chore(release): 3.13.1

fix(inspector2): Report must have status field (#3419 )
build(deps): bump google-api-python-client from 2.117.0 to 2.118.0 (#3417 )
2026-01-25 02:08:11 +00:00 · 2024-02-20 12:37:18 +00:00 · 2024-02-20 12:58:03 +01:00 · 2024-02-20 10:51:49 +00:00 · 2024-02-20 09:52:19 +00:00 · 2024-02-20 09:50:48 +01:00
713 changed files with 31152 additions and 20016 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,3 +13,8 @@ updates:
    labels:
      - "dependencies"
      - "pip"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    target-branch: master
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -0,0 +1,27 @@
+documentation:
+  - changed-files:
+      - any-glob-to-any-file: "docs/**"
+
+provider/aws:
+  - changed-files:
+      - any-glob-to-any-file: "prowler/providers/aws/**"
+      - any-glob-to-any-file: "tests/providers/aws/**"
+
+provider/azure:
+  - changed-files:
+      - any-glob-to-any-file: "prowler/providers/azure/**"
+      - any-glob-to-any-file: "tests/providers/azure/**"
+
+provider/gcp:
+  - changed-files:
+      - any-glob-to-any-file: "prowler/providers/gcp/**"
+      - any-glob-to-any-file: "tests/providers/gcp/**"
+
+provider/kubernetes:
+  - changed-files:
+      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
+      - any-glob-to-any-file: "tests/providers/kubernetes/**"
+
+github_actions:
+  - changed-files:
+      - any-glob-to-any-file: ".github/workflows/*"
--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/build-lint-push-containers.yml
@@ -32,11 +32,11 @@ jobs:
      POETRY_VIRTUALENVS_CREATE: "false"
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Setup python (release)
        if: github.event_name == 'release'
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -52,13 +52,13 @@ jobs:
          poetry version ${{ github.event.release.tag_name }}

      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -67,11 +67,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
        with:
          push: true
          tags: |
@@ -83,7 +83,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,10 +13,10 @@ name: "CodeQL"

 on:
  push:
-    branches: [ "master", prowler-2, prowler-3.0-dev ]
+    branches: [ "master", "prowler-4.0-dev" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches: [ "master", "prowler-4.0-dev" ]
  schedule:
    - cron: '00 12 * * *'

@@ -37,11 +37,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,6 +52,6 @@ jobs:
        # queries: security-extended,security-and-quality

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -7,11 +7,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.4.4
+        uses: trufflesecurity/trufflehog@v3.67.6
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,16 @@
+name: "Pull Request Labeler"
+
+on:
+    pull_request_target:
+      branches:
+        - "master"
+        - "prowler-4.0-dev"
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -4,21 +4,23 @@ on:
  push:
    branches:
      - "master"
+      - "prowler-4.0-dev"
  pull_request:
    branches:
      - "master"
+      - "prowler-4.0-dev"
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["3.9", "3.10", "3.11"]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v39
+        uses: tj-actions/changed-files@v42
        with:
          files: ./**
          files_ignore: |
@@ -26,6 +28,7 @@ jobs:
            README.md
            docs/**
            permissions/**
+            mkdocs.yml
      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
@@ -33,7 +36,7 @@ jobs:
          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -85,6 +88,6 @@ jobs:
          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -16,7 +16,7 @@ jobs:
    name: Release Prowler to PyPI
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          ref: ${{ env.GITHUB_BRANCH }}
      - name: Install dependencies
@@ -24,7 +24,7 @@ jobs:
          pipx install poetry
          pipx inject poetry poetry-bumpversion
      - name: setup python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
        with:
          python-version: 3.9
          cache: 'poetry'
@@ -44,7 +44,7 @@ jobs:
          poetry publish
      # Create pull request with new version
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
          commit-message: "chore(release): update Prowler Version to ${{ env.RELEASE_TAG }}."
--- a/.github/workflows/refresh_aws_services_regions.yml
+++ b/.github/workflows/refresh_aws_services_regions.yml
@@ -23,12 +23,12 @@ jobs:
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
        with:
          python-version: 3.9 #install the python needed

@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,12 +50,12 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.PROWLER_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services."
          branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low"
+          labels: "status/waiting-for-revision, severity/low, provider/aws"
          title: "chore(regions_update): Changes in regions for AWS services."
          body: |
            ### Description
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
 repos:
  ## GENERAL
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
    hooks:
      - id: check-merge-conflict
      - id: check-yaml
@@ -15,7 +15,7 @@ repos:

  ## TOML
  - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-    rev: v2.10.0
+    rev: v2.12.0
    hooks:
      - id: pretty-format-toml
        args: [--autofix]
@@ -28,7 +28,7 @@ repos:
      - id: shellcheck
  ## PYTHON
  - repo: https://github.com/myint/autoflake
-    rev: v2.2.0
+    rev: v2.2.1
    hooks:
      - id: autoflake
        args:
@@ -39,25 +39,25 @@ repos:
          ]

  - repo: https://github.com/timothycrosley/isort
-    rev: 5.12.0
+    rev: 5.13.2
    hooks:
      - id: isort
        args: ["--profile", "black"]

  - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 24.1.1
    hooks:
      - id: black

  - repo: https://github.com/pycqa/flake8
-    rev: 6.1.0
+    rev: 7.0.0
    hooks:
      - id: flake8
        exclude: contrib
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
-    rev: 1.6.0 # add version here
+    rev: 1.7.0
    hooks:
      - id: poetry-check
      - id: poetry-lock
@@ -80,18 +80,12 @@ repos:
      - id: trufflehog
        name: TruffleHog
        description: Detect secrets in your data.
-        # entry: bash -c 'trufflehog git file://. --only-verified --fail'
+        entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
        # For running trufflehog in docker, use the following entry instead:
-        entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
+        # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
        language: system
        stages: ["commit", "push"]

-      - id: pytest-check
-        name: pytest-check
-        entry: bash -c 'pytest tests -n auto'
-        language: system
-        files: '.*\.py'
-
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
 ## Enforcement

 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at community@prowler.cloud. All
+reported by contacting the project team at [support.prowler.com](https://customer.support.prowler.com/servicedesk/customer/portals). All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
--- a/README.md
+++ b/README.md
@@ -1,24 +1,25 @@
 <p align="center">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-dark.png?raw=True#gh-dark-mode-only" width="150" height="36">
-  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/62c1ce73bbcdd6b9e5ba03dfcae26dfd165defd9/docs/img/prowler-pro-light.png?raw=True#gh-light-mode-only" width="15%" height="15%">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-black.png?raw=True#gh-light-mode-only" width="350" height="115">
+  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png?raw=True#gh-dark-mode-only" width="350" height="115">
 </p>
 <p align="center">
-  <b><i>See all the things you and your team can do with ProwlerPro at <a href="https://prowler.pro">prowler.pro</a></i></b>
+  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
 </p>
+<p align="center">
+<b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
+</p>
+
 <hr>
-<p align="center">
-  <img src="https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png" />
-</p>
 <p align="center">
  <a href="https://join.slack.com/t/prowler-workspace/shared_invite/zt-1hix76xsl-2uq222JIXrC7Q8It~9ZNog"><img alt="Slack Shield" src="https://img.shields.io/badge/slack-prowler-brightgreen.svg?logo=slack"></a>
  <a href="https://pypi.org/project/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/v/prowler.svg"></a>
  <a href="https://pypi.python.org/pypi/prowler/"><img alt="Python Version" src="https://img.shields.io/pypi/pyversions/prowler.svg"></a>
  <a href="https://pypistats.org/packages/prowler"><img alt="PyPI Prowler Downloads" src="https://img.shields.io/pypi/dw/prowler.svg?label=prowler%20downloads"></a>
-  <a href="https://pypistats.org/packages/prowler-cloud"><img alt="PyPI Prowler-Cloud Downloads" src="https://img.shields.io/pypi/dw/prowler-cloud.svg?label=prowler-cloud%20downloads"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/cloud/build/toniblyx/prowler"></a>
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker" src="https://img.shields.io/docker/image-size/toniblyx/prowler"></a>
  <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a>
+  <a href="https://codecov.io/gh/prowler-cloud/prowler"><img src="https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl"/></a>
 </p>
 <p align="center">
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
@@ -30,6 +31,7 @@
  <a href="https://twitter.com/ToniBlyx"><img alt="Twitter" src="https://img.shields.io/twitter/follow/toniblyx?style=social"></a>
  <a href="https://twitter.com/prowlercloud"><img alt="Twitter" src="https://img.shields.io/twitter/follow/prowlercloud?style=social"></a>
 </p>
+<hr>

 # Description

@@ -39,10 +41,10 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.cloud/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.cloud/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 301 | 61 -> `prowler aws --list-services` | 25 -> `prowler aws --list-compliance` | 5 -> `prowler aws --list-categories` |
+| AWS | 302 | 61 -> `prowler aws --list-services` | 27 -> `prowler aws --list-compliance` | 6 -> `prowler aws --list-categories` |
 | GCP | 73 | 11 -> `prowler gcp --list-services` | 1 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 23 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
-| Kubernetes | Planned | - | - | - |
+| Azure | 37 | 4 -> `prowler azure --list-services` | CIS soon | 1 -> `prowler azure --list-categories` |
+| Kubernetes | Work In Progress | - | CIS soon | - |

 # 📖 Documentation

@@ -54,7 +56,7 @@ For Prowler v2 Documentation, please go to https://github.com/prowler-cloud/prow
 # ⚙️ Install

 ## Pip package
-Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9:
+Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:

 ```console
 pip install prowler
@@ -77,7 +79,7 @@ The container images are available here:

 ## From Github

-Python >= 3.9 is required with pip and poetry:
+Python >= 3.9, < 3.13 is required with pip and poetry:

 ```
 git clone https://github.com/prowler-cloud/prowler
@@ -178,11 +180,7 @@ Prowler will follow the same credentials search as [Google authentication librar
 2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
 3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)

-Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the following roles to the member associated with the credentials:
-
-  - Viewer
-  - Security Reviewer
-  - Stackdriver Account Viewer
+Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.

 > By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,7 +14,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F

 If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.

-The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.

--- a/docs/developer-guide/unit-testing.md
+++ b/docs/developer-guide/unit-testing.md
@@ -523,7 +523,7 @@ from unittest import mock
 from uuid import uuid4

 # Azure Constants
-AZURE_SUSCRIPTION = str(uuid4())
+AZURE_SUBSCRIPTION = str(uuid4())



@@ -542,7 +542,7 @@ class Test_defender_ensure_defender_for_arm_is_on:

        # Create the custom Defender object to be tested
        defender_client.pricings = {
-            AZURE_SUSCRIPTION: {
+            AZURE_SUBSCRIPTION: {
                "Arm": Defender_Pricing(
                    resource_id=resource_id,
                    pricing_tier="Not Standard",
@@ -580,9 +580,9 @@ class Test_defender_ensure_defender_for_arm_is_on:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Defender plan Defender for ARM from subscription {AZURE_SUSCRIPTION} is set to OFF (pricing tier not standard)"
+                == f"Defender plan Defender for ARM from subscription {AZURE_SUBSCRIPTION} is set to OFF (pricing tier not standard)"
            )
-            assert result[0].subscription == AZURE_SUSCRIPTION
+            assert result[0].subscription == AZURE_SUBSCRIPTION
            assert result[0].resource_name == "Defender plan ARM"
            assert result[0].resource_id == resource_id
 ```
--- a/docs/getting-started/requirements.md
+++ b/docs/getting-started/requirements.md
@@ -97,10 +97,6 @@ Prowler will follow the same credentials search as [Google authentication librar
 2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
 3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)

-Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the following roles to the member associated with the credentials:
-
-  - Viewer
-  - Security Reviewer
-  - Stackdriver Account Viewer
+Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.

 > By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.
--- a/docs/img/prowler-logo-black.png
+++ b/docs/img/prowler-logo-black.png
--- a/docs/img/prowler-logo-white.png
+++ b/docs/img/prowler-logo-white.png
--- a/docs/index.md
+++ b/docs/index.md
@@ -136,26 +136,16 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-clo

 === "AWS CloudShell"

-    Prowler can be easely executed in AWS CloudShell but it has some prerequsites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+    After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [2](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:

    _Requirements_:

-    * First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
-    ```
-    sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
-    wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
-    tar zxf Python-3.9.16.tgz
-    cd Python-3.9.16/
-    ./configure --enable-optimizations
-    sudo make altinstall
-    python3.9 --version
-    cd
-    ```
+    * Open AWS CloudShell `bash`.
+
    _Commands_:

-    * Once Python 3.9 is available we can install Prowler from pip:
    ```
-    pip3.9 install prowler
+    pip install prowler
    prowler -v
    ```

--- a/docs/security.md
+++ b/docs/security.md
@@ -15,7 +15,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F

 If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or ProwlerPro service, please submit the information by contacting to help@prowler.pro.

-The information you share with Verica as part of this process is kept confidential within Verica and the Prowler team. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.
+The information you share with ProwlerPro as part of this process is kept confidential within ProwlerPro. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

 We will review the submitted report, and assign it a tracking number. We will then respond to you, acknowledging receipt of the report, and outline the next steps in the process.

--- a/docs/tutorials/aws/boto3-configuration.md
+++ b/docs/tutorials/aws/boto3-configuration.md
@@ -32,3 +32,14 @@ Prowler's AWS Provider uses the Boto3 [Standard](https://boto3.amazonaws.com/v1/
 - Retry attempts on nondescriptive, transient error codes. Specifically, these HTTP status codes: 500, 502, 503, 504.

 - Any retry attempt will include an exponential backoff by a base factor of 2 for a maximum backoff time of 20 seconds.
+
+## Notes for validating retry attempts
+
+If you are making changes to Prowler, and want to validate if requests are being retried or given up on, you can take the following approach
+
+* Run prowler with `--log-level DEBUG` and `--log-file debuglogs.txt`
+* Search for retry attempts using `grep -i 'Retry needed' debuglogs.txt`
+
+This is based off of the [AWS documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html#checking-retry-attempts-in-your-client-logs), which states that if a retry is performed, you will see a message starting with "Retry needed".
+
+You can determine the total number of calls made using `grep -i 'Sending http request' debuglogs.txt | wc -l`
--- a/docs/tutorials/aws/cloudshell.md
+++ b/docs/tutorials/aws/cloudshell.md
@@ -1,26 +1,26 @@
 # AWS CloudShell

-Prowler can be easily executed in AWS CloudShell but it has some prerequisites to be able to to so. AWS CloudShell is a container running with `Amazon Linux release 2 (Karoo)` that comes with Python 3.7, since Prowler requires Python >= 3.9 we need to first install a newer version of Python. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
-
- First install all dependences and then Python, in this case we need to compile it because there is not a package available at the time this document is written:
-```
-sudo yum -y install gcc openssl-devel bzip2-devel libffi-devel
-wget https://www.python.org/ftp/python/3.9.16/Python-3.9.16.tgz
-tar zxf Python-3.9.16.tgz
-cd Python-3.9.16/
-./configure --enable-optimizations
-sudo make altinstall
-python3.9 --version
-cd 
-```
- Once Python 3.9 is available we can install Prowler from pip:
-```
-pip3.9 install prowler
-```
- Now enjoy Prowler:
-```
+## Installation
+After the migration of AWS CloudShell from Amazon Linux 2 to Amazon Linux 2023 [[1]](https://aws.amazon.com/about-aws/whats-new/2023/12/aws-cloudshell-migrated-al2023/) [[2]](https://docs.aws.amazon.com/cloudshell/latest/userguide/cloudshell-AL2023-migration.html), there is no longer a need to manually compile Python 3.9 as it's already included in AL2023. Prowler can thus be easily installed following the Generic method of installation via pip. Follow the steps below to successfully execute Prowler v3 in AWS CloudShell:
+```shell
+pip install prowler
 prowler -v
-prowler 
 ```

