datetime"]
-                        ),
-                        tenant_uid=finding.account_organization_uid,
                    ),
                    type_uid=DetectionFindingTypeID.Create,
-                    type_name=f"Detection Finding: {DetectionFindingTypeID.Create.name}",
+                    type_name=DetectionFindingTypeID.Create.name,
                    unmapped={
+                        "check_type": finding.check_type,
                        "related_url": finding.related_url,
                        "categories": finding.categories,
                        "depends_on": finding.depends_on,
@@ -151,19 +129,26 @@ class OCSF(Output):
                        "compliance": finding.compliance,
                    },
                )
-                if finding.provider != "kubernetes":
+
+                if finding.provider == "kubernetes":
+                    detection_finding.container = Container(
+                        name=finding.resource_name,
+                        uid=finding.resource_uid,
+                    )
+                    # TODO: Get the PID of the namespace (we only have the name of the namespace)
+                    # detection_finding.namespace_pid=,
+                else:
                    detection_finding.cloud = Cloud(
                        account=Account(
                            name=finding.account_name,
                            type_id=cloud_account_type.value,
-                            type=cloud_account_type.name.replace("_", " "),
+                            type=cloud_account_type.name,
                            uid=finding.account_uid,
                            labels=unroll_dict_to_list(finding.account_tags),
                        ),
                        org=Organization(
                            uid=finding.account_organization_uid,
                            name=finding.account_organization_name,
-                            # TODO: add the org unit id and name
                        ),
                        provider=finding.provider,
                        region=finding.region,
@@ -223,17 +208,20 @@ class OCSF(Output):
        return type_id

    @staticmethod
-    def get_finding_status_id(muted: bool) -> StatusID:
+    def get_finding_status_id(status: str, muted: bool) -> StatusID:
        """
-        Returns the StatusID based on the muted value.
+        Returns the StatusID based on the status and muted values.

        Args:
+            status (str): The status value
            muted (bool): The muted value

        Returns:
-            StatusID: The StatusID based on the muted value
+            StatusID: The StatusID based on the status and muted values
        """
-        status_id = StatusID.New
+        status_id = StatusID.Other
+        if status == "FAIL":
+            status_id = StatusID.New
        if muted:
            status_id = StatusID.Suppressed
        return status_id
--- a/prowler/lib/outputs/outputs.py
+++ b/prowler/lib/outputs/outputs.py
@@ -25,12 +25,10 @@ def stdout_report(finding, color, verbose, status, fix):
            )


-# TODO: Only pass check_findings, output_options and provider.type
-def report(check_findings, provider, output_options):
+# TODO: Only pass check_findings, provider.output_options and provider.type
+def report(check_findings, provider):
    try:
-        verbose = False
-        if hasattr(output_options, "verbose"):
-            verbose = output_options.verbose
+        output_options = provider.output_options
        if check_findings:
            # TO-DO Generic Function
            if provider.type == "aws":
@@ -41,27 +39,21 @@ def report(check_findings, provider, output_options):

            for finding in check_findings:
                # Print findings by stdout
-                status = []
-                if hasattr(output_options, "status"):
-                    status = output_options.status
-                fixer = False
-                if hasattr(output_options, "fixer"):
-                    fixer = output_options.fixer
                color = set_report_color(finding.status, finding.muted)
                stdout_report(
                    finding,
                    color,
-                    verbose,
-                    status,
-                    fixer,
+                    output_options.verbose,
+                    output_options.status,
+                    output_options.fixer,
                )

        else:  # No service resources in the whole account
            color = set_report_color("MANUAL")
-            if verbose:
+            if output_options.verbose:
                print(f"\t{color}INFO{Style.RESET_ALL} There are no resources")
        # Separator between findings and bar
-        if verbose:
+        if output_options.verbose:
            print()
    except Exception as error:
        logger.error(
@@ -90,14 +82,9 @@ def extract_findings_statistics(findings: list) -> dict:
    extract_findings_statistics takes a list of findings and returns the following dict with the aggregated statistics
    {
        "total_pass": 0,
-        "total_muted_pass": 0,
        "total_fail": 0,
-        "total_muted_fail": 0,
        "resources_count": 0,
        "findings_count": 0,
-        "critical_failed_findings": [],
-        "critical_passed_findings": []
-        "all_fails_are_muted": False
    }
    """
    logger.info("Extracting audit statistics...")
@@ -109,42 +96,18 @@ def extract_findings_statistics(findings: list) -> dict:
    resources = set()
    findings_count = 0
    all_fails_are_muted = True
-    critical_severity_pass = 0
-    critical_severity_fail = 0
-    high_severity_pass = 0
-    high_severity_fail = 0
-    medium_severity_pass = 0
-    medium_severity_fail = 0
-    low_severity_pass = 0
-    low_severity_fail = 0

    for finding in findings:
        # Save the resource_id
        resources.add(finding.resource_id)

        if finding.status == "PASS":
-            if finding.check_metadata.Severity == "critical":
-                critical_severity_pass += 1
-            if finding.check_metadata.Severity == "high":
-                high_severity_pass += 1
-            if finding.check_metadata.Severity == "medium":
-                medium_severity_pass += 1
-            if finding.check_metadata.Severity == "low":
-                low_severity_pass += 1
            total_pass += 1
            findings_count += 1
            if finding.muted is True:
                muted_pass += 1

        if finding.status == "FAIL":
-            if finding.check_metadata.Severity == "critical":
-                critical_severity_fail += 1
-            if finding.check_metadata.Severity == "high":
-                high_severity_fail += 1
-            if finding.check_metadata.Severity == "medium":
-                medium_severity_fail += 1
-            if finding.check_metadata.Severity == "low":
-                low_severity_fail += 1
            total_fail += 1
            findings_count += 1
            if finding.muted is True:
@@ -158,14 +121,6 @@ def extract_findings_statistics(findings: list) -> dict:
    stats["total_muted_fail"] = muted_fail
    stats["resources_count"] = len(resources)
    stats["findings_count"] = findings_count
-    stats["total_critical_severity_fail"] = critical_severity_fail
-    stats["total_critical_severity_pass"] = critical_severity_pass
-    stats["total_high_severity_fail"] = high_severity_fail
-    stats["total_high_severity_pass"] = high_severity_pass
-    stats["total_medium_severity_fail"] = medium_severity_fail
-    stats["total_medium_severity_pass"] = medium_severity_pass
-    stats["total_low_severity_fail"] = medium_severity_fail
-    stats["total_low_severity_pass"] = medium_severity_pass
    stats["all_fails_are_muted"] = all_fails_are_muted

    return stats
--- a/prowler/lib/outputs/slack/slack.py
+++ b/prowler/lib/outputs/slack/slack.py
@@ -121,19 +121,6 @@ class Slack:
                        "text": f"\n:white_check_mark: *{stats['total_pass']} Passed findings* ({round(stats['total_pass'] / stats['findings_count'] * 100 , 2)}%)\n",
                    },
                },
-                {
-                    "type": "section",
-                    "text": {
-                        "type": "mrkdwn",
-                        "text": (
-                            "*Severities:*\n"
-                            f"• *Critical:* {stats['total_critical_severity_pass']} "
-                            f"• *High:* {stats['total_high_severity_pass']} "
-                            f"• *Medium:* {stats['total_medium_severity_pass']} "
-                            f"• *Low:* {stats['total_low_severity_pass']}"
-                        ),
-                    },
-                },
                {
                    "type": "section",
                    "text": {
@@ -141,19 +128,6 @@ class Slack:
                        "text": f"\n:x: *{stats['total_fail']} Failed findings* ({round(stats['total_fail'] / stats['findings_count'] * 100 , 2)}%)\n ",
                    },
                },
-                {
-                    "type": "section",
-                    "text": {
-                        "type": "mrkdwn",
-                        "text": (
-                            "*Severities:*\n"
-                            f"• *Critical:* {stats['total_critical_severity_fail']} "
-                            f"• *High:* {stats['total_high_severity_fail']} "
-                            f"• *Medium:* {stats['total_medium_severity_fail']} "
-                            f"• *Low:* {stats['total_low_severity_fail']}"
-                        ),
-                    },
-                },
                {
                    "type": "section",
                    "text": {
--- a/prowler/lib/scan/scan.py
+++ b/prowler/lib/scan/scan.py
@@ -1,6 +1,6 @@
 from typing import Generator

-from prowler.lib.check.check import execute, import_check, update_audit_metadata
+from prowler.lib.check.check import execute, update_audit_metadata
 from prowler.lib.logger import logger
 from prowler.lib.outputs.finding import Finding
 from prowler.providers.common.models import Audit_Metadata
@@ -99,24 +99,13 @@ class Scan:
                try:
                    # Recover service from check name
                    service = get_service_name_from_check_name(check_name)
-                    try:
-                        # Import check module
-                        check_module_path = f"prowler.providers.{self._provider.type}.services.{service}.{check_name}.{check_name}"
-                        lib = import_check(check_module_path)
-                        # Recover functions from check
-                        check_to_execute = getattr(lib, check_name)
-                        check = check_to_execute()
-                    except ModuleNotFoundError:
-                        logger.error(
-                            f"Check '{check_name}' was not found for the {self._provider.type.upper()} provider"
-                        )
-                        continue
+
                    # Execute the check
                    check_findings = execute(
-                        check,
+                        service,
+                        check_name,
                        self._provider,
                        custom_checks_metadata,
-                        output_options=None,
                    )

                    # Store findings
@@ -142,9 +131,7 @@ class Scan:
                    )

                    findings = [
-                        Finding.generate_output(
-                            self._provider, finding, output_options=None
-                        )
+                        Finding.generate_output(self._provider, finding)
                        for finding in check_findings
                    ]

--- a/prowler/lib/utils/utils.py
+++ b/prowler/lib/utils/utils.py
@@ -133,7 +133,7 @@ def detect_secrets_scan(
                {"name": "SoftlayerDetector"},
                {"name": "SquareOAuthDetector"},
                {"name": "StripeDetector"},
-                {"name": "TelegramBotTokenDetector"},
+                # {"name": "TelegramBotTokenDetector"}, https://github.com/Yelp/detect-secrets/pull/878
                {"name": "TwilioKeyDetector"},
            ],
            "filters_used": [
--- a/prowler/providers/aws/aws_provider.py
+++ b/prowler/providers/aws/aws_provider.py
@@ -13,8 +13,13 @@ from colorama import Fore, Style
 from pytz import utc
 from tzlocal import get_localzone

-from prowler.config.config import aws_services_json_file, get_default_mute_file_path
-from prowler.lib.check.utils import list_modules, recover_checks_from_service
+from prowler.config.config import (
+    aws_services_json_file,
+    get_default_mute_file_path,
+    load_and_validate_config_file,
+    load_and_validate_fixer_config_file,
+)
+from prowler.lib.check.check import list_modules, recover_checks_from_service
 from prowler.lib.logger import logger
 from prowler.lib.utils.utils import open_file, parse_json_file, print_boxes
 from prowler.providers.aws.config import (
@@ -52,6 +57,7 @@ from prowler.providers.aws.models import (
    AWSIdentityInfo,
    AWSMFAInfo,
    AWSOrganizationsInfo,
+    AWSOutputOptions,
    AWSSession,
 )
 from prowler.providers.common.models import Audit_Metadata, Connection
@@ -67,6 +73,7 @@ class AwsProvider(Provider):
    _audit_config: dict
    _scan_unused_services: bool = False
    _enabled_regions: set = set()
+    _output_options: AWSOutputOptions
    # TODO: this is not optional, enforce for all providers
    audit_metadata: Audit_Metadata

@@ -84,8 +91,8 @@ class AwsProvider(Provider):
        scan_unused_services: bool = None,
        resource_tags: list[str] = [],
        resource_arn: list[str] = [],
-        audit_config: dict = {},
-        fixer_config: dict = {},
+        config_file: str = None,
+        fixer_config: str = None,
    ):
        """
        Initializes the AWS provider.
@@ -103,8 +110,8 @@ class AwsProvider(Provider):
            - scan_unused_services: A boolean indicating whether to scan unused services.
            - resource_tags: A list of tags to filter the resources to audit.
            - resource_arn: A list of ARNs of the resources to audit.
-            - audit_config: The audit configuration.
-            - fixer_config: The fixer configuration.
+            - config_file: The path to the configuration file.
+            - fixer_config: The path to the fixer configuration

        Raises:
            - ArgumentTypeError: If the input MFA ARN is invalid.
@@ -263,12 +270,16 @@ class AwsProvider(Provider):
        # Set ignore unused services
        self._scan_unused_services = scan_unused_services

+        # TODO: move this to the providers, pending for AWS, GCP, AZURE and K8s
        # Audit Config
-        self._audit_config = audit_config
-        # Fixer Config
-        self._fixer_config = fixer_config
-
-        Provider.set_global_provider(self)
+        self._audit_config = {}
+        if config_file:
+            self._audit_config = load_and_validate_config_file(self._type, config_file)
+        self._fixer_config = {}
+        if fixer_config:
+            self._fixer_config = load_and_validate_fixer_config_file(
+                self._type, fixer_config
+            )

    @property
    def identity(self):
@@ -302,6 +313,17 @@ class AwsProvider(Provider):
    def fixer_config(self):
        return self._fixer_config

