ASSESSMENT_START_TIME;FINDING_UNIQUE_ID;PROVIDER;CHECK_ID;CHECK_TITLE;CHECK_TYPE;STATUS;STATUS_EXTENDED;SERVICE_NAME;SUBSERVICE_NAME;SEVERITY;RESOURCE_TYPE;RESOURCE_DETAILS;RESOURCE_TAGS;DESCRIPTION;RISK;RELATED_URL;REMEDIATION_RECOMMENDATION_TEXT;REMEDIATION_RECOMMENDATION_URL;REMEDIATION_RECOMMENDATION_CODE_NATIVEIAC;REMEDIATION_RECOMMENDATION_CODE_TERRAFORM;REMEDIATION_RECOMMENDATION_CODE_CLI;REMEDIATION_RECOMMENDATION_CODE_OTHER;CATEGORIES;DEPENDS_ON;RELATED_TO;NOTES;PROFILE;ACCOUNT_ID;ACCOUNT_NAME;ACCOUNT_EMAIL;ACCOUNT_ARN;ACCOUNT_ORG;ACCOUNT_TAGS;REGION;RESOURCE_ID;RESOURCE_ARN
2023-01-02T17:43:47.486212;prowler-aws-accessanalyzer_enabled_without_findings-xxxxx;aws;accessanalyzer_enabled_without_findings;Check if IAM Access Analyzer is enabled without findings;IAM;FAIL;IAM Access Analyzer is not enabled;accessanalyzer;;low;Other;;[];Check if IAM Access Analyzer is enabled without findings;AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.;https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html;Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).;https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html;;;aws accessanalyzer create-analyzer --analyzer-name <NAME> --type <ACCOUNT|ORGANIZATION>;;;;;;ENV;xxxxxx;;;;;;xxregio;xxxxx;
[{
"AssessmentStartTime": "2023-01-02T17:22:49.730532",
"FindingUniqueId": "prowler-aws-accessanalyzer_enabled_without_findings-xxxxx",
"Provider": "aws",
"CheckID": "accessanalyzer_enabled_without_findings",
"CheckTitle": "Check if IAM Access Analyzer is enabled without findings",
"CheckType": [
"IAM"
],
"ServiceName": "accessanalyzer",
"SubServiceName": "",
"Status": "FAIL",
"StatusExtended": "IAM Access Analyzer is not enabled",
"Severity": "low",
"ResourceType": "Other",
"ResourceDetails": "",
"Tags": {
"Tag1Key": "value",
"Tag2Key": "value"
},
"Description": "Check if IAM Access Analyzer is enabled without findings",
"Risk": "AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.",
"RelatedUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html",
"Remediation": {
"Code": {
"NativeIaC": "",
"Terraform": "",
"CLI": "aws accessanalyzer create-analyzer --analyzer-name <NAME> --type <ACCOUNT|ORGANIZATION>",
"Other": ""
},
"Recommendation": {
"Text": "Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).",
"Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html"
}
},
"Categories": [],
"DependsOn": [],
"RelatedTo": [],
"Notes": "",
"Profile": "ENV",
"AccountId": "xxxxx",
"OrganizationsInfo": null,
"Region": "xxxxx-regio",
"ResourceId": "xxxxx",
"ResourceArn": ""
}]
Scanner Name
In prowler v3, the fields have changed.
See https://github.com/prowler-cloud/prowler/releases/tag/3.0.0 and prowler-cloud/prowler@7b9fae5
Sample File
csv:
json: