chore(deps-dev): bump flake8 from 7.1.2 to 7.2.0 (#7516 )

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore(deps-dev): bump mkdocs-material from 9.6.7 to 9.6.11 (#7518 )
2026-03-24 04:28:02 +00:00 · 2025-04-15 12:25:57 -04:00 · 2025-04-15 10:32:25 -04:00 · 2025-04-15 09:26:27 -04:00 · 2025-04-15 09:22:24 -04:00 · 2025-04-11 10:14:44 +02:00
248 changed files with 17537 additions and 5301 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,7 @@

 version: 2
 updates:
+  # v5
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
@@ -14,6 +15,7 @@ updates:
    labels:
      - "dependencies"
      - "pip"
+
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
@@ -24,20 +26,55 @@ updates:
      - "dependencies"
      - "github_actions"

-  - package-ecosystem: "pip"
+  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10
+    target-branch: master
+    labels:
+      - "dependencies"
+      - "npm"
+
+  # v4.6
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v4"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v4"
+
+  # v3
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
    target-branch: v3
    labels:
      - "dependencies"
      - "pip"
      - "v3"
+
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    target-branch: v3
    labels:
--- a/.github/workflows/build-lint-push-containers.yml
+++ b/.github/workflows/build-lint-push-containers.yml
@@ -3,7 +3,11 @@ name: build-lint-push-containers
 on:
  push:
    branches:
+      # For `v3-latest`
      - "v3"
+      # For `v4-latest`
+      - "v4.6"
+      # For `latest`
      - "master"
    paths-ignore:
      - ".github/**"
@@ -58,7 +62,7 @@ jobs:

      - name: Install Poetry
        run: |
-          pipx install poetry
+          pipx install poetry==1.8.5
          pipx inject poetry poetry-bumpversion

      - name: Get Prowler version
@@ -80,8 +84,8 @@ jobs:
              ;;

          4)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
+              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
              ;;

          *)
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.84.1
+        uses: trufflesecurity/trufflehog@v3.88.23
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -22,7 +22,7 @@ jobs:
      - uses: actions/checkout@v4
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@v46
        with:
          files: ./**
          files_ignore: |
@@ -36,7 +36,7 @@ jobs:
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry
+          pipx install poetry==1.8.5
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -37,7 +37,7 @@ jobs:

      - name: Install dependencies
        run: |
-          pipx install poetry
+          pipx install poetry==1.8.5

      - name: Setup Python
        uses: actions/setup-python@v5
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM python:3.12-alpine
+FROM python:3.12.10-alpine3.20

 LABEL maintainer="https://github.com/prowler-cloud/prowler"

--- a/dashboard/pages/compliance.py
+++ b/dashboard/pages/compliance.py
@@ -532,8 +532,8 @@ def get_bar_graph(df, column_name):

    # Cut the text if it is too long
    for i in range(len(colums)):
-        if len(colums[i]) > 15:
-            colums[i] = colums[i][:15] + "..."
+        if len(colums[i]) > 43:
+            colums[i] = colums[i][:43] + "..."

    fig = px.bar(
        df,
--- a/docs/tutorials/configuration_file.md
+++ b/docs/tutorials/configuration_file.md
@@ -47,6 +47,7 @@ The following list includes all the AWS checks with configurable variables that
 | `ecr_repositories_scan_vulnerabilities_in_latest_image`       | `ecr_repository_vulnerability_minimum_severity`  | String          |
 | `eks_cluster_uses_a_supported_version`                        | `eks_cluster_oldest_version_supported`           | String          |
 | `eks_control_plane_logging_all_types_enabled`                 | `eks_required_log_types`                         | List of Strings |
+| `elasticache_redis_cluster_backup_enabled`                    | `minimum_snapshot_retention_period`              | Integer         |
 | `elb_is_in_multiple_az`                                       | `elb_min_azs`                                    | Integer         |
 | `elbv2_is_in_multiple_az`                                     | `elbv2_min_azs`                                  | Integer         |
 | `guardduty_is_enabled`                                        | `mute_non_default_regions`                       | Boolean         |
--- a/poetry.lock
+++ b/poetry.lock
--- a/prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json
+++ b/prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json
@@ -28,7 +28,9 @@
          "Service": "ebs"
        }
      ],
-      "Checks": []
+      "Checks": [
+        "ec2_ebs_volume_snapshots_exists"
+      ]
    },
    {
      "Id": "1.0.3",
@@ -42,7 +44,8 @@
        }
      ],
      "Checks": [
-        "ec2_ebs_default_encryption"
+        "ec2_ebs_default_encryption",
+        "ec2_ebs_volume_encryption"
      ]
    },
    {
@@ -87,7 +90,9 @@
        }
      ],
      "Checks": [
-        "iam_user_mfa_enabled_console_access"
+        "iam_user_mfa_enabled_console_access",
+        "iam_user_hardware_mfa_enabled",
+        "iam_root_mfa_enabled"
      ]
    },
    {
@@ -102,7 +107,9 @@
        }
      ],
      "Checks": [
-        "iam_user_mfa_enabled_console_access"
+        "iam_user_mfa_enabled_console_access",
+        "iam_user_hardware_mfa_enabled",
+        "iam_root_mfa_enabled"
      ]
    },
    {
@@ -117,7 +124,9 @@
        }
      ],
      "Checks": [
-        "iam_root_mfa_enabled"
+        "iam_root_mfa_enabled",
+        "iam_root_hardware_mfa_enabled",
+        "iam_user_mfa_enabled_console_access"
      ]
    },
    {
@@ -162,7 +171,10 @@
        }
      ],
      "Checks": [
-        "rds_instance_no_public_access"
+        "rds_instance_no_public_access",
+        "s3_bucket_public_access",
+        "s3_bucket_public_list_acl",
+        "s3_account_level_public_access_blocks"
      ]
    },
    {
@@ -192,7 +204,8 @@
        }
      ],
      "Checks": [
-        "rds_instance_storage_encrypted"
+        "rds_instance_storage_encrypted",
+        "rds_instance_transport_encrypted"
      ]
    },
    {
--- a/prowler/compliance/aws/cis_1.4_aws.json
+++ b/prowler/compliance/aws/cis_1.4_aws.json
@@ -455,7 +455,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest.",
@@ -476,7 +477,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS.",
@@ -497,7 +499,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.",
@@ -518,7 +521,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.",
@@ -540,7 +544,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides `Block public access (bucket settings)` and `Block public access (account settings)` to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, `Block public access (bucket settings)` prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, `Block public access (account settings)` prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.",
@@ -561,7 +566,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2. Elastic Compute Cloud (EC2)",
+          "Section": "2. Storage",
+          "SubSection": "2.2. Elastic Compute Cloud (EC2)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
@@ -578,11 +584,13 @@
      "Id": "2.3.1",
      "Description": "Ensure that encryption is enabled for RDS Instances",
      "Checks": [
-        "rds_instance_storage_encrypted"
+        "rds_instance_storage_encrypted",
+        "rds_instance_transport_encrypted"
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.",
--- a/prowler/compliance/aws/cis_1.5_aws.json
+++ b/prowler/compliance/aws/cis_1.5_aws.json
@@ -455,7 +455,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest.",
@@ -476,7 +477,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS.",
@@ -497,7 +499,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.",
@@ -518,7 +521,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.",
@@ -540,7 +544,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides `Block public access (bucket settings)` and `Block public access (account settings)` to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, `Block public access (bucket settings)` prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, `Block public access (account settings)` prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.",
@@ -561,7 +566,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2. Elastic Compute Cloud (EC2)",
+          "Section": "2. Storage",
+          "SubSection": "2.2. Elastic Compute Cloud (EC2)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
@@ -578,11 +584,13 @@
      "Id": "2.3.1",
      "Description": "Ensure that encryption is enabled for RDS Instances",
      "Checks": [
-        "rds_instance_storage_encrypted"
+        "rds_instance_storage_encrypted",
+        "rds_instance_transport_encrypted"
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.",
@@ -603,7 +611,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window. So, RDS instances can get the new features, bug fixes, and security patches for their database engines.",
@@ -624,7 +633,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure and verify that RDS database instances provisioned in your AWS account do restrict unauthorized access in order to minimize security risks. To restrict access to any publicly accessible RDS database instance, you must disable the database Publicly Accessible flag and update the VPC security group associated with the instance.",
@@ -645,7 +655,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.4 Elastic File System (EFS)",
+          "Section": "2. Storage",
+          "SubSection": "2.4 Elastic File System (EFS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "EFS data should be encrypted at rest using AWS KMS (Key Management Service).",
--- a/prowler/compliance/aws/cis_2.0_aws.json
+++ b/prowler/compliance/aws/cis_2.0_aws.json
@@ -303,7 +303,9 @@
    {
      "Id": "1.22",
      "Description": "Ensure access to AWSCloudShellFullAccess is restricted",
-      "Checks": [],
+      "Checks": [
+        "iam_policy_cloudshell_admin_not_attached"
+      ],
      "Attributes": [
        {
          "Section": "1. Identity and Access Management",
@@ -474,7 +476,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS.",
@@ -491,11 +494,13 @@
      "Id": "2.1.2",
      "Description": "Ensure MFA Delete is enabled on S3 buckets",
      "Checks": [
-        "s3_bucket_no_mfa_delete"
+        "s3_bucket_no_mfa_delete",
+        "cloudtrail_bucket_requires_mfa_delete"
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.",
@@ -516,7 +521,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.",
@@ -538,7 +544,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides `Block public access (bucket settings)` and `Block public access (account settings)` to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, `Block public access (bucket settings)` prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, `Block public access (account settings)` prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.",
@@ -559,7 +566,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2. Elastic Compute Cloud (EC2)",
+          "Section": "2. Storage",
+          "SubSection": "2.2. Elastic Compute Cloud (EC2)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
@@ -576,11 +584,13 @@
      "Id": "2.3.1",
      "Description": "Ensure that encryption is enabled for RDS Instances",
      "Checks": [
-        "rds_instance_storage_encrypted"
+        "rds_instance_storage_encrypted",
+        "rds_instance_transport_encrypted"
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.",
@@ -601,7 +611,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window. So, RDS instances can get the new features, bug fixes, and security patches for their database engines.",
@@ -622,7 +633,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure and verify that RDS database instances provisioned in your AWS account do restrict unauthorized access in order to minimize security risks. To restrict access to any publicly accessible RDS database instance, you must disable the database Publicly Accessible flag and update the VPC security group associated with the instance.",
@@ -643,7 +655,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.4 Elastic File System (EFS)",
+          "Section": "2. Storage",
+          "SubSection": "2.4 Elastic File System (EFS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "EFS data should be encrypted at rest using AWS KMS (Key Management Service).",
@@ -1338,7 +1351,8 @@
      "Id": "5.6",
      "Description": "Ensure that EC2 Metadata Service only allows IMDSv2",
      "Checks": [
-        "ec2_instance_imdsv2_enabled"
+        "ec2_instance_imdsv2_enabled",
+        "ec2_instance_account_imdsv2_enabled"
      ],
      "Attributes": [
        {
--- a/prowler/compliance/aws/cis_3.0_aws.json
+++ b/prowler/compliance/aws/cis_3.0_aws.json
@@ -474,7 +474,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS.",
@@ -495,7 +496,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.",
@@ -516,7 +518,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets.",
@@ -538,7 +541,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1. Simple Storage Service (S3)",
+          "Section": "2. Storage",
+          "SubSection": "2.1. Simple Storage Service (S3)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon S3 provides `Block public access (bucket settings)` and `Block public access (account settings)` to help you manage public access to Amazon S3 resources. By default, S3 buckets and objects are created with public access disabled. However, an IAM principal with sufficient S3 permissions can enable public access at the bucket and/or object level. While enabled, `Block public access (bucket settings)` prevents an individual bucket, and its contained objects, from becoming publicly accessible. Similarly, `Block public access (account settings)` prevents all buckets, and contained objects, from becoming publicly accessible across the entire account.",
@@ -559,7 +563,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2. Elastic Compute Cloud (EC2)",
+          "Section": "2. Storage",
+          "SubSection": "2.2. Elastic Compute Cloud (EC2)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
@@ -580,7 +585,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.",
@@ -601,7 +607,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window. So, RDS instances can get the new features, bug fixes, and security patches for their database engines.",
@@ -622,7 +629,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.3. Relational Database Service (RDS)",
+          "Section": "2. Storage",
+          "SubSection": "2.3. Relational Database Service (RDS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure and verify that RDS database instances provisioned in your AWS account do restrict unauthorized access in order to minimize security risks. To restrict access to anypublicly accessible RDS database instance, you must disable the database PubliclyAccessible flag and update the VPC security group associated with the instance",
@@ -643,7 +651,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.4 Elastic File System (EFS)",
+          "Section": "2. Storage",
+          "SubSection": "2.4 Elastic File System (EFS)",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "EFS data should be encrypted at rest using AWS KMS (Key Management Service).",
--- a/prowler/compliance/aws/ens_rd2022_aws.json
+++ b/prowler/compliance/aws/ens_rd2022_aws.json
@@ -2932,7 +2932,7 @@
      ]
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r1.aws.warch.1",
      "Description": "Sistema de gestión",
      "Attributes": [
        {
@@ -2956,7 +2956,7 @@
      "Checks": []
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r2.aws.warch.1",
      "Description": "Sistema de gestión de la seguridad con mejora continua",
      "Attributes": [
        {
@@ -2980,7 +2980,7 @@
      "Checks": []
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r3.aws.warch.1",
      "Description": "Validación de datos",
      "Attributes": [
        {
@@ -4304,32 +4304,6 @@
      ],
      "Checks": []
    },
-    {
-      "Id": "op.mon.3.aws.cwl.1",
-      "Description": "Vigilancia",
-      "Attributes": [
-        {
-          "IdGrupoControl": "op.mon.3",
-          "Marco": "operacional",
-          "Categoria": "monitorización del sistema",
-          "DescripcionControl": "Deberá asegurarse que todos los servicios que se utilicen en la arquitectura de la aplicación desplegada en AWS estén generando logs",
-          "Nivel": "alto",
-          "Tipo": "requisito",
-          "Dimensiones": [
-            "confidencialidad",
-            "integridad",
-            "trazabilidad",
-            "autenticidad",
-            "disponibilidad"
-          ],
-          "ModoEjecucion": "automatico",
-          "Dependencias": []
-        }
-      ],
-      "Checks": [
-        "cloudtrail_cloudwatch_logging_enabled"
-      ]
-    },
    {
      "Id": "mp.com.2.aws.vpn.1",
      "Description": "Protección de la confidencialidad",
--- a/prowler/compliance/azure/cis_2.0_azure.json
+++ b/prowler/compliance/azure/cis_2.0_azure.json
@@ -12,7 +12,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.1 Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Security defaults in Azure Active Directory (Azure AD) make it easier to be secure and help protect your organization. Security defaults contain preconfigured security settings for common attacks. Security defaults is available to everyone. The goal is to ensure that all organizations have a basic level of security",
@@ -34,7 +35,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.1 Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Enable multi-factor authentication for all roles, groups, and users that have write access or permissions to Azure resources. These include custom created objects or built-in roles such as; • Service Co-Administrators • Subscription Owners • Contributors",
@@ -56,7 +58,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.1 Security Defaults",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable multi-factor authentication for all non-privileged users.",
@@ -76,7 +79,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.1 Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Do not allow users to remember multi-factor authentication on devices.",
@@ -98,7 +102,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Azure Active Directory Conditional Access allows an organization to configure Named locations and configure whether those locations are trusted or untrusted. These settings provide organizations the means to specify Geographical locations for use in conditional access policies, or define actual IP addresses and IP ranges and whether or not those IP addresses and/or ranges are trusted by the organization.",
@@ -118,7 +123,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "CAUTION: If these policies are created without first auditing and testing the result, misconfiguration can potentially lock out administrators or create undesired access issues. Conditional Access Policies can be used to block access from geographic locations that are deemed out-of-scope for your organization or application. The scope and variables for this policy should be carefully examined and defined.",
@@ -138,7 +144,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on login.",
@@ -158,7 +165,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on logins.",
@@ -178,7 +186,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on login.",
@@ -198,7 +207,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on logins.",
@@ -220,7 +230,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Require administrators or appropriately delegated users to create new tenants.",
@@ -240,7 +250,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "This recommendation extends guest access review by utilizing the Azure AD Privileged Identity Management feature provided in Azure AD Premium P2. Azure AD is extended to include Azure AD B2B collaboration, allowing you to invite people from outside your organization to be guest users in your cloud account and sign in with their own work, school, or social identities. Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Work with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources a a guest user.",
@@ -260,7 +270,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Azure AD is extended to include Azure AD B2B collaboration, allowing you to invite people from outside your organization to be guest users in your cloud account and sign in with their own work, school, or social identities. Guest users allow you to share your company's applications and services with users from any other organization, while maintaining control over your own corporate data. Work with external partners, large or small, even if they don't have Azure AD or an IT department. A simple invitation and redemption process lets partners use their own credentials to access your company's resources as a guest user. Guest users in every subscription should be review on a regular basis to ensure that inactive and unneeded accounts are removed.",
@@ -280,7 +290,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Ensures that two alternate forms of identification are provided before allowing a password reset.",
@@ -300,7 +310,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Azure provides a Global Banned Password policy that applies to Azure administrative and normal user accounts. This is not applied to user accounts that are synced from an on-premise Active Directory unless Azure AD Connect is used and you enable EnforceCloudPasswordPolicyForPasswordSyncedUsers. Please see the list in default values on the specifics of this policy. To further password security, it is recommended to further define a custom banned password policy.",
@@ -320,7 +330,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that the number of days before users are asked to re-confirm their authentication information is not set to 0.",
@@ -340,7 +350,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that users are notified on their primary and secondary emails on password resets.",
@@ -360,7 +370,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that all Global Administrators are notified if any other administrator resets their password.",
@@ -382,7 +392,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Require administrators to provide consent for applications before use.",
@@ -404,7 +414,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Allow users to provide consent for selected permissions when a request is coming from a verified publisher.",
@@ -424,7 +434,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Require administrators to provide consent for the apps before use.",
@@ -446,7 +456,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Require administrators or appropriately delegated users to register third-party applications.",
@@ -468,7 +478,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Limit guest user permissions.",
@@ -490,7 +500,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Restrict invitations to users with specific administrative roles only.",
@@ -510,7 +520,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Restrict access to the Azure AD administration portal to administrators only. NOTE: This only affects access to the Azure AD administrator's web portal. This setting does not prohibit privileged users from using other methods such as Rest API or Powershell to obtain sensitive information from Azure AD.",
@@ -530,7 +540,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Restricts group creation to administrators with permissions only.",
@@ -552,7 +562,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Restrict security group creation to administrators only.",
@@ -572,7 +582,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Restrict security group management to administrators only.",
@@ -594,7 +604,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Restrict Microsoft 365 group creation to administrators only.",
@@ -614,7 +624,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Joining or registering devices to the active directory should require Multi-factor authentication.",
@@ -636,7 +646,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "The principle of least privilege should be followed and only necessary privileges should be assigned instead of allowing full administrative access.",
@@ -658,7 +668,7 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Resource locking is a powerful protection mechanism that can prevent inadvertent modification/deletion of resources within Azure subscriptions/Resource Groups and is a recommended NIST configuration.",
@@ -678,7 +688,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1. Identity and Access Management",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Users who are set as subscription owners are able to make administrative changes to the subscriptions and move them into and out of Azure Active Directories.",
@@ -700,7 +710,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -722,7 +733,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -744,7 +756,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Databases enables threat detection for the instances running your database software. This provides threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. Instead of being enabled on services like Platform as a Service (PaaS), this implementation will run within your instances as Infrastructure as a Service (IaaS) on the Operating Systems hosting your databases.",
@@ -766,7 +779,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Azure SQL Databases  enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, andbehavior analytics in the Microsoft Defender for Cloud.",
@@ -788,7 +802,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -810,7 +825,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -832,7 +848,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Storage enables threat detection for Storage, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -854,7 +871,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Containers enables threat detection for Container Registries including Kubernetes, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -876,7 +894,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources.",
@@ -898,7 +917,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -920,7 +940,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Defender for DNS scans all network traffic exiting from within a subscription.",
@@ -942,7 +963,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.",
@@ -964,7 +986,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that the latest OS patches for all virtual machines are applied.",
@@ -986,7 +1009,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "None of the settings offered by ASC Default policy should be set to effect Disabled.",
@@ -1008,7 +1032,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Enable automatic provisioning of the monitoring agent to collect security data.",
@@ -1030,7 +1055,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.",
@@ -1050,7 +1076,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable automatic provisioning of the Microsoft Defender for Containers components.",
@@ -1072,7 +1099,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Enable security alert emails to subscription owners.",
@@ -1094,7 +1122,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Microsoft Defender for Cloud emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.",
@@ -1116,7 +1145,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enables emailing security alerts to the subscription owner or other designated security contact.",
@@ -1138,7 +1168,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.",
@@ -1160,7 +1191,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud. IMPORTANT: When enabling integration between DfE & DfC it needs to be taken into account that this will have some side effects that may be undesirable. 1. For server 2019 & above if defender is installed (default for these server SKU's) this will trigger a deployment of the new unified agent and link to any of the extended configuration in the Defender portal. 2. If the new unified agent is required for server SKU's of Win 2016 or Linux and lower there is additional integration that needs to be switched on and agents need to be aligned.",
@@ -1182,7 +1214,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2 Microsoft Defender for IoT",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.2 Microsoft Defender for IoT",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.",
@@ -1524,7 +1557,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable auditing on SQL Servers.",
@@ -1546,7 +1580,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).",
@@ -1568,7 +1603,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Transparent Data Encryption (TDE) with Customer-managed key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. With TDE, data is encrypted at rest with a symmetric key (called the database encryption key) stored in the database or data warehouse distribution. To protect this data encryption key (DEK) in the past, only a certificate that the Azure SQL Service managed could be used. Now, with Customer-managed key support for TDE, the DEK can be protected with an asymmetric key that is stored in the Azure Key Vault. The Azure Key Vault is a highly available and scalable cloud-based key store which offers central key management, leverages FIPS 140-2 Level 2 validated hardware security modules (HSMs), and allows separation of management of keys and data for additional security. Based on business needs or criticality of data/databases hosted on a SQL server, it is recommended that the TDE protector is encrypted by a key that is managed by the data owner (Customer-managed key).",
@@ -1590,7 +1626,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Use Azure Active Directory Authentication for authentication with SQL Database to manage credentials in a single place.",
@@ -1612,7 +1649,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable Transparent Data Encryption on every SQL server.",
@@ -1634,7 +1672,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "SQL Server Audit Retention should be configured to be greater than 90 days.",
@@ -1656,7 +1695,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.2 SQL Server - Microsoft Defender for SQL",
+          "Section": "4. Database Services",
+          "SubSection": "4.2 SQL Server - Microsoft Defender for SQL",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Enable 'Microsoft Defender for SQL' on critical SQL Servers.",
@@ -1678,7 +1718,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.2 SQL Server - Microsoft Defender for SQL",
+          "Section": "4. Database Services",
+          "SubSection": "4.2 SQL Server - Microsoft Defender for SQL",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.",
@@ -1700,7 +1741,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.2 SQL Server - Microsoft Defender for SQL",
+          "Section": "4. Database Services",
+          "SubSection": "4.2 SQL Server - Microsoft Defender for SQL",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.",
@@ -1722,7 +1764,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.2 SQL Server - Microsoft Defender for SQL",
+          "Section": "4. Database Services",
+          "SubSection": "4.2 SQL Server - Microsoft Defender for SQL",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Configure 'Send scan reports to' with email addresses of concerned data owners/stakeholders for a critical SQL servers",
@@ -1744,7 +1787,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.2 SQL Server - Microsoft Defender for SQL",
+          "Section": "4. Database Services",
+          "SubSection": "4.2 SQL Server - Microsoft Defender for SQL",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.",
@@ -1766,7 +1810,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable SSL connection on PostgreSQL Servers.",
@@ -1788,7 +1833,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable log_checkpoints on PostgreSQL Servers.",
@@ -1810,7 +1856,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable log_connections on PostgreSQL Servers.",
@@ -1832,7 +1879,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable log_disconnections on PostgreSQL Servers.",
@@ -1854,7 +1902,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable connection_throttling on PostgreSQL Servers.",
@@ -1876,7 +1925,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure log_retention_days on PostgreSQL Servers is set to an appropriate value.",
@@ -1898,7 +1948,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Disable access from Azure services to PostgreSQL Database Server.",
@@ -1918,7 +1969,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Azure Database for PostgreSQL servers should be created with 'infrastructure double encryption' enabled.",
@@ -1940,7 +1992,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable SSL connection on MYSQL Servers.",
@@ -1962,7 +2015,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure TLS version on MySQL flexible servers is set to the default value.",
@@ -1984,7 +2038,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable audit_log_enabled on MySQL Servers.",
@@ -2006,7 +2061,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Set audit_log_enabled to include CONNECTION on MySQL Servers.",