- To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
+## Download Files
+
+To download the results from AWS CloudShell, select Actions -> Download File and add the full path of each file. For the CSV file it will be something like `/home/cloudshell-user/output/prowler-output-123456789012-20221220191331.csv`
+
+## Clone Prowler from Github
+
+The limited storage that AWS CloudShell provides for the user's home directory causes issues when installing the poetry dependencies to run Prowler from GitHub. Here is a workaround:
+```shell
+git clone https://github.com/prowler-cloud/prowler.git
+cd prowler
+pip install poetry
+mkdir /tmp/pypoetry
+poetry config cache-dir /tmp/pypoetry
+poetry shell
+poetry install
+python prowler.py -v
+```
--- a/docs/tutorials/aws/img/enable-2.png
+++ b/docs/tutorials/aws/img/enable-2.png
--- a/docs/tutorials/aws/img/enable-partner-integration-2.png
+++ b/docs/tutorials/aws/img/enable-partner-integration-2.png
--- a/docs/tutorials/aws/img/enable-partner-integration-3.png
+++ b/docs/tutorials/aws/img/enable-partner-integration-3.png
--- a/docs/tutorials/aws/img/enable-partner-integration-4.png
+++ b/docs/tutorials/aws/img/enable-partner-integration-4.png
--- a/docs/tutorials/aws/img/enable-partner-integration.png
+++ b/docs/tutorials/aws/img/enable-partner-integration.png
--- a/docs/tutorials/aws/img/enable.png
+++ b/docs/tutorials/aws/img/enable.png
--- a/docs/tutorials/aws/img/finding-details.png
+++ b/docs/tutorials/aws/img/finding-details.png
--- a/docs/tutorials/aws/img/findings.png
+++ b/docs/tutorials/aws/img/findings.png
--- a/docs/tutorials/aws/role-assumption.md
+++ b/docs/tutorials/aws/role-assumption.md
@@ -23,6 +23,15 @@ prowler aws -R arn:aws:iam::<account_id>:role/<role_name>
 prowler aws -T/--session-duration <seconds> -I/--external-id <external_id> -R arn:aws:iam::<account_id>:role/<role_name>
 ```

+## Custom Role Session Name
+
+Prowler can use your custom Role Session name with:
+```console
+prowler aws --role-session-name <role_session_name>
+```
+
+> It defaults to `ProwlerAssessmentSession`
+
 ## STS Endpoint Region

 If you are using Prowler in AWS regions that are not enabled by default you need to use the argument `--sts-endpoint-region` to point the AWS STS API calls `assume-role` and `get-caller-identity` to the non-default region, e.g.: `prowler aws --sts-endpoint-region eu-south-2`.
--- a/docs/tutorials/aws/securityhub.md
+++ b/docs/tutorials/aws/securityhub.md
@@ -1,48 +1,116 @@
 # AWS Security Hub Integration

-Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows Prowler to import its findings to AWS Security Hub.
+Prowler supports natively and as **official integration** sending findings to [AWS Security Hub](https://aws.amazon.com/security-hub). This integration allows **Prowler** to import its findings to AWS Security Hub.

-With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions and from Prowler for free.

-Before sending findings to Prowler, you will need to perform next steps:
+Before sending findings, you will need to enable AWS Security Hub and the **Prowler** integration.

-1. Since Security Hub is a region based service, enable it in the region or regions you require. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
-    - `aws securityhub enable-security-hub --region <region>`.
-2. Enable Prowler as partner integration integration. Use the AWS Management Console or using the AWS CLI with this command if you have enough permissions:
-    - `aws securityhub enable-import-findings-for-product --region <region> --product-arn arn:aws:securityhub:<region>::product/prowler/prowler` (change region also inside the ARN).
-    - Using the AWS Management Console:
-     ![Screenshot 2020-10-29 at 10 26 02 PM](https://user-images.githubusercontent.com/3985464/97634660-5ade3400-1a36-11eb-9a92-4a45cc98c158.png)
-3. Allow Prowler to import its findings to AWS Security Hub by adding the policy below to the role or user running Prowler:
-    - [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
+## Enable AWS Security Hub

+To enable the integration you have to perform the following steps, in _at least_ one AWS region of a given AWS account, to enable **AWS Security Hub** and **Prowler** as a partner integration.
+
+Since **AWS Security Hub** is a region based service, you will need to enable it in the region or regions you require. You can configure it using the AWS Management Console or the AWS CLI.
+
+> Take into account that enabling this integration will incur in costs in AWS Security Hub, please refer to its pricing [here](https://aws.amazon.com/security-hub/pricing/) for more information.
+
+### Using the AWS Management Console
+
+#### Enable AWS Security Hub
+
+If you have currently AWS Security Hub enabled you can skip to the [next section](#enable-prowler-integration).
+
+1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
+
+2. When you open the Security Hub console for the first time make sure that you are in the region you want to enable, then choose **Go to Security Hub**.
+![](./img/enable.png)
+
+3. On the next page, the Security standards section lists the security standards that Security Hub supports. Select the check box for a standard to enable it, and clear the check box to disable it.
+
+4. Choose **Enable Security Hub**.
+![](./img/enable-2.png)
+
+#### Enable Prowler Integration
+
+If you have currently the Prowler integration enabled in AWS Security Hub you can skip to the [next section](#send-findings) and start sending findings.
+
+Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your **AWS Security Hub**.
+
+1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
+
+2. Select the **Integrations** tab in the right-side menu bar.
+![](./img/enable-partner-integration.png)
+
+3. Search for _Prowler_ in the text search box and the **Prowler** integration will appear.
+
+4. Once there, click on **Accept Findings** to allow **AWS Security Hub** to receive findings from **Prowler**.
+![](./img/enable-partner-integration-2.png)
+
+5. A new modal will appear to confirm that you are enabling the **Prowler** integration.
+![](./img/enable-partner-integration-3.png)
+
+6. Right after click on **Accept Findings**, you will see that the integration is enabled in **AWS Security Hub**.
+![](./img/enable-partner-integration-4.png)
+
+### Using the AWS CLI
+
+To enable **AWS Security Hub** and the **Prowler** integration you have to run the following commands using the AWS CLI:
+
+```shell
+aws securityhub enable-security-hub --region <region>
+```
+> For this command to work you will need the `securityhub:EnableSecurityHub` permission.
+> You will need to set the AWS region where you want to enable AWS Security Hub.
+
+Once **AWS Security Hub** is enabled you will need to enable **Prowler** as partner integration to allow **Prowler** to send findings to your AWS Security Hub. You have to run the following commands using the AWS CLI:
+
+```shell
+aws securityhub enable-import-findings-for-product --region eu-west-1 --product-arn arn:aws:securityhub:<region>::product/prowler/prowler
+```
+> You will need to set the AWS region where you want to enable the integration and also the AWS region also within the ARN.
+> For this command to work you will need the `securityhub:securityhub:EnableImportFindingsForProduct` permission.
+
+
+## Send Findings
 Once it is enabled, it is as simple as running the command below (for all regions):

 ```sh
-prowler aws -S
+prowler aws --security-hub
 ```

 or for only one filtered region like eu-west-1:

 ```sh
-prowler -S -f eu-west-1
+prowler --security-hub --region eu-west-1
 ```

-> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q` to the command.
+> **Note 1**: It is recommended to send only fails to Security Hub and that is possible adding `-q/--quiet` to the command. You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub.

-> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.
+> **Note 2**: Since Prowler perform checks to all regions by default you may need to filter by region when running Security Hub integration, as shown in the example above. Remember to enable Security Hub in the region or regions you need by calling `aws securityhub enable-security-hub --region <region>` and run Prowler with the option `-f/--region <region>` (if no region is used it will try to push findings in all regions hubs). Prowler will send findings to the Security Hub on the region where the scanned resource is located.

 > **Note 3**: To have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.

-Once you run findings for first time you will be able to see Prowler findings in Findings section:
+### See you Prowler findings in AWS Security Hub

-![Screenshot 2020-10-29 at 10 29 05 PM](https://user-images.githubusercontent.com/3985464/97634676-66c9f600-1a36-11eb-9341-70feb06f6331.png)
+Once configured the **AWS Security Hub** in your next scan you will receive the **Prowler** findings in the AWS regions configured. To review those findings in **AWS Security Hub**:
+
+1. Open the **AWS Security Hub** console at https://console.aws.amazon.com/securityhub/.
+
+2. Select the **Findings** tab in the right-side menu bar.
+![](./img/findings.png)
+
+3. Use the search box filters and use the **Product Name** filter with the value _Prowler_ to see the findings sent from **Prowler**.
+
+4. Then, you can click on the check **Title** to see the details and the history of a finding.
+![](./img/finding-details.png)
+
+As you can see in the related requirements section, in the detailed view of the findings, **Prowler** also sends compliance information related to every finding.

 ## Send findings to Security Hub assuming an IAM Role

 When you are auditing a multi-account AWS environment, you can send findings to a Security Hub of another account by assuming an IAM role from that account using the `-R` flag in the Prowler command:

 ```sh
-prowler -S -R arn:aws:iam::123456789012:role/ProwlerExecRole
+prowler --security-hub --role arn:aws:iam::123456789012:role/ProwlerExecutionRole
 ```

 > Remember that the used role needs to have permissions to send findings to Security Hub. To get more information about the permissions required, please refer to the following IAM policy [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-security-hub.json)
@@ -50,12 +118,17 @@ prowler -S -R arn:aws:iam::123456789012:role/ProwlerExecRole

 ## Send only failed findings to Security Hub

-When using Security Hub it is recommended to send only the failed findings generated. To follow that recommendation you could add the `-q` flag to the Prowler command:
+When using the **AWS Security Hub** integration you can send only the `FAIL` findings generated by **Prowler**. Therefore, the **AWS Security Hub** usage costs eventually would be lower. To follow that recommendation you could add the `-q/--quiet` flag to the Prowler command:

 ```sh
-prowler -S -q
+prowler --security-hub --quiet
 ```

+You can use, instead of the `-q/--quiet` argument, the `--send-sh-only-fails` argument to save all the findings in the Prowler outputs but just to send FAIL findings to AWS Security Hub:
+
+```sh
+prowler --security-hub --send-sh-only-fails
+```

 ## Skip sending updates of findings to Security Hub

@@ -63,5 +136,5 @@ By default, Prowler archives all its findings in Security Hub that have not appe
 You can skip this logic by using the option `--skip-sh-update` so Prowler will not archive older findings:

 ```sh
-prowler -S --skip-sh-update
+prowler --security-hub --skip-sh-update
 ```
--- a/docs/tutorials/azure/use-non-default-cloud.md
+++ b/docs/tutorials/azure/use-non-default-cloud.md
@@ -0,0 +1,16 @@
+# Use non default Azure regions
+
+Microsoft provides clouds for compliance with regional laws, which are available for your use.
+By default, Prowler uses `AzureCloud` cloud which is the comercial one. (you can list all the available with `az cloud list --output table`).
+
+At the time of writing this documentation the available Azure Clouds from different regions are the following:
+- AzureCloud
+- AzureChinaCloud
+- AzureUSGovernment
+- AzureGermanCloud
+
+If you want to change the default one you must include the flag `--azure-region`, i.e.:
+
+```console
+prowler azure --az-cli-auth --azure-region AzureChinaCloud
+```
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -7,30 +7,35 @@ In order to see which compliance frameworks are cover by Prowler, you can use op
 prowler <provider> --list-compliance
 ```
 Currently, the available frameworks are:
-
- `cis_1.4_aws`
- `cis_1.5_aws`
- `ens_rd2022_aws`
+- `aws_account_security_onboarding_aws`
 - `aws_audit_manager_control_tower_guardrails_aws`
 - `aws_foundational_security_best_practices_aws`
+- `aws_well_architected_framework_reliability_pillar_aws`
 - `aws_well_architected_framework_security_pillar_aws`
+- `cis_1.4_aws`
+- `cis_1.5_aws`
+- `cis_2.0_aws`
+- `cis_2.0_gcp`
+- `cis_3.0_aws`
 - `cisa_aws`
+- `ens_rd2022_aws`
 - `fedramp_low_revision_4_aws`
 - `fedramp_moderate_revision_4_aws`
 - `ffiec_aws`
 - `gdpr_aws`
- `gxp_eu_annex_11_aws`
 - `gxp_21_cfr_part_11_aws`
+- `gxp_eu_annex_11_aws`
 - `hipaa_aws`
+- `iso27001_2013_aws`
+- `mitre_attack_aws`
+- `nist_800_171_revision_2_aws`
 - `nist_800_53_revision_4_aws`
 - `nist_800_53_revision_5_aws`
- `nist_800_171_revision_2_aws`
 - `nist_csf_1.1_aws`
 - `pci_3.2.1_aws`
 - `rbi_cyber_security_framework_aws`
 - `soc2_aws`

