fix(aws): remove cloudwatch_log_group_no_critical_pii_in_logs check (…

…#5735)

Dockerfile

@@ -4,7 +4,7 @@ LABEL maintainer="https://github.com/prowler-cloud/prowler"
 
 # Update system dependencies and install essential tools
 #hadolint ignore=DL3018
-RUN apk --no-cache upgrade && apk --no-cache add curl git g++
+RUN apk --no-cache upgrade && apk --no-cache add curl git
 
 # Create non-root user
 RUN mkdir -p /home/prowler && \

docs/tutorials/configuration_file.md

@@ -30,8 +30,6 @@ The following list includes all the AWS checks with configurable variables that
 | `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_entropy`  | Integer         |
 | `cloudtrail_threat_detection_privilege_escalation`            | `threat_detection_privilege_escalation_minutes`  | Integer         |
 | `cloudwatch_log_group_no_secrets_in_logs`                     | `secrets_ignore_patterns`                        | List of Strings |
-| `cloudwatch_log_group_no_critical_pii_in_logs`                | `critical_pii_entities`                          | List of Strings |
-| `cloudwatch_log_group_no_critical_pii_in_logs`                | `pii_language`                                   | String          |
 | `cloudwatch_log_group_retention_policy_specific_days_enabled` | `log_group_retention_days`                       | Integer         |
 | `codebuild_project_no_secrets_in_variables`                   | `excluded_sensitive_environment_variables`       | List of Strings |
 | `codebuild_project_no_secrets_in_variables`                   | `secrets_ignore_patterns`                        | List of Strings |

prowler/config/config.yaml

@@ -72,31 +72,6 @@ aws:
   # AWS Cloudwatch Configuration
   # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
   log_group_retention_days: 365
-  # aws.cloudwatch_log_group_no_critical_pii_in_logs --> see all available entities in https://microsoft.github.io/presidio/supported_entities/
-  critical_pii_entities : [
-      "CREDIT_CARD",         # Credit card numbers are highly sensitive financial information.
-      "CRYPTO",              # Crypto wallet numbers (e.g., Bitcoin addresses) can give access to cryptocurrency.
-      "IBAN_CODE",           # International Bank Account Numbers are critical financial information.
-      "US_BANK_NUMBER",      # US bank account numbers are sensitive and should be protected.
-      "US_SSN",              # US Social Security Numbers are critical PII used for identity verification.
-      "US_PASSPORT",         # US passport numbers can be used for identity theft.
-      "US_ITIN",             # US Individual Taxpayer Identification Numbers are sensitive personal identifiers.
-      #"UK_NHS",              # UK NHS numbers can be used to access medical records and other private information.
-      #"ES_NIF",              # Spanish NIF (Personal tax ID) is critical for identification and tax purposes.
-      #"ES_NIE",              # Spanish NIE (Foreigners ID card) is a critical identifier for foreign residents.
-      #"IT_FISCAL_CODE",      # Italian personal identification code is sensitive PII for tax and legal purposes.
-      #"IT_PASSPORT",         # Italian passport numbers are critical PII.
-      #"IT_IDENTITY_CARD",    # Italian identity card numbers are critical for personal identification.
-      #"PL_PESEL",            # Polish PESEL numbers are sensitive personal identifiers.
-      #"SG_NRIC_FIN",         # Singapore National Registration Identification Card is critical PII.
-      #"AU_ABN",              # Australian Business Numbers are critical for business identification.
-      #"AU_TFN",              # Australian Tax File Numbers are sensitive and used for taxation purposes.
-      #"AU_MEDICARE",         # Australian Medicare numbers are sensitive medical identifiers.
-      #"IN_PAN",              # Indian Permanent Account Numbers are critical for tax purposes and identity.
-      #"IN_AADHAAR",          # Indian Aadhaar numbers are highly sensitive and serve as a universal identity number.
-      #"FI_PERSONAL_IDENTITY_CODE"  # Finnish Personal Identity Code is sensitive PII for personal identification.
-  ]
-  pii_language: "en" # Language for recognizing PII entities
 
   # AWS AppStream Session Configuration
   # aws.appstream_fleet_session_idle_disconnect_timeout

prowler/providers/aws/services/cloudwatch/cloudwatch_service.py

@@ -93,8 +93,6 @@ def __init__(self, provider):
             if (
                 "cloudwatch_log_group_no_secrets_in_logs"
                 in provider.audit_metadata.expected_checks
-                or "cloudwatch_log_group_no_critical_pii_in_logs"
-                in provider.audit_metadata.expected_checks
             ):
                 self.events_per_log_group_threshold = (
                     1000  # The threshold for number of events to return per log group.

