improve checks logic

prowler-cloud · Mar 26, 2024 · bacd9c9 · bacd9c9
1 parent 888cbd5
commit bacd9c9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/...oudtrail/cloudtrail_threat_detector_enumeration/cloudtrail_threat_detector_enumeration.py b/...oudtrail/cloudtrail_threat_detector_enumeration/cloudtrail_threat_detector_enumeration.py
@@ -140,7 +140,7 @@ def execute(self):
                 report.resource_arn = trail.arn
                 report.resource_tags = trail.tags
                 report.status = "FAIL"
-                report.status_extended = f"Potential privilege escalation detected from source IP {source_ip} with an entropy of {ENTROPY_THRESHOLD}."
+                report.status_extended = f"Potential enumeration attack detected from source IP {source_ip} with an entropy of {ENTROPY_THRESHOLD}."
                 findings.append(report)
         if not found_potential_enumeration:
             report = Check_Report_AWS(self.metadata())
@@ -149,6 +149,6 @@ def execute(self):
             report.resource_arn = trail.arn
             report.resource_tags = trail.tags
             report.status = "PASS"
-            report.status_extended = "No potential privilege escalation detected."
+            report.status_extended = "No potential enumeration attack detected."
             findings.append(report)
         return findings
diff --git a/...l_threat_detector_privilege_escalation/cloudtrail_threat_detector_privilege_escalation.py b/...l_threat_detector_privilege_escalation/cloudtrail_threat_detector_privilege_escalation.py
@@ -72,6 +72,7 @@ def execute(self):
         for trail in cloudtrail_client.trails.values():
             if trail.is_multiregion:
                 multiregion_trail = trail
+                break
         trails_to_scan = (
             cloudtrail_client.trails.values()
             if not multiregion_trail
@@ -105,7 +106,7 @@ def execute(self):
                 report.resource_arn = trail.arn
                 report.resource_tags = trail.tags
                 report.status = "FAIL"
-                report.status_extended = f"Potential privilege escalation detected from source IP {source_ip} with an entropy of {ENTROPY_THRESHOLD}."
+                report.status_extended = f"Potential privilege escalation attack detected from source IP {source_ip} with an entropy of {ENTROPY_THRESHOLD}."
                 findings.append(report)
         if not found_potential_privilege_escalation:
             report = Check_Report_AWS(self.metadata())
@@ -114,6 +115,8 @@ def execute(self):
             report.resource_arn = trail.arn
             report.resource_tags = trail.tags
             report.status = "PASS"
-            report.status_extended = "No potential privilege escalation detected."
+            report.status_extended = (
+                "No potential privilege escalation attack detected."
+            )
             findings.append(report)
         return findings