-
 ## List Requirements of Compliance Frameworks
 For each compliance framework, you can use option `--list-compliance-requirements` to list its requirements:
 ```sh
--- a/docs/tutorials/custom-checks-metadata.md
+++ b/docs/tutorials/custom-checks-metadata.md
@@ -0,0 +1,43 @@
+# Custom Checks Metadata
+
+In certain organizations, the severity of specific checks might differ from the default values defined in the check's metadata. For instance, while `s3_bucket_level_public_access_block` could be deemed `critical` for some organizations, others might assign a different severity level.
+
+The custom metadata option offers a means to override default metadata set by Prowler
+
+You can utilize `--custom-checks-metadata-file` followed by the path to your custom checks metadata YAML file.
+
+## Available Fields
+
+The list of supported check's metadata fields that can be override are listed as follows:
+
+- Severity
+
+## File Syntax
+
+This feature is available for all the providers supported in Prowler since the metadata format is common between all the providers. The following is the YAML format for the custom checks metadata file:
+```yaml title="custom_checks_metadata.yaml"
+CustomChecksMetadata:
+  aws:
+    Checks:
+      s3_bucket_level_public_access_block:
+        Severity: high
+      s3_bucket_no_mfa_delete:
+        Severity: high
+  azure:
+    Checks:
+      storage_infrastructure_encryption_is_enabled:
+        Severity: medium
+  gcp:
+    Checks:
+      compute_instance_public_ip:
+        Severity: critical
+```
+
+## Usage
+
+Executing the following command will assess all checks and generate a report while overriding the metadata for those checks:
+```sh
+prowler <provider> --custom-checks-metadata-file <path/to/custom/metadata>
+```
+
+This customization feature enables organizations to tailor the severity of specific checks based on their unique requirements, providing greater flexibility in security assessment and reporting.
--- a/docs/tutorials/gcp/authentication.md
+++ b/docs/tutorials/gcp/authentication.md
@@ -22,8 +22,4 @@ Prowler will follow the same credentials search as [Google authentication librar
 2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
 3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)

-Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the following roles to the member associated with the credentials:
-
-  - Viewer
-  - Security Reviewer
-  - Stackdriver Account Viewer
+Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
--- a/docs/tutorials/ignore-unused-services.md
+++ b/docs/tutorials/ignore-unused-services.md
@@ -47,7 +47,7 @@ It is a best practice to encrypt both metadata and connection passwords in AWS G
 #### Inspector
 Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2, Amazon ECR, and AWS Lambda environments. Prowler recommends to enable it and resolve all the Inspector's findings. Ignoring the unused services, Prowler will only notify you if there are any Lambda functions, EC2 instances or ECR repositories in the region where Amazon inspector should be enabled.

-  - `inspector2_findings_exist`
+  - `inspector2_is_enabled`

 #### Macie
 Amazon Macie is a security service that uses machine learning to automatically discover, classify and protect sensitive data in S3 buckets. Prowler will only create a finding when Macie is not enabled if there are S3 buckets in your account.
--- a/docs/tutorials/parallel-execution.md
+++ b/docs/tutorials/parallel-execution.md
@@ -0,0 +1,187 @@
+# Parallel Execution
+
+The strategy used here will be to execute Prowler once per service. You can modify this approach as per your requirements.
+
+This can help for really large accounts, but please be aware of AWS API rate limits:
+
+1. **Service-Specific Limits**: Each AWS service has its own rate limits. For instance, Amazon EC2 might have different rate limits for launching instances versus making API calls to describe instances.
+2. **API Rate Limits**: Most of the rate limits in AWS are applied at the API level. Each API call to an AWS service counts towards the rate limit for that service.
+3. **Throttling Responses**: When you exceed the rate limit for a service, AWS responds with a throttling error. In AWS SDKs, these are typically represented as `ThrottlingException` or `RateLimitExceeded` errors.
+
+For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.cloud/en/latest/tutorials/aws/boto3-configuration/).
+
+> Note: You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy.
+
+## Linux
+
+Generate a list of services that Prowler supports, and populate this info into a file:
+
+```bash
+prowler aws --list-services | awk -F"- " '{print $2}' | sed '/^$/d' > services
+```
+
+Make any modifications for services you would like to skip scanning by modifying this file.
+
+Then create a new PowerShell script file `parallel-prowler.sh` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run Prowler with.
+
+```bash
+#!/bin/bash
+
+# Change these variables as needed
+profile="your_profile"
+account_id=$(aws sts get-caller-identity --profile "${profile}" --query 'Account' --output text)
+
+echo "Executing in account: ${account_id}"
+
+# Maximum number of concurrent processes
+MAX_PROCESSES=5
+
+# Loop through the services
+while read service; do
+    echo "$(date '+%Y-%m-%d %H:%M:%S'): Starting job for service: ${service}"
+
+    # Run the command in the background
+    (prowler -p "$profile" -s "$service" -F "${account_id}-${service}" --ignore-unused-services --only-logs; echo "$(date '+%Y-%m-%d %H:%M:%S') - ${service} has completed") &
+
+    # Check if we have reached the maximum number of processes
+    while [ $(jobs -r | wc -l) -ge ${MAX_PROCESSES} ]; do
+        # Wait for a second before checking again
+        sleep 1
+    done
+done < ./services
+
+# Wait for all background processes to finish
+wait
+echo "All jobs completed"
+```
+
+Output will be stored in the `output/` folder that is in the same directory from which you executed the script.
+
+## Windows
+
+Generate a list of services that Prowler supports, and populate this info into a file:
+
+```powershell
+prowler aws --list-services | ForEach-Object {
+    # Capture lines that are likely service names
+    if ($_ -match '^\- \w+$') {
+        $_.Trim().Substring(2)
+    }
+} | Where-Object {
+    # Filter out empty or null lines
+    $_ -ne $null -and $_ -ne ''
+} | Set-Content -Path "services"
+```
+
+Make any modifications for services you would like to skip scanning by modifying this file.
+
+Then create a new PowerShell script file `parallel-prowler.ps1` and add the following contents. Update the `$profile` variable to the AWS CLI profile you want to run prowler with.
+
+Change any parameters you would like when calling prowler in the `Start-Job -ScriptBlock` section. Note that you need to keep the `--only-logs` parameter, else some encoding issue occurs when trying to render the progress-bar and prowler won't successfully execute.
+
+```powershell
+$profile = "your_profile"
+$account_id = Invoke-Expression -Command "aws sts get-caller-identity --profile $profile --query 'Account' --output text"
+
+Write-Host "Executing Prowler in $account_id"
+
+# Maximum number of concurrent jobs
+$MAX_PROCESSES = 5
+
+# Read services from a file
+$services = Get-Content -Path "services"
+
+# Array to keep track of started jobs
+$jobs = @()
+
+foreach ($service in $services) {
+    # Start the command as a job
+    $job = Start-Job -ScriptBlock {
+        prowler -p ${using:profile} -s ${using:service} -F "${using:account_id}-${using:service}" --ignore-unused-services --only-logs
+	      $endTimestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+        Write-Output "${endTimestamp} - $using:service has completed"
+    }
+    $jobs += $job
+    Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - Starting job for service: $service"
+
+    # Check if we have reached the maximum number of jobs
+    while (($jobs | Where-Object { $_.State -eq 'Running' }).Count -ge $MAX_PROCESSES) {
+        Start-Sleep -Seconds 1
+        # Check for any completed jobs and receive their output
+        $completedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
+        foreach ($completedJob in $completedJobs) {
+            Receive-Job -Job $completedJob -Keep | ForEach-Object { Write-Host $_ }
+            $jobs = $jobs | Where-Object { $_.Id -ne $completedJob.Id }
+            Remove-Job -Job $completedJob
+        }
+    }
+}
+
+# Check for any remaining completed jobs
+$remainingCompletedJobs = $jobs | Where-Object { $_.State -eq 'Completed' }
+foreach ($remainingJob in $remainingCompletedJobs) {
+    Receive-Job -Job $remainingJob -Keep | ForEach-Object { Write-Host $_ }
+    Remove-Job -Job $remainingJob
+}
+
+Write-Host "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - All jobs completed"
+```
+
+Output will be stored in `C:\Users\YOUR-USER\Documents\output\`
+
+## Combining the output files
+
+Guidance is provided for the CSV file format. From the ouput directory, execute either the following Bash or PowerShell script. The script will collect the output from the CSV files, only include the header from the first file, and then output the result as CombinedCSV.csv in the current working directory.
+
+There is no logic implemented in terms of which CSV files it will combine. If you have additional CSV files from other actions, such as running a quick inventory, you will need to move that out of the current (or any nested) directory, or move the output you want to combine into its own folder and run the script from there.
+
+```bash
+#!/bin/bash
+
+# Initialize a variable to indicate the first file
+firstFile=true
+
+# Find all CSV files and loop through them
+find . -name "*.csv" -print0 | while IFS= read -r -d '' file; do
+    if [ "$firstFile" = true ]; then
+        # For the first file, keep the header
+        cat "$file" > CombinedCSV.csv
+        firstFile=false
+    else
+        # For subsequent files, skip the header
+        tail -n +2 "$file" >> CombinedCSV.csv
+    fi
+done
+```
+
+```powershell
+# Get all CSV files from current directory and its subdirectories
+$csvFiles = Get-ChildItem -Recurse -Filter "*.csv"
+
+# Initialize a variable to track if it's the first file
+$firstFile = $true
+
+# Loop through each CSV file
+foreach ($file in $csvFiles) {
+    if ($firstFile) {
+        # For the first file, keep the header and change the flag
+        $combinedCsv = Import-Csv -Path $file.FullName
+        $firstFile = $false
+    } else {
+        # For subsequent files, skip the header
+        $tempCsv = Import-Csv -Path $file.FullName
+        $combinedCsv += $tempCsv | Select-Object * -Skip 1
+    }
+}
+
+# Export the combined data to a new CSV file
+$combinedCsv | Export-Csv -Path "CombinedCSV.csv" -NoTypeInformation
+```
+
+## TODO: Additional Improvements
+
+Some services need to instantiate another service to perform a check. For instance, `cloudwatch` will instantiate Prowler's `iam` service to perform the `cloudwatch_cross_account_sharing_disabled` check. When the `iam` service is instantiated, it will perform the `__init__` function, and pull all the information required for that service. This provides an opportunity for an improvement in the above script to group related services together so that the `iam` services (or any other cross-service references) isn't repeatedily instantiated by grouping dependant services together. A complete mapping between these services still needs to be further investigated, but these are the cross-references that have been noted:
+
+* inspector2 needs lambda and ec2
+* cloudwatch needs iam
+* dlm needs ec2
--- a/docs/tutorials/reporting.md
+++ b/docs/tutorials/reporting.md
@@ -43,46 +43,71 @@ Hereunder is the structure for each of the supported report formats by Prowler:
 ![HTML Output](../img/output-html.png)
 ### CSV

-The following are the columns present in the CSV format:
+CSV format has a set of common columns for all the providers, and then provider specific columns.  
+The common columns are the following:

 - ASSESSMENT_START_TIME
 - FINDING_UNIQUE_ID
 - PROVIDER
+- CHECK_ID
+- CHECK_TITLE
+- CHECK_TYPE
+- STATUS
+- STATUS_EXTENDED
+- SERVICE_NAME
+- SUBSERVICE_NAME
+- SEVERITY
+- RESOURCE_TYPE
+- RESOURCE_DETAILS
+- RESOURCE_TAGS
+- DESCRIPTION
+- RISK
+- RELATED_URL
+- REMEDIATION_RECOMMENDATION_TEXT
+- REMEDIATION_RECOMMENDATION_URL
+- REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
+- REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
+- REMEDIATION_RECOMMENDATION_CODE_CLI
+- REMEDIATION_RECOMMENDATION_CODE_OTHER
+- COMPLIANCE
+- CATEGORIES
+- DEPENDS_ON
+- RELATED_TO
+- NOTES
+
+And then by the provider specific columns:
+
+#### AWS
+
 - PROFILE
 - ACCOUNT_ID
-  ACCOUNT_NAME
-  ACCOUNT_EMAIL
-  ACCOUNT_ARN
-  ACCOUNT_ORG
-  ACCOUNT_TAGS
-  REGION
-  CHECK_ID
-  CHECK_TITLE
-  CHECK_TYPE
-  STATUS
-  STATUS_EXTENDED
-  SERVICE_NAME
-  SUBSERVICE_NAME
-  SEVERITY
-  RESOURCE_ID
-  RESOURCE_ARN
-  RESOURCE_TYPE
-  RESOURCE_DETAILS
-  RESOURCE_TAGS
-  DESCRIPTION
-  COMPLIANCE
-  RISK
-  RELATED_URL
-  REMEDIATION_RECOMMENDATION_TEXT
-  REMEDIATION_RECOMMENDATION_URL
-  REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC
-  REMEDIATION_RECOMMENDATION_CODE_TERRAFORM
-  REMEDIATION_RECOMMENDATION_CODE_CLI
-  REMEDIATION_RECOMMENDATION_CODE_OTHER
-  CATEGORIES
-  DEPENDS_ON
-  RELATED_TO
-  NOTES
+- ACCOUNT_NAME
+- ACCOUNT_EMAIL
+- ACCOUNT_ARN
+- ACCOUNT_ORG
+- ACCOUNT_TAGS
+- REGION
+- RESOURCE_ID
+- RESOURCE_ARN
+
+
+#### AZURE
+
+- TENANT_DOMAIN
+- SUBSCRIPTION
+- RESOURCE_ID
+- RESOURCE_NAME
+
+
+#### GCP
+
+- PROJECT_ID
+- LOCATION
+- RESOURCE_ID
+- RESOURCE_NAME
+
+
+

 > Since Prowler v3 the CSV column delimiter is the semicolon (`;`)
 ### JSON
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -38,8 +38,10 @@ nav:
      - Logging: tutorials/logging.md
      - Allowlist: tutorials/allowlist.md
      - Check Aliases: tutorials/check-aliases.md
+      - Custom Metadata: tutorials/custom-checks-metadata.md
      - Ignore Unused Services: tutorials/ignore-unused-services.md
      - Pentesting: tutorials/pentesting.md
+      - Parallel Execution: tutorials/parallel-execution.md
      - Developer Guide: developer-guide/introduction.md
      - AWS:
          - Authentication: tutorials/aws/authentication.md
@@ -56,6 +58,7 @@ nav:
          - Boto3 Configuration: tutorials/aws/boto3-configuration.md
      - Azure:
          - Authentication: tutorials/azure/authentication.md
+          - Non default clouds: tutorials/azure/use-non-default-cloud.md
          - Subscriptions: tutorials/azure/subscriptions.md
      - Google Cloud:
          - Authentication: tutorials/gcp/authentication.md
@@ -99,7 +102,7 @@ extra:
      link: https://twitter.com/prowlercloud

 # Copyright
-copyright: Copyright &copy; 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc.</a>
+copyright: Copyright &copy; 2024 Toni de la Fuente, Maintained by the Prowler Team at ProwlerPro, Inc.</a>

 markdown_extensions:
  - abbr
--- a/poetry.lock
+++ b/poetry.lock
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -26,6 +26,10 @@ from prowler.lib.check.check import (
 )
 from prowler.lib.check.checks_loader import load_checks_to_execute
 from prowler.lib.check.compliance import update_checks_metadata_with_compliance
+from prowler.lib.check.custom_checks_metadata import (
+    parse_custom_checks_metadata_file,
+    update_checks_metadata,
+)
 from prowler.lib.cli.parser import ProwlerArgumentParser
 from prowler.lib.logger import logger, set_logging_config
 from prowler.lib.outputs.compliance import display_compliance_table
@@ -67,6 +71,7 @@ def prowler():
    checks_folder = args.checks_folder
    severities = args.severity
    compliance_framework = args.compliance
+    custom_checks_metadata_file = args.custom_checks_metadata_file

    if not args.no_banner:
        print_banner(args)
@@ -96,9 +101,19 @@ def prowler():

    bulk_compliance_frameworks = bulk_load_compliance_frameworks(provider)
    # Complete checks metadata with the compliance framework specification
-    update_checks_metadata_with_compliance(
+    bulk_checks_metadata = update_checks_metadata_with_compliance(
        bulk_compliance_frameworks, bulk_checks_metadata
    )
+    # Update checks metadata if the --custom-checks-metadata-file is present
+    custom_checks_metadata = None
+    if custom_checks_metadata_file:
+        custom_checks_metadata = parse_custom_checks_metadata_file(
+            provider, custom_checks_metadata_file
+        )
+        bulk_checks_metadata = update_checks_metadata(
+            bulk_checks_metadata, custom_checks_metadata
+        )
+
    if args.list_compliance:
        print_compliance_frameworks(bulk_compliance_frameworks)
        sys.exit()
@@ -174,7 +189,11 @@ def prowler():
    findings = []
    if len(checks_to_execute):
        findings = execute_checks(
-            checks_to_execute, provider, audit_info, audit_output_options
+            checks_to_execute,
+            provider,
+            audit_info,
+            audit_output_options,
+            custom_checks_metadata,
        )
    else:
        logger.error(
@@ -246,7 +265,10 @@ def prowler():
        for region in security_hub_regions:
            # Save the regions where AWS Security Hub is enabled
            if verify_security_hub_integration_enabled_per_region(
-                region, audit_info.audit_session
+                audit_info.audited_partition,
+                region,
+                audit_info.audit_session,
+                audit_info.audited_account,
            ):
                aws_security_enabled_regions.append(region)

--- a/prowler/compliance/aws/aws_account_security_onboarding_aws.json
+++ b/prowler/compliance/aws/aws_account_security_onboarding_aws.json
--- a/prowler/compliance/aws/cis_2.0_aws.json
+++ b/prowler/compliance/aws/cis_2.0_aws.json
@@ -468,27 +468,6 @@
    },
    {
      "Id": "2.1.1",
-      "Description": "Ensure all S3 buckets employ encryption-at-rest",
-      "Checks": [
-        "s3_bucket_default_encryption"
-      ],
-      "Attributes": [
-        {
-          "Section": "2.1. Simple Storage Service (S3)",
-          "Profile": "Level 2",
-          "AssessmentStatus": "Automated",
-          "Description": "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest.",
-          "RationaleStatement": "Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.",
-          "ImpactStatement": "Amazon S3 buckets with default bucket encryption using SSE-KMS cannot be used as destination buckets for Amazon S3 server access logging. Only SSE-S3 default encryption is supported for server access log destination buckets.",
-          "RemediationProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Click edit on `Default Encryption`. 5. Select either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 6. Click `Save` 7. Repeat for all the buckets in your AWS account lacking encryption.  **From Command Line:**  Run either  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}' ```  or  ``` aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"aws:kms\",\"KMSMasterKeyID\": \"aws/s3\"}}]}' ```  **Note:** the KMSMasterKeyID can be set to the master key of your choosing; aws/s3 is an AWS preconfigured default.",
-          "AuditProcedure": "**From Console:**  1. Login to AWS Management Console and open the Amazon S3 console using https://console.aws.amazon.com/s3/  2. Select a Bucket. 3. Click on 'Properties'. 4. Verify that `Default Encryption` is enabled, and displays either `AES-256`, `AWS-KMS`, `SSE-KMS` or `SSE-S3`. 5. Repeat for all the buckets in your AWS account.  **From Command Line:**  1. Run command to list buckets ``` aws s3 ls ``` 2. For each bucket, run  ``` aws s3api get-bucket-encryption --bucket <bucket name> ``` 3. Verify that either  ``` \"SSEAlgorithm\": \"AES256\" ```  or  ``` \"SSEAlgorithm\": \"aws:kms\"```  is displayed.",
-          "AdditionalInformation": "S3 bucket encryption only applies to objects as they are placed in the bucket. Enabling S3 bucket encryption does **not** encrypt objects previously stored within the bucket.",
-          "References": "https://docs.aws.amazon.com/AmazonS3/latest/user-guide/default-bucket-encryption.html:https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-related-resources"
-        }
-      ]
-    },
-    {
-      "Id": "2.1.2",
      "Description": "Ensure S3 Bucket Policy is set to deny HTTP requests",
      "Checks": [
        "s3_bucket_secure_transport_policy"
@@ -509,7 +488,7 @@
      ]
    },
    {
-      "Id": "2.1.3",
+      "Id": "2.1.2",
      "Description": "Ensure MFA Delete is enabled on S3 buckets",
      "Checks": [
        "s3_bucket_no_mfa_delete"
@@ -530,7 +509,7 @@
      ]
    },
    {
-      "Id": "2.1.4",
+      "Id": "2.1.3",
      "Description": "Ensure all data in Amazon S3 has been discovered, classified and secured when required.",
      "Checks": [
        "macie_is_enabled"
@@ -551,7 +530,7 @@
      ]
    },
    {
-      "Id": "2.1.5",
+      "Id": "2.1.4",
      "Description": "Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'",
      "Checks": [
        "s3_bucket_level_public_access_block",
--- a/prowler/compliance/aws/cis_3.0_aws.json
+++ b/prowler/compliance/aws/cis_3.0_aws.json
--- a/prowler/compliance/aws/ens_rd2022_aws.json
+++ b/prowler/compliance/aws/ens_rd2022_aws.json
@@ -211,6 +211,31 @@
        "iam_avoid_root_usage"
      ]
    },
+    {
+      "Id": "op.acc.4.aws.iam.8",
+      "Description": "Proceso de gestión de derechos de acceso",
+      "Attributes": [
+        {
+          "IdGrupoControl": "op.acc.4",
+          "Marco": "operacional",
+          "Categoria": "control de acceso",
+          "DescripcionControl": "Se restringirá todo acceso a las acciones especificadas para el usuario root de una cuenta.",
+          "Nivel": "alto",
+          "Tipo": "requisito",
+          "Dimensiones": [
+            "confidencialidad",
+            "integridad",
+            "trazabilidad",
+            "autenticidad"
+          ],
+          "ModoEjecucion": "automático"
+        }
+      ],
+      "Checks": [
+        "organizations_account_part_of_organizations",
+        "organizations_scp_check_deny_regions"
+      ]
+    },
    {
      "Id": "op.acc.4.aws.iam.9",
      "Description": "Proceso de gestión de derechos de acceso",
@@ -789,7 +814,8 @@
        }
      ],
      "Checks": [
-        "inspector2_findings_exist"
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist"
      ]
    },
    {
@@ -1121,6 +1147,30 @@
        "cloudtrail_insights_exist"
      ]
    },
+    {
+      "Id": "op.exp.8.r1.aws.ct.3",
+      "Description": "Revisión de los registros",
+      "Attributes": [
+        {
+          "IdGrupoControl": "op.exp.8.r1",
+          "Marco": "operacional",
+          "Categoria": "explotación",
+          "DescripcionControl": "Registrar los eventos de lectura y escritura de datos.",
+          "Nivel": "alto",
+          "Tipo": "refuerzo",
+          "Dimensiones": [
+            "trazabilidad"
+          ],
+          "ModoEjecucion": "automático"
+        }
+      ],
+      "Checks": [
+        "cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled",
+        "cloudtrail_s3_dataevents_write_enabled",
+        "cloudtrail_s3_dataevents_read_enabled",
+        "cloudtrail_insights_exist"
+      ]
+    },
    {
      "Id": "op.exp.8.r1.aws.ct.4",
      "Description": "Revisión de los registros",
@@ -1233,6 +1283,33 @@
        "iam_role_cross_service_confused_deputy_prevention"
      ]
    },
+    {
+      "Id": "op.exp.8.r4.aws.ct.1",
+      "Description": "Control de acceso",
+      "Attributes": [
+        {
+          "IdGrupoControl": "op.exp.8.r4",
+          "Marco": "operacional",
+          "Categoria": "explotación",
+          "DescripcionControl": "Asignar correctamente las políticas AWS IAM para el acceso y borrado de los registros y sus copias de seguridad haciendo uso del principio de mínimo privilegio.",
+          "Nivel": "alto",
+          "Tipo": "refuerzo",
+          "Dimensiones": [
+            "trazabilidad"
+          ],
+          "ModoEjecucion": "automático"
+        }
+      ],
+      "Checks": [
+        "iam_policy_allows_privilege_escalation",
+        "iam_customer_attached_policy_no_administrative_privileges",
+        "iam_customer_unattached_policy_no_administrative_privilege",
+        "iam_no_custom_policy_permissive_role_assumption",
+        "iam_policy_attached_only_to_group_or_roles",
+        "iam_role_cross_service_confused_deputy_prevention",
+        "iam_policy_no_full_access_to_cloudtrail"
+      ]
+    },
    {
      "Id": "op.exp.8.r4.aws.ct.2",
      "Description": "Control de acceso",
@@ -1859,7 +1936,8 @@
        }
      ],
      "Checks": [
-        "inspector2_findings_exist"
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist"
      ]
    },
    {
@@ -1934,7 +2012,8 @@
        }
      ],
      "Checks": [
-        "inspector2_findings_exist"
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist"
      ]
    },
    {
@@ -2110,7 +2189,7 @@
        }
      ],
      "Checks": [
-        "networkfirewall_in_all_vpc"
+        "fms_policy_compliant"
      ]
    },
    {
@@ -2251,6 +2330,31 @@
        "cloudfront_distributions_https_enabled"
      ]
    },
+    {
+      "Id": "mp.com.4.aws.ws.1",
+      "Description": "Separación de flujos de información en la red",
+      "Attributes": [
+        {
+          "IdGrupoControl": "mp.com.4",
+          "Marco": "medidas de protección",
+          "Categoria": "segregación de redes",
+          "DescripcionControl": "Se deberán abrir solo los puertos necesarios para el uso del servicio AWS WorkSpaces.",
+          "Nivel": "alto",
+          "Tipo": "requisito",
+          "Dimensiones": [
+            "confidencialidad",
+            "integridad",
+            "trazabilidad",
+            "autenticidad",
+            "disponibilidad"
+          ],
+          "ModoEjecucion": "automático"
+        }
+      ],
+      "Checks": [
+        "workspaces_vpc_2private_1public_subnets_nat"
+      ]
+    },
    {
      "Id": "mp.com.4.aws.vpc.1",
      "Description": "Separación de flujos de información en la red",
@@ -2323,7 +2427,8 @@
        }
      ],
      "Checks": [
-        "vpc_subnet_separate_private_public"
+        "vpc_subnet_separate_private_public",
+        "vpc_different_regions"
      ]
    },
    {
@@ -2370,7 +2475,8 @@
        }
      ],
      "Checks": [
-        "vpc_subnet_different_az"
+        "vpc_subnet_different_az",
+        "vpc_different_regions"
      ]
    },
    {
--- a/prowler/compliance/aws/mitre_attack_aws.json
+++ b/prowler/compliance/aws/mitre_attack_aws.json
@@ -29,7 +29,8 @@
        "securityhub_enabled",
        "elbv2_waf_acl_attached",
        "guardduty_is_enabled",
-        "inspector2_findings_exist",
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist",
        "awslambda_function_not_publicly_accessible",
        "ec2_instance_public_ip"
      ],
@@ -576,7 +577,8 @@
        "config_recorder_all_regions_enabled",
        "securityhub_enabled",
        "guardduty_is_enabled",
-        "inspector2_findings_exist"
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist"
      ],
      "Attributes": [
        {
@@ -737,7 +739,8 @@
        "iam_user_hardware_mfa_enabled",
        "iam_user_mfa_enabled_console_access",
        "securityhub_enabled",
-        "inspector2_findings_exist"
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist"
      ],
      "Attributes": [
        {
@@ -1892,7 +1895,8 @@
        "networkfirewall_in_all_vpc",
        "elbv2_waf_acl_attached",
        "guardduty_is_enabled",
-        "inspector2_findings_exist",
+        "inspector2_is_enabled",
+        "inspector2_active_findings_exist",
        "ec2_networkacl_allow_ingress_any_port",
        "ec2_networkacl_allow_ingress_tcp_port_22",
        "ec2_networkacl_allow_ingress_tcp_port_3389",
--- a/prowler/compliance/aws/soc2_aws.json
+++ b/prowler/compliance/aws/soc2_aws.json
@@ -13,7 +13,7 @@
          "ItemId": "cc_1_1",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -27,7 +27,7 @@
          "ItemId": "cc_1_2",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -41,7 +41,7 @@
          "ItemId": "cc_1_3",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -62,7 +62,7 @@
          "ItemId": "cc_1_4",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -76,7 +76,7 @@
          "ItemId": "cc_1_5",
          "Section": "CC1.0 - Common Criteria Related to Control Environment",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -90,7 +90,7 @@
          "ItemId": "cc_2_1",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -109,7 +109,7 @@
          "ItemId": "cc_2_2",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -123,7 +123,7 @@
          "ItemId": "cc_2_3",
          "Section": "CC2.0 - Common Criteria Related to Communication and Information",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -137,7 +137,7 @@
          "ItemId": "cc_3_1",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -155,7 +155,7 @@
          "ItemId": "cc_3_2",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -175,7 +175,7 @@
          "ItemId": "cc_3_3",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -189,7 +189,7 @@
          "ItemId": "cc_3_4",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
          "Service": "config",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -205,7 +205,7 @@
          "ItemId": "cc_4_1",
          "Section": "CC4.0 - Monitoring Activities",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -219,7 +219,7 @@
          "ItemId": "cc_4_2",
          "Section": "CC4.0 - Monitoring Activities",
          "Service": "guardduty",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -236,7 +236,7 @@
          "ItemId": "cc_5_1",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -250,7 +250,7 @@
          "ItemId": "cc_5_2",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -264,7 +264,7 @@
          "ItemId": "cc_5_3",
          "Section": "CC5.0 - Control Activities",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -278,7 +278,7 @@
          "ItemId": "cc_6_1",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "s3",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -294,7 +294,7 @@
          "ItemId": "cc_6_2",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "rds",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -310,7 +310,7 @@
          "ItemId": "cc_6_3",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "iam",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -328,7 +328,7 @@
          "ItemId": "cc_6_4",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -342,7 +342,7 @@
          "ItemId": "cc_6_5",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -356,7 +356,7 @@
          "ItemId": "cc_6_6",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "ec2",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -372,7 +372,7 @@
          "ItemId": "cc_6_7",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "acm",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -388,7 +388,7 @@
          "ItemId": "cc_6_8",
          "Section": "CC6.0 - Logical and Physical Access",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -405,7 +405,7 @@
          "ItemId": "cc_7_1",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -424,7 +424,7 @@
          "ItemId": "cc_7_2",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -460,7 +460,7 @@
          "ItemId": "cc_7_3",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -492,7 +492,7 @@
          "ItemId": "cc_7_4",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -523,7 +523,7 @@
          "ItemId": "cc_7_5",
          "Section": "CC7.0 - System Operations",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -537,7 +537,7 @@
          "ItemId": "cc_8_1",
          "Section": "CC8.0 - Change Management",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -553,7 +553,7 @@
          "ItemId": "cc_9_1",
          "Section": "CC9.0 - Risk Mitigation",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -567,7 +567,7 @@
          "ItemId": "cc_9_2",
          "Section": "CC9.0 - Risk Mitigation",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -581,7 +581,7 @@
          "ItemId": "cc_a_1_1",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -595,7 +595,7 @@
          "ItemId": "cc_a_1_2",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -626,7 +626,7 @@
          "ItemId": "cc_a_1_3",
          "Section": "CCA1.0 - Additional Criterial for Availability",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -640,7 +640,7 @@
          "ItemId": "cc_c_1_1",
          "Section": "CCC1.0 - Additional Criterial for Confidentiality",
          "Service": "aws",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -656,7 +656,7 @@
          "ItemId": "cc_c_1_2",
          "Section": "CCC1.0 - Additional Criterial for Confidentiality",
          "Service": "s3",
-          "Soc_Type": "automated"
+          "Type": "automated"
        }
      ],
      "Checks": [
@@ -672,7 +672,7 @@
          "ItemId": "p_1_1",
          "Section": "P1.0 - Privacy Criteria Related to Notice and Communication of Objectives Related to Privacy",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -686,7 +686,7 @@
          "ItemId": "p_2_1",
          "Section": "P2.0 - Privacy Criteria Related to Choice and Consent",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -700,7 +700,7 @@
          "ItemId": "p_3_1",
          "Section": "P3.0 - Privacy Criteria Related to Collection",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -714,7 +714,7 @@
          "ItemId": "p_3_2",
          "Section": "P3.0 - Privacy Criteria Related to Collection",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -728,7 +728,7 @@
          "ItemId": "p_4_1",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -742,7 +742,7 @@
          "ItemId": "p_4_2",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -756,7 +756,7 @@
          "ItemId": "p_4_3",
          "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -770,7 +770,7 @@
          "ItemId": "p_5_1",
          "Section": "P5.0 - Privacy Criteria Related to Access",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -784,7 +784,7 @@
          "ItemId": "p_5_2",
          "Section": "P5.0 - Privacy Criteria Related to Access",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -798,7 +798,7 @@
          "ItemId": "p_6_1",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -812,7 +812,7 @@
          "ItemId": "p_6_2",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -826,7 +826,7 @@
          "ItemId": "p_6_3",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -840,7 +840,7 @@
          "ItemId": "p_6_4",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -854,7 +854,7 @@
          "ItemId": "p_6_5",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -868,7 +868,7 @@
          "ItemId": "p_6_6",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -882,7 +882,7 @@
          "ItemId": "p_6_7",
          "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -896,7 +896,7 @@
          "ItemId": "p_7_1",
          "Section": "P7.0 - Privacy Criteria Related to Quality",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
@@ -910,7 +910,7 @@
          "ItemId": "p_8_1",
          "Section": "P8.0 - Privacy Criteria Related to Monitoring and Enforcement",
          "Service": "aws",
-          "Soc_Type": "manual"
+          "Type": "manual"
        }
      ],
      "Checks": []
--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -11,7 +11,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "3.11.0"
+prowler_version = "3.13.1"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 html_logo_img = "https://user-images.githubusercontent.com/3985464/113734260-7ba06900-96fb-11eb-82bc-d4f68a1e2710.png"
 square_logo_img = "https://user-images.githubusercontent.com/38561120/235905862-9ece5bd7-9aa3-4e48-807a-3a9035eb8bfb.png"
@@ -22,6 +22,9 @@ gcp_logo = "https://user-images.githubusercontent.com/38561120/235928332-eb4accd
 orange_color = "\033[38;5;208m"
 banner_color = "\033[1;92m"

+# Severities
+valid_severities = ["critical", "high", "medium", "low", "informational"]
+
 # Compliance
 actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))

@@ -70,7 +73,9 @@ def check_current_version():
        if latest_version != prowler_version:
            return f"{prowler_version_string} (latest is {latest_version}, upgrade for the latest features)"
        else:
-            return f"{prowler_version_string} (it is the latest version, yay!)"
+            return (
+                f"{prowler_version_string} (You are running the latest version, yay!)"
+            )
    except requests.RequestException:
        return f"{prowler_version_string}"
    except Exception:
--- a/prowler/config/config.yaml
+++ b/prowler/config/config.yaml
@@ -2,7 +2,7 @@
 aws:

  # AWS Global Configuration
-  # aws.allowlist_non_default_regions --> Set to True to allowlist failed findings in non-default regions for GuardDuty, SecurityHub, DRS and Config
+  # aws.allowlist_non_default_regions --> Set to True to allowlist failed findings in non-default regions for AccessAnalyzer, GuardDuty, SecurityHub, DRS and Config
  allowlist_non_default_regions: False
  # If you want to allowlist/mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w allowlist.yaml`:
  # Allowlist:
@@ -69,8 +69,8 @@ aws:
  # AWS Organizations
  # organizations_scp_check_deny_regions
  # organizations_enabled_regions: [
-  #   'eu-central-1',
-  #   'eu-west-1',
+  #   "eu-central-1",
+  #   "eu-west-1",
  #   "us-east-1"
  # ]
  organizations_enabled_regions: []
--- a/prowler/config/custom_checks_metadata_example.yaml
+++ b/prowler/config/custom_checks_metadata_example.yaml
@@ -0,0 +1,15 @@
+CustomChecksMetadata:
+  aws:
+    Checks:
+      s3_bucket_level_public_access_block:
+        Severity: high
+      s3_bucket_no_mfa_delete:
+        Severity: high
+  azure:
+    Checks:
+      storage_infrastructure_encryption_is_enabled:
+        Severity: medium
+  gcp:
+    Checks:
+      compute_instance_public_ip:
+        Severity: critical
--- a/prowler/lib/banner.py
+++ b/prowler/lib/banner.py
@@ -4,7 +4,7 @@ from prowler.config.config import banner_color, orange_color, prowler_version, t


 def print_banner(args):
-    banner = f"""{banner_color}                         _
+    banner = rf"""{banner_color}                         _
 _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |
--- a/prowler/lib/check/check.py
+++ b/prowler/lib/check/check.py
@@ -16,6 +16,7 @@ from colorama import Fore, Style
 import prowler
 from prowler.config.config import orange_color
 from prowler.lib.check.compliance_models import load_compliance_framework
+from prowler.lib.check.custom_checks_metadata import update_check_metadata
 from prowler.lib.check.models import Check, load_check_metadata
 from prowler.lib.logger import logger
 from prowler.lib.outputs.outputs import report
@@ -66,9 +67,9 @@ def bulk_load_compliance_frameworks(provider: str) -> dict:
                        # cis_v1.4_aws.json --> cis_v1.4_aws
                        compliance_framework_name = filename.split(".json")[0]
                        # Store the compliance info
-                        bulk_compliance_frameworks[
-                            compliance_framework_name
-                        ] = load_compliance_framework(file_path)
+                        bulk_compliance_frameworks[compliance_framework_name] = (
+                            load_compliance_framework(file_path)
+                        )
    except Exception as e:
        logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")

@@ -106,14 +107,20 @@ def exclude_services_to_run(

 # Load checks from checklist.json
 def parse_checks_from_file(input_file: str, provider: str) -> set:
-    checks_to_execute = set()
-    with open_file(input_file) as f:
-        json_file = parse_json_file(f)
+    """parse_checks_from_file returns a set of checks read from the given file"""
+    try:
+        checks_to_execute = set()
+        with open_file(input_file) as f:
+            json_file = parse_json_file(f)

-    for check_name in json_file[provider]:
-        checks_to_execute.add(check_name)
+        for check_name in json_file[provider]:
+            checks_to_execute.add(check_name)

-    return checks_to_execute
+        return checks_to_execute
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+        )


 # Load checks from custom folder
@@ -210,7 +217,7 @@ def print_categories(categories: set):
    singular_string = f"\nThere is {Fore.YELLOW}{categories_num}{Style.RESET_ALL} available category.\n"

    message = plural_string if categories_num > 1 else singular_string
-    for category in categories:
+    for category in sorted(categories):
        print(f"- {category}")

    print(message)
@@ -239,7 +246,7 @@ def print_compliance_frameworks(
    singular_string = f"\nThere is {Fore.YELLOW}{frameworks_num}{Style.RESET_ALL} available Compliance Framework.\n"
    message = plural_string if frameworks_num > 1 else singular_string

-    for framework in bulk_compliance_frameworks.keys():
+    for framework in sorted(bulk_compliance_frameworks.keys()):
        print(f"- {framework}")

    print(message)
@@ -309,7 +316,7 @@ def print_checks(
 def parse_checks_from_compliance_framework(
    compliance_frameworks: list, bulk_compliance_frameworks: dict
 ) -> list:
-    """Parse checks from compliance frameworks specification"""
+    """parse_checks_from_compliance_framework returns a set of checks from the given compliance_frameworks"""
    checks_to_execute = set()
    try:
        for framework in compliance_frameworks:
@@ -416,6 +423,7 @@ def execute_checks(
    provider: str,
    audit_info: Any,
    audit_output_options: Provider_Output_Options,
+    custom_checks_metadata: Any,
 ) -> list:
    # List to store all the check's findings
    all_findings = []
@@ -461,6 +469,7 @@ def execute_checks(
                    audit_info,
                    services_executed,
                    checks_executed,
+                    custom_checks_metadata,
                )
                all_findings.extend(check_findings)

@@ -506,6 +515,7 @@ def execute_checks(
                        audit_info,
                        services_executed,
                        checks_executed,
+                        custom_checks_metadata,
                    )
                    all_findings.extend(check_findings)

@@ -531,6 +541,7 @@ def execute(
    audit_info: Any,
    services_executed: set,
    checks_executed: set,
+    custom_checks_metadata: Any,
 ):
    # Import check module
    check_module_path = (
@@ -541,6 +552,10 @@ def execute(
    check_to_execute = getattr(lib, check_name)
    c = check_to_execute()

+    # Update check metadata to reflect that in the outputs
+    if custom_checks_metadata and custom_checks_metadata["Checks"].get(c.CheckID):
+        c = update_check_metadata(c, custom_checks_metadata["Checks"][c.CheckID])
+
    # Run check
    check_findings = run_check(c, audit_output_options)

@@ -598,22 +613,32 @@ def update_audit_metadata(
        )


-def recover_checks_from_service(service_list: list, provider: str) -> list:
-    checks = set()
-    service_list = [
-        "awslambda" if service == "lambda" else service for service in service_list
-    ]
-    for service in service_list:
-        modules = recover_checks_from_provider(provider, service)
-        if not modules:
-            logger.error(f"Service '{service}' does not have checks.")
+def recover_checks_from_service(service_list: list, provider: str) -> set:
+    """
+    Recover all checks from the selected provider and service

-        else:
-            for check_module in modules:
-                # Recover check name and module name from import path
-                # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
-                check_name = check_module[0].split(".")[-1]
-                # If the service is present in the group list passed as parameters
-                # if service_name in group_list: checks_from_arn.add(check_name)
-                checks.add(check_name)
-    return checks
+    Returns a set of checks from the given services
+    """
+    try:
+        checks = set()
+        service_list = [
+            "awslambda" if service == "lambda" else service for service in service_list
+        ]
+        for service in service_list:
+            service_checks = recover_checks_from_provider(provider, service)
+            if not service_checks:
+                logger.error(f"Service '{service}' does not have checks.")
+
+            else:
+                for check in service_checks:
+                    # Recover check name and module name from import path
+                    # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
+                    check_name = check[0].split(".")[-1]
+                    # If the service is present in the group list passed as parameters
+                    # if service_name in group_list: checks_from_arn.add(check_name)
+                    checks.add(check_name)
+        return checks
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+        )
--- a/prowler/lib/check/checks_loader.py
+++ b/prowler/lib/check/checks_loader.py
@@ -1,5 +1,6 @@
 from colorama import Fore, Style

+from prowler.config.config import valid_severities
 from prowler.lib.check.check import (
    parse_checks_from_compliance_framework,
    parse_checks_from_file,
@@ -10,7 +11,6 @@ from prowler.lib.logger import logger


 # Generate the list of checks to execute
-# PENDING Test for this function
 def load_checks_to_execute(
    bulk_checks_metadata: dict,
    bulk_compliance_frameworks: dict,
@@ -22,80 +22,110 @@ def load_checks_to_execute(
    categories: set,
    provider: str,
 ) -> set:
-    """Generate the list of checks to execute based on the cloud provider and input arguments specified"""
-    checks_to_execute = set()
+    """Generate the list of checks to execute based on the cloud provider and the input arguments given"""
+    try:
+        # Local subsets
+        checks_to_execute = set()
+        check_aliases = {}
+        check_severities = {key: [] for key in valid_severities}
+        check_categories = {}

-    # Handle if there are checks passed using -c/--checks
-    if check_list:
-        for check_name in check_list:
-            checks_to_execute.add(check_name)
+        # First, loop over the bulk_checks_metadata to extract the needed subsets
+        for check, metadata in bulk_checks_metadata.items():
+            # Aliases
+            for alias in metadata.CheckAliases:
+                if alias not in check_aliases:
+                    check_aliases[alias] = []
+                check_aliases[alias].append(check)

-    # Handle if there are some severities passed using --severity
-    elif severities:
-        for check in bulk_checks_metadata:
-            # Check check's severity
-            if bulk_checks_metadata[check].Severity in severities:
-                checks_to_execute.add(check)
+            # Severities
+            if metadata.Severity:
+                check_severities[metadata.Severity].append(check)

