search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.45k stars 1.49k forks source link

Compliance report for NIST CSF 1.1 formatting is incorrect #4399

Closed ghstridr closed 1 month ago

ghstridr commented 1 month ago

Steps to Reproduce

  1. prowler aws --profile (snipped) --region us-east-2 --compliance nist_csf_1.1_aws --output-directory 20240705 --shodan (snipped)
  2. AWS
  3. Single Account
  4. See screenshot and Expected Behaviour

Expected behavior

Expect the info in each cell to match the column header

Actual Result with Screenshots or Logs

Unhelpful error log: {"timestamp": "2024-07-08 11:05:13,046", "filename": "s3_service.py:88", "level": "ERROR", "module": "s3_service", "message": "gatebio-ssl -- ClientError[53]: An error occurred (AccessDenied) when calling the GetBucketLocation operation: Access Denied"}

Screen shot of csv opened in LibreOffice: Screenshot 2024-07-08 at 10 58 38 AM

How did you install Prowler?

From brew (brew install prowler)

Environment Resource

Workstation

OS used

MacOS

Prowler version

4.2.4

Pip version

24.0

Context

Running from workstation via brew on MacOS 14.5 Command used: prowler aws --profile (snipped) --region us-east-2 --compliance nist_csf_1.1_aws --output-directory 20240705 --shodan (snipped)

ghstridr commented 1 month ago

Another note, it is a csv file, but a ';' is being used as the seperator? ....Why? Wouldn't that be a SSV file type?

jfagoagas commented 1 month ago

Hello @ghstridr we will review this and get back to you soon. Regarding the CSV separator we use the semicolon ; since it is one of the common values to be used in the CSV format.

ghstridr commented 1 month ago

Ok, thank you for the response. Since when one sees, 'csv', I feel it is natural to assume that a comma is the default separator when importing to something like Excel or LibreOffice, which is what both default to. When I did do that, both showed the results completely incorrectly. They never showed any indication that semicolons were detected as the separator and probably never will. The Google equivalent completely refusted to import the file, so it seems they expect commas no matter what with a csv file. This is just food for thought.

Maybe have a cli option for the csv report generation to choose the separator with the semicolon or comma as the default?

jfagoagas commented 1 month ago

We are going to include that in our public documentation since it is an important detail about the CSV format. Definitely we can explore the option to have a customisable separator, thanks for the idea!

Regarding the issue, next week we will work on it and get back to you.

Thanks for using Prowler!

pedrooot commented 1 month ago

hey! @ghstridr after reviewing this issue, it seems to be related with #3620 and at the same time, with LibreOffice. We will investigate furthermore to make separators customizables. Thanks for using Prowler! 🚀

pedrooot commented 1 month ago

Postscript: I use numbers and Google Spreadsheets and works fine for me! Tell me if you need anything else 😄

pedrooot commented 1 month ago

Hi! @ghstridr !. We have decided to include a custom delimiter and/or a new SSV (semicolon-separated values) output format in Prowler. We are closing this issue and we are going to keep track of it in this issue. For your particular case there is an approach to open the current CSV Prowler output with https://ask.libreoffice.org/t/change-column-separator-on-csv-export/8404/3. Thanks for using Prowler 😄 🚀