@@ -2028,7 +2084,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Limiting your Cosmos DB to only communicate on whitelisted networks lowers its attack footprint.",
@@ -2050,7 +2107,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Private endpoints limit network traffic to approved sources.",
@@ -2072,7 +2130,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Cosmos DB can use tokens or AAD for client authentication which in turn will use Azure RBAC for authorization. Using AAD is significantly more secure because AAD handles the credentials and allows for MFA and centralized management, and the Azure RBAC better integrated with the rest of Azure.",
@@ -2094,7 +2153,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Enable Diagnostic settings for exporting activity logs. Diagnos tic settings are available for each individual resource within a subscription. Settings should be configured for allappropriate resources for your environment.",
@@ -2116,7 +2176,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Prerequisite: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: 'Ensure that a 'Diagnostic Setting' exists.' The diagnostic setting should be configured to log the appropriate activities from the control/management plane.",
@@ -2138,7 +2199,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "The storage account container containing the activity log export should not be publicly accessible.",
@@ -2160,7 +2222,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Storage accounts with the activity log exports can be configured to use Customer Managed Keys (CMK).",
@@ -2182,7 +2245,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable AuditEvent logging for key vault instances to ensure interactions with key vaults are logged and available.",
@@ -2204,7 +2268,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that network flow logs are captured and fed into a central log analytics workspace.",
@@ -2226,7 +2291,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.",
@@ -2248,7 +2314,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create Policy Assignment event.",
@@ -2270,7 +2337,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Policy Assignment event.",
@@ -2292,7 +2360,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an Activity Log Alert for the Create or Update Network Security Group event.",
@@ -2314,7 +2383,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Network Security Group event.",
@@ -2336,7 +2406,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update Security Solution event.",
@@ -2358,7 +2429,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Security Solution event.",
@@ -2380,7 +2452,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.",
@@ -2402,7 +2475,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the 'Delete SQL Server Firewall Rule.'",
@@ -2424,7 +2498,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update Public IP Addresses rule.",
@@ -2446,7 +2521,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Public IP Address rule.",
@@ -2466,7 +2542,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "5.3 Configuring Application Insights",
+          "Section": "5. Logging and Monitoring",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Resource Logs capture activity to the data access plane while the Activity log is a subscription-level log for the control plane. Resource-level diagnostic logs provide insight into operations that were performed within that resource itself; for example, reading or updating a secret from a Key Vault. Currently, 95 Azure resources support Azure Monitoring (See the more information section for a complete list), including Network Security Groups, Load Balancers, Key Vault, AD, Logic Apps, and CosmosDB. The content of these logs varies by resource type. A number of back-end services were not configured to log and store Resource Logs for certain activities or for a sufficient length. It is crucial that monitoring is correctly configured to log all relevant activities and retain those logs for a sufficient length of time. Given that the mean time to detection in an enterprise is 240 days, a minimum retention period of two years is recommended.",
@@ -2486,7 +2562,7 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "5.3 Configuring Application Insights",
+          "Section": "5. Logging and Monitoring",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "The use of Basic or Free SKUs in Azure whilst cost effective have significant limitations in terms of what can be monitored and what support can be realized from Microsoft. Typically, these SKU’s do not have a service SLA and Microsoft will usually refuse to provide support for them. Consequently Basic/Free SKUs should never be used for production workloads.",
@@ -2508,7 +2584,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.3 Configuring Application Insights",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.3 Configuring Application Insights",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.",
--- a/prowler/compliance/azure/cis_2.1_azure.json
+++ b/prowler/compliance/azure/cis_2.1_azure.json
@@ -494,7 +494,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults Security Defaults",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.1 Security Defaults Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Security defaults in Microsoft Entra ID make it easier to be secure and help protect your organization. Security defaults contain preconfigured security settings for common attacks.  Security defaults is available to everyone. The goal is to ensure that all organizations have a basic level of security enabled at no extra cost. You may turn on security defaults in the Azure portal.",
@@ -516,7 +517,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults Security Defaults",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.1 Security Defaults Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Enable multi-factor authentication for all roles, groups, and users that have write access or permissions to Azure resources. These include custom created objects or built-in roles such as; - Service Co-Administrators - Subscription Owners - Contributors",
@@ -538,7 +540,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.1 Security Defaults Security Defaults",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable multi-factor authentication for all non-privileged users.",
@@ -558,7 +561,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.1 Security Defaults",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.1 Security Defaults Security Defaults",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Do not allow users to remember multi-factor authentication on devices.",
@@ -580,7 +584,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Entra ID Conditional Access allows an organization to configure `Named locations` and configure whether those locations are trusted or untrusted. These settings provide organizations the means to specify Geographical locations for use in conditional access policies, or define actual IP addresses and IP ranges and whether or not those IP addresses and/or ranges are trusted by the organization.",
@@ -600,7 +605,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "**CAUTION**: If these policies are created without first auditing and testing the result, misconfiguration can potentially lock out administrators or create undesired access issues.  Conditional Access Policies can be used to block access from geographic locations that are deemed out-of-scope for your organization or application. The scope and variables for this policy should be carefully examined and defined.",
@@ -620,7 +626,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on login.",
@@ -640,7 +647,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on logins.",
@@ -660,7 +668,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "For designated users, they will be prompted to use their multi-factor authentication (MFA) process on login.",
@@ -682,7 +691,8 @@
      ],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "This recommendation ensures that users accessing the Windows Azure Service Management API (i.e. Azure Powershell, Azure CLI, Azure Resource Manager API, etc.) are required to use multifactor authentication (MFA) credentials when accessing resources through the Windows Azure Service Management API.",
@@ -702,7 +712,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "1.2 Conditional Access",
+          "Section": "1.Identity and Access Management",
+          "SubSection": "1.2 Conditional Access",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "This recommendation ensures that users accessing Microsoft Admin Portals (i.e. Microsoft 365 Admin, Microsoft 365 Defender, Exchange Admin Center, Azure Portal, etc.) are required to use multifactor authentication (MFA) credentials when logging into an Admin Portal.",
@@ -724,7 +735,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -746,7 +758,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -768,7 +781,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Managed Instance Azure SQL databases, providing threat intelligence, anomaly detection, and behavior analytics in Microsoft Defender for Cloud.",
@@ -790,7 +804,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in Microsoft Defender for Cloud.",
@@ -812,7 +827,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -834,7 +850,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Microsoft Defender for Azure Cosmos DB scans all incoming network requests for threats to your Azure Cosmos DB resources.",
@@ -856,7 +873,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Storage enables threat detection for Storage, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -878,7 +896,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Containers enables threat detection for Container Registries including Kubernetes, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud. The following services will be enabled for container instances: - Defender agent in Azure - Azure Policy for Kubernetes - Agentless discovery for Kubernetes - Agentless container vulnerability assessment",
@@ -900,7 +919,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Turning on Microsoft Defender for Key Vault enables threat detection for Key Vault, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
@@ -922,7 +942,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "[**NOTE:** As of August 1, customers with an existing subscription to Defender for DNS can continue to use the service, but new subscribers will receive alerts about suspicious DNS activity as part of Defender for Servers P2.]  Microsoft Defender for DNS scans all network traffic exiting from within a subscription.",
@@ -944,7 +965,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Microsoft Defender for Resource Manager scans incoming administrative requests to change your infrastructure from both CLI and the Azure portal.",
@@ -966,7 +988,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that the latest OS patches for all virtual machines are applied.",
@@ -988,7 +1011,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "The Microsoft Cloud Security Benchmark (or MCSB) is an Azure Policy Initiative containing many security policies to evaluate resource configuration against best practice recommendations. If a policy in the MCSB is set with effect type `Disabled`, it is not evaluated and may prevent administrators from being informed of valuable security recommendations.",
@@ -1010,7 +1034,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable automatic provisioning of the monitoring agent to collect security data.",
@@ -1032,7 +1057,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.",
@@ -1052,7 +1078,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Enable automatic provisioning of the Microsoft Defender for Containers components.",
@@ -1074,7 +1101,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable security alert emails to subscription owners.",
@@ -1096,7 +1124,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Microsoft Defender for Cloud emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.",
@@ -1118,7 +1147,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enables emailing security alerts to the subscription owner or other designated security contact.",
@@ -1140,7 +1170,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.",
@@ -1162,7 +1193,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.  **IMPORTANT:** When enabling integration between DfE & DfC it needs to be taken into account that this will have some side effects that may be undesirable. 1. For server 2019 & above if defender is installed (default for these server SKU's) this will trigger a deployment of the new unified agent and link to any of the extended configuration in the Defender portal. 1. If the new unified agent is required for server SKU's of Win 2016 or Linux and lower there is additional integration that needs to be switched on and agents need to be aligned.",
@@ -1182,7 +1214,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "2.1 Microsoft Defender for Cloud",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.1 Microsoft Defender for Cloud",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "An organization's attack surface is the collection of assets with a public network identifier or URI that an external threat actor can see or access from outside your cloud. It is the set of points on the boundary of a system, a system element, system component, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, system component, or environment. The larger the attack surface, the harder it is to protect.  This tool can be configured to scan your organization's online infrastructure such as specified domains, hosts, CIDR blocks, and SSL certificates, and store them in an Inventory. Inventory items can be added, reviewed, approved, and removed, and may contain enrichments (insights) and additional information collected from the tool's different scan engines and open-source intelligence sources.  A Defender EASM workspace will generate an Inventory of publicly exposed assets by crawling and scanning the internet using _Seeds_ you provide when setting up the tool. Seeds can be FQDNs, IP CIDR blocks, and WHOIS records.  Defender EASM will generate Insights within 24-48 hours after Seeds are provided, and these insights include vulnerability data (CVEs), ports and protocols, and weak or expired SSL certificates that could be used by an attacker for reconnaisance or exploitation.  Results are classified High/Medium/Low and some of them include proposed mitigations.",
@@ -1204,7 +1237,8 @@
      ],
      "Attributes": [
        {
-          "Section": "2.2 Microsoft Defender for IoT",
+          "Section": "2. Microsoft Defender",
+          "SubSection": "2.2 Microsoft Defender for IoT",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.",
@@ -1586,7 +1620,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable auditing on SQL Servers.",
@@ -1608,7 +1643,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure that no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP).",
@@ -1630,7 +1666,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Transparent Data Encryption (TDE) with Customer-managed key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.  With TDE, data is encrypted at rest with a symmetric key (called the database encryption key) stored in the database or data warehouse distribution. To protect this data encryption key (DEK) in the past, only a certificate that the Azure SQL Service managed could be used. Now, with Customer-managed key support for TDE, the DEK can be protected with an asymmetric key that is stored in the Azure Key Vault. The Azure Key Vault is a highly available and scalable cloud-based key store which offers central key management, leverages FIPS 140-2 Level 2 validated hardware security modules (HSMs), and allows separation of management of keys and data for additional security.  Based on business needs or criticality of data/databases hosted on a SQL server, it is recommended that the TDE protector is encrypted by a key that is managed by the data owner (Customer-managed key).",
@@ -1652,7 +1689,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Use Microsoft Entra authentication for authentication with SQL Database to manage credentials in a single place.",
@@ -1674,7 +1712,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable Transparent Data Encryption on every SQL server.",
@@ -1696,7 +1735,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.1 SQL Server - Auditing",
+          "Section": "4. Database Services",
+          "SubSection": "4.1 SQL Server - Auditing",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "SQL Server Audit Retention should be configured to be greater than 90 days.",
@@ -1718,7 +1758,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `SSL connection` on `PostgreSQL` Servers.",
@@ -1740,7 +1781,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `log_checkpoints` on `PostgreSQL Servers`.",
@@ -1762,7 +1804,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `log_connections` on `PostgreSQL Servers`.",
@@ -1784,7 +1827,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `log_disconnections` on `PostgreSQL Servers`.",
@@ -1806,7 +1850,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `connection_throttling` on `PostgreSQL Servers`.",
@@ -1828,7 +1873,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure `log_retention_days` on `PostgreSQL Servers` is set to an appropriate value.",
@@ -1850,7 +1896,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Disable access from Azure services to PostgreSQL Database Server.",
@@ -1870,7 +1917,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "4.3 PostgreSQL Database Server. Storage Accounts",
+          "Section": "4. Database Services",
+          "SubSection": "4.3 PostgreSQL Database Server. Storage Accounts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Azure Database for PostgreSQL servers should be created with 'infrastructure double encryption' enabled.",
@@ -1892,7 +1940,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable `SSL connection` on `MYSQL` Servers.",
@@ -1914,7 +1963,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure `TLS version` on `MySQL flexible` servers is set to use TLS version 1.2 or higher.",
@@ -1936,7 +1986,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable audit_log_enabled on MySQL Servers.",
@@ -1958,7 +2009,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.4 MySQL Database",
+          "Section": "4. Database Services",
+          "SubSection": "4.4 MySQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Set `audit_log_enabled` to include CONNECTION on MySQL Servers.",
@@ -1980,7 +2032,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Limiting your Cosmos DB to only communicate on whitelisted networks lowers its attack footprint.",
@@ -2002,7 +2055,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Private endpoints limit network traffic to approved sources.",
@@ -2024,7 +2078,8 @@
      ],
      "Attributes": [
        {
-          "Section": "4.5 Cosmos DB",
+          "Section": "4. Database Services",
+          "SubSection": "4.5 Cosmos DB",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Cosmos DB can use tokens or Entra ID for client authentication which in turn will use Azure RBAC for authorization. Using Entra ID is significantly more secure because Entra ID handles the credentials and allows for MFA and centralized management, and the Azure RBAC better integrated with the rest of Azure.",
@@ -2086,7 +2141,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "Enable Diagnostic settings for exporting activity logs. Diagnostic settings are available for each individual resource within a subscription. Settings should be configured for all appropriate resources for your environment.",
@@ -2108,7 +2164,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "**Prerequisite**: A Diagnostic Setting must exist. If a Diagnostic Setting does not exist, the navigation and options within this recommendation will not be available. Please review the recommendation at the beginning of this subsection titled: Ensure that a 'Diagnostic Setting' exists.  The diagnostic setting should be configured to log the appropriate activities from the control/management plane.",
@@ -2130,7 +2187,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Storage accounts with the activity log exports can be configured to use Customer Managed Keys (CMK).",
@@ -2152,7 +2210,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enable AuditEvent logging for key vault instances to ensure interactions with key vaults are logged and available.",
@@ -2174,7 +2233,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Ensure that network flow logs are captured and fed into a central log analytics workspace.",
@@ -2196,7 +2256,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.1 Configuring Diagnostic Settings",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.1 Configuring Diagnostic Settings",
          "Profile": "Level 2",
          "AssessmentStatus": "Manual",
          "Description": "Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.",
@@ -2218,7 +2279,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create Policy Assignment event.",
@@ -2240,7 +2302,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Policy Assignment event.",
@@ -2262,7 +2325,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an Activity Log Alert for the Create or Update Network Security Group event.",
@@ -2284,7 +2348,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Network Security Group event.",
@@ -2306,7 +2371,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update Security Solution event.",
@@ -2328,7 +2394,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Security Solution event.",
@@ -2350,7 +2417,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update SQL Server Firewall Rule event.",
@@ -2372,7 +2440,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete SQL Server Firewall Rule.",
@@ -2394,7 +2463,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Create or Update Public IP Addresses rule.",
@@ -2416,7 +2486,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.2 Monitoring using Activity Log Alerts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.2 Monitoring using Activity Log Alerts",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Create an activity log alert for the Delete Public IP Address rule.",
@@ -2438,7 +2509,8 @@
      ],
      "Attributes": [
        {
-          "Section": "5.3 Configuring Application Insights. Storage Accounts",
+          "Section": "5. Logging and Monitoring",
+          "SubSection": "5.3 Configuring Application Insights. Storage Accounts",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.",
@@ -3043,7 +3115,9 @@
    {
      "Id": "9.4",
      "Description": "Ensure that Register with Entra ID is enabled on App Service",
-      "Checks": [],
+      "Checks": [
+        "app_register_with_identity"
+      ],
      "Attributes": [
        {
          "Section": "9. AppService",
--- a/prowler/compliance/azure/cis_3.0_azure.json
+++ b/prowler/compliance/azure/cis_3.0_azure.json
--- a/prowler/compliance/gcp/cis_2.0_gcp.json
+++ b/prowler/compliance/gcp/cis_2.0_gcp.json
@@ -1292,7 +1292,8 @@
      "Checks": [],
      "Attributes": [
        {
-          "Section": "6.1. MySQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.1. MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Manual",
          "Description": "It is recommended to set a password for the administrative user (`root` by default) to prevent unauthorized access to the SQL database instances.  This recommendation is applicable only for MySQL Instances. PostgreSQL does not offer any setting for No Password from the cloud console.",
@@ -1313,7 +1314,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.1. MySQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.1. MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `skip_show_database` database flag for Cloud SQL Mysql instance to `on`",
@@ -1334,7 +1336,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.1. MySQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.1. MySQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set the `local_infile` database flag for a Cloud SQL MySQL instance to `off`.",
@@ -1355,7 +1358,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "The `log_error_verbosity` flag controls the verbosity/details of messages logged. Valid values are: - `TERSE` - `DEFAULT` - `VERBOSE`  `TERSE` excludes the logging of `DETAIL`, `HINT`, `QUERY`, and `CONTEXT` error information.  `VERBOSE` output includes the `SQLSTATE` error code, source code file name, function name, and line number that generated the error.  Ensure an appropriate value is set to 'DEFAULT' or stricter.",
@@ -1376,7 +1380,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "The `log_min_error_statement` flag defines the minimum message severity level that are considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include `DEBUG5`, `DEBUG4`, `DEBUG3`, `DEBUG2`, `DEBUG1`, `INFO`, `NOTICE`, `WARNING`, `ERROR`, `LOG`, `FATAL`, and `PANIC`. Each severity level includes the subsequent levels mentioned above. Ensure a value of `ERROR` or stricter is set.",
@@ -1397,7 +1402,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 2",
          "AssessmentStatus": "Automated",
          "Description": "The value of `log_statement` flag determined the SQL statements that are logged. Valid values are: - `none` - `ddl` - `mod` - `all`  The value `ddl` logs all data definition statements. The value `mod` logs all ddl statements, plus data-modifying statements.  The statements are logged after a basic parsing is done and statement type is determined, thus this does not logs statements with errors. When using extended query protocol, logging occurs after an Execute message is received and values of the Bind parameters are included.  A value of 'ddl' is recommended unless otherwise directed by your organization's logging policy.",
@@ -1418,7 +1424,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC).  Limiting network access to your database will limit potential attacks.",
@@ -1439,7 +1446,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Ensure `cloudsql.enable_pgaudit` database flag for Cloud SQL PostgreSQL instance is set to `on` to allow for centralized logging.",
@@ -1460,7 +1468,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enabling the `log_connections` setting causes each attempted connection to the server to be logged, along with successful completion of client authentication. This parameter cannot be changed after the session starts.",
@@ -1481,7 +1490,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "Enabling the `log_disconnections` setting logs the end of each session, including the session duration.",
@@ -1502,7 +1512,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "The `log_min_duration_statement` flag defines the minimum amount of execution time of a statement in milliseconds where the total duration of the statement is logged. Ensure that `log_min_duration_statement` is disabled, i.e., a value of `-1` is set.",
@@ -1523,7 +1534,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.2. PostgreSQL Database",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.2. PostgreSQL Database",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "The `log_min_messages` flag defines the minimum message severity level that is considered as an error statement. Messages for error statements are logged with the SQL statement. Valid values include `DEBUG5`, `DEBUG4`, `DEBUG3`, `DEBUG2`, `DEBUG1`, `INFO`, `NOTICE`, `WARNING`, `ERROR`, `LOG`, `FATAL`, and `PANIC`. Each severity level includes the subsequent levels mentioned above. ERROR is considered the best practice setting. Changes should only be made in accordance with the organization's logging policy.",
@@ -1544,7 +1556,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `3625 (trace flag)` database flag for Cloud SQL SQL Server instance to `on`.",
@@ -1565,7 +1578,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `external scripts enabled` database flag for Cloud SQL SQL Server instance to `off`",
@@ -1586,7 +1600,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `remote access` database flag for Cloud SQL SQL Server instance to `off`.",
@@ -1607,7 +1622,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to check the `user connections` for a Cloud SQL SQL Server instance to ensure that it is not artificially limiting connections.",
@@ -1628,7 +1644,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended that, `user options` database flag for Cloud SQL SQL Server instance should not be configured.",
@@ -1649,7 +1666,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `contained database authentication` database flag for Cloud SQL on the SQL Server instance to `off`.",
@@ -1670,7 +1688,8 @@
      ],
      "Attributes": [
        {
-          "Section": "6.3. SQL Server",
+          "Section": "6. Cloud SQL Database Services",
+          "SubSection": "6.3. SQL Server",
          "Profile": "Level 1",
          "AssessmentStatus": "Automated",
          "Description": "It is recommended to set `cross db ownership chaining` database flag for Cloud SQL SQL Server instance to `off`.",
--- a/prowler/compliance/gcp/cis_3.0_gcp.json
+++ b/prowler/compliance/gcp/cis_3.0_gcp.json
--- a/prowler/compliance/kubernetes/cis_1.10_kubernetes.json
+++ b/prowler/compliance/kubernetes/cis_1.10_kubernetes.json
--- a/prowler/compliance/kubernetes/cis_1.8_kubernetes.json
+++ b/prowler/compliance/kubernetes/cis_1.8_kubernetes.json
--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -12,7 +12,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "4.6.0"
+prowler_version = "4.6.3"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 square_logo_img = "https://prowler.com/wp-content/uploads/logo-html.png"
 aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
--- a/prowler/config/config.yaml
+++ b/prowler/config/config.yaml
@@ -354,6 +354,11 @@ aws:
  # Minimum number of Availability Zones that an ELBv2 must be in
  elbv2_min_azs: 2

+  # AWS Elasticache Configuration
+  # aws.elasticache_redis_cluster_backup_enabled
+  # Minimum number of days that a Redis cluster must have backups retention period
+  minimum_snapshot_retention_period: 7
+

  # AWS Secrets Configuration
  # Patterns to ignore in the secrets checks
--- a/prowler/lib/check/checks_loader.py
+++ b/prowler/lib/check/checks_loader.py
@@ -111,7 +111,7 @@ def load_checks_to_execute(
            ):
                checks_to_execute.add(check_name)
        # Only execute threat detection checks if threat-detection category is set
-        if categories and categories != [] and "threat-detection" not in categories:
+        if not categories or "threat-detection" not in categories:
            for threat_detection_check in check_categories.get("threat-detection", []):
                checks_to_execute.discard(threat_detection_check)

--- a/prowler/lib/check/compliance_models.py
+++ b/prowler/lib/check/compliance_models.py
@@ -83,6 +83,7 @@ class CIS_Requirement_Attribute(BaseModel):
    """CIS Requirement Attribute"""

    Section: str
+    SubSection: Optional[str]
    Profile: CIS_Requirement_Attribute_Profile
    AssessmentStatus: CIS_Requirement_Attribute_AssessmentStatus
    Description: str
--- a/prowler/lib/check/models.py
+++ b/prowler/lib/check/models.py
@@ -322,8 +322,9 @@ class CheckMetadata(BaseModel):
        checks = set()

        if service:
-            if service == "lambda":
-                service = "awslambda"
+            # This is a special case for the AWS provider since `lambda` is a reserved keyword in Python
+            if service == "awslambda":
+                service = "lambda"
            checks = {
                check_name
                for check_name, check_metadata in bulk_checks_metadata.items()
--- a/prowler/lib/outputs/compliance/cis/cis.py
+++ b/prowler/lib/outputs/compliance/cis/cis.py
@@ -94,11 +94,12 @@ def get_cis_table(
        print(
            f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
        )
+        total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
        overview_table = [
            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
+                f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
+                f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
+                f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
            ]
        ]
        print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/compliance/cis/cis_aws.py
+++ b/prowler/lib/outputs/compliance/cis/cis_aws.py
@@ -48,6 +48,7 @@ class AWSCIS(ComplianceOutput):
                            Requirements_Id=requirement.Id,
                            Requirements_Description=requirement.Description,
                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
                            Requirements_Attributes_Profile=attribute.Profile,
                            Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                            Requirements_Attributes_Description=attribute.Description,
@@ -78,6 +79,7 @@ class AWSCIS(ComplianceOutput):
                        Requirements_Id=requirement.Id,
                        Requirements_Description=requirement.Description,
                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
                        Requirements_Attributes_Profile=attribute.Profile,
                        Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                        Requirements_Attributes_Description=attribute.Description,
--- a/prowler/lib/outputs/compliance/cis/cis_azure.py
+++ b/prowler/lib/outputs/compliance/cis/cis_azure.py
@@ -48,6 +48,7 @@ class AzureCIS(ComplianceOutput):
                            Requirements_Id=requirement.Id,
                            Requirements_Description=requirement.Description,
                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
                            Requirements_Attributes_Profile=attribute.Profile,
                            Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                            Requirements_Attributes_Description=attribute.Description,
@@ -79,6 +80,7 @@ class AzureCIS(ComplianceOutput):
                        Requirements_Id=requirement.Id,
                        Requirements_Description=requirement.Description,
                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
                        Requirements_Attributes_Profile=attribute.Profile,
                        Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                        Requirements_Attributes_Description=attribute.Description,
--- a/prowler/lib/outputs/compliance/cis/cis_gcp.py
+++ b/prowler/lib/outputs/compliance/cis/cis_gcp.py
@@ -48,6 +48,7 @@ class GCPCIS(ComplianceOutput):
                            Requirements_Id=requirement.Id,
                            Requirements_Description=requirement.Description,
                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
                            Requirements_Attributes_Profile=attribute.Profile,
                            Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                            Requirements_Attributes_Description=attribute.Description,
@@ -78,6 +79,7 @@ class GCPCIS(ComplianceOutput):
                        Requirements_Id=requirement.Id,
                        Requirements_Description=requirement.Description,
                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
                        Requirements_Attributes_Profile=attribute.Profile,
                        Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                        Requirements_Attributes_Description=attribute.Description,
--- a/prowler/lib/outputs/compliance/cis/cis_kubernetes.py
+++ b/prowler/lib/outputs/compliance/cis/cis_kubernetes.py
@@ -50,6 +50,7 @@ class KubernetesCIS(ComplianceOutput):
                            Requirements_Id=requirement.Id,
                            Requirements_Description=requirement.Description,
                            Requirements_Attributes_Section=attribute.Section,
+                            Requirements_Attributes_SubSection=attribute.SubSection,
                            Requirements_Attributes_Profile=attribute.Profile,
                            Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                            Requirements_Attributes_Description=attribute.Description,
@@ -81,6 +82,7 @@ class KubernetesCIS(ComplianceOutput):
                        Requirements_Id=requirement.Id,
                        Requirements_Description=requirement.Description,
                        Requirements_Attributes_Section=attribute.Section,
+                        Requirements_Attributes_SubSection=attribute.SubSection,
                        Requirements_Attributes_Profile=attribute.Profile,
                        Requirements_Attributes_AssessmentStatus=attribute.AssessmentStatus,
                        Requirements_Attributes_Description=attribute.Description,
--- a/prowler/lib/outputs/compliance/cis/models.py
+++ b/prowler/lib/outputs/compliance/cis/models.py
@@ -1,3 +1,5 @@
+from typing import Optional
+
 from pydantic import BaseModel


@@ -14,6 +16,7 @@ class AWSCISModel(BaseModel):
    Requirements_Id: str
    Requirements_Description: str
    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_Profile: str
    Requirements_Attributes_AssessmentStatus: str
    Requirements_Attributes_Description: str
@@ -44,6 +47,7 @@ class AzureCISModel(BaseModel):
    Requirements_Id: str
    Requirements_Description: str
    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_Profile: str
    Requirements_Attributes_AssessmentStatus: str
    Requirements_Attributes_Description: str
@@ -75,6 +79,7 @@ class GCPCISModel(BaseModel):
    Requirements_Id: str
    Requirements_Description: str
    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_Profile: str
    Requirements_Attributes_AssessmentStatus: str
    Requirements_Attributes_Description: str
@@ -105,6 +110,7 @@ class KubernetesCISModel(BaseModel):
    Requirements_Id: str
    Requirements_Description: str
    Requirements_Attributes_Section: str
+    Requirements_Attributes_SubSection: Optional[str]
    Requirements_Attributes_Profile: str
    Requirements_Attributes_AssessmentStatus: str
    Requirements_Attributes_Description: str
--- a/prowler/lib/outputs/compliance/ens/ens.py
+++ b/prowler/lib/outputs/compliance/ens/ens.py
@@ -95,11 +95,12 @@ def get_ens_table(
        print(
            f"\nEstado de Cumplimiento de {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL}:"
        )
+        total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
        overview_table = [
            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) NO CUMPLE{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) CUMPLE{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
+                f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) NO CUMPLE{Style.RESET_ALL}",
+                f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) CUMPLE{Style.RESET_ALL}",
+                f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
            ]
        ]
        print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/compliance/generic/generic_table.py
+++ b/prowler/lib/outputs/compliance/generic/generic_table.py
@@ -39,11 +39,12 @@ def get_generic_compliance_table(
        print(
            f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
        )
+        total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
        overview_table = [
            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
+                f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
+                f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
+                f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
            ]
        ]
        print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/compliance/iso27001/iso27001_aws.py
+++ b/prowler/lib/outputs/compliance/iso27001/iso27001_aws.py
@@ -45,6 +45,8 @@ class AWSISO27001(ComplianceOutput):
                            AccountId=finding.account_uid,
                            Region=finding.region,
                            AssessmentDate=str(finding.timestamp),
+                            Requirements_Id=requirement.Id,
+                            Requirements_Description=requirement.Description,
                            Requirements_Attributes_Category=attribute.Category,
                            Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
                            Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
@@ -67,6 +69,8 @@ class AWSISO27001(ComplianceOutput):
                        AccountId="",
                        Region="",
                        AssessmentDate=str(finding.timestamp),
+                        Requirements_Id=requirement.Id,
+                        Requirements_Description=requirement.Description,
                        Requirements_Attributes_Category=attribute.Category,
                        Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
                        Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
--- a/prowler/lib/outputs/compliance/iso27001/models.py
+++ b/prowler/lib/outputs/compliance/iso27001/models.py
@@ -11,6 +11,8 @@ class AWSISO27001Model(BaseModel):
    AccountId: str
    Region: str
    AssessmentDate: str
+    Requirements_Id: str
+    Requirements_Description: str
    Requirements_Attributes_Category: str
    Requirements_Attributes_Objetive_ID: str
    Requirements_Attributes_Objetive_Name: str
--- a/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp.py
+++ b/prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp.py
@@ -61,11 +61,12 @@ def get_kisa_ismsp_table(
        print(
            f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
        )
+        total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
        overview_table = [
            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
+                f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
+                f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
+                f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
            ]
        ]
        print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/compliance/mitre_attack/mitre_attack.py
+++ b/prowler/lib/outputs/compliance/mitre_attack/mitre_attack.py
@@ -69,11 +69,12 @@ def get_mitre_attack_table(
        print(
            f"\nCompliance Status of {Fore.YELLOW}{compliance_framework.upper()}{Style.RESET_ALL} Framework:"
        )
+        total_findings_count = len(fail_count) + len(pass_count) + len(muted_count)
        overview_table = [
            [
-                f"{Fore.RED}{round(len(fail_count) / len(findings) * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
-                f"{Fore.GREEN}{round(len(pass_count) / len(findings) * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
-                f"{orange_color}{round(len(muted_count) / len(findings) * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
+                f"{Fore.RED}{round(len(fail_count) / total_findings_count * 100, 2)}% ({len(fail_count)}) FAIL{Style.RESET_ALL}",
+                f"{Fore.GREEN}{round(len(pass_count) / total_findings_count * 100, 2)}% ({len(pass_count)}) PASS{Style.RESET_ALL}",
+                f"{orange_color}{round(len(muted_count) / total_findings_count * 100, 2)}% ({len(muted_count)}) MUTED{Style.RESET_ALL}",
            ]
        ]
        print(tabulate(overview_table, tablefmt="rounded_grid"))
--- a/prowler/lib/outputs/ocsf/ocsf.py
+++ b/prowler/lib/outputs/ocsf/ocsf.py
@@ -1,4 +1,5 @@
 import os
+from datetime import datetime
 from typing import List

