feat: added firewall manager managed rule groups

prowler-cloud · Dec 10, 2024 · 631e9bc · 631e9bc
1 parent f2f196c
commit 631e9bc
Showing 1 changed file with 16 additions and 7 deletions.
diff --git a/prowler/providers/aws/services/wafv2/wafv2_service.py b/prowler/providers/aws/services/wafv2/wafv2_service.py
@@ -150,6 +150,22 @@ def _get_web_acl(self, acl: str):
                         else:
                             acl.rules.append(new_rule)
 
+                    firewall_manager_managed_rg = get_web_acl.get("WebACL", {}).get(
+                        "PreProcessFirewallManagerRuleGroups", []
+                    ) + get_web_acl.get("WebACL", {}).get(
+                        "PostProcessFirewallManagerRuleGroups", []
+                    )
+
+                    for rule in firewall_manager_managed_rg:
+                        acl.rules.append(
+                            Rule(
+                                name=rule.get("Name", ""),
+                                cloudwatch_metrics_enabled=rule.get(
+                                    "VisibilityConfig", {}
+                                ).get("CloudWatchMetricsEnabled", False),
+                            )
+                        )
+
                 except Exception as error:
                     logger.error(
                         f"{acl.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
@@ -193,13 +209,6 @@ class Rule(BaseModel):
     cloudwatch_metrics_enabled: bool = False
 
 
-class FirewallManagerRuleGroup(BaseModel):
-    """Model representing a rule group for the Web ACL."""
-
-    name: str
-    cloudwatch_metrics_enabled: bool = False
-
-
 class WebAclv2(BaseModel):
     """Model representing a Web ACL for WAFv2."""