pyproject.toml

@@ -62,7 +62,6 @@ microsoft-kiota-abstractions = "1.3.3"
 msgraph-sdk = "1.8.0"
 numpy = "2.0.2"
 pandas = "2.2.3"
-presidio-analyzer = "2.2.355"
 py-ocsf-models = "0.2.0"
 pydantic = "1.10.18"
 python = ">=3.9,<3.13"

tests/config/config_test.py

@@ -33,16 +33,6 @@ def mock_prowler_get_latest_release(_, **kwargs):
     "ec2_allowed_instance_owners": ["amazon-elb"],
     "trusted_account_ids": [],
     "log_group_retention_days": 365,
-    "critical_pii_entities": [
-        "CREDIT_CARD",  # Credit card numbers are highly sensitive financial information.
-        "CRYPTO",  # Crypto wallet numbers (e.g., Bitcoin addresses) can give access to cryptocurrency.
-        "IBAN_CODE",  # International Bank Account Numbers are critical financial information.
-        "US_BANK_NUMBER",  # US bank account numbers are sensitive and should be protected.
-        "US_SSN",  # US Social Security Numbers are critical PII used for identity verification.
-        "US_PASSPORT",  # US passport numbers can be used for identity theft.
-        "US_ITIN",  # US Individual Taxpayer Identification Numbers are sensitive personal identifiers.
-    ],
-    "pii_language": "en",  # Language for recognizing PII entities
     "max_idle_disconnect_timeout_in_seconds": 600,
     "max_disconnect_timeout_in_seconds": 300,
     "max_session_duration_seconds": 36000,
@@ -107,16 +97,6 @@ def mock_prowler_get_latest_release(_, **kwargs):
     "fargate_windows_latest_version": "1.0.0",
     "trusted_account_ids": [],
     "log_group_retention_days": 365,
-    "critical_pii_entities": [
-        "CREDIT_CARD",  # Credit card numbers are highly sensitive financial information.
-        "CRYPTO",  # Crypto wallet numbers (e.g., Bitcoin addresses) can give access to cryptocurrency.
-        "IBAN_CODE",  # International Bank Account Numbers are critical financial information.
-        "US_BANK_NUMBER",  # US bank account numbers are sensitive and should be protected.
-        "US_SSN",  # US Social Security Numbers are critical PII used for identity verification.
-        "US_PASSPORT",  # US passport numbers can be used for identity theft.
-        "US_ITIN",  # US Individual Taxpayer Identification Numbers are sensitive personal identifiers.
-    ],
-    "pii_language": "en",  # Language for recognizing PII entities
     "max_idle_disconnect_timeout_in_seconds": 600,
     "max_disconnect_timeout_in_seconds": 300,
     "max_session_duration_seconds": 36000,

tests/config/fixtures/config.yaml

@@ -72,31 +72,6 @@ aws:
   # AWS Cloudwatch Configuration
   # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
   log_group_retention_days: 365
-  # aws.cloudwatch_log_group_no_critical_pii_in_logs --> see all available entities in https://microsoft.github.io/presidio/supported_entities/
-  critical_pii_entities : [
-      "CREDIT_CARD",         # Credit card numbers are highly sensitive financial information.
-      "CRYPTO",              # Crypto wallet numbers (e.g., Bitcoin addresses) can give access to cryptocurrency.
-      "IBAN_CODE",           # International Bank Account Numbers are critical financial information.
-      "US_BANK_NUMBER",      # US bank account numbers are sensitive and should be protected.
-      "US_SSN",              # US Social Security Numbers are critical PII used for identity verification.
-      "US_PASSPORT",         # US passport numbers can be used for identity theft.
-      "US_ITIN",             # US Individual Taxpayer Identification Numbers are sensitive personal identifiers.
-      #"UK_NHS",              # UK NHS numbers can be used to access medical records and other private information.
-      #"ES_NIF",              # Spanish NIF (Personal tax ID) is critical for identification and tax purposes.
-      #"ES_NIE",              # Spanish NIE (Foreigners ID card) is a critical identifier for foreign residents.
-      #"IT_FISCAL_CODE",      # Italian personal identification code is sensitive PII for tax and legal purposes.
-      #"IT_PASSPORT",         # Italian passport numbers are critical PII.
-      #"IT_IDENTITY_CARD",    # Italian identity card numbers are critical for personal identification.
-      #"PL_PESEL",            # Polish PESEL numbers are sensitive personal identifiers.
-      #"SG_NRIC_FIN",         # Singapore National Registration Identification Card is critical PII.
-      #"AU_ABN",              # Australian Business Numbers are critical for business identification.
-      #"AU_TFN",              # Australian Tax File Numbers are sensitive and used for taxation purposes.
-      #"AU_MEDICARE",         # Australian Medicare numbers are sensitive medical identifiers.
-      #"IN_PAN",              # Indian Permanent Account Numbers are critical for tax purposes and identity.
-      #"IN_AADHAAR",          # Indian Aadhaar numbers are highly sensitive and serve as a universal identity number.
-      #"FI_PERSONAL_IDENTITY_CODE"  # Finnish Personal Identity Code is sensitive PII for personal identification.
-  ]
-  pii_language: "en" # Language for recognizing PII entities
 
   # AWS AppStream Session Configuration
   # aws.appstream_fleet_session_idle_disconnect_timeout