 from py_ocsf_models.events.base_event import SeverityID, StatusID
@@ -68,7 +69,11 @@ class OCSF(Output):
                    activity_name=finding_activity.name,
                    finding_info=FindingInformation(
                        created_time_dt=finding.timestamp,
-                        created_time=int(finding.timestamp.timestamp()),
+                        created_time=(
+                            int(finding.timestamp.timestamp())
+                            if isinstance(finding.timestamp, datetime)
+                            else finding.timestamp
+                        ),
                        desc=finding.metadata.Description,
                        title=finding.metadata.CheckTitle,
                        uid=finding.uid,
@@ -77,7 +82,11 @@ class OCSF(Output):
                        types=finding.metadata.CheckType,
                    ),
                    time_dt=finding.timestamp,
-                    time=int(finding.timestamp.timestamp()),
+                    time=(
+                        int(finding.timestamp.timestamp())
+                        if isinstance(finding.timestamp, datetime)
+                        else finding.timestamp
+                    ),
                    remediation=Remediation(
                        desc=finding.metadata.Remediation.Recommendation.Text,
                        references=list(
--- a/prowler/providers/aws/aws_provider.py
+++ b/prowler/providers/aws/aws_provider.py
@@ -789,7 +789,14 @@ class AwsProvider(Provider):
        # Handle if there are audit resources so only their services are executed
        if self._audit_resources:
            # TODO: this should be retrieved automatically
-            services_without_subservices = ["guardduty", "kms", "s3", "elb", "efs"]
+            services_without_subservices = [
+                "guardduty",
+                "kms",
+                "s3",
+                "elb",
+                "efs",
+                "sqs",
+            ]
            service_list = set()
            sub_service_list = set()
            for resource in self._audit_resources:
--- a/prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled_fixer.py
+++ b/prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled_fixer.py
@@ -6,7 +6,8 @@ from prowler.providers.aws.services.accessanalyzer.accessanalyzer_client import

 def fixer(region):
    """
-    Enable Access Analyzer in a region. Requires the access-analyzer:CreateAnalyzer permission:
+    Enable Access Analyzer in a region. Requires the access-analyzer:CreateAnalyzer permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json
+++ b/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json
@@ -7,9 +7,9 @@
  ],
  "ServiceName": "account",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AwsAccount",
  "Description": "Maintain current contact details.",
  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json
+++ b/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json
@@ -7,9 +7,9 @@
  ],
  "ServiceName": "account",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AwsAccount",
  "Description": "Maintain different contact details to security, billing and operations.",
  "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html",
--- a/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json
+++ b/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json
@@ -7,9 +7,9 @@
  ],
  "ServiceName": "account",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AwsAccount",
  "Description": "Ensure security contact information is registered.",
  "Risk": "AWS provides customers with the option of specifying the contact information for accounts security team. It is recommended that this information be provided. Specifying security-specific contact information will help ensure that security advisories sent by AWS reach the team in your organization that is best equipped to respond to them.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json
+++ b/prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json
@@ -7,9 +7,9 @@
  ],
  "ServiceName": "account",
  "SubServiceName": "",
-  "ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
+  "ResourceIdTemplate": "arn:partition:service:region:account-id",
  "Severity": "medium",
-  "ResourceType": "Other",
+  "ResourceType": "AwsAccount",
  "Description": "Ensure security questions are registered in the AWS account.",
  "Risk": "The AWS support portal allows account owners to establish security questions that can be used to authenticate individuals calling AWS customer service for support. It is recommended that security questions be established. When creating a new AWS account a default super user is automatically created. This account is referred to as the root account. It is recommended that the use of this account be limited and highly controlled. During events in which the root password is no longer accessible or the MFA token associated with root is lost/destroyed it is possible through authentication using secret questions and associated answers to recover root login access.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
+++ b/prowler/providers/aws/services/apigatewayv2/apigatewayv2_service.py
@@ -1,5 +1,6 @@
 from typing import Optional

+from botocore.exceptions import ClientError
 from pydantic import BaseModel

 from prowler.lib.logger import logger
@@ -7,7 +8,6 @@ from prowler.lib.scan_filters.scan_filters import is_resource_filtered
 from prowler.providers.aws.lib.service.service import AWSService


-################## ApiGatewayV2
 class ApiGatewayV2(AWSService):
    def __init__(self, provider):
        # Call AWSService's __init__
@@ -71,6 +71,15 @@ class ApiGatewayV2(AWSService):
                            tags=[stage.get("Tags")],
                        )
                    )
+        except ClientError as error:
+            if error.response["Error"]["Code"] == "NotFoundException":
+                logger.warning(
+                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+            else:
+                logger.error(
+                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
        except Exception as error:
            logger.error(
                f"{error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
--- a/prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.py
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.py
@@ -8,19 +8,20 @@ class autoscaling_group_launch_configuration_no_public_ip(Check):
    def execute(self):
        findings = []
        for group in autoscaling_client.groups:
-            report = Check_Report_AWS(self.metadata())
-            report.region = group.region
-            report.resource_id = group.name
-            report.resource_arn = group.arn
-            report.resource_tags = group.tags
-            report.status = "PASS"
-            report.status_extended = f"Autoscaling group {group.name} does not have an associated launch configuration assigning a public IP address."
-
            for lc in autoscaling_client.launch_configurations.values():
-                if lc.name == group.launch_configuration_name and lc.public_ip:
-                    report.status = "FAIL"
-                    report.status_extended = f"Autoscaling group {group.name} has an associated launch configuration assigning a public IP address."
+                if lc.name == group.launch_configuration_name:
+                    report = Check_Report_AWS(self.metadata())
+                    report.region = group.region
+                    report.resource_id = group.name
+                    report.resource_arn = group.arn
+                    report.resource_tags = group.tags
+                    report.status = "PASS"
+                    report.status_extended = f"Autoscaling group {group.name} does not have an associated launch configuration assigning a public IP address."

-            findings.append(report)
+                    if lc.public_ip:
+                        report.status = "FAIL"
+                        report.status_extended = f"Autoscaling group {group.name} has an associated launch configuration assigning a public IP address."
+
+                    findings.append(report)

        return findings
--- a/prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.py
+++ b/prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.py
@@ -8,20 +8,17 @@ class autoscaling_group_launch_configuration_requires_imdsv2(Check):
    def execute(self):
        findings = []
        for group in autoscaling_client.groups:
-            report = Check_Report_AWS(self.metadata())
-            report.region = group.region
-            report.resource_id = group.name
-            report.resource_arn = group.arn
-            report.resource_tags = group.tags
-            report.status = "FAIL"
-            report.status_extended = (
-                f"Autoscaling group {group.name} has IMDSv2 disabled or not required."
-            )
-
            for (
                launch_configuration
            ) in autoscaling_client.launch_configurations.values():
                if launch_configuration.name == group.launch_configuration_name:
+                    report = Check_Report_AWS(self.metadata())
+                    report.region = group.region
+                    report.resource_id = group.name
+                    report.resource_arn = group.arn
+                    report.resource_tags = group.tags
+                    report.status = "FAIL"
+                    report.status_extended = f"Autoscaling group {group.name} has IMDSv2 disabled or not required."
                    if (
                        launch_configuration.http_endpoint == "enabled"
                        and launch_configuration.http_tokens == "required"
@@ -32,6 +29,6 @@ class autoscaling_group_launch_configuration_requires_imdsv2(Check):
                        report.status = "PASS"
                        report.status_extended = f"Autoscaling group {group.name} has metadata service disabled."

-            findings.append(report)
+                    findings.append(report)

        return findings
--- a/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.py
@@ -1,3 +1,4 @@
+import hashlib
 import json

 from prowler.lib.check.models import Check, Check_Report_AWS
@@ -28,11 +29,19 @@ class awslambda_function_no_secrets_in_variables(Check):
                    data=json.dumps(function.environment, indent=2),
                    excluded_secrets=secrets_ignore_patterns,
                )
+                original_env_vars = {}
+                for name, value in function.environment.items():
+                    original_env_vars.update(
+                        {
+                            hashlib.sha1(  # nosec B324 SHA1 is used here for non-security-critical unique identifiers
+                                value.encode("utf-8")
+                            ).hexdigest(): name
+                        }
+                    )
                if detect_secrets_output:
-                    environment_variable_names = list(function.environment.keys())
                    secrets_string = ", ".join(
                        [
-                            f"{secret['type']} in variable {environment_variable_names[int(secret['line_number']) - 2]}"
+                            f"{secret['type']} in variable {original_env_vars[secret['hashed_secret']]}"
                            for secret in detect_secrets_output
                        ]
                    )
--- a/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.py
@@ -14,14 +14,14 @@ class awslambda_function_not_publicly_accessible(Check):
            report.resource_tags = function.tags

            report.status = "PASS"
-            report.status_extended = f"Lambda function {function.name} has a policy resource-based policy not public."
+            report.status_extended = f"Lambda function {function.name} has a resource-based policy without public access."
            if is_policy_public(
                function.policy,
                awslambda_client.audited_account,
                is_cross_account_allowed=True,
            ):
                report.status = "FAIL"
-                report.status_extended = f"Lambda function {function.name} has a policy resource-based policy with public access."
+                report.status_extended = f"Lambda function {function.name} has a resource-based policy with public access."

            findings.append(report)

--- a/prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.py
+++ b/prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.py
@@ -8,14 +8,14 @@ class backup_recovery_point_encrypted(Check):
        for recovery_point in backup_client.recovery_points:
            report = Check_Report_AWS(self.metadata())
            report.region = recovery_point.backup_vault_region
-            report.resource_id = recovery_point.backup_vault_name
+            report.resource_id = recovery_point.id
            report.resource_arn = recovery_point.arn
            report.resource_tags = recovery_point.tags
            report.status = "FAIL"
-            report.status_extended = f"Backup Recovery Point {recovery_point.arn} for Backup Vault {recovery_point.backup_vault_name} is not encrypted at rest."
+            report.status_extended = f"Backup Recovery Point {recovery_point.id} for Backup Vault {recovery_point.backup_vault_name} is not encrypted at rest."
            if recovery_point.encrypted:
                report.status = "PASS"
-                report.status_extended = f"Backup Recovery Point {recovery_point.arn} for Backup Vault {recovery_point.backup_vault_name} is encrypted at rest."
+                report.status_extended = f"Backup Recovery Point {recovery_point.id} for Backup Vault {recovery_point.backup_vault_name} is encrypted at rest."

            findings.append(report)

--- a/prowler/providers/aws/services/backup/backup_service.py
+++ b/prowler/providers/aws/services/backup/backup_service.py
@@ -18,7 +18,8 @@ class Backup(AWSService):
        self.backup_vault_arn_template = f"arn:{self.audited_partition}:backup:{self.region}:{self.audited_account}:backup-vault"
        self.backup_vaults = []
        self.__threading_call__(self._list_backup_vaults)
-        self.__threading_call__(self._list_tags, self.backup_vaults)
+        if self.backup_vaults is not None:
+            self.__threading_call__(self._list_tags, self.backup_vaults)
        self.backup_plans = []
        self.__threading_call__(self._list_backup_plans)
        self.__threading_call__(self._list_tags, self.backup_plans)
@@ -28,6 +29,7 @@ class Backup(AWSService):
        self.__threading_call__(self._list_backup_selections)
        self.recovery_points = []
        self.__threading_call__(self._list_recovery_points)
+        self.__threading_call__(self._list_tags, self.recovery_points)

    def _list_backup_vaults(self, regional_client):
        logger.info("Backup - Listing Backup Vaults...")
@@ -171,10 +173,11 @@ class Backup(AWSService):

