[Bug]: Empty fields (["resources"][0]["region"] and ["finding"]["types"]) in json ocsf result when the target is an Azure account

[rvisc]

Steps to Reproduce

/usr/local/bin/prowler azure --log-level ERROR --sp-env-auth -M json-ocsf -o . -F prowler_scan_results -z

Expected behavior

I expected the ["resources"][0]["region"] and ["finding"]["types"] fields to contain values.

Actual Result with Screenshots or Logs

The ["resources"][0]["region"] field always results in an empty string ("").
The ["finding"]["types"] field always results in an empty list ([]).

How did you install Prowler?

Cloning the repository from github.com (git clone)

Environment Resource

Docker container locally

OS used

Debian GNU/Linux 11 (bullseye)

Prowler version

3.14.0

Pip version

22.2.2

Context

[jfagoagas]

Hi @rvisc, currently we are working on the new version of the OCSF schema 1.1.0 since the 1.0.0 version, the one implemented in Prowler v3, has been deprecated. In that version those fields are filled with data coming from the Azure findings. If you want to see the current development please take a look at

prowler/prowler/lib/outputs/json_ocsf/json_ocsf.py

Line 33 in dbc232a

def fill_json_ocsf(finding_output: FindingOutput) -> DetectionFinding:

We will publish soon a new Prowler version with the OCSF 1.1.0 with the new Detection Finding instead of the Security Finding.

Thanks for using Prowler 🚀

[jfagoagas]

Hi @rvisc, we've just released Prowler v4 which uses OCSF v1.1.0 as the JSON output. I'm closing this issue, please feel free to reopen it if you encounter the same issue again. Please upgrade using pip install prowler --upgrade.

Thanks for using Prowler 🚀