add config variables

prowler/config/config.yaml

@@ -40,6 +40,12 @@ aws:
   # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
   log_group_retention_days: 365
 
+  # AWS CloudTrail Configuration
+  # aws.cloudtrail_threat_detector_privilege_escalation
+  # aws.cloudtrail_threat_detector_enumeration
+  threat_detection_entropy: 0.7 # 70% of actions found to decide if it is an attack event
+  threat_detection_days: 1
+
   # AWS AppStream Session Configuration
   # aws.appstream_fleet_session_idle_disconnect_timeout
   max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes

prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detector_enumeration/cloudtrail_threat_detector_enumeration.py

@@ -5,7 +5,7 @@
     cloudtrail_client,
 )
 
-ENTROPY_THRESHOLD = 0.7
+ENTROPY_THRESHOLD = cloudtrail_client.audit_config.get("threat_detection_entropy", 0.7)
 THREAT_DETECTION_DAYS = cloudtrail_client.audit_config.get("threat_detection_days", 1)
 ENUMERATION_ACTIONS = [
     "DescribeAccessEntry",

prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detector_privilege_escalation/cloudtrail_threat_detector_privilege_escalation.py

@@ -5,7 +5,7 @@
     cloudtrail_client,
 )
 
-ENTROPY_THRESHOLD = 0.7
+ENTROPY_THRESHOLD = cloudtrail_client.audit_config.get("threat_detection_entropy", 0.7)
 THREAT_DETECTION_DAYS = cloudtrail_client.audit_config.get("threat_detection_days", 1)
 PRIVILEGE_ESCALATION_ACTIONS = [
     "AddPermission",