    def _list_tags(self, resource):
        try:
-            tags = self.regional_clients[resource.region].list_tags(
-                ResourceArn=resource.arn
-            )["Tags"]
-            resource.tags = [tags] if tags else []
+            if getattr(resource, "arn", None):
+                tags = self.regional_clients[resource.region].list_tags(
+                    ResourceArn=resource.arn
+                )["Tags"]
+                resource.tags = [tags] if tags else []
        except Exception as error:
            logger.error(
                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -183,21 +186,28 @@ class Backup(AWSService):
    def _list_recovery_points(self, regional_client):
        logger.info("Backup - Listing Recovery Points...")
        try:
-            for backup_vault in self.backup_vaults:
-                paginator = regional_client.get_paginator(
-                    "list_recovery_points_by_backup_vault"
-                )
-                for page in paginator.paginate(BackupVaultName=backup_vault.name):
-                    for recovery_point in page.get("RecoveryPoints", []):
-                        self.recovery_points.append(
-                            RecoveryPoint(
-                                arn=recovery_point.get("RecoveryPointArn"),
-                                backup_vault_name=backup_vault.name,
-                                encrypted=recovery_point.get("IsEncrypted", False),
-                                backup_vault_region=backup_vault.region,
-                                tags=[],
-                            )
-                        )
+            if self.backup_vaults:
+                for backup_vault in self.backup_vaults:
+                    paginator = regional_client.get_paginator(
+                        "list_recovery_points_by_backup_vault"
+                    )
+                    for page in paginator.paginate(BackupVaultName=backup_vault.name):
+                        for recovery_point in page.get("RecoveryPoints", []):
+                            arn = recovery_point.get("RecoveryPointArn")
+                            if arn:
+                                self.recovery_points.append(
+                                    RecoveryPoint(
+                                        arn=arn,
+                                        id=arn.split(":")[-1],
+                                        backup_vault_name=backup_vault.name,
+                                        encrypted=recovery_point.get(
+                                            "IsEncrypted", False
+                                        ),
+                                        backup_vault_region=backup_vault.region,
+                                        region=regional_client.region,
+                                        tags=[],
+                                    )
+                                )
        except ClientError as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -241,6 +251,8 @@ class BackupReportPlan(BaseModel):

 class RecoveryPoint(BaseModel):
    arn: str
+    id: str
+    region: str
    backup_vault_name: str
    encrypted: bool
    backup_vault_region: str
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.py
@@ -18,14 +18,20 @@ class cloudfront_distributions_origin_traffic_encrypted(Check):
            unencrypted_origins = []

            for origin in distribution.origins:
-                if (
-                    origin.origin_protocol_policy == ""
-                    or origin.origin_protocol_policy == "http-only"
-                ) or (
-                    origin.origin_protocol_policy == "match-viewer"
-                    and distribution.viewer_protocol_policy == "allow-all"
-                ):
-                    unencrypted_origins.append(origin.id)
+                if origin.s3_origin_config:
+                    # For S3, only check the viewer protocol policy
+                    if distribution.viewer_protocol_policy == "allow-all":
+                        unencrypted_origins.append(origin.id)
+                else:
+                    # Regular check for custom origins (ALB, EC2, API Gateway, etc.)
+                    if (
+                        origin.origin_protocol_policy == ""
+                        or origin.origin_protocol_policy == "http-only"
+                    ) or (
+                        origin.origin_protocol_policy == "match-viewer"
+                        and distribution.viewer_protocol_policy == "allow-all"
+                    ):
+                        unencrypted_origins.append(origin.id)

            if unencrypted_origins:
                report.status = "FAIL"
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.py
@@ -20,7 +20,7 @@ class cloudfront_distributions_s3_origin_non_existent_bucket(Check):

            for origin in distribution.origins:
                if origin.s3_origin_config:
-                    bucket_name = origin.domain_name.split(".")[0]
+                    bucket_name = origin.domain_name.split(".s3")[0]
                    if not s3_client._head_bucket(bucket_name):
                        non_existent_buckets.append(bucket_name)

--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_fixer.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled_fixer.py
@@ -7,7 +7,8 @@ from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
 def fixer(region):
    """
    NOTE: Define the S3 bucket name in the fixer_config.yaml file.
-    Enable CloudTrail in a region. Requires the cloudtrail:CreateTrail permission:
+    Enable CloudTrail in a region. Requires the cloudtrail:CreateTrail permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.py
@@ -48,7 +48,7 @@ class cloudtrail_multi_region_enabled_logging_management_events(Check):
                        report.resource_id = trail.name
                        report.resource_arn = trail.arn
                        report.resource_tags = trail.tags
-                        report.region = trail.home_region
+                        report.region = region
                        report.status = "PASS"
                        if trail.is_multiregion:
                            report.status_extended = f"Trail {trail.name} from home region {trail.home_region} is multi-region, is logging and have management events enabled."
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.py
@@ -67,10 +67,8 @@ class cloudtrail_threat_detection_enumeration(Check):
                found_potential_enumeration = True
                report = Check_Report_AWS(self.metadata())
                report.region = cloudtrail_client.region
-                report.resource_id = cloudtrail_client.audited_account
-                report.resource_arn = cloudtrail_client._get_trail_arn_template(
-                    cloudtrail_client.region
-                )
+                report.resource_id = aws_identity_arn.split("/")[-1]
+                report.resource_arn = aws_identity_arn
                report.status = "FAIL"
                report.status_extended = f"Potential enumeration attack detected from AWS {aws_identity_type} {aws_identity_arn.split('/')[-1]} with an threshold of {identity_threshold}."
                findings.append(report)
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.py
@@ -67,10 +67,8 @@ class cloudtrail_threat_detection_llm_jacking(Check):
                found_potential_llm_jacking = True
                report = Check_Report_AWS(self.metadata())
                report.region = cloudtrail_client.region
-                report.resource_id = cloudtrail_client.audited_account
-                report.resource_arn = cloudtrail_client._get_trail_arn_template(
-                    cloudtrail_client.region
-                )
+                report.resource_id = aws_identity_arn.split("/")[-1]
+                report.resource_arn = aws_identity_arn
                report.status = "FAIL"
                report.status_extended = f"Potential LLM Jacking attack detected from AWS {aws_identity_type} {aws_identity_arn.split('/')[-1]} with an threshold of {identity_threshold}."
                findings.append(report)
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.py
@@ -69,10 +69,8 @@ class cloudtrail_threat_detection_privilege_escalation(Check):
                found_potential_privilege_escalation = True
                report = Check_Report_AWS(self.metadata())
                report.region = cloudtrail_client.region
-                report.resource_id = cloudtrail_client.audited_account
-                report.resource_arn = cloudtrail_client._get_trail_arn_template(
-                    cloudtrail_client.region
-                )
+                report.resource_id = aws_identity_arn.split("/")[-1]
+                report.resource_arn = aws_identity_arn
                report.status = "FAIL"
                report.status_extended = f"Potential privilege escalation attack detected from AWS {aws_identity_type} {aws_identity_arn.split('/')[-1]} with an threshold of {identity_threshold}."
                findings.append(report)
--- a/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_not_publicly_accessible/cloudwatch_log_group_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_not_publicly_accessible/cloudwatch_log_group_not_publicly_accessible.py
@@ -12,18 +12,21 @@ class cloudwatch_log_group_not_publicly_accessible(Check):
            and logs_client.log_groups is not None
        ):
            for resource_policies in logs_client.resource_policies.values():
-                for resource_policy in resource_policies:
-                    if is_policy_public(
-                        resource_policy.policy, logs_client.audited_account
-                    ):
-                        for statement in resource_policy.policy.get("Statement", []):
-                            public_resources = statement.get("Resource", [])
-                            if isinstance(public_resources, str):
-                                public_resources = [public_resources]
-                            for resource in public_resources:
-                                for log_group in logs_client.log_groups.values():
-                                    if log_group.arn in resource or resource == "*":
-                                        public_log_groups.append(log_group.arn)
+                if resource_policies is not None:
+                    for resource_policy in resource_policies:
+                        if is_policy_public(
+                            resource_policy.policy, logs_client.audited_account
+                        ):
+                            for statement in resource_policy.policy.get(
+                                "Statement", []
+                            ):
+                                public_resources = statement.get("Resource", [])
+                                if isinstance(public_resources, str):
+                                    public_resources = [public_resources]
+                                for resource in public_resources:
+                                    for log_group in logs_client.log_groups.values():
+                                        if log_group.arn in resource or resource == "*":
+                                            public_log_groups.append(log_group.arn)
            for log_group in logs_client.log_groups.values():
                report = Check_Report_AWS(self.metadata())
                report.region = log_group.region
--- a/prowler/providers/aws/services/cloudwatch/lib/metric_filters.py
+++ b/prowler/providers/aws/services/cloudwatch/lib/metric_filters.py
@@ -18,24 +18,24 @@ def check_cloudwatch_log_metric_filter(
        for trail in trails.values():
            if trail.log_group_arn:
                log_groups.append(trail.log_group_arn.split(":")[6])
-    # 2. Describe metric filters for previous log groups
-    for metric_filter in metric_filters:
-        if metric_filter.log_group.name in log_groups and re.search(
-            metric_filter_pattern, metric_filter.pattern, flags=re.DOTALL
-        ):
-            report.resource_id = metric_filter.log_group.name
-            report.resource_arn = metric_filter.log_group.arn
-            report.region = metric_filter.log_group.region
-            report.resource_tags = getattr(metric_filter.log_group, "tags", [])
-            report.status = "FAIL"
-            report.status_extended = f"CloudWatch log group {metric_filter.log_group.name} found with metric filter {metric_filter.name} but no alarms associated."
-            # 3. Check if there is an alarm for the metric
-            for alarm in metric_alarms:
-                if alarm.metric == metric_filter.metric:
-                    report.status = "PASS"
-                    report.status_extended = f"CloudWatch log group {metric_filter.log_group.name} found with metric filter {metric_filter.name} and alarms set."
+        # 2. Describe metric filters for previous log groups
+        for metric_filter in metric_filters:
+            if metric_filter.log_group.name in log_groups and re.search(
+                metric_filter_pattern, metric_filter.pattern, flags=re.DOTALL
+            ):
+                report.resource_id = metric_filter.log_group.name
+                report.resource_arn = metric_filter.log_group.arn
+                report.region = metric_filter.log_group.region
+                report.resource_tags = getattr(metric_filter.log_group, "tags", [])
+                report.status = "FAIL"
+                report.status_extended = f"CloudWatch log group {metric_filter.log_group.name} found with metric filter {metric_filter.name} but no alarms associated."
+                # 3. Check if there is an alarm for the metric
+                for alarm in metric_alarms:
+                    if alarm.metric == metric_filter.metric:
+                        report.status = "PASS"
+                        report.status_extended = f"CloudWatch log group {metric_filter.log_group.name} found with metric filter {metric_filter.name} and alarms set."
+                        break
+                if report.status == "PASS":
                    break
-            if report.status == "PASS":
-                break