-    # Handle if there are checks passed using -C/--checks-file
-    elif checks_file:
-        try:
+            # Categories
+            for category in metadata.Categories:
+                if category not in check_categories:
+                    check_categories[category] = []
+                check_categories[category].append(check)
+
+        # Handle if there are checks passed using -c/--checks
+        if check_list:
+            for check_name in check_list:
+                checks_to_execute.add(check_name)
+
+        # Handle if there are some severities passed using --severity
+        elif severities:
+            for severity in severities:
+                checks_to_execute.update(check_severities[severity])
+
+            if service_list:
+                checks_to_execute = (
+                    recover_checks_from_service(service_list, provider)
+                    & checks_to_execute
+                )
+
+        # Handle if there are checks passed using -C/--checks-file
+        elif checks_file:
            checks_to_execute = parse_checks_from_file(checks_file, provider)
-        except Exception as e:
-            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")

-    # Handle if there are services passed using -s/--services
-    elif service_list:
-        checks_to_execute = recover_checks_from_service(service_list, provider)
+        # Handle if there are services passed using -s/--services
+        elif service_list:
+            checks_to_execute = recover_checks_from_service(service_list, provider)

-    # Handle if there are compliance frameworks passed using --compliance
-    elif compliance_frameworks:
-        try:
+        # Handle if there are compliance frameworks passed using --compliance
+        elif compliance_frameworks:
            checks_to_execute = parse_checks_from_compliance_framework(
                compliance_frameworks, bulk_compliance_frameworks
            )
-        except Exception as e:
-            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")

-    # Handle if there are categories passed using --categories
-    elif categories:
-        for cat in categories:
-            for check in bulk_checks_metadata:
-                # Check check's categories
-                if cat in bulk_checks_metadata[check].Categories:
-                    checks_to_execute.add(check)
+        # Handle if there are categories passed using --categories
+        elif categories:
+            for category in categories:
+                checks_to_execute.update(check_categories[category])

-    # If there are no checks passed as argument
-    else:
-        try:
+        # If there are no checks passed as argument
+        else:
            # Get all check modules to run with the specific provider
            checks = recover_checks_from_provider(provider)
-        except Exception as e:
-            logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}")
-        else:
+
            for check_info in checks:
                # Recover check name from import path (last part)
                # Format: "providers.{provider}.services.{service}.{check_name}.{check_name}"
                check_name = check_info[0]
                checks_to_execute.add(check_name)

-    # Get Check Aliases mapping
-    check_aliases = {}
-    for check, metadata in bulk_checks_metadata.items():
-        for alias in metadata.CheckAliases:
-            check_aliases[alias] = check
+        # Check Aliases
+        checks_to_execute = update_checks_to_execute_with_aliases(
+            checks_to_execute, check_aliases
+        )

+        return checks_to_execute
+
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+        )
+
+
+def update_checks_to_execute_with_aliases(
+    checks_to_execute: set, check_aliases: dict
+) -> set:
+    """update_checks_to_execute_with_aliases returns the checks_to_execute updated using the check aliases."""
    # Verify if any input check is an alias of another check
-    for input_check in checks_to_execute:
-        if (
-            input_check in check_aliases
-            and check_aliases[input_check] not in checks_to_execute
-        ):
-            # Remove input check name and add the real one
-            checks_to_execute.remove(input_check)
-            checks_to_execute.add(check_aliases[input_check])
-            print(
-                f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{check_aliases[input_check]}{Style.RESET_ALL}...\n"
-            )
-
-    return checks_to_execute
+    try:
+        new_checks_to_execute = checks_to_execute.copy()
+        for input_check in checks_to_execute:
+            if input_check in check_aliases:
+                # Remove input check name and add the real one
+                new_checks_to_execute.remove(input_check)
+                for alias in check_aliases[input_check]:
+                    if alias not in new_checks_to_execute:
+                        new_checks_to_execute.add(alias)
+                        print(
+                            f"\nUsing alias {Fore.YELLOW}{input_check}{Style.RESET_ALL} for check {Fore.YELLOW}{alias}{Style.RESET_ALL}..."
+                        )
+        return new_checks_to_execute
+    except Exception as error:
+        logger.error(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
+        )
--- a/prowler/lib/check/compliance_models.py
+++ b/prowler/lib/check/compliance_models.py
@@ -52,12 +52,12 @@ class ENS_Requirement_Attribute(BaseModel):
 class Generic_Compliance_Requirement_Attribute(BaseModel):
    """Generic Compliance Requirement Attribute"""

-    ItemId: str
+    ItemId: Optional[str]
    Section: Optional[str]
    SubSection: Optional[str]
    SubGroup: Optional[str]
-    Service: str
-    Soc_Type: Optional[str]
+    Service: Optional[str]
+    Type: Optional[str]


 class CIS_Requirement_Attribute_Profile(str):
--- a/prowler/lib/check/custom_checks_metadata.py
+++ b/prowler/lib/check/custom_checks_metadata.py
@@ -0,0 +1,77 @@
+import sys
+
+import yaml
+from jsonschema import validate
+
+from prowler.config.config import valid_severities
+from prowler.lib.logger import logger
+
+custom_checks_metadata_schema = {
+    "type": "object",
+    "properties": {
+        "Checks": {
+            "type": "object",
+            "patternProperties": {
+                ".*": {
+                    "type": "object",
+                    "properties": {
+                        "Severity": {
+                            "type": "string",
+                            "enum": valid_severities,
+                        }
+                    },
+                    "required": ["Severity"],
+                    "additionalProperties": False,
+                }
+            },
+            "additionalProperties": False,
+        }
+    },
+    "required": ["Checks"],
+    "additionalProperties": False,
+}
+
+
+def parse_custom_checks_metadata_file(provider: str, parse_custom_checks_metadata_file):
+    """parse_custom_checks_metadata_file returns the custom_checks_metadata object if it is valid, otherwise aborts the execution returning the ValidationError."""
+    try:
+        with open(parse_custom_checks_metadata_file) as f:
+            custom_checks_metadata = yaml.safe_load(f)["CustomChecksMetadata"][provider]
+            validate(custom_checks_metadata, schema=custom_checks_metadata_schema)
+        return custom_checks_metadata
+    except Exception as error:
+        logger.critical(
+            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
+        )
+        sys.exit(1)
+
+
+def update_checks_metadata(bulk_checks_metadata, custom_checks_metadata):
+    """update_checks_metadata returns the bulk_checks_metadata with the check's metadata updated based on the custom_checks_metadata provided."""
+    try:
+        # Update checks metadata from CustomChecksMetadata file
+        for check, custom_metadata in custom_checks_metadata["Checks"].items():
+            check_metadata = bulk_checks_metadata.get(check)
+            if check_metadata:
+                bulk_checks_metadata[check] = update_check_metadata(
+                    check_metadata, custom_metadata
+                )
+        return bulk_checks_metadata
+    except Exception as error:
+        logger.critical(
+            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
+        )
+        sys.exit(1)
+
+
+def update_check_metadata(check_metadata, custom_metadata):
+    """update_check_metadata updates the check_metadata fields present in the custom_metadata and returns the updated version of the check_metadata. If some field is not present or valid the check_metadata is returned with the original fields."""
+    try:
+        if custom_metadata:
+            for attribute in custom_metadata:
+                try:
+                    setattr(check_metadata, attribute, custom_metadata[attribute])
+                except ValueError:
+                    pass
+    finally:
+        return check_metadata
--- a/prowler/lib/cli/parser.py
+++ b/prowler/lib/cli/parser.py
@@ -7,6 +7,7 @@ from prowler.config.config import (
    check_current_version,
    default_config_file_path,
    default_output_directory,
+    valid_severities,
 )
 from prowler.providers.common.arguments import (
    init_providers_parser,
@@ -49,6 +50,7 @@ Detailed documentation at https://docs.prowler.cloud
        self.__init_exclude_checks_parser__()
        self.__init_list_checks_parser__()
        self.__init_config_parser__()
+        self.__init_custom_checks_metadata_parser__()

        # Init Providers Arguments
        init_providers_parser(self)
@@ -220,11 +222,11 @@ Detailed documentation at https://docs.prowler.cloud
        group.add_argument(
            "-s", "--services", nargs="+", help="List of services to be executed."
        )
-        group.add_argument(
+        common_checks_parser.add_argument(
            "--severity",
            nargs="+",
-            help="List of severities to be executed [informational, low, medium, high, critical]",
-            choices=["informational", "low", "medium", "high", "critical"],
+            help=f"List of severities to be executed {valid_severities}",
+            choices=valid_severities,
        )
        group.add_argument(
            "--compliance",
@@ -286,3 +288,15 @@ Detailed documentation at https://docs.prowler.cloud
            default=default_config_file_path,
            help="Set configuration file path",
        )
+
+    def __init_custom_checks_metadata_parser__(self):
+        # CustomChecksMetadata
+        custom_checks_metadata_subparser = (
+            self.common_providers_parser.add_argument_group("Custom Checks Metadata")
+        )
+        custom_checks_metadata_subparser.add_argument(
+            "--custom-checks-metadata-file",
+            nargs="?",
+            default=None,
+            help="Path for the custom checks metadata YAML file. See example prowler/config/custom_checks_metadata_example.yaml for reference and format. See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/",
+        )
--- a/prowler/lib/outputs/compliance.py
+++ b/prowler/lib/outputs/compliance.py
@@ -330,7 +330,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
                                Requirements_Attributes_SubSection=attribute.SubSection,
                                Requirements_Attributes_SubGroup=attribute.SubGroup,
                                Requirements_Attributes_Service=attribute.Service,
-                                Requirements_Attributes_Soc_Type=attribute.Soc_Type,
+                                Requirements_Attributes_Type=attribute.Type,
                                Status=finding.status,
                                StatusExtended=finding.status_extended,
                                ResourceId=finding.resource_id,
@@ -401,7 +401,8 @@ def display_compliance_table(
                                        "Bajo": 0,
                                    }
                                if finding.status == "FAIL":
-                                    fail_count += 1
+                                    if attribute.Tipo != "recomendacion":
+                                        fail_count += 1
                                    marcos[marco_categoria][
                                        "Estado"
                                    ] = f"{Fore.RED}NO CUMPLE{Style.RESET_ALL}"
@@ -443,8 +444,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) NO CUMPLE{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) CUMPLE{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -538,8 +539,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
@@ -609,8 +610,8 @@ def display_compliance_table(
                )
                overview_table = [
                    [
-                        f"{Fore.RED}{round(fail_count/(fail_count+pass_count)*100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
-                        f"{Fore.GREEN}{round(pass_count/(fail_count+pass_count)*100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
+                        f"{Fore.RED}{round(fail_count / (fail_count + pass_count) * 100, 2)}% ({fail_count}) FAIL{Style.RESET_ALL}",
+                        f"{Fore.GREEN}{round(pass_count / (fail_count + pass_count) * 100, 2)}% ({pass_count}) PASS{Style.RESET_ALL}",
                    ]
                ]
                print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/file_descriptors.py
+++ b/prowler/lib/outputs/file_descriptors.py
@@ -12,8 +12,6 @@ from prowler.config.config import (
 from prowler.lib.logger import logger
 from prowler.lib.outputs.html import add_html_header
 from prowler.lib.outputs.models import (
-    Aws_Check_Output_CSV,
-    Azure_Check_Output_CSV,
    Check_Output_CSV_AWS_CIS,
    Check_Output_CSV_AWS_ISO27001_2013,
    Check_Output_CSV_AWS_Well_Architected,
@@ -21,19 +19,18 @@ from prowler.lib.outputs.models import (
    Check_Output_CSV_GCP_CIS,
    Check_Output_CSV_Generic_Compliance,
    Check_Output_MITRE_ATTACK,
-    Gcp_Check_Output_CSV,
    generate_csv_fields,
 )
 from prowler.lib.utils.utils import file_exists, open_file
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
-from prowler.providers.azure.lib.audit_info.models import Azure_Audit_Info
+from prowler.providers.common.outputs import get_provider_output_model
 from prowler.providers.gcp.lib.audit_info.models import GCP_Audit_Info


 def initialize_file_descriptor(
    filename: str,
    output_mode: str,
-    audit_info: AWS_Audit_Info,
+    audit_info: Any,
    format: Any = None,
 ) -> TextIOWrapper:
    """Open/Create the output file. If needed include headers or the required format"""
@@ -75,27 +72,15 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
            for output_mode in output_modes:
                if output_mode == "csv":
                    filename = f"{output_directory}/{output_filename}{csv_file_suffix}"
-                    if isinstance(audit_info, AWS_Audit_Info):
-                        file_descriptor = initialize_file_descriptor(
-                            filename,
-                            output_mode,
-                            audit_info,
-                            Aws_Check_Output_CSV,
-                        )
-                    if isinstance(audit_info, Azure_Audit_Info):
-                        file_descriptor = initialize_file_descriptor(
-                            filename,
-                            output_mode,
-                            audit_info,
-                            Azure_Check_Output_CSV,
-                        )
-                    if isinstance(audit_info, GCP_Audit_Info):
-                        file_descriptor = initialize_file_descriptor(
-                            filename,
-                            output_mode,
-                            audit_info,
-                            Gcp_Check_Output_CSV,
-                        )
+                    output_model = get_provider_output_model(
+                        audit_info.__class__.__name__
+                    )
+                    file_descriptor = initialize_file_descriptor(
+                        filename,
+                        output_mode,
+                        audit_info,
+                        output_model,
+                    )
                    file_descriptors.update({output_mode: file_descriptor})

                elif output_mode == "json":
--- a/prowler/lib/outputs/html.py
+++ b/prowler/lib/outputs/html.py
@@ -338,8 +338,9 @@ def add_html_footer(output_filename, output_directory):
 def get_aws_html_assessment_summary(audit_info):
    try:
        if isinstance(audit_info, AWS_Audit_Info):
-            if not audit_info.profile:
-                audit_info.profile = "ENV"
+            profile = (
+                audit_info.profile if audit_info.profile is not None else "default"
+            )
            if isinstance(audit_info.audited_regions, list):
                audited_regions = " ".join(audit_info.audited_regions)
            elif not audit_info.audited_regions:
@@ -361,7 +362,7 @@ def get_aws_html_assessment_summary(audit_info):
                        </li>
                        <li class="list-group-item">
                            <b>AWS-CLI Profile:</b> """
-                + audit_info.profile
+                + profile
                + """
                        </li>
                        <li class="list-group-item">
@@ -406,7 +407,7 @@ def get_azure_html_assessment_summary(audit_info):
        if isinstance(audit_info, Azure_Audit_Info):
            printed_subscriptions = []
            for key, value in audit_info.identity.subscriptions.items():
-                intermediate = key + " : " + value
+                intermediate = f"{key} : {value}"
                printed_subscriptions.append(intermediate)

            # check if identity is str(coming from SP) or dict(coming from browser or)
--- a/prowler/lib/outputs/json.py
+++ b/prowler/lib/outputs/json.py
@@ -31,6 +31,7 @@ from prowler.lib.outputs.models import (
    unroll_dict_to_list,
 )
 from prowler.lib.utils.utils import hash_sha512, open_file, outputs_unix_timestamp
+from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info


 def fill_json_asff(finding_output, audit_info, finding, output_options):
@@ -50,9 +51,9 @@ def fill_json_asff(finding_output, audit_info, finding, output_options):
        finding_output.GeneratorId = "prowler-" + finding.check_metadata.CheckID
        finding_output.AwsAccountId = audit_info.audited_account
        finding_output.Types = finding.check_metadata.CheckType
-        finding_output.FirstObservedAt = (
-            finding_output.UpdatedAt
-        ) = finding_output.CreatedAt = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
+        finding_output.FirstObservedAt = finding_output.UpdatedAt = (
+            finding_output.CreatedAt
+        ) = timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ")
        finding_output.Severity = Severity(
            Label=finding.check_metadata.Severity.upper()
        )
@@ -155,6 +156,11 @@ def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCS
        aws_org_uid = ""
        account = None
        org = None
+        profile = ""
+        if isinstance(audit_info, AWS_Audit_Info):
+            profile = (
+                audit_info.profile if audit_info.profile is not None else "default"
+            )
        if (
            hasattr(audit_info, "organizations_metadata")
            and audit_info.organizations_metadata
@@ -249,9 +255,7 @@ def fill_json_ocsf(audit_info, finding, output_options) -> Check_Output_JSON_OCS
            original_time=outputs_unix_timestamp(
                output_options.unix_timestamp, timestamp
            ),
-            profiles=[audit_info.profile]
-            if hasattr(audit_info, "organizations_metadata")
-            else [],
+            profiles=[profile],
        )
        compliance = Compliance_OCSF(
            status=generate_json_ocsf_status(finding.status),
--- a/prowler/lib/outputs/models.py
+++ b/prowler/lib/outputs/models.py
@@ -55,9 +55,9 @@ def generate_provider_output_csv(
            data["resource_name"] = finding.resource_name
            data["subscription"] = finding.subscription
            data["tenant_domain"] = audit_info.identity.domain
-            data[
-                "finding_unique_id"
-            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
+            data["finding_unique_id"] = (
+                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.subscription}-{finding.resource_id}"
+            )
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -68,9 +68,9 @@ def generate_provider_output_csv(
            data["resource_name"] = finding.resource_name
            data["project_id"] = finding.project_id
            data["location"] = finding.location.lower()
-            data[
-                "finding_unique_id"
-            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
+            data["finding_unique_id"] = (
+                f"prowler-{provider}-{finding.check_metadata.CheckID}-{finding.project_id}-{finding.resource_id}"
+            )
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -82,9 +82,9 @@ def generate_provider_output_csv(
            data["region"] = finding.region
            data["resource_id"] = finding.resource_id
            data["resource_arn"] = finding.resource_arn
-            data[
-                "finding_unique_id"
-            ] = f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
+            data["finding_unique_id"] = (
+                f"prowler-{provider}-{finding.check_metadata.CheckID}-{audit_info.audited_account}-{finding.region}-{finding.resource_id}"
+            )
            data["compliance"] = unroll_dict(
                get_check_compliance(finding, provider, output_options)
            )
@@ -614,8 +614,8 @@ class Check_Output_CSV_Generic_Compliance(BaseModel):
    Requirements_Attributes_Section: Optional[str]
    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_SubGroup: Optional[str]
-    Requirements_Attributes_Service: str
-    Requirements_Attributes_Soc_Type: Optional[str]
+    Requirements_Attributes_Service: Optional[str]
+    Requirements_Attributes_Type: Optional[str]
    Status: str
    StatusExtended: str
    ResourceId: str
--- a/prowler/lib/outputs/slack.py
+++ b/prowler/lib/outputs/slack.py
@@ -13,7 +13,7 @@ def send_slack_message(token, channel, stats, provider, audit_info):
        response = client.chat_postMessage(
            username="Prowler",
            icon_url=square_logo_img,
-            channel="#" + channel,
+            channel=f"#{channel}",
            blocks=create_message_blocks(identity, logo, stats),
        )
        return response
@@ -35,7 +35,7 @@ def create_message_identity(provider, audit_info):
        elif provider == "azure":
            printed_subscriptions = []
            for key, value in audit_info.identity.subscriptions.items():
-                intermediate = "- *" + key + ": " + value + "*\n"
+                intermediate = f"- *{key}: {value}*\n"
                printed_subscriptions.append(intermediate)
            identity = f"Azure Subscriptions:\n{''.join(printed_subscriptions)}"
            logo = azure_logo
@@ -66,14 +66,14 @@ def create_message_blocks(identity, logo, stats):
                "type": "section",
                "text": {
                    "type": "mrkdwn",
-                    "text": f"\n:white_check_mark: *{stats['total_pass']} Passed findings* ({round(stats['total_pass']/stats['findings_count']*100,2)}%)\n",
