Issue search
Which component is affected?
Prowler CLI/SDK
Cloud Provider (if applicable)
Azure
Steps to Reproduce
Both the 9.3.2.2 "Ensure that 'Public Network Access' is 'Disabled' for storage accounts" and the 9.3.8 "Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled" are mapped to the "storage_blob_public_access_level_is_disabled" check in Prowler (for CIS Azure 5.0). However this check relates to anonymous access (i.e. 9.3.8), and should not be mapped to the 9.3.2.2 check. I'm not sure what the correct mapping is for 9.3.2.2 at the moment - it might be the one about private endpoints. I think this also presents an opportunity for the metadata for storage_blob_public_access_level_is_disabled to be enhanced, to make it clear it is referring to anonymous access, if not in the check_id then in the title and extended status potentially.
"Id": "9.3.2.2",
"Description": "Ensure that 'Public Network Access' is 'Disabled' for storage accounts",
"Checks": [
"**storage_blob_public_access_level_is_disabled**"
],
"Id": "9.3.8",
"Description": "Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled'",
"Checks": [
"**storage_blob_public_access_level_is_disabled**"
],
"Attributes": [
{
Expected behavior
storage_blob_public_access_level_is_disabled should only be mapped to "Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled" within the compliance CIS code , with a different check representing public network access mapped to "Ensure that 'Public Network Access' is 'Disabled' for storage accounts"
Actual Result with Screenshots or Logs
Not available
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
Workstation
OS used
Windons
Prowler version
5.24.4
Python version
3.12
Pip version
TBD
Context
No response
Issue search
Which component is affected?
Prowler CLI/SDK
Cloud Provider (if applicable)
Azure
Steps to Reproduce
Both the 9.3.2.2 "Ensure that 'Public Network Access' is 'Disabled' for storage accounts" and the 9.3.8 "Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled" are mapped to the "storage_blob_public_access_level_is_disabled" check in Prowler (for CIS Azure 5.0). However this check relates to anonymous access (i.e. 9.3.8), and should not be mapped to the 9.3.2.2 check. I'm not sure what the correct mapping is for 9.3.2.2 at the moment - it might be the one about private endpoints. I think this also presents an opportunity for the metadata for storage_blob_public_access_level_is_disabled to be enhanced, to make it clear it is referring to anonymous access, if not in the check_id then in the title and extended status potentially.
Expected behavior
storage_blob_public_access_level_is_disabled should only be mapped to "Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled" within the compliance CIS code , with a different check representing public network access mapped to "Ensure that 'Public Network Access' is 'Disabled' for storage accounts"
Actual Result with Screenshots or Logs
Not available
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
Workstation
OS used
Windons
Prowler version
5.24.4
Python version
3.12
Pip version
TBD
Context
No response