+    @property
+    def output_options(self):
+        return self._output_options
+
+    @output_options.setter
+    def output_options(self, options: tuple):
+        arguments, bulk_checks_metadata = options
+        self._output_options = AWSOutputOptions(
+            arguments, bulk_checks_metadata, self._identity
+        )
+
    @property
    def mutelist(self) -> AWSMutelist:
        """
--- a/prowler/providers/aws/aws_regions_by_service.json
+++ b/prowler/providers/aws/aws_regions_by_service.json
@@ -174,8 +174,6 @@
      "regions": {
        "aws": [
          "ap-south-1",
-          "ap-southeast-2",
-          "eu-west-2",
          "us-east-1",
          "us-east-2",
          "us-west-2"
@@ -223,7 +221,6 @@
          "ca-central-1",
          "eu-central-1",
          "eu-north-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "sa-east-1",
@@ -620,7 +617,6 @@
          "ap-southeast-3",
          "ap-southeast-4",
          "ca-central-1",
-          "ca-west-1",
          "eu-central-1",
          "eu-central-2",
          "eu-north-1",
@@ -671,10 +667,8 @@
          "ap-southeast-3",
          "ca-central-1",
          "eu-central-1",
-          "eu-central-2",
          "eu-north-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -1263,7 +1257,6 @@
      "regions": {
        "aws": [
          "ap-northeast-1",
-          "ap-northeast-2",
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
@@ -1274,7 +1267,6 @@
          "eu-west-3",
          "sa-east-1",
          "us-east-1",
-          "us-east-2",
          "us-west-2"
        ],
        "aws-cn": [],
@@ -1879,7 +1871,6 @@
          "eu-central-1",
          "eu-north-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -2228,6 +2219,27 @@
        ]
      }
    },
+    "codestar": {
+      "regions": {
+        "aws": [
+          "ap-northeast-1",
+          "ap-northeast-2",
+          "ap-southeast-1",
+          "ap-southeast-2",
+          "ca-central-1",
+          "eu-central-1",
+          "eu-north-1",
+          "eu-west-1",
+          "eu-west-2",
+          "us-east-1",
+          "us-east-2",
+          "us-west-1",
+          "us-west-2"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
    "codestar-connections": {
      "regions": {
        "aws": [
@@ -3175,7 +3187,6 @@
    "docdb": {
      "regions": {
        "aws": [
-          "af-south-1",
          "ap-east-1",
          "ap-northeast-1",
          "ap-northeast-2",
@@ -3186,7 +3197,6 @@
          "ca-central-1",
          "eu-central-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -3576,7 +3586,6 @@
          "ap-southeast-2",
          "ap-southeast-3",
          "ap-southeast-4",
-          "ap-southeast-5",
          "ca-central-1",
          "ca-west-1",
          "eu-central-1",
@@ -4952,6 +4961,15 @@
        ]
      }
    },
+    "honeycode": {
+      "regions": {
+        "aws": [
+          "us-west-2"
+        ],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
    "iam": {
      "regions": {
        "aws": [
@@ -6821,7 +6839,6 @@
          "ap-northeast-2",
          "ap-northeast-3",
          "ap-south-1",
-          "ap-south-2",
          "ap-southeast-1",
          "ap-southeast-2",
          "ap-southeast-4",
@@ -6831,7 +6848,6 @@
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
-          "me-central-1",
          "sa-east-1",
          "us-east-1",
          "us-east-2",
@@ -6928,7 +6944,6 @@
          "eu-central-1",
          "eu-north-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -7207,11 +7222,9 @@
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
-          "ap-southeast-3",
          "ca-central-1",
          "eu-central-1",
          "eu-north-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -7516,13 +7529,11 @@
      "regions": {
        "aws": [
          "ap-northeast-1",
-          "ap-northeast-2",
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
          "ca-central-1",
          "eu-central-1",
-          "eu-central-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -7533,7 +7544,6 @@
        ],
        "aws-cn": [],
        "aws-us-gov": [
-          "us-gov-east-1",
          "us-gov-west-1"
        ]
      }
@@ -7695,7 +7705,6 @@
          "eu-central-1",
          "eu-north-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -8441,22 +8450,12 @@
    "redshift-serverless": {
      "regions": {
        "aws": [
-          "ap-east-1",
-          "ap-northeast-1",
-          "ap-northeast-2",
          "ap-south-1",
-          "ap-southeast-1",
-          "ap-southeast-2",
          "ap-southeast-3",
          "ca-central-1",
-          "eu-central-1",
          "eu-central-2",
-          "eu-north-1",
          "eu-south-2",
-          "eu-west-1",
-          "eu-west-2",
          "eu-west-3",
-          "il-central-1",
          "me-central-1",
          "sa-east-1",
          "us-east-1",
@@ -9467,7 +9466,6 @@
          "ap-southeast-2",
          "ap-southeast-3",
          "ap-southeast-4",
-          "ap-southeast-5",
          "ca-central-1",
          "ca-west-1",
          "eu-central-1",
@@ -10151,22 +10149,16 @@
          "ap-northeast-2",
          "ap-northeast-3",
          "ap-south-1",
-          "ap-south-2",
          "ap-southeast-1",
          "ap-southeast-2",
          "ap-southeast-3",
-          "ap-southeast-4",
          "ca-central-1",
          "eu-central-1",
-          "eu-central-2",
          "eu-north-1",
          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
-          "il-central-1",
-          "me-central-1",
          "me-south-1",
          "sa-east-1",
          "us-east-1",
@@ -10566,16 +10558,12 @@
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
-          "ap-southeast-3",
          "ca-central-1",
          "eu-central-1",
          "eu-north-1",
-          "eu-south-1",
-          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
-          "me-central-1",
          "us-east-1",
          "us-east-2",
          "us-west-2"
@@ -10977,10 +10965,8 @@
      "regions": {
        "aws": [
          "af-south-1",
-          "ap-east-1",
          "ap-northeast-1",
          "ap-northeast-2",
-          "ap-northeast-3",
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
@@ -10991,7 +10977,6 @@
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
-          "me-south-1",
          "sa-east-1",
          "us-east-1",
          "us-east-2",
--- a/prowler/providers/aws/lib/policy_condition_parser/init.py
+++ b/prowler/providers/aws/lib/policy_condition_parser/init.py
--- a/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
+++ b/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
@@ -0,0 +1,157 @@
+def is_condition_block_restrictive(
+    condition_statement: dict,
+    source_account: str,
+    is_cross_account_allowed=False,
+):
+    """
+    is_condition_block_restrictive parses the IAM Condition policy block and, by default, returns True if the source_account passed as argument is within, False if not.
+
+    If argument is_cross_account_allowed is True it tests if the Condition block includes any of the operators allowlisted returning True if does, False if not.
+
+
+    @param condition_statement: dict with an IAM Condition block, e.g.:
+        {
+            "StringLike": {
+                "AWS:SourceAccount": 111122223333
+            }
+        }
+
+    @param source_account: str with a 12-digit AWS Account number, e.g.: 111122223333
+
+    @param is_cross_account_allowed: bool to allow cross-account access, e.g.: True
+
+    """
+    is_condition_valid = False
+
+    # The conditions must be defined in lowercase since the context key names are not case-sensitive.
+    # For example, including the aws:SourceAccount context key is equivalent to testing for AWS:SourceAccount
+    # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
+    valid_condition_options = {
+        "StringEquals": [
+            "aws:sourceaccount",
+            "aws:sourceowner",
+            "s3:resourceaccount",
+            "aws:principalaccount",
+            "aws:resourceaccount",
+            "aws:sourcearn",
+            "aws:sourcevpc",
+            "aws:sourcevpce",
+        ],
+        "StringLike": [
+            "aws:sourceaccount",
+            "aws:sourceowner",
+            "aws:sourcearn",
+            "aws:principalarn",
+            "aws:resourceaccount",
+            "aws:principalaccount",
+            "aws:sourcevpc",
+            "aws:sourcevpce",
+        ],
+        "ArnLike": ["aws:sourcearn", "aws:principalarn"],
+        "ArnEquals": ["aws:sourcearn", "aws:principalarn"],
+    }
+
+    for condition_operator, condition_operator_key in valid_condition_options.items():
+        if condition_operator in condition_statement:
+            for value in condition_operator_key:
+                # We need to transform the condition_statement into lowercase
+                condition_statement[condition_operator] = {
+                    k.lower(): v
+                    for k, v in condition_statement[condition_operator].items()
+                }
+
+                if value in condition_statement[condition_operator]:
+                    # values are a list
+                    if isinstance(
+                        condition_statement[condition_operator][value],
+                        list,
+                    ):
+                        is_condition_key_restrictive = True
+                        # if cross account is not allowed check for each condition block looking for accounts
+                        # different than default
+                        if not is_cross_account_allowed:
+                            # if there is an arn/account without the source account -> we do not consider it safe
+                            # here by default we assume is true and look for false entries
+                            for item in condition_statement[condition_operator][value]:
+                                if source_account not in item:
+                                    is_condition_key_restrictive = False
+                                    break
+
+                        if is_condition_key_restrictive:
+                            is_condition_valid = True
+
+                    # value is a string
+                    elif isinstance(
+                        condition_statement[condition_operator][value],
+                        str,
+                    ):
+                        if is_cross_account_allowed:
+                            is_condition_valid = True
+                        else:
+                            if (
+                                source_account
+                                in condition_statement[condition_operator][value]
+                            ):
+                                is_condition_valid = True
+
+    return is_condition_valid
+
+
+def is_condition_block_restrictive_organization(
+    condition_statement: dict,
+):
+    """
+    is_condition_block_restrictive_organization parses the IAM Condition policy block and returns True if the condition_statement is restrictive for the organization, False if not.
+
+    @param condition_statement: dict with an IAM Condition block, e.g.:
+        {
+            "StringLike": {
+                "AWS:PrincipalOrgID": "o-111122223333"
+            }
+        }
+
+    """
+    is_condition_valid = False
+
+    # The conditions must be defined in lowercase since the context key names are not case-sensitive.
+    # For example, including the aws:PrincipalOrgID context key is equivalent to testing for AWS:PrincipalOrgID
+    # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
+    valid_condition_options = {
+        "StringEquals": [
+            "aws:principalorgid",
+        ],
+        "StringLike": [
+            "aws:principalorgid",
+        ],
+    }
+
+    for condition_operator, condition_operator_key in valid_condition_options.items():
+        if condition_operator in condition_statement:
+            for value in condition_operator_key:
+                # We need to transform the condition_statement into lowercase
+                condition_statement[condition_operator] = {
+                    k.lower(): v
+                    for k, v in condition_statement[condition_operator].items()
+                }
+
+                if value in condition_statement[condition_operator]:
+                    # values are a list
+                    if isinstance(
+                        condition_statement[condition_operator][value],
+                        list,
+                    ):
+                        is_condition_valid = True
+                        for item in condition_statement[condition_operator][value]:
+                            if item == "*":
+                                is_condition_valid = False
+                                break
+
+                    # value is a string
+                    elif isinstance(
+                        condition_statement[condition_operator][value],
+                        str,
+                    ):
+                        if "*" not in condition_statement[condition_operator][value]:
+                            is_condition_valid = True
+
+    return is_condition_valid
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has client certificate enabled to access your backend endpoint.",
  "Risk": "Possible man in the middle attacks and other similar risks.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has logging enabled.",
  "Risk": "If not enabled, monitoring of service use is not possible. Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.py
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.py
@@ -15,7 +15,7 @@ class apigateway_restapi_public(Check):
            report.resource_tags = rest_api.tags
            if rest_api.public_endpoint:
                report.status = "FAIL"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} is internet accessible."
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} is internet accesible."
            else:
                report.status = "PASS"
                report.status_extended = (
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json
@@ -12,7 +12,7 @@
  "SubServiceName": "rest_api",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsApiGatewayRestApi",
+  "ResourceType": "AwsApiGatewayStage",
  "Description": "Check if API Gateway Stage has a WAF ACL attached.",
  "Risk": "Potential attacks and / or abuse of service, more even for even for internet reachable services.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure default Internet Access from your Amazon AppStream fleet streaming instances should remain unchecked.",
  "Risk": "Default Internet Access from your fleet streaming instances should be controlled using a NAT gateway in the VPC.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure user maximum session duration is no longer than 10 hours.",
  "Risk": "Having a session duration lasting longer than 10 hours should not be necessary and if running for any malicious reasons provides a greater time for usage than should be allowed.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure session disconnect timeout is set to 5 minutes or less",
  "Risk": "Disconnect timeout in minutes, is the amount of of time that a streaming session remains active after users disconnect.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json
+++ b/prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:appstream:region:account-id:fleet/resource-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AppStream",
  "Description": "Ensure session idle disconnect timeout is set to 10 minutes or less.",
  "Risk": "Idle disconnect timeout in minutes is the amount of time that users can be inactive before they are disconnected from their streaming session and the Disconnect timeout in minutes time begins.",
  "RelatedUrl": "https://docs.aws.amazon.com/appstream2/latest/developerguide/set-up-stacks-fleets.html",
--- a/prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json
+++ b/prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsAthenaWorkGroup",
+  "ResourceType": "WorkGroup",
  "Description": "Ensure that encryption at rest is enabled for Amazon Athena query results stored in Amazon S3 in order to secure data and meet compliance requirements for data-at-rest encryption.",
  "Risk": "If not enabled sensitive information at rest is not protected.",
  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/encryption.html",
--- a/prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json
+++ b/prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:athena:region:account-id:workgroup/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsAthenaWorkGroup",
+  "ResourceType": "WorkGroup",
  "Description": "Ensure that workgroup configuration is enforced so it cannot be overriden by client-side settings.",
  "Risk": "If workgroup configuration is not enforced security settings like encryption can be overriden by client-side settings.",
  "RelatedUrl": "https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html",
--- a/prowler/providers/aws/services/autoscaling/applicationautoscaling_client.py
+++ b/prowler/providers/aws/services/autoscaling/applicationautoscaling_client.py
@@ -1,6 +0,0 @@
-from prowler.providers.aws.services.autoscaling.autoscaling_service import (
-    ApplicationAutoScaling,
-)
-from prowler.providers.common.provider import Provider
-
-applicationautoscaling_client = ApplicationAutoScaling(Provider.get_global_provider())
--- a/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "autoscaling_find_secrets_ec2_launch_configuration",
-  "CheckTitle": "[DEPRECATED] Find secrets in EC2 Auto Scaling Launch Configuration",
+  "CheckTitle": "Find secrets in EC2 Auto Scaling Launch Configuration",
  "CheckType": [
    "IAM"
  ],
@@ -9,8 +9,8 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:autoscaling:region:account-id:autoScalingGroupName/resource-name",
  "Severity": "critical",
-  "ResourceType": "AwsAutoScalingLaunchConfiguration",
-  "Description": "[DEPRECATED] Find secrets in EC2 Auto Scaling Launch Configuration",
+  "ResourceType": "Other",
+  "Description": "Find secrets in EC2 Auto Scaling Launch Configuration",
  "Risk": "The use of a hard-coded password increases the possibility of password guessing.  If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "",
  "Remediation": {
--- a/prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json
@@ -7,7 +7,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:autoscaling:region:account-id:autoScalingGroupName/resource-name",
  "Severity": "medium",
-  "ResourceType": "AwsAutoScalingAutoScalingGroup",
+  "ResourceType": "Other",
  "Description": "EC2 Auto Scaling Group should use multiple Availability Zones",
  "Risk": "In case of a failure in a single Availability Zone, the Auto Scaling Group will not be able to launch new instances to replace the failed ones.",
  "RelatedUrl": "https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html",
--- a/prowler/providers/aws/services/autoscaling/autoscaling_service.py
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_service.py
@@ -5,6 +5,7 @@ from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService


+################## AutoScaling
 class AutoScaling(AWSService):
    def __init__(self, provider):
        # Call AWSService's __init__
@@ -73,49 +74,6 @@ class AutoScaling(AWSService):
            )


-# Global list for service namespaces needed for Describe Scalable Targets
-SERVICE_NAMESPACES = ["dynamodb"]
-
-
-class ApplicationAutoScaling(AWSService):
-    def __init__(self, provider):
-        super().__init__("application-autoscaling", provider)
-        self.scalable_targets = []
-        self.__threading_call__(self._describe_scalable_targets)
-
-    def _describe_scalable_targets(self, regional_client):
-        logger.info("ApplicationAutoScaling - Describing Scalable Targets...")
-        try:
-            describe_scalable_targets_paginator = regional_client.get_paginator(
-                "describe_scalable_targets"
-            )
-            for service_namespace in SERVICE_NAMESPACES:
-                logger.info(f"Processing ServiceNamespace: {service_namespace}")
-                for page in describe_scalable_targets_paginator.paginate(
-                    ServiceNamespace=service_namespace
-                ):
-                    for target in page.get("ScalableTargets", []):
-                        if not self.audit_resources or (
-                            is_resource_filtered(
-                                target["ScalableTargetARN"],
-                                self.audit_resources,
-                            )
-                        ):
-                            self.scalable_targets.append(
-                                ScalableTarget(
-                                    arn=target.get("ScalableTargetARN", ""),
-                                    resource_id=target.get("ResourceId"),
-                                    service_namespace=target.get("ServiceNamespace"),
-                                    scalable_dimension=target.get("ScalableDimension"),
-                                    region=regional_client.region,
-                                )
-                            )
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-
 class LaunchConfiguration(BaseModel):
    arn: str
    name: str
@@ -130,11 +88,3 @@ class Group(BaseModel):
    region: str
    availability_zones: list
    tags: list = []
-
-
-class ScalableTarget(BaseModel):
-    arn: str
-    resource_id: str
-    service_namespace: str
-    scalable_dimension: str
-    region: str
--- a/prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.py
@@ -13,20 +13,14 @@ class awslambda_function_inside_vpc(Check):
            report.resource_id = function.name
            report.resource_arn = function_arn
            report.resource_tags = function.tags
-            report.status = "PASS"
+            report.status = "FAIL"
            report.status_extended = (
-                f"Lambda function {function.name} is inside of VPC {function.vpc_id}"
+                f"Lambda function {function.name} is not inside a VPC"
            )

-            if not function.vpc_id:
-                awslambda_client.set_failed_check(
-                    self.__class__.__name__,
-                    function_arn,
-                )
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"Lambda function {function.name} is not inside a VPC"
-                )
+            if function.vpc_id:
+                report.status = "PASS"
+                report.status_extended = f"Lambda function {function.name} is inside of VPC {function.vpc_id}"

            findings.append(report)

--- a/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.py
@@ -28,8 +28,7 @@ class awslambda_function_invoke_api_operations_cloudtrail_logging_enabled(Check)
                            for resource in data_event.event_selector["DataResources"]:
                                if resource["Type"] == "AWS::Lambda::Function" and (
                                    function.arn in resource["Values"]
-                                    or f"arn:{awslambda_client.audited_partition}:lambda"
-                                    in resource["Values"]
+                                    or "arn:aws:lambda" in resource["Values"]
                                ):
                                    lambda_recorded_cloudtrail = True
                                    break
--- a/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
@@ -1,6 +1,5 @@
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.awslambda.awslambda_client import awslambda_client
-from prowler.providers.aws.services.iam.lib.policy import is_policy_public


 class awslambda_function_not_publicly_accessible(Check):
@@ -15,11 +14,37 @@ class awslambda_function_not_publicly_accessible(Check):

            report.status = "PASS"
            report.status_extended = f"Lambda function {function.name} has a policy resource-based policy not public."
-            if is_policy_public(
-                function.policy,
-                awslambda_client.audited_account,
-                is_cross_account_allowed=True,
-            ):
+
+            public_access = False
+            if function.policy:
+                for statement in function.policy["Statement"]:
+                    # Only check allow statements
+                    if statement["Effect"] == "Allow" and (
+                        "*" in statement["Principal"]
+                        or (
+                            isinstance(statement["Principal"], dict)
+                            and (
+                                "*" in statement["Principal"].get("AWS", "")
+                                or "*"
+                                in statement["Principal"].get("CanonicalUser", "")
+                                or (  # Check if function can be invoked by other AWS services
+                                    (
+                                        ".amazonaws.com"
+                                        in statement["Principal"].get("Service", "")
+                                    )
+                                    and (
+                                        "*" in statement.get("Action", "")
+                                        or "InvokeFunction"
+                                        in statement.get("Action", "")
+                                    )
+                                )
+                            )
+                        )
+                    ):
+                        public_access = True
+                        break
+
+            if public_access:
                report.status = "FAIL"
                report.status_extended = f"Lambda function {function.name} has a policy resource-based policy with public access."