    return report
--- a/prowler/providers/aws/services/codebuild/codebuild_service.py
+++ b/prowler/providers/aws/services/codebuild/codebuild_service.py
@@ -84,12 +84,13 @@ class Codebuild(AWSService):
            if project_info["source"]["type"] != "NO_SOURCE":
                project.source = Source(
                    type=project_info["source"]["type"],
-                    location=project_info["source"]["location"],
+                    location=project_info["source"].get("location", ""),
                )
            project.secondary_sources = []
            for secondary_source in project_info.get("secondarySources", []):
                source_obj = Source(
-                    type=secondary_source["type"], location=secondary_source["location"]
+                    type=secondary_source["type"],
+                    location=secondary_source.get("location", ""),
                )
                project.secondary_sources.append(source_obj)
            environment = project_info.get("environment", {})
--- a/prowler/providers/aws/services/directoryservice/directoryservice_service.py
+++ b/prowler/providers/aws/services/directoryservice/directoryservice_service.py
@@ -108,21 +108,45 @@ class DirectoryService(AWSService):
                if directory.region == regional_client.region:
                    # Operation is not supported for Shared MicrosoftAD directories.
                    if directory.type != DirectoryType.SharedMicrosoftAD:
-                        describe_event_topics_parameters = {"DirectoryId": directory.id}
-                        event_topics = []
-                        describe_event_topics = regional_client.describe_event_topics(
-                            **describe_event_topics_parameters
-                        )
-                        for event_topic in describe_event_topics["EventTopics"]:
-                            event_topics.append(
-                                EventTopics(
-                                    topic_arn=event_topic["TopicArn"],
-                                    topic_name=event_topic["TopicName"],
-                                    status=event_topic["Status"],
-                                    created_date_time=event_topic["CreatedDateTime"],
+                        try:
+                            describe_event_topics_parameters = {
+                                "DirectoryId": directory.id
+                            }
+                            event_topics = []
+                            describe_event_topics = (
+                                regional_client.describe_event_topics(
+                                    **describe_event_topics_parameters
                                )
                            )
-                        self.directories[directory.id].event_topics = event_topics
+                            for event_topic in describe_event_topics["EventTopics"]:
+                                event_topics.append(
+                                    EventTopics(
+                                        topic_arn=event_topic["TopicArn"],
+                                        topic_name=event_topic["TopicName"],
+                                        status=event_topic["Status"],
+                                        created_date_time=event_topic[
+                                            "CreatedDateTime"
+                                        ],
+                                    )
+                                )
+                            self.directories[directory.id].event_topics = event_topics
+                        except ClientError as error:
+                            if (
+                                "is in Deleting state"
+                                in error.response["Error"]["Message"]
+                            ):
+                                logger.warning(
+                                    f"{directory.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                                )
+                            else:
+                                logger.error(
+                                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                                )
+                        except Exception as error:
+                            logger.error(
+                                f"{regional_client.region} -- {error.__class__.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                            )
+
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -203,6 +227,15 @@ class DirectoryService(AWSService):
                                "SnapshotLimits"
                            ]["ManualSnapshotsLimitReached"],
                        )
+                    except ClientError as error:
+                        if "is in Deleting state" in error.response["Error"]["Message"]:
+                            logger.warning(
+                                f"{directory.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                            )
+                        else:
+                            logger.error(
+                                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                            )
                    except Exception as error:
                        logger.error(
                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/documentdb/documentdb_cluster_public_snapshot/documentdb_cluster_public_snapshot_fixer.py
+++ b/prowler/providers/aws/services/documentdb/documentdb_cluster_public_snapshot/documentdb_cluster_public_snapshot_fixer.py
@@ -8,9 +8,8 @@ def fixer(resource_id: str, region: str) -> bool:
    """
    Modify the attributes of a DocumentDB cluster snapshot to remove public access.
    Specifically, this fixer removes the 'all' value from the 'restore' attribute to
-    prevent the snapshot from being publicly accessible.
-
-    Requires the rds:ModifyDBClusterSnapshotAttribute permissions.
+    prevent the snapshot from being publicly accessible. Requires the rds:ModifyDBClusterSnapshotAttribute permissions.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -21,7 +20,6 @@ def fixer(resource_id: str, region: str) -> bool:
            }
        ]
    }
-
    Args:
        resource_id (str): The DB cluster snapshot identifier.
        region (str): AWS region where the snapshot exists.
--- a/prowler/providers/aws/services/documentdb/documentdb_service.py
+++ b/prowler/providers/aws/services/documentdb/documentdb_service.py
@@ -65,6 +65,17 @@ class DocumentDB(AWSService):
    def _list_tags_for_resource(self):
        logger.info("DocumentDB - List Tags...")
        try:
+            for cluster_arn, cluster in self.db_clusters.items():
+                try:
+                    regional_client = self.regional_clients[cluster.region]
+                    response = regional_client.list_tags_for_resource(
+                        ResourceName=cluster_arn
+                    )["TagList"]
+                    cluster.tags = response
+                except Exception as error:
+                    logger.error(
+                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
            for instance_arn, instance in self.db_instances.items():
                try:
                    regional_client = self.regional_clients[instance.region]
--- a/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_fixer.py
+++ b/prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 def fixer(region):
    """
    Enable EBS encryption by default in a region. NOTE: Custom KMS keys for EBS Default Encryption may be overwritten.
-    Requires the ec2:EnableEbsEncryptionByDefault permission:
+    Requires the ec2:EnableEbsEncryptionByDefault permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_fixer.py
+++ b/prowler/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot_fixer.py
@@ -6,8 +6,8 @@ def fixer(resource_id: str, region: str) -> bool:
    """
    Modify the attributes of an EBS snapshot to remove public access.
    Specifically, this fixer removes the 'all' value from the 'createVolumePermission' attribute to
-    prevent the snapshot from being publicly accessible.
-    Requires the ec2:ModifySnapshotAttribute permission.
+    prevent the snapshot from being publicly accessible. Requires the ec2:ModifySnapshotAttribute permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/ec2/ec2_ebs_snapshot_account_block_public_access/ec2_ebs_snapshot_account_block_public_access.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_ebs_snapshot_account_block_public_access/ec2_ebs_snapshot_account_block_public_access.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "snapshot",
  "ResourceIdTemplate": "arn:partition:service:region:account-id",
  "Severity": "high",
-  "ResourceType": "Other",
+  "ResourceType": "AwsAccount",
  "Description": "EBS snapshots can be shared with other AWS accounts or made public. By default, EBS snapshots are private and only the AWS account that created the snapshot can access it. If an EBS snapshot is shared with another AWS account or made public, the data in the snapshot can be accessed by the other account or by anyone on the internet. Ensure that public access to EBS snapshots is disabled.",
  "Risk": "If public access to EBS snapshots is enabled, the data in the snapshot can be accessed by anyone on the internet.",
  "RelatedUrl": "https://docs.aws.amazon.com/ebs/latest/userguide/block-public-access-snapshots-work.html#block-public-access-snapshots-enable",
--- a/prowler/providers/aws/services/ec2/ec2_ebs_snapshot_account_block_public_access/ec2_ebs_snapshot_account_block_public_access_fixer.py
+++ b/prowler/providers/aws/services/ec2/ec2_ebs_snapshot_account_block_public_access/ec2_ebs_snapshot_account_block_public_access_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 def fixer(region):
    """
    Enable EBS snapshot block public access in a region.
-    Requires the ec2:EnableSnapshotBlockPublicAccess permission:
+    Requires the ec2:EnableSnapshotBlockPublicAccess permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
@@ -8,8 +8,8 @@
  "ServiceName": "ec2",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id",
-  "Severity": "medium",
-  "ResourceType": "AwsEc2Instance",
+  "Severity": "high",
+  "ResourceType": "AwsAccount",
  "Description": "Ensure Instance Metadata Service Version 2 (IMDSv2) is enforced for EC2 instances at the account level to protect against SSRF vulnerabilities.",
  "Risk": "EC2 instances that use IMDSv1 are vulnerable to SSRF attacks.",
  "RelatedUrl": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#set-imdsv2-account-defaults",
--- a/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled_fixer.py
+++ b/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 def fixer(region):
    """
    Enable IMDSv2 for EC2 instances in the specified region.
-    Requires the ec2:ModifyInstanceMetadataDefaults permission:
+    Requires the ec2:ModifyInstanceMetadataDefaults permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
@@ -8,7 +8,7 @@
  "ServiceName": "ec2",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "Severity": "medium",
+  "Severity": "high",
  "ResourceType": "AwsEc2Instance",
  "Description": "Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required.",
  "Risk": "Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.",
--- a/prowler/providers/aws/services/ec2/ec2_instance_port_memcached_exposed_to_internet/ec2_instance_port_memcached_exposed_to_internet.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_port_memcached_exposed_to_internet/ec2_instance_port_memcached_exposed_to_internet.metadata.json
@@ -9,7 +9,7 @@
  "SubServiceName": "instance",
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "critical",
-  "ResourceType": "AwsEc2SecurityGroup",
+  "ResourceType": "AwsEc2Instance",
  "Description": "Ensure no EC2 instances allow ingress from the internet to TCP port 11211 (Memcached).",
  "Risk": "Memcached is an open-source, high-performance, distributed memory object caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source must be read. Memcached is designed to be used in trusted environments and should not be exposed to the internet. If Memcached is exposed to the internet, it can be exploited by attackers to perform distributed denial-of-service (DDoS) attacks, data exfiltration, and other malicious activities.",
  "RelatedUrl": "",
--- a/prowler/providers/aws/services/ec2/ec2_instance_uses_single_eni/ec2_instance_uses_single_eni.py
+++ b/prowler/providers/aws/services/ec2/ec2_instance_uses_single_eni/ec2_instance_uses_single_eni.py
@@ -19,7 +19,10 @@ class ec2_instance_uses_single_eni(Check):
                )
            else:
                for eni_id in instance.network_interfaces:
-                    if ec2_client.network_interfaces[eni_id].type in eni_types:
+                    if (
+                        eni_id in ec2_client.network_interfaces
+                        and ec2_client.network_interfaces[eni_id].type in eni_types
+                    ):
                        eni_types[ec2_client.network_interfaces[eni_id].type].append(
                            eni_id
                        )
--- a/prowler/providers/aws/services/ec2/ec2_launch_template_no_secrets/ec2_launch_template_no_secrets.py
+++ b/prowler/providers/aws/services/ec2/ec2_launch_template_no_secrets/ec2_launch_template_no_secrets.py
@@ -51,7 +51,15 @@ class ec2_launch_template_no_secrets(Check):
                )

                if version_secrets:
-                    versions_with_secrets.append(str(version.version_number))
+                    secrets_string = ", ".join(
+                        [
+                            f"{secret['type']} on line {secret['line_number']}"
+                            for secret in version_secrets
+                        ]
+                    )
+                    versions_with_secrets.append(
+                        f"Version {version.version_number}: {secrets_string}"
+                    )

            if len(versions_with_secrets) > 0:
                report.status = "FAIL"
--- a/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json
@@ -10,7 +10,7 @@
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "high",
  "ResourceType": "AwsEc2SecurityGroup",
-  "Description": "Ensure no security groups allow ingress and egress from ide-open IP address with a mask between 0 and 24.",
+  "Description": "Ensure no security groups allow ingress and egress from wide-open IP address with a mask between 0 and 24.",
  "Risk": "If Security groups are not properly configured the attack surface is increased.",
  "RelatedUrl": "",
  "Remediation": {
--- a/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json
+++ b/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json
@@ -12,7 +12,7 @@
  "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
  "Severity": "critical",
  "ResourceType": "AwsEcsTaskDefinition",
-  "Description": "Check if secrets exists in ECS task definitions environment variables. If a secret is detected, the line number shown in the finding matches with the environment variable \"Name\" attribute starting to count at the \"environment\" key from the ECS Task Definition in JSON format.",
+  "Description": "Check if secrets exists in ECS task definitions environment variables.",
  "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "",
  "Remediation": {
--- a/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py
+++ b/prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.py
@@ -1,3 +1,4 @@
+import hashlib
 from json import dumps

 from prowler.lib.check.models import Check, Check_Report_AWS
@@ -25,8 +26,16 @@ class ecs_task_definitions_no_environment_secrets(Check):

                if container.environment:
                    dump_env_vars = {}
+                    original_env_vars = {}
                    for env_var in container.environment:
                        dump_env_vars.update({env_var.name: env_var.value})
+                        original_env_vars.update(
+                            {
+                                hashlib.sha1(  # nosec B324 SHA1 is used here for non-security-critical unique identifiers
+                                    env_var.value.encode("utf-8")
+                                ).hexdigest(): env_var.name
+                            }
+                        )

                    env_data = dumps(dump_env_vars, indent=2)
                    detect_secrets_output = detect_secrets_scan(
@@ -35,7 +44,7 @@ class ecs_task_definitions_no_environment_secrets(Check):
                    if detect_secrets_output:
                        secrets_string = ", ".join(
                            [
-                                f"{secret['type']} on line {secret['line_number']}"
+                                f"{secret['type']} on the environment variable {original_env_vars[secret['hashed_secret']]}"
                                for secret in detect_secrets_output
                            ]
                        )
--- a/prowler/providers/aws/services/elasticache/elasticache_redis_cluster_backup_enabled/elasticache_redis_cluster_backup_enabled.py
+++ b/prowler/providers/aws/services/elasticache/elasticache_redis_cluster_backup_enabled/elasticache_redis_cluster_backup_enabled.py
@@ -15,7 +15,7 @@ class elasticache_redis_cluster_backup_enabled(Check):
            report.resource_tags = repl_group.tags
            report.status = "FAIL"
            report.status_extended = f"Elasticache Redis cache cluster {repl_group.id} does not have automated snapshot backups enabled."
-            if repl_group.snapshot_retention > elasticache_client.audit_config.get(
+            if repl_group.snapshot_retention >= elasticache_client.audit_config.get(
                "minimum_snapshot_retention_period", 7
            ):
                report.status = "PASS"
--- a/prowler/providers/aws/services/elasticache/elasticache_service.py
+++ b/prowler/providers/aws/services/elasticache/elasticache_service.py
@@ -147,6 +147,12 @@ class ElastiCache(AWSService):
                    logger.warning(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
+                except (
+                    regional_client.exceptions.InvalidReplicationGroupStateFault
+                ) as error:
+                    logger.warning(
+                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
                except Exception as error:
                    logger.error(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -163,6 +169,12 @@ class ElastiCache(AWSService):
                    logger.warning(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
+                except (
+                    regional_client.exceptions.InvalidReplicationGroupStateFault
+                ) as error:
+                    logger.warning(
+                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
                except Exception as error:
                    logger.error(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.py
+++ b/prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.py
@@ -31,10 +31,7 @@ class firehose_stream_encrypted_at_rest(Check):
                f"Firehose Stream {stream.name} does have at rest encryption enabled."
            )

-            if (
-                stream.kms_encryption != EncryptionStatus.ENABLED
-                or not stream.kms_key_arn
-            ):
+            if stream.kms_encryption != EncryptionStatus.ENABLED:
                report.status = "FAIL"
                report.status_extended = f"Firehose Stream {stream.name} does not have at rest encryption enabled."

--- a/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled_fixer.py
+++ b/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled_fixer.py
@@ -4,7 +4,8 @@ from prowler.providers.aws.services.guardduty.guardduty_client import guardduty_

 def fixer(region):
    """
-    Enable GuardDuty in a region. Requires the guardduty:CreateDetector permission:
+    Enable GuardDuty in a region. Requires the guardduty:CreateDetector permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to expire passwords within 90 days or less or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to require lowercase characters or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to require a minimum password length of 14 characters or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to require numbers or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to prevent reusing the 24 previous passwords or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to require symbols or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_fixer.py
+++ b/prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase_fixer.py
@@ -5,7 +5,8 @@ from prowler.providers.aws.services.iam.iam_client import iam_client
 def fixer(resource_id: str) -> bool:
    """
    Enable IAM password policy to require uppercase characters or the configurable value in prowler/config/fixer_config.yaml.
-    Requires the iam:UpdateAccountPasswordPolicy permission:
+    Requires the iam:UpdateAccountPasswordPolicy permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -16,6 +17,8 @@ def fixer(resource_id: str) -> bool:
            }
        ]
    }
+    Args:
+        resource_id (str): AWS account ID
    Returns:
        bool: True if IAM password policy is updated, False otherwise
    """
--- a/prowler/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention.metadata.json
+++ b/prowler/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention.metadata.json
@@ -19,7 +19,7 @@
      "Terraform": ""
    },
    "Recommendation": {
-      "Text": "Use the aws:SourceArn and aws:SourceAccount global condition context keys in trust relationship policies to limit the permissions that a service has to a specific resource",
+      "Text": "To mitigate cross-service confused deputy attacks, it's recommended to use the aws:SourceArn and aws:SourceAccount global condition context keys in your IAM role trust policies. If the role doesn't support these fields, consider implementing alternative security measures, such as defining more restrictive resource-based policies or using service-specific trust policies, to limit the role's permissions and exposure. For detailed guidance, refer to AWS's documentation on preventing cross-service confused deputy issues.",
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html#cross-service-confused-deputy-prevention"
    }
  },
--- a/prowler/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.py
+++ b/prowler/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.py
@@ -49,7 +49,7 @@ class iam_rotate_access_key_90_days(Check):
                        old_access_keys = True
                        report = Check_Report_AWS(self.metadata())
                        report.region = iam_client.region
-                        report.resource_id = user["user"]
+                        report.resource_id = f"{user['user']}-access-key-1"
                        report.resource_arn = user["arn"]
                        report.resource_tags = user_tags
                        report.status = "FAIL"
@@ -66,7 +66,7 @@ class iam_rotate_access_key_90_days(Check):
                        old_access_keys = True
                        report = Check_Report_AWS(self.metadata())
                        report.region = iam_client.region
-                        report.resource_id = user["user"]
+                        report.resource_id = f"{user['user']}-access-key-2"
                        report.resource_arn = user["arn"]
                        report.resource_tags = user_tags
                        report.status = "FAIL"
--- a/prowler/providers/aws/services/iam/iam_service.py
+++ b/prowler/providers/aws/services/iam/iam_service.py
@@ -112,7 +112,8 @@ class IAM(AWSService):
            [policy for policy in self.policies if policy.type == "Custom"],
        )
        self.__threading_call__(self._list_tags, self.server_certificates)
-        self.__threading_call__(self._list_tags, self.saml_providers.values())
+        if self.saml_providers is not None:
+            self.__threading_call__(self._list_tags, self.saml_providers.values())