+                    "text": f"\n:white_check_mark: *{stats['total_pass']} Passed findings* ({round(stats['total_pass'] / stats['findings_count'] * 100 , 2)}%)\n",
                },
            },
            {
                "type": "section",
                "text": {
                    "type": "mrkdwn",
-                    "text": f"\n:x: *{stats['total_fail']} Failed findings* ({round(stats['total_fail']/stats['findings_count']*100,2)}%)\n ",
+                    "text": f"\n:x: *{stats['total_fail']} Failed findings* ({round(stats['total_fail'] / stats['findings_count'] * 100 , 2)}%)\n ",
                },
            },
            {
--- a/prowler/lib/outputs/summary_table.py
+++ b/prowler/lib/outputs/summary_table.py
@@ -96,8 +96,8 @@ def display_summary_table(
            print("\nOverview Results:")
            overview_table = [
                [
-                    f"{Fore.RED}{round(fail_count/len(findings)*100, 2)}% ({fail_count}) Failed{Style.RESET_ALL}",
-                    f"{Fore.GREEN}{round(pass_count/len(findings)*100, 2)}% ({pass_count}) Passed{Style.RESET_ALL}",
+                    f"{Fore.RED}{round(fail_count / len(findings) * 100, 2)}% ({fail_count}) Failed{Style.RESET_ALL}",
+                    f"{Fore.GREEN}{round(pass_count / len(findings) * 100, 2)}% ({pass_count}) Passed{Style.RESET_ALL}",
                ]
            ]
            print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/providers/aws/aws_provider.py
+++ b/prowler/providers/aws/aws_provider.py
@@ -10,7 +10,10 @@ from prowler.config.config import aws_services_json_file
 from prowler.lib.check.check import list_modules, recover_checks_from_service
 from prowler.lib.logger import logger
 from prowler.lib.utils.utils import open_file, parse_json_file
-from prowler.providers.aws.config import AWS_STS_GLOBAL_ENDPOINT_REGION
+from prowler.providers.aws.config import (
+    AWS_STS_GLOBAL_ENDPOINT_REGION,
+    ROLE_SESSION_NAME,
+)
 from prowler.providers.aws.lib.audit_info.models import AWS_Assume_Role, AWS_Audit_Info
 from prowler.providers.aws.lib.credentials.credentials import create_sts_session

@@ -113,9 +116,15 @@ def assume_role(
    sts_endpoint_region: str = None,
 ) -> dict:
    try:
+        role_session_name = (
+            assumed_role_info.role_session_name
+            if assumed_role_info.role_session_name
+            else ROLE_SESSION_NAME
+        )
+
        assume_role_arguments = {
            "RoleArn": assumed_role_info.role_arn,
-            "RoleSessionName": "ProwlerAsessmentSession",
+            "RoleSessionName": role_session_name,
            "DurationSeconds": assumed_role_info.session_duration,
        }

@@ -152,23 +161,31 @@ def input_role_mfa_token_and_code() -> tuple[str]:


 def generate_regional_clients(
-    service: str, audit_info: AWS_Audit_Info, global_service: bool = False
+    service: str,
+    audit_info: AWS_Audit_Info,
 ) -> dict:
+    """generate_regional_clients returns a dict with the following format for the given service:
+
+    Example:
+        {"eu-west-1": boto3_service_client}
+    """
    try:
        regional_clients = {}
        service_regions = get_available_aws_service_regions(service, audit_info)
-        # Check if it is global service to gather only one region
-        if global_service:
-            if service_regions:
-                if audit_info.profile_region in service_regions:
-                    service_regions = [audit_info.profile_region]
-                service_regions = service_regions[:1]
-        for region in service_regions:
+
+        # Get the regions enabled for the account and get the intersection with the service available regions
+        if audit_info.enabled_regions:
+            enabled_regions = service_regions.intersection(audit_info.enabled_regions)
+        else:
+            enabled_regions = service_regions
+
+        for region in enabled_regions:
            regional_client = audit_info.audit_session.client(
                service, region_name=region, config=audit_info.session_config
            )
            regional_client.region = region
            regional_clients[region] = regional_client
+
        return regional_clients
    except Exception as error:
        logger.error(
@@ -176,6 +193,26 @@ def generate_regional_clients(
        )


+def get_aws_enabled_regions(audit_info: AWS_Audit_Info) -> set:
+    """get_aws_enabled_regions returns a set of enabled AWS regions"""
+
+    # EC2 Client to check enabled regions
+    service = "ec2"
+    default_region = get_default_region(service, audit_info)
+    ec2_client = audit_info.audit_session.client(service, region_name=default_region)
+
+    enabled_regions = set()
+    try:
+        # With AllRegions=False we only get the enabled regions for the account
+        for region in ec2_client.describe_regions(AllRegions=False).get("Regions", []):
+            enabled_regions.add(region.get("RegionName"))
+    except Exception as error:
+        logger.warning(
+            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+        )
+    return enabled_regions
+
+
 def get_aws_available_regions():
    try:
        actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
@@ -216,6 +253,8 @@ def get_checks_from_input_arn(audit_resources: list, provider: str) -> set:
                    service = "efs"
                elif service == "logs":
                    service = "cloudwatch"
+                elif service == "cognito":
+                    service = "cognito-idp"
                # Check if Prowler has checks in service
                try:
                    list_modules(provider, service)
@@ -267,17 +306,18 @@ def get_regions_from_audit_resources(audit_resources: list) -> set:
    return audited_regions


-def get_available_aws_service_regions(service: str, audit_info: AWS_Audit_Info) -> list:
+def get_available_aws_service_regions(service: str, audit_info: AWS_Audit_Info) -> set:
    # Get json locally
    actual_directory = pathlib.Path(os.path.dirname(os.path.realpath(__file__)))
    with open_file(f"{actual_directory}/{aws_services_json_file}") as f:
        data = parse_json_file(f)
-    # Check if it is a subservice
-    json_regions = data["services"][service]["regions"][audit_info.audited_partition]
-    if audit_info.audited_regions:  # Check for input aws audit_info.audited_regions
-        regions = list(
-            set(json_regions).intersection(audit_info.audited_regions)
-        )  # Get common regions between input and json
+    json_regions = set(
+        data["services"][service]["regions"][audit_info.audited_partition]
+    )
+    # Check for input aws audit_info.audited_regions
+    if audit_info.audited_regions:
+        # Get common regions between input and json
+        regions = json_regions.intersection(audit_info.audited_regions)
    else:  # Get all regions from json of the service and partition
        regions = json_regions
    return regions
--- a/prowler/providers/aws/aws_regions_by_service.json
+++ b/prowler/providers/aws/aws_regions_by_service.json
--- a/prowler/providers/aws/config.py
+++ b/prowler/providers/aws/config.py
@@ -1,2 +1,3 @@
 AWS_STS_GLOBAL_ENDPOINT_REGION = "us-east-1"
 BOTO3_USER_AGENT_EXTRA = "APN_1826889"
+ROLE_SESSION_NAME = "ProwlerAssessmentSession"
--- a/prowler/providers/aws/lib/allowlist/allowlist.py
+++ b/prowler/providers/aws/lib/allowlist/allowlist.py
@@ -135,32 +135,31 @@ def allowlist_findings(


 def is_allowlisted(
-    allowlist: dict, audited_account: str, check: str, region: str, resource: str, tags
+    allowlist: dict,
+    audited_account: str,
+    check: str,
+    finding_region: str,
+    finding_resource: str,
+    finding_tags,
 ):
    try:
-        allowlisted_checks = {}
        # By default is not allowlisted
        is_finding_allowlisted = False
-        # First set account key from allowlist dict
-        if audited_account in allowlist["Accounts"]:
-            allowlisted_checks = allowlist["Accounts"][audited_account]["Checks"]
-        # If there is a *, it affects to all accounts
-        # This cannot be elif since in the case of * and single accounts we
-        # want to merge allowlisted checks from * to the other accounts check list
-        if "*" in allowlist["Accounts"]:
-            checks_multi_account = allowlist["Accounts"]["*"]["Checks"]
-            allowlisted_checks.update(checks_multi_account)
-        # Test if it is allowlisted
-        if is_allowlisted_in_check(
-            allowlisted_checks,
-            audited_account,
-            audited_account,
-            check,
-            region,
-            resource,
-            tags,
-        ):
-            is_finding_allowlisted = True
+
+        # We always check all the accounts present in the allowlist
+        # if one allowlists the finding we set the finding as allowlisted
+        for account in allowlist["Accounts"]:
+            if account == audited_account or account == "*":
+                if is_allowlisted_in_check(
+                    allowlist["Accounts"][account]["Checks"],
+                    audited_account,
+                    check,
+                    finding_region,
+                    finding_resource,
+                    finding_tags,
+                ):
+                    is_finding_allowlisted = True
+                    break

        return is_finding_allowlisted
    except Exception as error:
@@ -171,43 +170,69 @@ def is_allowlisted(


 def is_allowlisted_in_check(
-    allowlisted_checks, audited_account, account, check, region, resource, tags
+    allowlisted_checks,
+    audited_account,
+    check,
+    finding_region,
+    finding_resource,
+    finding_tags,
 ):
    try:
        # Default value is not allowlisted
        is_check_allowlisted = False
+
        for allowlisted_check, allowlisted_check_info in allowlisted_checks.items():
            # map lambda to awslambda
            allowlisted_check = re.sub("^lambda", "awslambda", allowlisted_check)
-            # extract the exceptions
+
+            # Check if the finding is excepted
            exceptions = allowlisted_check_info.get("Exceptions")
-            # Check if there are exceptions
            if is_excepted(
                exceptions,
                audited_account,
-                region,
-                resource,
-                tags,
+                finding_region,
+                finding_resource,
+                finding_tags,
            ):
                # Break loop and return default value since is excepted
                break

            allowlisted_regions = allowlisted_check_info.get("Regions")
            allowlisted_resources = allowlisted_check_info.get("Resources")
-            allowlisted_tags = allowlisted_check_info.get("Tags")
+            allowlisted_tags = allowlisted_check_info.get("Tags", "*")
+            # We need to set the allowlisted_tags if None, "" or [], so the falsy helps
+            if not allowlisted_tags:
+                allowlisted_tags = "*"
+
            # If there is a *, it affects to all checks
            if (
                "*" == allowlisted_check
                or check == allowlisted_check
                or re.search(allowlisted_check, check)
            ):
-                if is_allowlisted_in_region(
-                    allowlisted_regions,
-                    allowlisted_resources,
-                    allowlisted_tags,
-                    region,
-                    resource,
-                    tags,
+                allowlisted_in_check = True
+                allowlisted_in_region = is_allowlisted_in_region(
+                    allowlisted_regions, finding_region
+                )
+                allowlisted_in_resource = is_allowlisted_in_resource(
+                    allowlisted_resources, finding_resource
+                )
+                allowlisted_in_tags = is_allowlisted_in_tags(
+                    allowlisted_tags, finding_tags
+                )
+
+                # For a finding to be allowlisted requires the following set to True:
+                # - allowlisted_in_check -> True
+                # - allowlisted_in_region -> True
+                # - allowlisted_in_tags -> True
+                # - allowlisted_in_resource -> True
+                # - excepted -> False
+
+                if (
+                    allowlisted_in_check
+                    and allowlisted_in_region
+                    and allowlisted_in_tags
+                    and allowlisted_in_resource
                ):
                    is_check_allowlisted = True

@@ -220,25 +245,11 @@ def is_allowlisted_in_check(


 def is_allowlisted_in_region(
-    allowlist_regions, allowlist_resources, allowlisted_tags, region, resource, tags
+    allowlisted_regions,
+    finding_region,
 ):
    try:
-        # By default is not allowlisted
-        is_region_allowlisted = False
-        # If there is a *, it affects to all regions
-        if "*" in allowlist_regions or region in allowlist_regions:
-            for elem in allowlist_resources:
-                if is_allowlisted_in_tags(
-                    allowlisted_tags,
-                    elem,
-                    resource,
-                    tags,
-                ):
-                    is_region_allowlisted = True
-                    # if we find the element there is no point in continuing with the loop
-                    break
-
-            return is_region_allowlisted
+        return __is_item_matched__(allowlisted_regions, finding_region)
    except Exception as error:
        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
@@ -246,25 +257,9 @@ def is_allowlisted_in_region(
        sys.exit(1)


-def is_allowlisted_in_tags(allowlisted_tags, elem, resource, tags):
+def is_allowlisted_in_tags(allowlisted_tags, finding_tags):
    try:
-        # By default is not allowlisted
-        is_tag_allowlisted = False
-        # Check if it is an *
-        if elem == "*":
-            elem = ".*"
-        # Check if there are allowlisted tags
-        if allowlisted_tags:
-            for allowlisted_tag in allowlisted_tags:
-                if re.search(allowlisted_tag, tags):
-                    is_tag_allowlisted = True
-                    break
-
-        else:
-            if re.search(elem, resource):
-                is_tag_allowlisted = True
-
-        return is_tag_allowlisted
+        return __is_item_matched__(allowlisted_tags, finding_tags)
    except Exception as error:
        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
@@ -272,7 +267,25 @@ def is_allowlisted_in_tags(allowlisted_tags, elem, resource, tags):
        sys.exit(1)


-def is_excepted(exceptions, audited_account, region, resource, tags):
+def is_allowlisted_in_resource(allowlisted_resources, finding_resource):
+    try:
+        return __is_item_matched__(allowlisted_resources, finding_resource)
+
+    except Exception as error:
+        logger.critical(
+            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
+        )
+        sys.exit(1)
+
+
+def is_excepted(
+    exceptions,
+    audited_account,
+    finding_region,
+    finding_resource,
+    finding_tags,
+):
+    """is_excepted returns True if the account, region, resource and tags are excepted"""
    try:
        excepted = False
        is_account_excepted = False
@@ -281,39 +294,57 @@ def is_excepted(exceptions, audited_account, region, resource, tags):
        is_tag_excepted = False
        if exceptions:
            excepted_accounts = exceptions.get("Accounts", [])
+            is_account_excepted = __is_item_matched__(
+                excepted_accounts, audited_account
+            )
+
            excepted_regions = exceptions.get("Regions", [])
+            is_region_excepted = __is_item_matched__(excepted_regions, finding_region)
+
            excepted_resources = exceptions.get("Resources", [])
+            is_resource_excepted = __is_item_matched__(
+                excepted_resources, finding_resource
+            )
+
            excepted_tags = exceptions.get("Tags", [])
-            if exceptions:
-                if audited_account in excepted_accounts:
-                    is_account_excepted = True
-                if region in excepted_regions:
-                    is_region_excepted = True
-                for excepted_resource in excepted_resources:
-                    if re.search(excepted_resource, resource):
-                        is_resource_excepted = True
-                for tag in excepted_tags:
-                    if tag in tags:
-                        is_tag_excepted = True
-                if (
-                    (
-                        (excepted_accounts and is_account_excepted)
-                        or not excepted_accounts
-                    )
-                    and (
-                        (excepted_regions and is_region_excepted)
-                        or not excepted_regions
-                    )
-                    and (
-                        (excepted_resources and is_resource_excepted)
-                        or not excepted_resources
-                    )
-                    and ((excepted_tags and is_tag_excepted) or not excepted_tags)
-                ):
-                    excepted = True
+            is_tag_excepted = __is_item_matched__(excepted_tags, finding_tags)
+
+            if (
+                not is_account_excepted
+                and not is_region_excepted
+                and not is_resource_excepted
+                and not is_tag_excepted
+            ):
+                excepted = False
+            elif (
+                (is_account_excepted or not excepted_accounts)
+                and (is_region_excepted or not excepted_regions)
+                and (is_resource_excepted or not excepted_resources)
+                and (is_tag_excepted or not excepted_tags)
+            ):
+                excepted = True
        return excepted
    except Exception as error:
        logger.critical(
            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
        )
        sys.exit(1)
+
+
+def __is_item_matched__(matched_items, finding_items):
+    """__is_item_matched__ return True if any of the matched_items are present in the finding_items, otherwise returns False."""
+    try:
+        is_item_matched = False
+        if matched_items and (finding_items or finding_items == ""):
+            for item in matched_items:
+                if item == "*":
+                    item = ".*"
+                if re.search(item, finding_items):
+                    is_item_matched = True
+                    break
+        return is_item_matched
+    except Exception as error:
+        logger.critical(
+            f"{error.__class__.__name__} -- {error}[{error.__traceback__.tb_lineno}]"
+        )
+        sys.exit(1)
--- a/prowler/providers/aws/lib/arguments/arguments.py
+++ b/prowler/providers/aws/lib/arguments/arguments.py
@@ -1,6 +1,8 @@
 from argparse import ArgumentTypeError, Namespace
+from re import fullmatch, search

 from prowler.providers.aws.aws_provider import get_aws_available_regions
+from prowler.providers.aws.config import ROLE_SESSION_NAME
 from prowler.providers.aws.lib.arn.arn import arn_type


@@ -26,6 +28,13 @@ def init_parser(self):
        help="ARN of the role to be assumed",
        # Pending ARN validation
    )
+    aws_auth_subparser.add_argument(
+        "--role-session-name",
+        nargs="?",
+        default=ROLE_SESSION_NAME,
+        help="An identifier for the assumed role session. Defaults to ProwlerAssessmentSession",
+        type=validate_role_session_name,
+    )
    aws_auth_subparser.add_argument(
        "--sts-endpoint-region",
        nargs="?",
@@ -84,6 +93,11 @@ def init_parser(self):
        action="store_true",
        help="Skip updating previous findings of Prowler in Security Hub",
    )
+    aws_security_hub_subparser.add_argument(
+        "--send-sh-only-fails",
+        action="store_true",
+        help="Send only Prowler failed findings to SecurityHub",
+    )
    # AWS Quick Inventory
    aws_quick_inventory_subparser = aws_parser.add_argument_group("Quick Inventory")
    aws_quick_inventory_subparser.add_argument(
@@ -99,6 +113,7 @@ def init_parser(self):
        "-B",
        "--output-bucket",
        nargs="?",
+        type=validate_bucket,
        default=None,
        help="Custom output bucket, requires -M <mode> and it can work also with -o flag.",
    )
@@ -106,6 +121,7 @@ def init_parser(self):
        "-D",
        "--output-bucket-no-assume",
        nargs="?",
+        type=validate_bucket,
        default=None,
        help="Same as -B but do not use the assumed role credentials to put objects to the bucket, instead uses the initial credentials.",
    )
@@ -126,6 +142,7 @@ def init_parser(self):
        default=None,
        help="Path for allowlist yaml file. See example prowler/config/aws_allowlist.yaml for reference and format. It also accepts AWS DynamoDB Table or Lambda ARNs or S3 URIs, see more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/",
    )
+
    # Based Scans
    aws_based_scans_subparser = aws_parser.add_argument_group("AWS Based Scans")
    aws_based_scans_parser = aws_based_scans_subparser.add_mutually_exclusive_group()
@@ -178,9 +195,37 @@ def validate_arguments(arguments: Namespace) -> tuple[bool, str]:

    # Handle if session_duration is not the default value or external_id is set
    if (
-        arguments.session_duration and arguments.session_duration != 3600
-    ) or arguments.external_id:
+        (arguments.session_duration and arguments.session_duration != 3600)
+        or arguments.external_id
+        or arguments.role_session_name != ROLE_SESSION_NAME
+    ):
        if not arguments.role:
-            return (False, "To use -I/-T options -R option is needed")
+            return (
+                False,
+                "To use -I/--external-id, -T/--session-duration or --role-session-name options -R/--role option is needed",
+            )

    return (True, "")
+
+
+def validate_bucket(bucket_name):
+    """validate_bucket validates that the input bucket_name is valid"""
+    if search("(?!(^xn--|.+-s3alias$))^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", bucket_name):
+        return bucket_name
+    else:
+        raise ArgumentTypeError(
+            "Bucket name must be valid (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)"
+        )
+
+
+def validate_role_session_name(session_name):
+    """
+    validates that the role session name is valid
+    Documentation: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+    """
+    if fullmatch("[\w+=,.@-]{2,64}", session_name):
+        return session_name
+    else:
+        raise ArgumentTypeError(
+            "Role Session Name must be 2-64 characters long and consist only of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-"
+        )
--- a/prowler/providers/aws/lib/audit_info/audit_info.py
+++ b/prowler/providers/aws/lib/audit_info/audit_info.py
@@ -30,6 +30,7 @@ current_audit_info = AWS_Audit_Info(
        session_duration=None,
        external_id=None,
        mfa_enabled=None,
+        role_session_name=None,
    ),
    mfa_enabled=None,
    audit_resources=None,
@@ -38,4 +39,5 @@ current_audit_info = AWS_Audit_Info(
    audit_metadata=None,
    audit_config=None,
    ignore_unused_services=False,
+    enabled_regions=set(),
 )
--- a/prowler/providers/aws/lib/audit_info/models.py
+++ b/prowler/providers/aws/lib/audit_info/models.py
@@ -1,4 +1,4 @@
-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from datetime import datetime
 from typing import Any, Optional

@@ -20,6 +20,7 @@ class AWS_Assume_Role:
    session_duration: int
    external_id: str
    mfa_enabled: bool
+    role_session_name: str


@dataclass
@@ -53,3 +54,4 @@ class AWS_Audit_Info:
    audit_metadata: Optional[Any] = None
    audit_config: Optional[dict] = None
    ignore_unused_services: bool = False
+    enabled_regions: set = field(default_factory=set)
--- a/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
+++ b/prowler/providers/aws/lib/policy_condition_parser/policy_condition_parser.py
@@ -1,8 +1,11 @@
-def is_account_only_allowed_in_condition(
-    condition_statement: dict, source_account: str
+def is_condition_block_restrictive(
+    condition_statement: dict, source_account: str, is_cross_account_allowed=False
 ):
    """
-    is_account_only_allowed_in_condition parses the IAM Condition policy block and returns True if the source_account passed as argument is within, False if not.
+    is_condition_block_restrictive parses the IAM Condition policy block and, by default, returns True if the source_account passed as argument is within, False if not.
+
+    If argument is_cross_account_allowed is True it tests if the Condition block includes any of the operators allowlisted returning True if does, False if not.
+

    @param condition_statement: dict with an IAM Condition block, e.g.:
        {
@@ -54,23 +57,32 @@ def is_account_only_allowed_in_condition(
                        condition_statement[condition_operator][value],
                        list,
                    ):
-                        # if there is an arn/account without the source account -> we do not consider it safe
-                        # here by default we assume is true and look for false entries
-                        is_condition_valid = True
-                        for item in condition_statement[condition_operator][value]:
-                            if source_account not in item:
-                                is_condition_valid = False
-                                break
+                        is_condition_key_restrictive = True
+                        # if cross account is not allowed check for each condition block looking for accounts
+                        # different than default
+                        if not is_cross_account_allowed:
+                            # if there is an arn/account without the source account -> we do not consider it safe
+                            # here by default we assume is true and look for false entries
+                            for item in condition_statement[condition_operator][value]:
+                                if source_account not in item:
+                                    is_condition_key_restrictive = False
+                                    break
+
+                        if is_condition_key_restrictive:
+                            is_condition_valid = True

                    # value is a string
                    elif isinstance(
                        condition_statement[condition_operator][value],
                        str,
                    ):
-                        if (
-                            source_account
-                            in condition_statement[condition_operator][value]
-                        ):
+                        if is_cross_account_allowed:
                            is_condition_valid = True
+                        else:
+                            if (
+                                source_account
+                                in condition_statement[condition_operator][value]
+                            ):
+                                is_condition_valid = True

    return is_condition_valid
--- a/prowler/providers/aws/lib/quick_inventory/quick_inventory.py
+++ b/prowler/providers/aws/lib/quick_inventory/quick_inventory.py
@@ -211,9 +211,13 @@ def create_inventory_table(resources: list, resources_in_region: dict) -> dict:

 def create_output(resources: list, audit_info: AWS_Audit_Info, args):
    json_output = []
-    output_file = (
-        f"prowler-inventory-{audit_info.audited_account}-{output_file_timestamp}"
-    )
+    # Check if custom output filename was input, if not, set the default
+    if not hasattr(args, "output_filename") or args.output_filename is None:
+        output_file = (
+            f"prowler-inventory-{audit_info.audited_account}-{output_file_timestamp}"
+        )
+    else:
+        output_file = args.output_filename

    for item in sorted(resources, key=lambda d: d["arn"]):
        resource = {}
@@ -275,8 +279,8 @@ def create_output(resources: list, audit_info: AWS_Audit_Info, args):
        f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.cloud/en/latest/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
    )
    print("\nMore details in files:")
-    print(f" - CSV: {args.output_directory}/{output_file+csv_file_suffix}")
-    print(f" - JSON: {args.output_directory}/{output_file+json_file_suffix}")
+    print(f" - CSV: {args.output_directory}/{output_file + csv_file_suffix}")
+    print(f" - JSON: {args.output_directory}/{output_file + json_file_suffix}")

    # Send output to S3 if needed (-B / -D)
    for mode in ["json", "csv"]:
--- a/prowler/providers/aws/lib/s3/s3.py
+++ b/prowler/providers/aws/lib/s3/s3.py
@@ -1,5 +1,3 @@
-import sys
-
 from prowler.config.config import (
    csv_file_suffix,
    html_file_suffix,
@@ -29,7 +27,7 @@ def send_to_s3_bucket(
        else:  # Compliance output mode
            filename = f"{output_filename}_{output_mode}{csv_file_suffix}"

-        logger.info(f"Sending outputs to S3 bucket {output_bucket_name}")
+        logger.info(f"Sending output file {filename} to S3 bucket {output_bucket_name}")
        # File location
        file_name = output_directory + "/" + filename

@@ -41,10 +39,9 @@ def send_to_s3_bucket(
        s3_client.upload_file(file_name, output_bucket_name, object_name)

    except Exception as error:
-        logger.critical(
+        logger.error(
            f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
        )
-        sys.exit(1)


 def get_s3_object_path(output_directory: str) -> str:
--- a/prowler/providers/aws/lib/security_hub/security_hub.py
+++ b/prowler/providers/aws/lib/security_hub/security_hub.py
@@ -14,9 +14,11 @@ def prepare_security_hub_findings(
    findings: [], audit_info: AWS_Audit_Info, output_options, enabled_regions: []
 ) -> dict:
    security_hub_findings_per_region = {}
-    # Create a key per region
-    for region in audit_info.audited_regions:
+
+    # Create a key per audited region
+    for region in enabled_regions:
        security_hub_findings_per_region[region] = []
+
    for finding in findings:
        # We don't send the INFO findings to AWS Security Hub
        if finding.status == "INFO":
@@ -27,7 +29,9 @@ def prepare_security_hub_findings(
            continue

        # Handle quiet mode
-        if output_options.is_quiet and finding.status != "FAIL":
+        if (
+            output_options.is_quiet or output_options.send_sh_only_fails
+        ) and finding.status != "FAIL":
            continue

        # Get the finding region
@@ -47,8 +51,10 @@ def prepare_security_hub_findings(


 def verify_security_hub_integration_enabled_per_region(
+    partition: str,
    region: str,
    session: session.Session,
+    aws_account_number: str,
 ) -> bool:
    f"""verify_security_hub_integration_enabled returns True if the {SECURITY_HUB_INTEGRATION_NAME} is enabled for the given region. Otherwise returns false."""
    prowler_integration_enabled = False
@@ -62,7 +68,8 @@ def verify_security_hub_integration_enabled_per_region(
        security_hub_client.describe_hub()

        # Check if Prowler integration is enabled in Security Hub
-        if "prowler/prowler" not in str(
+        security_hub_prowler_integration_arn = f"arn:{partition}:securityhub:{region}:{aws_account_number}:product-subscription/{SECURITY_HUB_INTEGRATION_NAME}"
+        if security_hub_prowler_integration_arn not in str(
            security_hub_client.list_enabled_products_for_import()
        ):
            logger.error(
--- a/prowler/providers/aws/lib/service/service.py
+++ b/prowler/providers/aws/lib/service/service.py
@@ -1,17 +1,21 @@
-import threading
+from concurrent.futures import ThreadPoolExecutor, as_completed

+from prowler.lib.logger import logger
 from prowler.providers.aws.aws_provider import (
    generate_regional_clients,
    get_default_region,
 )
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info

+MAX_WORKERS = 10
+

 class AWSService:
    """The AWSService class offers a parent class for each AWS Service to generate:
    - AWS Regional Clients
    - Shared information like the account ID and ARN, the the AWS partition and the checks audited
    - AWS Session
+    - Thread pool for the __threading_call__
    - Also handles if the AWS Service is Global
    """

@@ -34,9 +38,7 @@ class AWSService:

        # Generate Regional Clients
        if not global_service:
-            self.regional_clients = generate_regional_clients(
-                self.service, audit_info, global_service
-            )
+            self.regional_clients = generate_regional_clients(self.service, audit_info)

        # Get a single region and client if the service needs it (e.g. AWS Global Service)
        # We cannot include this within an else because some services needs both the regional_clients
@@ -44,14 +46,40 @@ class AWSService:
        self.region = get_default_region(self.service, audit_info)
        self.client = self.session.client(self.service, self.region)

+        # Thread pool for __threading_call__
+        self.thread_pool = ThreadPoolExecutor(max_workers=MAX_WORKERS)
+
    def __get_session__(self):
        return self.session

-    def __threading_call__(self, call):
-        threads = []
-        for regional_client in self.regional_clients.values():
-            threads.append(threading.Thread(target=call, args=(regional_client,)))
-        for t in threads:
-            t.start()
-        for t in threads:
-            t.join()
+    def __threading_call__(self, call, iterator=None):
+        # Use the provided iterator, or default to self.regional_clients
+        items = iterator if iterator is not None else self.regional_clients.values()
+        # Determine the total count for logging
+        item_count = len(items)
+
+        # Trim leading and trailing underscores from the call's name
+        call_name = call.__name__.strip("_")
+        # Add Capitalization
+        call_name = " ".join([x.capitalize() for x in call_name.split("_")])
+
+        # Print a message based on the call's name, and if its regional or processing a list of items
+        if iterator is None:
+            logger.info(
+                f"{self.service.upper()} - Starting threads for '{call_name}' function across {item_count} regions..."
+            )
+        else:
+            logger.info(
+                f"{self.service.upper()} - Starting threads for '{call_name}' function to process {item_count} items..."
+            )
+
+        # Submit tasks to the thread pool
+        futures = [self.thread_pool.submit(call, item) for item in items]
+
+        # Wait for all tasks to complete
+        for future in as_completed(futures):
+            try:
+                future.result()  # Raises exceptions from the thread, if any
+            except Exception:
+                # Handle exceptions if necessary
+                pass  # Replace 'pass' with any additional exception handling logic. Currently handled within the called function
--- a/prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.py
+++ b/prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.py
@@ -19,17 +19,23 @@ class accessanalyzer_enabled(Check):
                    f"IAM Access Analyzer {analyzer.name} is enabled."
                )

-            elif analyzer.status == "NOT_AVAILABLE":
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"IAM Access Analyzer in account {analyzer.name} is not enabled."
-                )
-
            else:
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"IAM Access Analyzer {analyzer.name} is not active."
-                )
+                if analyzer.status == "NOT_AVAILABLE":
+                    report.status = "FAIL"
+                    report.status_extended = f"IAM Access Analyzer in account {analyzer.name} is not enabled."
+
+                else:
+                    report.status = "FAIL"
+                    report.status_extended = (
+                        f"IAM Access Analyzer {analyzer.name} is not active."
+                    )
+                if (
+                    accessanalyzer_client.audit_config.get(
+                        "allowlist_non_default_regions", False
+                    )
+                    and not analyzer.region == accessanalyzer_client.region
+                ):
+                    report.status = "WARNING"

            findings.append(report)

--- a/prowler/providers/aws/services/accessanalyzer/accessanalyzer_service.py
+++ b/prowler/providers/aws/services/accessanalyzer/accessanalyzer_service.py
@@ -85,21 +85,36 @@ class AccessAnalyzer(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

+    # TODO: We need to include ListFindingsV2
+    # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/accessanalyzer/client/list_findings_v2.html
    def __list_findings__(self):
        logger.info("AccessAnalyzer - Listing Findings per Analyzer...")
        try:
            for analyzer in self.analyzers:
-                if analyzer.status == "ACTIVE":
-                    regional_client = self.regional_clients[analyzer.region]
-                    list_findings_paginator = regional_client.get_paginator(
-                        "list_findings"
+                try:
+                    if analyzer.status == "ACTIVE":
+                        regional_client = self.regional_clients[analyzer.region]
+                        list_findings_paginator = regional_client.get_paginator(
+                            "list_findings"
+                        )
+                        for page in list_findings_paginator.paginate(
+                            analyzerArn=analyzer.arn
+                        ):
+                            for finding in page["findings"]:
+                                analyzer.findings.append(Finding(id=finding["id"]))
+                except ClientError as error:
+                    if error.response["Error"]["Code"] == "ValidationException":
+                        logger.warning(
+                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+                    else:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+                except Exception as error:
+                    logger.error(
+                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
-                    for page in list_findings_paginator.paginate(
-                        analyzerArn=analyzer.arn
-                    ):
-                        for finding in page["findings"]:
-                            analyzer.findings.append(Finding(id=finding["id"]))
-
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
+++ b/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.py
@@ -19,7 +19,11 @@ class acm_certificates_expiration_check(Check):
                report.resource_tags = certificate.tags
            else:
                report.status = "FAIL"
-                report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {DAYS_TO_EXPIRE_THRESHOLD} days."
+                if certificate.expiration_days < 0:
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} has expired ({abs(certificate.expiration_days)} days ago)."
+                else:
+                    report.status_extended = f"ACM Certificate {certificate.id} for {certificate.name} is about to expire in {certificate.expiration_days} days."
+
                report.resource_id = certificate.id
                report.resource_details = certificate.name
                report.resource_arn = certificate.arn
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "apigateway_restapi_authorizers_enabled",
-  "CheckTitle": "Check if API Gateway has configured authorizers.",
+  "CheckTitle": "Check if API Gateway has configured authorizers at api or method level.",
  "CheckAliases": [
    "apigateway_authorizers_enabled"
  ],
@@ -13,7 +13,7 @@
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "medium",
  "ResourceType": "AwsApiGatewayRestApi",
-  "Description": "Check if API Gateway has configured authorizers.",
+  "Description": "Check if API Gateway has configured authorizers at api or method level.",
  "Risk": "If no authorizer is enabled anyone can use the service.",
  "RelatedUrl": "",
  "Remediation": {
--- a/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.py
+++ b/prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.py
@@ -13,12 +13,41 @@ class apigateway_restapi_authorizers_enabled(Check):
            report.resource_id = rest_api.name
            report.resource_arn = rest_api.arn
            report.resource_tags = rest_api.tags
+            # it there are not authorizers at api level and resources without methods (default case) ->
+            report.status = "FAIL"
+            report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured at api level."
            if rest_api.authorizer:
                report.status = "PASS"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured."
+                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has an authorizer configured at api level"
            else:
-                report.status = "FAIL"
-                report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have an authorizer configured."
+                # we want to know if api has not authorizers and all the resources don't have methods configured
+                resources_have_methods = False
+                all_methods_authorized = True
+                resource_paths_with_unathorized_methods = []
+                for resource in rest_api.resources:
+                    # if the resource has methods test if they have all configured authorizer
+                    if resource.resource_methods:
+                        resources_have_methods = True
+                        for (
+                            http_method,
+                            authorization_method,
+                        ) in resource.resource_methods.items():
+                            if authorization_method == "NONE":
+                                all_methods_authorized = False
+                                unauthorized_method = (
+                                    f"{resource.path} -> {http_method}"
+                                )
+                                resource_paths_with_unathorized_methods.append(
+                                    unauthorized_method
+                                )
+                # if there are methods in at least one resource and are all authorized
+                if all_methods_authorized and resources_have_methods:
+                    report.status = "PASS"
+                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} has all methods authorized"
+                # if there are methods in at least one result but some of then are not authorized-> list it
+                elif not all_methods_authorized:
+                    report.status_extended = f"API Gateway {rest_api.name} ID {rest_api.id} does not have authorizers at api level and the following paths and methods are unauthorized: {'; '.join(resource_paths_with_unathorized_methods)}."
+
            findings.append(report)

        return findings
--- a/prowler/providers/aws/services/apigateway/apigateway_service.py
+++ b/prowler/providers/aws/services/apigateway/apigateway_service.py
@@ -17,6 +17,7 @@ class APIGateway(AWSService):
        self.__get_authorizers__()
        self.__get_rest_api__()
        self.__get_stages__()
+        self.__get_resources__()

    def __get_rest_apis__(self, regional_client):
        logger.info("APIGateway - Getting Rest APIs...")
@@ -53,7 +54,9 @@ class APIGateway(AWSService):
                if authorizers:
                    rest_api.authorizer = True
        except Exception as error:
-            logger.error(f"{error.__class__.__name__}: {error}")
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )

    def __get_rest_api__(self):
        logger.info("APIGateway - Describing Rest API...")
@@ -64,7 +67,9 @@ class APIGateway(AWSService):
                if rest_api_info["endpointConfiguration"]["types"] == ["PRIVATE"]:
                    rest_api.public_endpoint = False
        except Exception as error:
-            logger.error(f"{error.__class__.__name__}: {error}")
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )

    def __get_stages__(self):
        logger.info("APIGateway - Getting stages for Rest APIs...")
@@ -95,7 +100,46 @@ class APIGateway(AWSService):
                        )
                    )
        except Exception as error:
-            logger.error(f"{error.__class__.__name__}: {error}")
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )
+
+    def __get_resources__(self):
+        logger.info("APIGateway - Getting API resources...")
+        try:
+            for rest_api in self.rest_apis:
+                regional_client = self.regional_clients[rest_api.region]
+                get_resources_paginator = regional_client.get_paginator("get_resources")
+                for page in get_resources_paginator.paginate(restApiId=rest_api.id):
+                    for resource in page["items"]:
+                        id = resource["id"]
+                        resource_methods = []
+                        methods_auth = {}
+                        for resource_method in resource.get(
+                            "resourceMethods", {}
+                        ).keys():
+                            resource_methods.append(resource_method)
+
+                        for resource_method in resource_methods:
+                            if resource_method != "OPTIONS":
+                                method_config = regional_client.get_method(
+                                    restApiId=rest_api.id,
+                                    resourceId=id,
+                                    httpMethod=resource_method,
+                                )
+                                auth_type = method_config["authorizationType"]
+                                methods_auth.update({resource_method: auth_type})
+
+                        rest_api.resources.append(
+                            PathResourceMethods(
+                                path=resource["path"], resource_methods=methods_auth
+                            )
+                        )
+
+        except Exception as error:
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )


 class Stage(BaseModel):
@@ -107,6 +151,11 @@ class Stage(BaseModel):
    tags: Optional[list] = []


+class PathResourceMethods(BaseModel):
+    path: str
+    resource_methods: dict
+
+
 class RestAPI(BaseModel):
    id: str
    arn: str
@@ -116,3 +165,4 @@ class RestAPI(BaseModel):
    public_endpoint: bool = True
    stages: list[Stage] = []
    tags: Optional[list] = []
+    resources: list[PathResourceMethods] = []
--- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py
+++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.py
@@ -14,13 +14,13 @@ class apigatewayv2_api_access_logging_enabled(Check):
                if stage.logging:
                    report.status = "PASS"
                    report.status_extended = f"API Gateway V2 {api.name} ID {api.id} in stage {stage.name} has access logging enabled."