--- a/prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json
@@ -1,30 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "awslambda_function_vpc_multi_az",
-  "CheckTitle": "Check if AWS Lambda Function VPC is deployed Across Multiple Availability Zones",
-  "CheckType": [],
-  "ServiceName": "lambda",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:lambda:region:account-id:function/function-name",
-  "Severity": "medium",
-  "ResourceType": "AwsLambdaFunction",
-  "Description": "This control checks whether an AWS Lambda function connected to a VPC operates in at least the specified number of Availability Zones (AZs). A failure occurs if the function does not operate in the required number of AZs, which by default is two.",
-  "Risk": "A Lambda function not deployed across multiple AZs increases the risk of a single point of failure, which can result in a complete disruption of the function's operations if an AZ becomes unavailable.",
-  "RelatedUrl": "https://docs.aws.amazon.com/lambda/latest/operatorguide/networking-vpc.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-5",
-      "Terraform": ""
-    },
-    "Recommendation": {
-      "Text": "Ensure that your AWS Lambda functions connected to a VPC are distributed across multiple Availability Zones (AZs) to enhance availability and resilience.",
-      "Url": "https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.py
@@ -1,48 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.awslambda.awslambda_client import awslambda_client
-from prowler.providers.aws.services.awslambda.awslambda_function_inside_vpc.awslambda_function_inside_vpc import (
-    awslambda_function_inside_vpc,
-)
-from prowler.providers.aws.services.vpc.vpc_client import vpc_client
-
-
-class awslambda_function_vpc_multi_az(Check):
-    def execute(self) -> list[Check_Report_AWS]:
-        findings = []
-        LAMBDA_MIN_AZS = awslambda_client.audit_config.get("lambda_min_azs", 2)
-        for function_arn, function in awslambda_client.functions.items():
-            # only proceed if check "awslambda_function_inside_vpc" did not run or did not FAIL to avoid to report that the function is not inside a VPC twice
-            if not awslambda_client.is_failed_check(
-                awslambda_function_inside_vpc.__name__,
-                function_arn,
-            ):
-                report = Check_Report_AWS(self.metadata())
-                report.region = function.region
-                report.resource_id = function.name
-                report.resource_arn = function_arn
-                report.resource_tags = function.tags
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"Lambda function {function.name} is not inside a VPC."
-                )
-
-                if function.vpc_id:
-                    function_availability_zones = {
-                        getattr(
-                            vpc_client.vpc_subnets.get(subnet_id),
-                            "availability_zone",
-                            None,
-                        )
-                        for subnet_id in function.subnet_ids
-                        if subnet_id in vpc_client.vpc_subnets
-                    }
-
-                    if len(function_availability_zones) >= LAMBDA_MIN_AZS:
-                        report.status = "PASS"
-                        report.status_extended = f"Lambda function {function.name} is inside of VPC {function.vpc_id} that spans in at least {LAMBDA_MIN_AZS} AZs: {', '.join(function_availability_zones)}."
-                    else:
-                        report.status_extended = f"Lambda function {function.name} is inside of VPC {function.vpc_id} that spans only in {len(function_availability_zones)} AZs: {', '.join(function_availability_zones)}. Must span in at least {LAMBDA_MIN_AZS} AZs."
-
-                findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/awslambda/awslambda_service.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_service.py
@@ -44,7 +44,6 @@ class Lambda(AWSService):
                            arn=lambda_arn,
                            security_groups=vpc_config.get("SecurityGroupIds", []),
                            vpc_id=vpc_config.get("VpcId"),
-                            subnet_ids=set(vpc_config.get("SubnetIds", [])),
                            region=regional_client.region,
                        )
                        if "Runtime" in function:
@@ -203,5 +202,4 @@ class Function(BaseModel):
    code: LambdaCode = None
    url_config: URLConfig = None
    vpc_id: Optional[str]
-    subnet_ids: Optional[set]
    tags: Optional[list] = []
--- a/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py
+++ b/prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.py
@@ -12,7 +12,6 @@ class backup_plans_exist(Check):
            report.resource_arn = backup_client.backup_plans[0].arn
            report.resource_id = backup_client.backup_plans[0].name
            report.region = backup_client.backup_plans[0].region
-            report.resource_tags = backup_client.backup_plans[0].tags
            findings.append(report)
        elif backup_client.backup_vaults:
            report = Check_Report_AWS(self.metadata())
@@ -21,6 +20,5 @@ class backup_plans_exist(Check):
            report.resource_arn = backup_client.backup_plan_arn_template
            report.resource_id = backup_client.audited_account
            report.region = backup_client.region
-            report.resource_tags = []
            findings.append(report)
        return findings
--- a/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json
+++ b/prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json
@@ -11,7 +11,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:backup-report-plan:backup-report-plan-id",
  "Severity": "low",
-  "ResourceType": "AwsBackupBackupPlan",
+  "ResourceType": "Other",
  "Description": "This check ensures that there is at least one backup report plan in place.",
  "Risk": "Without a backup report plan, an organization may lack visibility into the success or failure of backup operations.",
  "RelatedUrl": "https://docs.aws.amazon.com/aws-backup/latest/devguide/create-report-plan-console.html",
--- a/prowler/providers/aws/services/backup/backup_service.py
+++ b/prowler/providers/aws/services/backup/backup_service.py
@@ -9,6 +9,7 @@ from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService


+################## Backup
 class Backup(AWSService):
    def __init__(self, provider):
        # Call AWSService's __init__
@@ -18,14 +19,10 @@ class Backup(AWSService):
        self.backup_vault_arn_template = f"arn:{self.audited_partition}:backup:{self.region}:{self.audited_account}:backup-vault"
        self.backup_vaults = []
        self.__threading_call__(self._list_backup_vaults)
-        self.__threading_call__(self._list_tags, self.backup_vaults)
        self.backup_plans = []
        self.__threading_call__(self._list_backup_plans)
-        self.__threading_call__(self._list_tags, self.backup_plans)
        self.backup_report_plans = []
        self.__threading_call__(self._list_backup_report_plans)
-        self.protected_resources = []
-        self.__threading_call__(self._list_backup_selections)

    def _list_backup_vaults(self, regional_client):
        logger.info("Backup - Listing Backup Vaults...")
@@ -141,43 +138,6 @@ class Backup(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def _list_backup_selections(self, regional_client):
-        logger.info("Backup - Listing Backup Selections...")
-        try:
-            for backup_plan in self.backup_plans:
-                paginator = regional_client.get_paginator("list_backup_selections")
-                for page in paginator.paginate(BackupPlanId=backup_plan.id):
-                    for selection in page.get("BackupSelectionsList", []):
-                        selection_id = selection.get("SelectionId")
-                        if selection_id:
-                            backup_selection = regional_client.get_backup_selection(
-                                BackupPlanId=backup_plan.id, SelectionId=selection_id
-                            )["BackupSelection"]
-
-                            self.protected_resources.extend(
-                                backup_selection.get("Resources", [])
-                            )
-
-        except ClientError as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
-    def _list_tags(self, resource):
-        try:
-            tags = self.regional_clients[resource.region].list_tags(
-                ResourceArn=resource.arn
-            )["Tags"]
-            resource.tags = [tags] if tags else []
-        except Exception as error:
-            logger.error(
-                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-

 class BackupVault(BaseModel):
    arn: str
@@ -188,7 +148,6 @@ class BackupVault(BaseModel):
    locked: bool
    min_retention_days: int = None
    max_retention_days: int = None
-    tags: Optional[list]


 class BackupPlan(BaseModel):
@@ -199,7 +158,6 @@ class BackupPlan(BaseModel):
    version_id: str
    last_execution_date: Optional[datetime]
    advanced_settings: list
-    tags: Optional[list]


 class BackupReportPlan(BaseModel):
--- a/prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.py
+++ b/prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.py
@@ -16,7 +16,6 @@ class backup_vaults_encrypted(Check):
                report.resource_arn = backup_vault.arn
                report.resource_id = backup_vault.name
                report.region = backup_vault.region
-                report.resource_tags = backup_vault.tags
                # if it is encrypted we only change the status and the status extended
                if backup_vault.encryption:
                    report.status = "PASS"
--- a/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py
+++ b/prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.py
@@ -12,14 +12,12 @@ class backup_vaults_exist(Check):
            report.resource_arn = backup_client.backup_vault_arn_template
            report.resource_id = backup_client.audited_account
            report.region = backup_client.region
-            report.resource_tags = []
            if backup_client.backup_vaults:
                report.status = "PASS"
                report.status_extended = f"At least one backup vault exists: {backup_client.backup_vaults[0].name}."
                report.resource_arn = backup_client.backup_vaults[0].arn
                report.resource_id = backup_client.backup_vaults[0].name
                report.region = backup_client.backup_vaults[0].region
-                report.resource_tags = backup_client.backup_vaults[0].tags

            findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json
@@ -1,32 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_custom_ssl_certificate",
-  "CheckTitle": "CloudFront distributions should use custom SSL/TLS certificates.",
-  "CheckType": [],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "Severity": "medium",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Ensure that your Amazon CloudFront distributions are configured to use a custom SSL/TLS certificate instead of the default one.",
-  "Risk": "Using the default SSL/TLS certificate provided by CloudFront can limit your ability to use custom domain names and may not align with your organization's security policies or branding requirements.",
-  "RelatedUrl": "https://aws.amazon.com/what-is/ssl-certificate/",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "https://docs.prowler.com/checks/aws/networking-policies/ensure-aws-cloudfront-distribution-uses-custom-ssl-certificate/",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-7",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html"
-    },
-    "Recommendation": {
-      "Text": "Configure your CloudFront distributions to use a custom SSL/TLS certificate to enable secure access via your own domain names and meet specific security and branding needs. This allows for more control over encryption and authentication settings.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#CreatingCNAME"
-    }
-  },
-  "Categories": [
-    "encryption"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.py
@@ -1,25 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-
-
-class cloudfront_distributions_custom_ssl_certificate(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-            report.status = "PASS"
-            report.status_extended = f"CloudFront Distribution {distribution.id} is using a custom SSL/TLS certificate."
-
-            if distribution.default_certificate:
-                report.status = "FAIL"
-                report.status_extended = f"CloudFront Distribution {distribution.id} is using the default SSL/TLS certificate."
-
-            findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json
@@ -1,30 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_default_root_object",
-  "CheckTitle": "Check if CloudFront distributions have a default root object.",
-  "CheckType": [],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "high",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if CloudFront distributions have a default root object.",
-  "Risk": "Without a default root object, requests to the root URL may result in an error or expose unintended content, leading to potential security risks and a poor user experience.",
-  "RelatedUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html#DefaultRootObjectHow",
-  "Remediation": {
-    "Code": {
-      "CLI": "aws cloudfront update-distribution --id <distribution-id> --default-root-object <new-root-object>",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-1",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/cloudfront-default-object.html"
-    },
-    "Recommendation": {
-      "Text": "Configure a default root object for your CloudFront distribution to ensure that a specific file (such as index.html) is returned when users access the root URL. This improves user experience and ensures that sensitive content isn't accidentally exposed.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html#DefaultRootObjectHowToDefine"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.py
@@ -1,26 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-
-
-class cloudfront_distributions_default_root_object(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-
-            if distribution.default_root_object:
-                report.status = "PASS"
-                report.status_extended = f"CloudFront Distribution {distribution.id} does have a default root object ({distribution.default_root_object}) configured."
-            else:
-                report.status = "FAIL"
-                report.status_extended = f"CloudFront Distribution {distribution.id} does not have a default root object configured."
-
-            findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json
@@ -1,32 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_https_sni_enabled",
-  "CheckTitle": "Check if CloudFront distributions are using SNI to serve HTTPS requests.",
-  "CheckType": [],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "low",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if CloudFront distributions are using SNI to serve HTTPS requests.",
-  "Risk": "If SNI is not used, CloudFront will allocate a dedicated IP address for each SSL certificate, leading to higher costs and inefficient IP address utilization. This could also complicate scaling and managing multiple distributions, especially if your domain requires multiple SSL certificates.",
-  "RelatedUrl": "https://www.cloudflare.com/es-es/learning/ssl/what-is-sni/",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-8",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/cloudfront-sni.html"
-    },
-    "Recommendation": {
-      "Text": "Ensure that your CloudFront distributions are configured to use Server Name Indication (SNI) when serving HTTPS requests with custom SSL/TLS certificates. This is the recommended approach for reducing costs and optimizing IP address usage.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-https-dedicated-ip-or-sni.html#cnames-https-sni"
-    }
-  },
-  "Categories": [
-    "encryption"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.py
@@ -1,30 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-from prowler.providers.aws.services.cloudfront.cloudfront_service import (
-    SSLSupportMethod,
-)
-
-
-class cloudfront_distributions_https_sni_enabled(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            if distribution.certificate:
-                report = Check_Report_AWS(self.metadata())
-                report.region = distribution.region
-                report.resource_arn = distribution.arn
-                report.resource_id = distribution.id
-                report.resource_tags = distribution.tags
-
-                if distribution.ssl_support_method == SSLSupportMethod.sni_only:
-                    report.status = "PASS"
-                    report.status_extended = f"CloudFront Distribution {distribution.id} is serving HTTPS requests using SNI."
-                else:
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudFront Distribution {distribution.id} is not serving HTTPS requests using SNI."
-
-                findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json
@@ -1,36 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_multiple_origin_failover_configured",
-  "CheckTitle": "Check if CloudFront distributions have origin failover enabled.",
-  "CheckType": [
-    "Software and Configuration Checks",
-    "Industry and Regulatory Standards",
-    "NIST 800-53 Controls"
-  ],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "low",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if CloudFront distributions have origin failover enabled.",
-  "Risk": "Without origin failover, if the primary origin becomes unavailable, your CloudFront distribution may experience downtime, leading to potential service interruptions and a poor user experience.",
-  "RelatedUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_OriginGroup.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-4",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/origin-failover-enabled.html"
-    },
-    "Recommendation": {
-      "Text": "Configure origin failover in your CloudFront distribution by setting up an origin group with at least two origins to enhance availability and ensure traffic is redirected if the primary origin fails.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#concept_origin_groups.creating"
-    }
-  },
-  "Categories": [
-    "redundancy"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.py
@@ -1,25 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-
-
-class cloudfront_distributions_multiple_origin_failover_configured(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-            report.status = "FAIL"
-            report.status_extended = f"CloudFront Distribution {distribution.id} does not have an origin group configured with at least 2 origins."
-
-            if distribution.origin_failover:
-                report.status = "PASS"
-                report.status_extended = f"CloudFront Distribution {distribution.id} has an origin group with at least 2 origins configured."
-
-            findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json
@@ -1,30 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_origin_traffic_encrypted",
-  "CheckTitle": "Check if CloudFront distributions encrypt traffic to custom origins.",
-  "CheckType": [],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "medium",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if CloudFront distributions encrypt traffic to custom origins.",
-  "Risk": "Allowing unencrypted HTTP traffic between CloudFront and custom origins can expose data to potential eavesdropping and manipulation, compromising data security and integrity.",
-  "RelatedUrl": "https://docs.aws.amazon.com/whitepapers/latest/secure-content-delivery-amazon-cloudfront/custom-origin-with-cloudfront.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-9",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/cloudfront-traffic-to-origin-unencrypted.html"
-    },
-    "Recommendation": {
-      "Text": "Configure your CloudFront distributions to require HTTPS (TLS) for traffic to custom origins, ensuring all data transmitted between CloudFront and the origin is encrypted and protected from unauthorized access.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.py
@@ -1,36 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-
-
-class cloudfront_distributions_origin_traffic_encrypted(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-            report.status = "PASS"
-            report.status_extended = f"CloudFront Distribution {distribution.id} does encrypt traffic to custom origins."
-            unencrypted_origins = []
-
-            for origin in distribution.origins:
-                if (
-                    origin.origin_protocol_policy == ""
-                    or origin.origin_protocol_policy == "http-only"
-                ) or (
-                    origin.origin_protocol_policy == "match-viewer"
-                    and distribution.viewer_protocol_policy == "allow-all"
-                ):
-                    unencrypted_origins.append(origin.id)
-
-            if unencrypted_origins:
-                report.status = "FAIL"
-                report.status_extended = f"CloudFront Distribution {distribution.id} does not encrypt traffic to custom origins {', '.join(unencrypted_origins)}."
-
-            findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json
@@ -1,32 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_s3_origin_access_control",
-  "CheckTitle": "Check if CloudFront distributions with S3 origin use OAC.",
-  "CheckType": [
-    "Data Exposure"
-  ],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "medium",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if CloudFront distributions use origin access control.",
-  "Risk": "Without OAC, your S3 bucket could be accessed directly, bypassing CloudFront, which could expose your content to unauthorized access. Additionally, relying on Origin Access Identity (OAI) may limit functionality and security features, making your distribution less secure and more difficult to manage.",
-  "RelatedUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#migrate-from-oai-to-oac",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "https://docs.prowler.com/checks/aws/iam-policies/ensure-aws-cloudfromt-distribution-with-s3-have-origin-access-set-to-enabled/",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-13",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/s3-origin.html"
-    },
-    "Recommendation": {
-      "Text": "Configure Origin Access Control (OAC) for CloudFront distributions that use an Amazon S3 origin. This will ensure that the content in your S3 bucket is accessible only through the specified CloudFront distribution, enhancing security by preventing direct access to the bucket.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html"
-    }
-  },
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.py
@@ -1,35 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-
-
-class cloudfront_distributions_s3_origin_access_control(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-
-            if any(origin.s3_origin_config for origin in distribution.origins):
-                s3_buckets_with_no_oac = []
-                report.status = "PASS"
-                report.status_extended = f"CloudFront Distribution {distribution.id} is using origin access control (OAC) for S3 origins."
-
-                for origin in distribution.origins:
-                    if (
-                        origin.s3_origin_config != {}
-                        and origin.origin_access_control == ""
-                    ):
-                        s3_buckets_with_no_oac.append(origin.id)
-
-                if s3_buckets_with_no_oac:
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudFront Distribution {distribution.id} is not using origin access control (OAC) in S3 origins {', '.join(s3_buckets_with_no_oac)}."
-
-                findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/init.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/init.py
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json
@@ -1,34 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "cloudfront_distributions_s3_origin_non_existent_bucket",
-  "CheckTitle": "CloudFront distributions should not point to non-existent S3 origins.",
-  "CheckType": [
-    "Software and Configuration Checks/Industry and Regulatory Standards/NIST 800-53 Controls"
-  ],
-  "ServiceName": "cloudfront",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:cloudfront:region:account-id:distribution/resource-id",
-  "Severity": "high",
-  "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "This control checks whether Amazon CloudFront distributions are pointing to non-existent Amazon S3 origins. The control fails if the origin is configured to point to a non-existent bucket.",
-  "Risk": "Pointing a CloudFront distribution to a non-existent S3 bucket can allow malicious actors to create the bucket and potentially serve unauthorized content through your distribution, leading to security and integrity issues.",
-  "RelatedUrl": "https://docs.aws.amazon.com/whitepapers/latest/secure-content-delivery-amazon-cloudfront/s3-origin-with-cloudfront.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-12",
-      "Terraform": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/CloudFront/cloudfront-existing-s3-bucket.html"
-    },
-    "Recommendation": {
-      "Text": "Verify that all CloudFront distributions are configured to point to valid, existing S3 buckets. Update the origin settings as needed to ensure that your distributions are linked to appropriate and secure origins.",
-      "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HowToUpdateDistribution.html"
-    }
-  },
-  "Categories": [
-    "trustboundaries"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.py
@@ -1,32 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudfront.cloudfront_client import (
-    cloudfront_client,
-)
-from prowler.providers.aws.services.s3.s3_client import s3_client
-
-
-class cloudfront_distributions_s3_origin_non_existent_bucket(Check):
-    def execute(self):
-        findings = []
-        for distribution in cloudfront_client.distributions.values():
-            report = Check_Report_AWS(self.metadata())
-            report.region = distribution.region
-            report.resource_arn = distribution.arn
-            report.resource_id = distribution.id
-            report.resource_tags = distribution.tags
-            report.status = "PASS"
-            report.status_extended = f"CloudFront Distribution {distribution.id} does not have non-existent S3 buckets as origins."
-            non_existent_buckets = []
-
-            for origin in distribution.origins:
-                bucket_name = origin.domain_name.split(".")[0]
-                if not s3_client._head_bucket(bucket_name):
-                    non_existent_buckets.append(bucket_name)
-
-            if non_existent_buckets:
-                report.status = "FAIL"
-                report.status_extended = f"CloudFront Distribution {distribution.id} has non-existent S3 buckets as origins: {','.join(non_existent_buckets)}."
-
-            findings.append(report)
-
-        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.py
@@ -21,8 +21,10 @@ class cloudfront_distributions_using_deprecated_ssl_protocols(Check):

            bad_ssl_protocol = False
            for origin in distribution.origins:
-                if origin.origin_ssl_protocols:
-                    for ssl_protocol in origin.origin_ssl_protocols:
+                if "CustomOriginConfig" in origin:
+                    for ssl_protocol in origin["CustomOriginConfig"][
+                        "OriginSslProtocols"
+                    ]["Items"]:
                        if ssl_protocol in (
                            OriginsSSLProtocols.SSLv3.value,
                            OriginsSSLProtocols.TLSv1.value,
@@ -30,7 +32,6 @@ class cloudfront_distributions_using_deprecated_ssl_protocols(Check):
                        ):
                            bad_ssl_protocol = True
                            break
-
                if bad_ssl_protocol:
                    report.status = "FAIL"
                    report.status_extended = f"CloudFront Distribution {distribution.id} is using a deprecated SSL protocol."
--- a/prowler/providers/aws/services/cloudfront/cloudfront_service.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_service.py
@@ -8,6 +8,7 @@ from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService


+################## CloudFront
 class CloudFront(AWSService):
    def __init__(self, provider):
        # Call AWSService's __init__
@@ -29,55 +30,12 @@ class CloudFront(AWSService):
                        ):
                            distribution_id = item["Id"]
                            distribution_arn = item["ARN"]
-                            origin_groups = item.get("OriginGroups", {}).get(
-                                "Items", []
-                            )
-                            origin_failover = all(
-                                origin_group.get("Members", {}).get("Quantity", 0) >= 2
-                                for origin_group in origin_groups
-                            )
-                            default_certificate = item["ViewerCertificate"][
-                                "CloudFrontDefaultCertificate"
-                            ]
-                            certificate = item["ViewerCertificate"].get(
-                                "Certificate", ""
-                            )
-                            ssl_support_method = SSLSupportMethod(
-                                item["ViewerCertificate"].get(
-                                    "SSLSupportMethod", "static-ip"
-                                )
-                            )
-                            origins = []
-                            for origin in item.get("Origins", {}).get("Items", []):
-                                origins.append(
-                                    Origin(
-                                        id=origin["Id"],
-                                        domain_name=origin["DomainName"],
-                                        origin_protocol_policy=origin.get(
-                                            "CustomOriginConfig", {}
-                                        ).get("OriginProtocolPolicy", ""),
-                                        origin_ssl_protocols=origin.get(
-                                            "CustomOriginConfig", {}
-                                        )
-                                        .get("OriginSslProtocols", {})
-                                        .get("Items", []),
-                                        origin_access_control=origin.get(
-                                            "OriginAccessControlId", ""
-                                        ),
-                                        s3_origin_config=origin.get(
-                                            "S3OriginConfig", {}
-                                        ),
-                                    )
-                                )
+                            origins = item["Origins"]["Items"]
                            distribution = Distribution(
                                arn=distribution_arn,
                                id=distribution_id,
                                origins=origins,
                                region=region,
-                                origin_failover=origin_failover,
-                                ssl_support_method=ssl_support_method,
-                                default_certificate=default_certificate,
-                                certificate=certificate,
                            )
                            self.distributions[distribution_id] = distribution

@@ -91,7 +49,6 @@ class CloudFront(AWSService):
        try:
            for distribution_id in distributions.keys():
                distribution_config = client.get_distribution_config(Id=distribution_id)
-
                # Global Config
                distributions[distribution_id].logging_enabled = distribution_config[
                    "DistributionConfig"
@@ -106,16 +63,6 @@ class CloudFront(AWSService):
                distributions[distribution_id].web_acl_id = distribution_config[
                    "DistributionConfig"
                ]["WebACLId"]
-                distributions[distribution_id].default_root_object = (
-                    distribution_config["DistributionConfig"].get(
-                        "DefaultRootObject", ""
-                    )
-                )
-                distributions[distribution_id].viewer_protocol_policy = (
-                    distribution_config["DistributionConfig"][
-                        "DefaultCacheBehavior"
-                    ].get("ViewerProtocolPolicy", "")
-                )

                # Default Cache Config
                default_cache_config = DefaultCacheConfigBehaviour(
@@ -177,29 +124,12 @@ class GeoRestrictionType(Enum):
    whitelist = "whitelist"


-class SSLSupportMethod(Enum):
-    """Method types that viewer want to accept HTTPS requests from"""
-
-    static_ip = "static-ip"
-    sni_only = "sni-only"
-    vip = "vip"
-
-
 class DefaultCacheConfigBehaviour(BaseModel):
    realtime_log_config_arn: Optional[str]
    viewer_protocol_policy: ViewerProtocolPolicy
    field_level_encryption_id: str


-class Origin(BaseModel):
-    id: str
-    domain_name: str
-    origin_protocol_policy: str
-    origin_ssl_protocols: list[str]
-    origin_access_control: Optional[str]
-    s3_origin_config: Optional[dict]
-
-
 class Distribution(BaseModel):
    """Distribution holds a CloudFront Distribution resource"""

@@ -209,12 +139,6 @@ class Distribution(BaseModel):
    logging_enabled: bool = False
    default_cache_config: Optional[DefaultCacheConfigBehaviour]
    geo_restriction_type: Optional[GeoRestrictionType]
-    origins: list[Origin]
+    origins: list
    web_acl_id: str = ""
-    default_certificate: Optional[bool]
-    default_root_object: Optional[str]
-    viewer_protocol_policy: Optional[str]
    tags: Optional[list] = []
-    origin_failover: Optional[bool]
-    ssl_support_method: Optional[SSLSupportMethod]
-    certificate: Optional[str]
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "low",
-  "ResourceType": "AwsCloudTrailTrail",
+  "ResourceType": "AwsS3Bucket",
  "Description": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.",
  "Risk": "If logs are not enabled, monitoring of service use and threat analysis is not possible.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "low",
-  "ResourceType": "AwsCloudTrailTrail",
+  "ResourceType": "AwsS3Bucket",
  "Description": "Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account.",
  "Risk": "If logs are not enabled, monitoring of service use and threat analysis is not possible.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.py
@@ -39,30 +39,14 @@ class cloudtrail_threat_detection_enumeration(Check):
                    minutes=threat_detection_minutes,
                ):
                    event_log = json.loads(event_log["CloudTrailEvent"])
-                    if (
-                        "arn" in event_log["userIdentity"]
-                    ):  # Ignore event logs without ARN since they are AWS services
-                        if (
-                            event_log["userIdentity"]["arn"],
-                            event_log["userIdentity"]["type"],
-                        ) not in potential_enumeration:
-                            potential_enumeration[
-                                (
-                                    event_log["userIdentity"]["arn"],
-                                    event_log["userIdentity"]["type"],
-                                )
-                            ] = set()
-                        potential_enumeration[
-                            (
-                                event_log["userIdentity"]["arn"],
-                                event_log["userIdentity"]["type"],
-                            )
-                        ].add(event_name)
-
-        for aws_identity, actions in potential_enumeration.items():
-            identity_threshold = round(len(actions) / len(enumeration_actions), 2)
-            aws_identity_type = aws_identity[1]
-            aws_identity_arn = aws_identity[0]
+                    if ".amazonaws.com" not in event_log["sourceIPAddress"]:
+                        if event_log["sourceIPAddress"] not in potential_enumeration:
+                            potential_enumeration[event_log["sourceIPAddress"]] = set()
+                        potential_enumeration[event_log["sourceIPAddress"]].add(
+                            event_name
+                        )
+        for source_ip, actions in potential_enumeration.items():
+            ip_threshold = round(len(actions) / len(enumeration_actions), 2)
            if len(actions) / len(enumeration_actions) > threshold:
                found_potential_enumeration = True
                report = Check_Report_AWS(self.metadata())
@@ -72,7 +56,7 @@ class cloudtrail_threat_detection_enumeration(Check):
                    cloudtrail_client.region
                )
                report.status = "FAIL"
-                report.status_extended = f"Potential enumeration attack detected from AWS {aws_identity_type} {aws_identity_arn.split('/')[-1]} with an threshold of {identity_threshold}."
+                report.status_extended = f"Potential enumeration attack detected from source IP {source_ip} with an threshold of {ip_threshold}."
                findings.append(report)
        if not found_potential_enumeration:
            report = Check_Report_AWS(self.metadata())
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.py
@@ -40,31 +40,19 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
                    minutes=threat_detection_minutes,
                ):
                    event_log = json.loads(event_log["CloudTrailEvent"])
-                    if (
-                        "arn" in event_log["userIdentity"]
-                    ):  # Ignore event logs without ARN since they are AWS services
+                    if ".amazonaws.com" not in event_log["sourceIPAddress"]:
                        if (
-                            event_log["userIdentity"]["arn"],
-                            event_log["userIdentity"]["type"],
-                        ) not in potential_privilege_escalation:
+                            event_log["sourceIPAddress"]
+                            not in potential_privilege_escalation
+                        ):
                            potential_privilege_escalation[
-                                (
-                                    event_log["userIdentity"]["arn"],
-                                    event_log["userIdentity"]["type"],
-                                )
+                                event_log["sourceIPAddress"]
                            ] = set()
                        potential_privilege_escalation[
-                            (
-                                event_log["userIdentity"]["arn"],
-                                event_log["userIdentity"]["type"],
-                            )
+                            event_log["sourceIPAddress"]
                        ].add(event_name)
-        for aws_identity, actions in potential_privilege_escalation.items():
-            identity_threshold = round(
-                len(actions) / len(privilege_escalation_actions), 2
-            )
-            aws_identity_type = aws_identity[1]
-            aws_identity_arn = aws_identity[0]
+        for source_ip, actions in potential_privilege_escalation.items():
+            ip_threshold = round(len(actions) / len(privilege_escalation_actions), 2)
            if len(actions) / len(privilege_escalation_actions) > threshold:
                found_potential_privilege_escalation = True
                report = Check_Report_AWS(self.metadata())
@@ -74,7 +62,7 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
                    cloudtrail_client.region
                )
                report.status = "FAIL"
-                report.status_extended = f"Potential privilege escalation attack detected from AWS {aws_identity_type} {aws_identity_arn.split('/')[-1]} with an threshold of {identity_threshold}."
+                report.status_extended = f"Potential privilege escalation attack detected from source IP {source_ip} with an threshold of {ip_threshold}."
                findings.append(report)
        if not found_potential_privilege_escalation:
            report = Check_Report_AWS(self.metadata())
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsCloudWatchAlarm",
+  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL).",
  "Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py
@@ -15,24 +15,24 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check):
    def execute(self):
        pattern = r"\$\.eventName\s*=\s*.?CreateNetworkAcl.+\$\.eventName\s*=\s*.?CreateNetworkAclEntry.+\$\.eventName\s*=\s*.?DeleteNetworkAcl.+\$\.eventName\s*=\s*.?DeleteNetworkAclEntry.+\$\.eventName\s*=\s*.?ReplaceNetworkAclEntry.+\$\.eventName\s*=\s*.?ReplaceNetworkAclAssociation.?"
        findings = []
-
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            self.metadata(),
-        )
-
-        if report is not None:
-            if report == Check_Report_AWS(self.metadata()):
-                report.status = "FAIL"
-                report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
-                report.region = logs_client.region
-                report.resource_id = logs_client.audited_account
-                report.resource_arn = logs_client.log_group_arn_template
-                report.resource_tags = []
+        if (
+            cloudtrail_client.trails is not None
+            and logs_client.metric_filters is not None
+            and cloudwatch_client.metric_alarms is not None
+        ):
+            report = Check_Report_AWS(self.metadata())
+            report.status = "FAIL"
+            report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
+            report.region = logs_client.region
+            report.resource_id = logs_client.audited_account
+            report.resource_arn = logs_client.log_group_arn_template
+            report = check_cloudwatch_log_metric_filter(
+                pattern,
+                cloudtrail_client.trails,
+                logs_client.metric_filters,
+                cloudwatch_client.metric_alarms,
+                report,
+            )

            findings.append(report)
-
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsCloudWatchAlarm",
+  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure a log metric filter and alarm exist for changes to network gateways.",
  "Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py
@@ -15,24 +15,24 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check):
    def execute(self):
        pattern = r"\$\.eventName\s*=\s*.?CreateCustomerGateway.+\$\.eventName\s*=\s*.?DeleteCustomerGateway.+\$\.eventName\s*=\s*.?AttachInternetGateway.+\$\.eventName\s*=\s*.?CreateInternetGateway.+\$\.eventName\s*=\s*.?DeleteInternetGateway.+\$\.eventName\s*=\s*.?DetachInternetGateway.?"
        findings = []
-
-        report = check_cloudwatch_log_metric_filter(
-            pattern,
-            cloudtrail_client.trails,
-            logs_client.metric_filters,
-            cloudwatch_client.metric_alarms,
-            self.metadata(),
-        )
-
-        if report is not None:
-            if report == Check_Report_AWS(self.metadata()):
-                report.status = "FAIL"
-                report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
-                report.region = logs_client.region
-                report.resource_id = logs_client.audited_account
-                report.resource_arn = logs_client.log_group_arn_template
-                report.resource_tags = []
+        if (
+            cloudtrail_client.trails is not None
+            and logs_client.metric_filters is not None
+            and cloudwatch_client.metric_alarms is not None
+        ):
+            report = Check_Report_AWS(self.metadata())
+            report.status = "FAIL"
+            report.status_extended = "No CloudWatch log groups found with metric filters or alarms associated."
+            report.region = logs_client.region
+            report.resource_id = logs_client.audited_account
+            report.resource_arn = logs_client.log_group_arn_template
+            report = check_cloudwatch_log_metric_filter(
+                pattern,
+                cloudtrail_client.trails,
+                logs_client.metric_filters,
+                cloudwatch_client.metric_alarms,
+                report,
+            )

            findings.append(report)
-
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
  "Severity": "medium",
-  "ResourceType": "AwsCloudWatchAlarm",
+  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.",
  "Risk": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.",
  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pedrooot	94b740f3a3	fix(security-groups): remove RFC1918 from ec2_securitygroup_allow_wide_open_public_ipv4	2024-09-06 12:38:57 +02:00
pedrooot	4080106e49	docs(unused-services): update docs with sg-check	2024-09-06 10:15:44 +02:00
pedrooot	bf48a71ef7	fix(aws): change check metadata ec2_securitygroup_allow_wide_open_public_ipv4	2024-09-06 10:07:20 +02:00