    def _get_client(self):
        return self.client
@@ -394,21 +395,38 @@ class IAM(AWSService):
        logger.info("IAM - List MFA Devices...")
        try:
            for user in self.users:
-                list_mfa_devices_paginator = self.client.get_paginator(
-                    "list_mfa_devices"
-                )
-                mfa_devices = []
-                for page in list_mfa_devices_paginator.paginate(UserName=user.name):
-                    for mfa_device in page["MFADevices"]:
-                        mfa_serial_number = mfa_device["SerialNumber"]
-                        try:
-                            mfa_type = mfa_serial_number.split(":")[5].split("/")[0]
-                        except IndexError:
-                            mfa_type = "hardware"
-                        mfa_devices.append(
-                            MFADevice(serial_number=mfa_serial_number, type=mfa_type)
+                try:
+                    list_mfa_devices_paginator = self.client.get_paginator(
+                        "list_mfa_devices"
+                    )
+                    mfa_devices = []
+                    for page in list_mfa_devices_paginator.paginate(UserName=user.name):
+                        for mfa_device in page["MFADevices"]:
+                            mfa_serial_number = mfa_device["SerialNumber"]
+                            try:
+                                mfa_type = mfa_serial_number.split(":")[5].split("/")[0]
+                            except IndexError:
+                                mfa_type = "hardware"
+                            mfa_devices.append(
+                                MFADevice(
+                                    serial_number=mfa_serial_number, type=mfa_type
+                                )
+                            )
+                    user.mfa_devices = mfa_devices
+                except ClientError as error:
+                    if error.response["Error"]["Code"] == "NoSuchEntity":
+                        logger.warning(
+                            f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                        )
-                user.mfa_devices = mfa_devices
+                    else:
+                        logger.error(
+                            f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+
+                except Exception as error:
+                    logger.error(
+                        f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
        except Exception as error:
            logger.error(
                f"{self.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/kms/kms_cmk_not_deleted_unintentionally/kms_cmk_not_deleted_unintentionally_fixer.py
+++ b/prowler/providers/aws/services/kms/kms_cmk_not_deleted_unintentionally/kms_cmk_not_deleted_unintentionally_fixer.py
@@ -7,7 +7,6 @@ def fixer(resource_id: str, region: str) -> bool:
    Cancel the scheduled deletion of a KMS key.
    Specifically, this fixer calls the 'cancel_key_deletion' method to restore the KMS key's availability if it is marked for deletion.
    Requires the kms:CancelKeyDeletion permission.
-
    Permissions:
    {
        "Version": "2012-10-17",
@@ -19,11 +18,9 @@ def fixer(resource_id: str, region: str) -> bool:
            }
        ]
    }
-
    Args:
        resource_id (str): The ID of the KMS key to cancel the deletion for.
        region (str): AWS region where the KMS key exists.
-
    Returns:
        bool: True if the operation is successful (deletion cancellation is completed), False otherwise.
    """
--- a/prowler/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_fixer.py
+++ b/prowler/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled_fixer.py
@@ -4,7 +4,8 @@ from prowler.providers.aws.services.kms.kms_client import kms_client

 def fixer(resource_id: str, region: str) -> bool:
    """
-    Enable CMK rotation. Requires the kms:EnableKeyRotation permission:
+    Enable CMK rotation. Requires the kms:EnableKeyRotation permission.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
--- a/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py
+++ b/prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.py
@@ -8,7 +8,9 @@ class kms_key_not_publicly_accessible(Check):
        findings = []
        for key in kms_client.keys:
            if (
-                key.manager == "CUSTOMER" and key.state == "Enabled"
+                key.manager == "CUSTOMER"
+                and key.state == "Enabled"
+                and key.policy is not None
            ):  # only customer KMS have policies
                report = Check_Report_AWS(self.metadata())
                report.status = "PASS"
--- a/prowler/providers/aws/services/kms/kms_service.py
+++ b/prowler/providers/aws/services/kms/kms_service.py
@@ -27,15 +27,20 @@ class KMS(AWSService):
            list_keys_paginator = regional_client.get_paginator("list_keys")
            for page in list_keys_paginator.paginate():
                for key in page["Keys"]:
-                    if not self.audit_resources or (
-                        is_resource_filtered(key["KeyArn"], self.audit_resources)
-                    ):
-                        self.keys.append(
-                            Key(
-                                id=key["KeyId"],
-                                arn=key["KeyArn"],
-                                region=regional_client.region,
+                    try:
+                        if not self.audit_resources or (
+                            is_resource_filtered(key["KeyArn"], self.audit_resources)
+                        ):
+                            self.keys.append(
+                                Key(
+                                    id=key["KeyId"],
+                                    arn=key["KeyArn"],
+                                    region=regional_client.region,
+                                )
                            )
+                    except Exception as error:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
                        )
        except Exception as error:
            logger.error(
@@ -47,11 +52,16 @@ class KMS(AWSService):
        try:
            for key in self.keys:
                regional_client = self.regional_clients[key.region]
-                response = regional_client.describe_key(KeyId=key.id)
-                key.state = response["KeyMetadata"]["KeyState"]
-                key.origin = response["KeyMetadata"]["Origin"]
-                key.manager = response["KeyMetadata"]["KeyManager"]
-                key.spec = response["KeyMetadata"]["CustomerMasterKeySpec"]
+                try:
+                    response = regional_client.describe_key(KeyId=key.id)
+                    key.state = response["KeyMetadata"]["KeyState"]
+                    key.origin = response["KeyMetadata"]["Origin"]
+                    key.manager = response["KeyMetadata"]["KeyManager"]
+                    key.spec = response["KeyMetadata"]["CustomerMasterKeySpec"]
+                except Exception as error:
+                    logger.error(
+                        f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
+                    )
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
@@ -68,9 +78,14 @@ class KMS(AWSService):
                    and "AWS" not in key.manager
                ):
                    regional_client = self.regional_clients[key.region]
-                    key.rotation_enabled = regional_client.get_key_rotation_status(
-                        KeyId=key.id
-                    )["KeyRotationEnabled"]
+                    try:
+                        key.rotation_enabled = regional_client.get_key_rotation_status(
+                            KeyId=key.id
+                        )["KeyRotationEnabled"]
+                    except Exception as error:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
+                        )
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
@@ -84,11 +99,16 @@ class KMS(AWSService):
                    key.manager and key.manager == "CUSTOMER"
                ):  # only customer KMS have policies
                    regional_client = self.regional_clients[key.region]
-                    key.policy = json.loads(
-                        regional_client.get_key_policy(
-                            KeyId=key.id, PolicyName="default"
-                        )["Policy"]
-                    )
+                    try:
+                        key.policy = json.loads(
+                            regional_client.get_key_policy(
+                                KeyId=key.id, PolicyName="default"
+                            )["Policy"]
+                        )
+                    except Exception as error:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
+                        )
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
@@ -96,20 +116,25 @@ class KMS(AWSService):

    def _list_resource_tags(self):
        logger.info("KMS - List Tags...")
-        for key in self.keys:
-            if (
-                key.manager and key.manager == "CUSTOMER"
-            ):  # only check customer KMS keys
-                try:
-                    regional_client = self.regional_clients[key.region]
-                    response = regional_client.list_resource_tags(
-                        KeyId=key.id,
-                    )["Tags"]
-                    key.tags = response
-                except Exception as error:
-                    logger.error(
-                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                    )
+        try:
+            for key in self.keys:
+                if (
+                    key.manager and key.manager == "CUSTOMER"
+                ):  # only check customer KMS keys
+                    try:
+                        regional_client = self.regional_clients[key.region]
+                        response = regional_client.list_resource_tags(
+                            KeyId=key.id,
+                        )["Tags"]
+                        key.tags = response
+                    except Exception as error:
+                        logger.error(
+                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+        except Exception as error:
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}:{error.__traceback__.tb_lineno} -- {error}"
+            )


 class Key(BaseModel):
--- a/prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot_fixer.py
+++ b/prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot_fixer.py
@@ -6,9 +6,8 @@ def fixer(resource_id: str, region: str) -> bool:
    """
    Modify the attributes of a Neptune DB cluster snapshot to remove public access.
    Specifically, this fixer removes the 'all' value from the 'restore' attribute to
-    prevent the snapshot from being publicly accessible.
-
-    Requires the rds:ModifyDBClusterSnapshotAttribute permissions.
+    prevent the snapshot from being publicly accessible. Requires the rds:ModifyDBClusterSnapshotAttribute permissions.
+    Permissions:
    {
        "Version": "2012-10-17",
        "Statement": [
@@ -19,11 +18,9 @@ def fixer(resource_id: str, region: str) -> bool:
            }
        ]
    }
-
    Args:
        resource_id (str): The DB cluster snapshot identifier.
        region (str): AWS region where the snapshot exists.
-
    Returns:
        bool: True if the operation is successful (public access is removed), False otherwise.
    """
--- a/prowler/providers/aws/services/opensearch/opensearch_service.py
+++ b/prowler/providers/aws/services/opensearch/opensearch_service.py
@@ -10,13 +10,9 @@ from prowler.providers.aws.lib.service.service import AWSService

 class OpenSearchService(AWSService):
    def __init__(self, provider):
-        # Call AWSService's __init__
        super().__init__("opensearch", provider)
        self.opensearch_domains = {}
        self.__threading_call__(self._list_domain_names)
-        self.__threading_call__(
-            self._describe_domain_config, self.opensearch_domains.values()
-        )
        self.__threading_call__(self._describe_domain, self.opensearch_domains.values())
        self.__threading_call__(self._list_tags, self.opensearch_domains.values())

@@ -39,43 +35,6 @@ class OpenSearchService(AWSService):
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
            )

-    def _describe_domain_config(self, domain):
-        logger.info("OpenSearch - describing domain configurations...")
-        try:
-            regional_client = self.regional_clients[domain.region]
-            describe_domain = regional_client.describe_domain_config(
-                DomainName=domain.name
-            )
-            for logging_key in [
-                "SEARCH_SLOW_LOGS",
-                "INDEX_SLOW_LOGS",
-                "AUDIT_LOGS",
-            ]:
-                if logging_key in describe_domain["DomainConfig"].get(
-                    "LogPublishingOptions", {}
-                ).get("Options", {}):
-                    domain.logging.append(
-                        PublishingLoggingOption(
-                            name=logging_key,
-                            enabled=describe_domain["DomainConfig"][
-                                "LogPublishingOptions"
-                            ]["Options"][logging_key]["Enabled"],
-                        )
-                    )
-            try:
-                domain.access_policy = loads(
-                    describe_domain["DomainConfig"]["AccessPolicies"]["Options"]
-                )
-            except JSONDecodeError as error:
-                logger.warning(
-                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-                )
-
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
    def _describe_domain(self, domain):
        logger.info("OpenSearch - describing domain configurations...")
        try:
@@ -130,6 +89,32 @@ class OpenSearchService(AWSService):
            domain.dedicated_master_count = cluster_config.get(
                "DedicatedMasterCount", 0
            )
+            for logging_key in [
+                "SEARCH_SLOW_LOGS",
+                "INDEX_SLOW_LOGS",
+                "AUDIT_LOGS",
+            ]:
+                if logging_key in describe_domain["DomainStatus"].get(
+                    "LogPublishingOptions", {}
+                ):
+                    domain.logging.append(
+                        PublishingLoggingOption(
+                            name=logging_key,
+                            enabled=describe_domain["DomainStatus"][
+                                "LogPublishingOptions"
+                            ][logging_key]["Enabled"],
+                        )
+                    )
+            try:
+                if describe_domain["DomainStatus"].get("AccessPolicies"):
+                    domain.access_policy = loads(
+                        describe_domain["DomainStatus"]["AccessPolicies"]
+                    )
+            except JSONDecodeError as error:
+                logger.warning(
+                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
--- a/prowler/providers/aws/services/organizations/organizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.metadata.json
+++ b/prowler/providers/aws/services/organizations/organizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.metadata.json
@@ -1,25 +1,25 @@
 {
  "Provider": "aws",
  "CheckID": "organizations_opt_out_ai_services_policy",
-  "CheckTitle": "Ensure that AWS Organizations opt-out of AI services policy is enabled.",
+  "CheckTitle": "Ensure that AWS Organizations opt-out of AI services policy is enabled and disallow child-accounts to overwrite this policy.",
  "CheckType": [],
  "ServiceName": "organizations",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:partition:service::account-id:organization/organization-id",
  "Severity": "low",
  "ResourceType": "Other",
-  "Description": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled. The control fails if the policy is not enabled.",
+  "Description": "This control checks whether the AWS Organizations opt-out of AI services policy is enabled and whether child-accounts are disallowed to overwrite this policy. The control fails if the policy is not enabled or if child-accounts are not disallowed to overwrite this policy.",
  "Risk": "By default, AWS may be using your data to train its AI models. This may include data from your AWS CloudTrail logs, AWS Config rules, and AWS GuardDuty findings. If you opt out of AI services, AWS will not use your data to train its AI models.",
  "RelatedUrl": "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out_all.html",
  "Remediation": {
    "Code": {
-      "CLI": "aws organizations enable-policy-type --root-id <root-id> --policy-type AI_SERVICES_OPT_OUT {'services': {'default': {'opt_out_policy': {'@@assign': 'optOut'}}}}",
+      "CLI": "",
      "NativeIaC": "",
      "Other": "",
      "Terraform": ""
    },
    "Recommendation": {
-      "Text": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy.",
+      "Text": "Artificial Intelligence (AI) services opt-out policies enable you to control whether AWS AI services can store and use your content. Enable the AWS Organizations opt-out of AI services policy and disallow child-accounts to overwrite this policy.",
      "Url": "https://docs.aws.amazon.com/organizations/latest/userguide/disable-policy-type.html"
    }
  },
--- a/Show More
+++ b/Show More