search

prowler-cloud / prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://prowler.com
Apache License 2.0
10.53k stars 1.51k forks source link

Add number of muted findings in HTML report #4703

Closed OlesYudin closed 1 week ago

OlesYudin commented 1 month ago

New feature motivation

When you work with the muted list feature it will be really informative to know how many muted findings you have. Because now even if you mute specific checks they will be marked as failed or passed in the "Assessment Overview" dashboard. image image

Solution Proposed

I would like to see more information in the "Assessment Overview" block. For example: Total findings: 1859 Passed: 697 Passed (muted): 2 Failed: 1162 Failed (muted): 5 Total Resources: 616

Describe alternatives you've considered

For now, using bash scripts I parse all muted findings and then output the number of all findings, passed, muted, etc..

Additional context

No response

jfagoagas commented 1 month ago

Hello @OlesYudin, that is a great idea, we will think about it and get back to you once the team has an update.

Thanks for using Prowler 🚀

abant07 commented 2 weeks ago

Hi @jfagoagas

Would I be able to work on this issue

pedrooot commented 2 weeks ago

Hey! @abant07 Of course! Let me know if you need something

jfagoagas commented 2 weeks ago

Hello @abant07 please, go ahead!

As we did in the previous time, please before start coding I think it'd be great if you can do an analysis of what's needed to be done to be discussed in this issue. Then once we get to an agreement you can start coding. What do you think?

Thanks!

abant07 commented 2 weeks ago

Sounds good. Will get to it right away

abant07 commented 2 weeks ago

Ok,

So from what I am understanding @jfagoagas and @tmonk42 , there is a feature muted findings on Prowler, which allows a user to specify a yaml file with all the checks they want to disregard (or "ignore") regardless if it passes or fails. Currently, Prowler has it so that on the dashboard a customer is able to see the granularity of which tests have failed, passed, muted (passed), and muted( failed).

However, tmonk would like these muted (passed and failed) checks to be shown as separate from the total passed and total failed checks on the assessment overview. By my understanding, Prowler already has it so that a user can see how many muted checks have passed or failed on a different page, however we would also like these muted tests to show up on the assessment overview.

If I understood this correctly, the coding should not be too hard. I looked at the codebase, and it seems that the file that is controlling the dashboard that tmonk had suggested a change to is the html.py file. Specifically, in the write_header(). This write_header() method has a parameter called stats, which is a dictionary containing the keys "findings_count", total_pass, total_fail, "total_fail", "all_fails_are_muted", and "resources_count".

If we want to include keys like "muted_fail" and "muted_pass", we will need to edit the output.py file, specifically the extract_findings_statisticsmethod. Inside this method, it takes a parameter "findings", and we can find muted findings by finding.muted to see if its muted in combination with finding.status == PASS or FAIL.

def extract_findings_statistics(findings: list) -> dict:
    """
    extract_findings_statistics takes a list of findings and returns the following dict with the aggregated statistics
    {
        "total_pass": 0,
        "total_fail": 0,
        "resources_count": 0,
        "findings_count": 0,
    }
    """
    logger.info("Extracting audit statistics...")
    stats = {}
    total_pass = 0
    total_fail = 0
    resources = set()
    findings_count = 0
    all_fails_are_muted = True

    for finding in findings:
        # Save the resource_id
        resources.add(finding.resource_id)
        if finding.status == "PASS":
            total_pass += 1
            findings_count += 1
        if finding.status == "FAIL":
            total_fail += 1
            findings_count += 1
            if not finding.muted and all_fails_are_muted:
                all_fails_are_muted = False

    stats["total_pass"] = total_pass
    stats["total_fail"] = total_fail
    stats["resources_count"] = len(resources)
    stats["findings_count"] = findings_count
    stats["all_fails_are_muted"] = all_fails_are_muted

    return stats
abant07 commented 2 weeks ago

@jfagoagas

Does this all look correct to you? If so, can I start coding it?

jfagoagas commented 2 weeks ago

That's right, you can go ahead! @abant07

So the work will be:

abant07 commented 2 weeks ago

Yes thats correct

jfagoagas commented 1 week ago

Hello @OlesYudin the feature you requested was just merged to the master branch. Please give it a try and let us know if there is something else you consider.

Thanks for using Prowler 🚀