mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
6cd2ffbca2
Add the PIM-only management security check on top of the shared _get_pim_alerts implementation already introduced for the PIM stale sign-in alert check (#10798). Avoid duplicating the service-layer fetch that the original branch carried with its own beta endpoint + httpx client; instead, consume the v1.0 unified roleManagement alerts feed via the dict already populated on entra_client. Detection logic: look up an active PIM alert whose definition id contains 'RolesAssignedOutsidePim'. FAIL when the alert is active with affected items, PASS when it exists with no items (or is inactive), and MANUAL when the alert is unavailable (no Microsoft Entra ID P2, alert disabled, or insufficient permissions). Compliance: extend CIS 4.0/6.0 control 5.3.1 and ISO 27001:2022 A.5.16 / A.5.18 mappings to include this check alongside the stale sign-in alert counterpart.