-                    report.resource_id = api.name
+                    report.resource_id = f"{api.name}-{stage.name}"
                    report.resource_arn = api.arn
                    report.resource_tags = api.tags
                else:
                    report.status = "FAIL"
                    report.status_extended = f"API Gateway V2 {api.name} ID {api.id} in stage {stage.name} has access logging disabled."
-                    report.resource_id = api.name
+                    report.resource_id = f"{api.name}-{stage.name}"
                    report.resource_arn = api.arn
                    report.resource_tags = api.tags
                findings.append(report)
--- a/prowler/providers/aws/services/athena/athena_service.py
+++ b/prowler/providers/aws/services/athena/athena_service.py
@@ -54,10 +54,8 @@ class Athena(AWSService):
                    )

                    wg_configuration = wg.get("WorkGroup").get("Configuration")
-                    self.workgroups[
-                        workgroup.arn
-                    ].enforce_workgroup_configuration = wg_configuration.get(
-                        "EnforceWorkGroupConfiguration", False
+                    self.workgroups[workgroup.arn].enforce_workgroup_configuration = (
+                        wg_configuration.get("EnforceWorkGroupConfiguration", False)
                    )

                    # We include an empty EncryptionConfiguration to handle if the workgroup does not have encryption configured
@@ -77,9 +75,9 @@ class Athena(AWSService):
                        encryption_configuration = EncryptionConfiguration(
                            encryption_option=encryption, encrypted=True
                        )
-                        self.workgroups[
-                            workgroup.arn
-                        ].encryption_configuration = encryption_configuration
+                        self.workgroups[workgroup.arn].encryption_configuration = (
+                            encryption_configuration
+                        )
                except Exception as error:
                    logger.error(
                        f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.py
@@ -11,57 +11,55 @@ from prowler.providers.aws.services.awslambda.awslambda_client import awslambda_
 class awslambda_function_no_secrets_in_code(Check):
    def execute(self):
        findings = []
-        for function in awslambda_client.functions.values():
-            if function.code:
-                report = Check_Report_AWS(self.metadata())
-                report.region = function.region
-                report.resource_id = function.name
-                report.resource_arn = function.arn
-                report.resource_tags = function.tags
+        if awslambda_client.functions:
+            for function, function_code in awslambda_client.__get_function_code__():
+                if function_code:
+                    report = Check_Report_AWS(self.metadata())
+                    report.region = function.region
+                    report.resource_id = function.name
+                    report.resource_arn = function.arn
+                    report.resource_tags = function.tags

-                report.status = "PASS"
-                report.status_extended = (
-                    f"No secrets found in Lambda function {function.name} code."
-                )
-                with tempfile.TemporaryDirectory() as tmp_dir_name:
-                    function.code.code_zip.extractall(tmp_dir_name)
-                    # List all files
-                    files_in_zip = next(os.walk(tmp_dir_name))[2]
-                    secrets_findings = []
-                    for file in files_in_zip:
-                        secrets = SecretsCollection()
-                        with default_settings():
-                            secrets.scan_file(f"{tmp_dir_name}/{file}")
-                        detect_secrets_output = secrets.json()
-                        if detect_secrets_output:
-                            for (
-                                file_name
-                            ) in (
-                                detect_secrets_output.keys()
-                            ):  # Appears that only 1 file is being scanned at a time, so could rework this
-                                output_file_name = file_name.replace(
-                                    f"{tmp_dir_name}/", ""
-                                )
-                                secrets_string = ", ".join(
-                                    [
-                                        f"{secret['type']} on line {secret['line_number']}"
-                                        for secret in detect_secrets_output[file_name]
-                                    ]
-                                )
-                                secrets_findings.append(
-                                    f"{output_file_name}: {secrets_string}"
-                                )
+                    report.status = "PASS"
+                    report.status_extended = (
+                        f"No secrets found in Lambda function {function.name} code."
+                    )
+                    with tempfile.TemporaryDirectory() as tmp_dir_name:
+                        function_code.code_zip.extractall(tmp_dir_name)
+                        # List all files
+                        files_in_zip = next(os.walk(tmp_dir_name))[2]
+                        secrets_findings = []
+                        for file in files_in_zip:
+                            secrets = SecretsCollection()
+                            with default_settings():
+                                secrets.scan_file(f"{tmp_dir_name}/{file}")
+                            detect_secrets_output = secrets.json()
+                            if detect_secrets_output:
+                                for (
+                                    file_name
+                                ) in (
+                                    detect_secrets_output.keys()
+                                ):  # Appears that only 1 file is being scanned at a time, so could rework this
+                                    output_file_name = file_name.replace(
+                                        f"{tmp_dir_name}/", ""
+                                    )
+                                    secrets_string = ", ".join(
+                                        [
+                                            f"{secret['type']} on line {secret['line_number']}"
+                                            for secret in detect_secrets_output[
+                                                file_name
+                                            ]
+                                        ]
+                                    )
+                                    secrets_findings.append(
+                                        f"{output_file_name}: {secrets_string}"
+                                    )

-                    if secrets_findings:
-                        final_output_string = "; ".join(secrets_findings)
-                        report.status = "FAIL"
-                        # report.status_extended = f"Potential {'secrets' if len(secrets_findings)>1 else 'secret'} found in Lambda function {function.name} code. {final_output_string}."
-                        if len(secrets_findings) > 1:
-                            report.status_extended = f"Potential secrets found in Lambda function {function.name} code -> {final_output_string}."
-                        else:
-                            report.status_extended = f"Potential secret found in Lambda function {function.name} code -> {final_output_string}."
-                        # break // Don't break as there may be additional findings
+                        if secrets_findings:
+                            final_output_string = "; ".join(secrets_findings)
+                            report.status = "FAIL"
+                            report.status_extended = f"Potential {'secrets' if len(secrets_findings) > 1 else 'secret'} found in Lambda function {function.name} code -> {final_output_string}."

-                findings.append(report)
+                    findings.append(report)

        return findings
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.py
@@ -42,7 +42,7 @@ class awslambda_function_no_secrets_in_variables(Check):
                    environment_variable_names = list(function.environment.keys())
                    secrets_string = ", ".join(
                        [
-                            f"{secret['type']} in variable {environment_variable_names[int(secret['line_number'])-2]}"
+                            f"{secret['type']} in variable {environment_variable_names[int(secret['line_number']) - 2]}"
                            for secret in detect_secrets_output[temp_env_data_file.name]
                        ]
                    )
--- a/prowler/providers/aws/services/awslambda/awslambda_service.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_service.py
@@ -1,6 +1,7 @@
 import io
 import json
 import zipfile
+from concurrent.futures import as_completed
 from enum import Enum
 from typing import Any, Optional

@@ -21,15 +22,6 @@ class Lambda(AWSService):
        self.functions = {}
        self.__threading_call__(self.__list_functions__)
        self.__list_tags_for_resource__()
-
-        # We only want to retrieve the Lambda code if the
-        # awslambda_function_no_secrets_in_code check is set
-        if (
-            "awslambda_function_no_secrets_in_code"
-            in audit_info.audit_metadata.expected_checks
-        ):
-            self.__threading_call__(self.__get_function__)
-
        self.__threading_call__(self.__get_policy__)
        self.__threading_call__(self.__get_function_url_config__)

@@ -70,28 +62,45 @@ class Lambda(AWSService):
                f" {error}"
            )

-    def __get_function__(self, regional_client):
-        logger.info("Lambda - Getting Function...")
-        try:
-            for function in self.functions.values():
-                if function.region == regional_client.region:
-                    function_information = regional_client.get_function(
-                        FunctionName=function.name
-                    )
-                    if "Location" in function_information["Code"]:
-                        code_location_uri = function_information["Code"]["Location"]
-                        raw_code_zip = requests.get(code_location_uri).content
-                        self.functions[function.arn].code = LambdaCode(
-                            location=code_location_uri,
-                            code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
-                        )
+    def __get_function_code__(self):
+        logger.info("Lambda - Getting Function Code...")
+        # Use a thread pool handle the queueing and execution of the __fetch_function_code__ tasks, up to max_workers tasks concurrently.
+        lambda_functions_to_fetch = {
+            self.thread_pool.submit(
+                self.__fetch_function_code__, function.name, function.region
+            ): function
+            for function in self.functions.values()
+        }

+        for fetched_lambda_code in as_completed(lambda_functions_to_fetch):
+            function = lambda_functions_to_fetch[fetched_lambda_code]
+            try:
+                function_code = fetched_lambda_code.result()
+                if function_code:
+                    yield function, function_code
+            except Exception as error:
+                logger.error(
+                    f"{function.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+
+    def __fetch_function_code__(self, function_name, function_region):
+        try:
+            regional_client = self.regional_clients[function_region]
+            function_information = regional_client.get_function(
+                FunctionName=function_name
+            )
+            if "Location" in function_information["Code"]:
+                code_location_uri = function_information["Code"]["Location"]
+                raw_code_zip = requests.get(code_location_uri).content
+                return LambdaCode(
+                    location=code_location_uri,
+                    code_zip=zipfile.ZipFile(io.BytesIO(raw_code_zip)),
+                )
        except Exception as error:
            logger.error(
-                f"{regional_client.region} --"
-                f" {error.__class__.__name__}[{error.__traceback__.tb_lineno}]:"
-                f" {error}"
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )
+            raise

    def __get_policy__(self, regional_client):
        logger.info("Lambda - Getting Policy...")
--- a/prowler/providers/aws/services/backup/backup_service.py
+++ b/prowler/providers/aws/services/backup/backup_service.py
@@ -152,5 +152,5 @@ class BackupReportPlan(BaseModel):
    arn: str
    region: str
    name: str
-    last_attempted_execution_date: datetime
+    last_attempted_execution_date: Optional[datetime]
    last_successful_execution_date: Optional[datetime]
--- a/prowler/providers/aws/services/cloudfront/cloudfront_service.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_service.py
@@ -53,12 +53,12 @@ class CloudFront(AWSService):
                distributions[distribution_id].logging_enabled = distribution_config[
                    "DistributionConfig"
                ]["Logging"]["Enabled"]
-                distributions[
-                    distribution_id
-                ].geo_restriction_type = GeoRestrictionType(
-                    distribution_config["DistributionConfig"]["Restrictions"][
-                        "GeoRestriction"
-                    ]["RestrictionType"]
+                distributions[distribution_id].geo_restriction_type = (
+                    GeoRestrictionType(
+                        distribution_config["DistributionConfig"]["Restrictions"][
+                            "GeoRestriction"
+                        ]["RestrictionType"]
+                    )
                )
                distributions[distribution_id].web_acl_id = distribution_config[
                    "DistributionConfig"
@@ -78,9 +78,9 @@ class CloudFront(AWSService):
                        "DefaultCacheBehavior"
                    ].get("FieldLevelEncryptionId"),
                )
-                distributions[
-                    distribution_id
-                ].default_cache_config = default_cache_config
+                distributions[distribution_id].default_cache_config = (
+                    default_cache_config
+                )

        except Exception as error:
            logger.error(
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_service.py
@@ -140,7 +140,16 @@ class Cloudtrail(AWSService):
                                error.response["Error"]["Code"]
                                == "InsightNotEnabledException"
                            ):
-                                continue
+                                logger.warning(
+                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                                )
+                            elif (
+                                error.response["Error"]["Code"]
+                                == "UnsupportedOperationException"
+                            ):
+                                logger.warning(
+                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                                )
                            else:
                                logger.error(
                                    f"{client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_changes_to_network_acls_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_changes_to_network_gateways_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json
@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "cloudwatch_changes_to_network_route_tables_alarm_configured",
-  "CheckTitle": "Ensure a log metric filter and alarm exist for route table changes.",
+  "CheckTitle": "Ensure route table changes are monitored",
  "CheckType": [
    "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
  ],
@@ -10,8 +10,8 @@
  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:certificate/resource-id",
  "Severity": "medium",
  "ResourceType": "AwsCloudTrailTrail",
-  "Description": "Ensure a log metric filter and alarm exist for route table changes.",
-  "Risk": "Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.",
+  "Description": "Real-time monitoring of API calls can be achieved by directing Cloud Trail Logs to CloudWatch Logs, or an external Security information and event management (SIEM)environment, and establishing corresponding metric filters and alarms. Routing tablesare used to route network traffic between subnets and to network gateways. It isrecommended that a metric filter and alarm be established for changes to route tables.",
+  "Risk": "CloudWatch is an AWS native service that allows you to ob serve and monitor resources and applications. CloudTrail Logs can also be sent to an external Security informationand event management (SIEM) environment for monitoring and alerting.Monitoring changes to route tables will help ensure that all VPC traffic flows through anexpected path and prevent any accidental or intentional modifications that may lead touncontrolled network traffic. An alarm should be triggered every time an AWS API call isperformed to create, replace, delete, or disassociate a Route Table.",
  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
  "Remediation": {
    "Code": {
@@ -21,12 +21,12 @@
      "Terraform": "https://docs.bridgecrew.io/docs/monitoring_13#fix---buildtime"
    },
    "Recommendation": {
-      "Text": "It is recommended that a metric filter and alarm be established for unauthorized requests.",
+      "Text": "If you are using CloudTrails and CloudWatch, perform the following to setup the metric filter, alarm, SNS topic, and subscription: 1. Create a metric filter based on filter pattern provided which checks for route table changes and the <cloudtrail_log_group_name> taken from audit step 1. aws logs put-metric-filter --log-group-name <cloudtrail_log_group_name> -- filter-name `<route_table_changes_metric>` --metric-transformations metricName= `<route_table_changes_metric>` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }' Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together. 2. Create an SNS topic that the alarm will notify aws sns create-topic --name <sns_topic_name> Note: you can execute this command once and then re-use the same topic for all monitoring alarms. 3. Create an SNS subscription to the topic created in step 2 aws sns subscribe --topic-arn <sns_topic_arn> --protocol <protocol_for_sns> - -notification-endpoint <sns_subscription_endpoints> Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms. 4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2 aws cloudwatch put-metric-alarm --alarm-name `<route_table_changes_alarm>` --metric-name `<route_table_changes_metric>` --statistic Sum --period 300 - -threshold 1 --comparison-operator GreaterThanOrEqualToThreshold -- evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>",
      "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html"
    }
  },
  "Categories": [],
  "DependsOn": [],
  "RelatedTo": [],
-  "Notes": "Logging and Monitoring"
+  "Notes": ""
 }
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,12 +5,15 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


 class cloudwatch_changes_to_network_route_tables_alarm_configured(Check):
    def execute(self):
-        pattern = r"\$\.eventName\s*=\s*.?CreateRoute.+\$\.eventName\s*=\s*.?CreateRouteTable.+\$\.eventName\s*=\s*.?ReplaceRoute.+\$\.eventName\s*=\s*.?ReplaceRouteTableAssociation.+\$\.eventName\s*=\s*.?DeleteRouteTable.+\$\.eventName\s*=\s*.?DeleteRoute.+\$\.eventName\s*=\s*.?DisassociateRouteTable.?"
+        pattern = r"\$\.eventSource\s*=\s*.?ec2.amazonaws.com.+\$\.eventName\s*=\s*.?CreateRoute.+\$\.eventName\s*=\s*.?CreateRouteTable.+\$\.eventName\s*=\s*.?ReplaceRoute.+\$\.eventName\s*=\s*.?ReplaceRouteTableAssociation.+\$\.eventName\s*=\s*.?DeleteRouteTable.+\$\.eventName\s*=\s*.?DeleteRoute.+\$\.eventName\s*=\s*.?DisassociateRouteTable.?"
        findings = []
        report = Check_Report_AWS(self.metadata())
        report.status = "FAIL"
@@ -22,26 +23,13 @@ class cloudwatch_changes_to_network_route_tables_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_changes_to_vpcs_alarm_configured(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -24,26 +25,13 @@ class cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_change
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -24,26 +25,13 @@ class cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_change
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_log_metric_filter_authentication_failures(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_log_metric_filter_aws_organizations_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,13 @@ class cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk(Chec
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.py
@@ -1,5 +1,3 @@
-import re
-
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
    cloudtrail_client,
@@ -7,6 +5,9 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 from prowler.providers.aws.services.cloudwatch.cloudwatch_client import (
    cloudwatch_client,
 )
+from prowler.providers.aws.services.cloudwatch.lib.metric_filters import (
+    check_cloudwatch_log_metric_filter,
+)
 from prowler.providers.aws.services.cloudwatch.logs_client import logs_client


@@ -22,26 +23,14 @@ class cloudwatch_log_metric_filter_for_s3_bucket_policy_changes(Check):
        report.region = cloudwatch_client.region
        report.resource_id = cloudtrail_client.audited_account
        report.resource_arn = cloudtrail_client.audited_account_arn
-        # 1. Iterate for CloudWatch Log Group in CloudTrail trails
-        log_groups = []
-        for trail in cloudtrail_client.trails:
-            if trail.log_group_arn:
-                log_groups.append(trail.log_group_arn.split(":")[6])
-        # 2. Describe metric filters for previous log groups
-        for metric_filter in logs_client.metric_filters:
-            if metric_filter.log_group in log_groups:
-                if re.search(pattern, metric_filter.pattern, flags=re.DOTALL):
-                    report.resource_id = metric_filter.log_group
-                    report.resource_arn = metric_filter.arn
-                    report.region = metric_filter.region
-                    report.status = "FAIL"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} but no alarms associated."
-                    # 3. Check if there is an alarm for the metric
-                    for alarm in cloudwatch_client.metric_alarms:
-                        if alarm.metric == metric_filter.metric:
-                            report.status = "PASS"
-                            report.status_extended = f"CloudWatch log group {metric_filter.log_group} found with metric filter {metric_filter.name} and alarms set."
-                            break
+
+        report = check_cloudwatch_log_metric_filter(
+            pattern,
+            cloudtrail_client.trails,
+            logs_client.metric_filters,
+            cloudwatch_client.metric_alarms,
+            report,
+        )

        findings.append(report)
        return findings
--- a/Show More
+++ b/Show More