Skip to content

Inspector Scan - False Negative #7597

@victor-babin-fti

Description

@victor-babin-fti

Steps to Reproduce

Hi,

As I was testing Prowler on a relatively big environment, I was surprised not to see in the output any "failed"/findings regarding Inspector having existing active findings. The environment I tested on has 1K+ findings/vulnerabilities listed on AWS (manual enumeration), including:

  • Findings with fix available;
  • Findings with public exploit available; and
  • Critical Findings.

After using the search feature on Prowler (App), I found an entry which is categorised as "pass" and that "no active findings" has been identified in Inspector on that same account ID and region.

What would make Prowler miss this?

Expected behavior

Report the findings listed on Inspector.

Actual Result with Screenshots or Logs

Image

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

N/A

OS used

N/A

Prowler version

Latest

Pip version

N/A

Context

No response

Metadata

Metadata

Assignees

Labels

bugprovider/awsIssues/PRs related with the AWS providerseverity/mediumResults in some unexpected or undesired behavior.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions