Checks/Aws/Test-CloudwatchLogGroupNoSecretsInLogs.ps1
|
function Test-CloudwatchLogGroupNoSecretsInLogs { <# .SYNOPSIS CloudWatch log group contains no secrets in its log events .DESCRIPTION **CloudWatch Logs** log groups are analyzed for potential **secrets** embedded in log events across their streams. Detection flags patterns resembling credentials (API keys, passwords, tokens, keys) and reports the secret types and where they appear within the log group. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: cloudwatch_log_group_no_secrets_in_logs [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check cloudwatch_log_group_no_secrets_in_logs for reference.', 'N/A', 'cloudwatch Resources') } |