feat(aws): update regions for AWS services

fix(report): update logic for threatscore (#9348 )
2026-01-25 02:08:11 +00:00 · 2025-12-01 09:04:36 +00:00 · 2025-12-01 09:11:08 +01:00
4 changed files with 22 additions and 46 deletions
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to the **Prowler API** are documented in this file.
 ### Fixed
 - Fix typo in PDF reporting [(#9345)](https://github.com/prowler-cloud/prowler/pull/9345)
 - Fix IaC provider initialization failure when mutelist processor is configured [(#9331)](https://github.com/prowler-cloud/prowler/pull/9331)
+- Match logic for ThreatScore when counting findings [(#9348)](https://github.com/prowler-cloud/prowler/pull/9348)

 ---

--- a/api/src/backend/tasks/jobs/scan.py
+++ b/api/src/backend/tasks/jobs/scan.py
@@ -979,11 +979,14 @@ def _aggregate_findings_by_region(
    findings_count_by_compliance = {}

    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        # Fetch findings with resources in a single efficient query
-        # Use select_related for finding fields and prefetch_related for many-to-many resources
+        # Fetch only PASS/FAIL findings (optimized query reduces data transfer)
+        # Other statuses are not needed for check_status or ThreatScore calculation
        findings = (
            Finding.all_objects.filter(
-                tenant_id=tenant_id, scan_id=scan_id, muted=False
+                tenant_id=tenant_id,
+                scan_id=scan_id,
+                muted=False,
+                status__in=["PASS", "FAIL"],
            )
            .only("id", "check_id", "status", "compliance")
            .prefetch_related(
@@ -1001,6 +1004,8 @@ def _aggregate_findings_by_region(
        )

        for finding in findings:
+            status = finding.status
+
            for resource in finding.small_resources:
                region = resource.region

@@ -1008,7 +1013,7 @@ def _aggregate_findings_by_region(
                current_status = check_status_by_region.setdefault(region, {})
                # Priority: FAIL > any other status
                if current_status.get(finding.check_id) != "FAIL":
-                    current_status[finding.check_id] = finding.status
+                    current_status[finding.check_id] = status

                # Aggregate ThreatScore compliance counts
                if modeled_threatscore_compliance_id in (finding.compliance or {}):
@@ -1023,7 +1028,7 @@ def _aggregate_findings_by_region(
                            requirement_id, {"total": 0, "pass": 0}
                        )
                        requirement_stats["total"] += 1
-                        if finding.status == "PASS":
+                        if status == "PASS":
                            requirement_stats["pass"] += 1

    return check_status_by_region, findings_count_by_compliance
--- a/api/src/backend/tasks/tests/test_scan.py
+++ b/api/src/backend/tasks/tests/test_scan.py
@@ -3338,7 +3338,10 @@ class TestAggregateFindingsByRegion:

        # Verify filter was called with muted=False
        mock_findings_filter.assert_called_once_with(
-            tenant_id=tenant_id, scan_id=scan_id, muted=False
+            tenant_id=tenant_id,
+            scan_id=scan_id,
+            muted=False,
+            status__in=["PASS", "FAIL"],
        )

    @patch("tasks.jobs.scan.Finding.all_objects.filter")
--- a/prowler/providers/aws/aws_regions_by_service.json
+++ b/prowler/providers/aws/aws_regions_by_service.json
@@ -6046,27 +6046,6 @@
        ]
      }
    },
-    "iotfleethub": {
-      "regions": {
-        "aws": [
-          "ap-northeast-1",
-          "ap-northeast-2",
-          "ap-south-1",
-          "ap-southeast-1",
-          "ap-southeast-2",
-          "ca-central-1",
-          "eu-central-1",
-          "eu-north-1",
-          "eu-west-1",
-          "eu-west-2",
-          "us-east-1",
-          "us-east-2",
-          "us-west-2"
-        ],
-        "aws-cn": [],
-        "aws-us-gov": []
-      }
-    },
    "iotfleetwise": {
      "regions": {
        "aws": [
@@ -8091,6 +8070,13 @@
        "aws-us-gov": []
      }
    },
+    "nova-act": {
+      "regions": {
+        "aws": [],
+        "aws-cn": [],
+        "aws-us-gov": []
+      }
+    },
    "oam": {
      "regions": {
        "aws": [
@@ -8922,25 +8908,6 @@
        "aws-us-gov": []
      }
    },
-    "qldb-session": {
-      "regions": {
-        "aws": [
-          "ap-northeast-1",
-          "ap-northeast-2",
-          "ap-southeast-1",
-          "ap-southeast-2",
-          "ca-central-1",
-          "eu-central-1",
-          "eu-west-1",
-          "eu-west-2",
-          "us-east-1",
-          "us-east-2",
-          "us-west-2"
-        ],
-        "aws-cn": [],
-        "aws-us-gov": []
-      }
-    },
    "quicksight": {
      "regions": {
        "aws": [
Author	SHA1	Message	Date
prowler-bot	37d6ab3ff5	feat(aws): update regions for AWS services	2025-12-01 09:04:36 +00:00
Pedro Martín	d3a000cbc4	fix(report): update logic for threatscore (#9348 )	2025-12-01 09:11:08 +01:00