chore(alibaba): update all metadata files (#10289)

Author: danibarranqueroo

docs/developer-guide/checks.mdx

@@ -315,6 +315,7 @@ The type of resource being audited. This field helps categorize and organize fin
 - **Kubernetes**: Use types shown under `KIND` from `kubectl api-resources`.
 - **Oracle Cloud Infrastructure**: Use types from [Oracle Cloud Infrastructure documentation](https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Search/Tasks/queryingresources_topic-Listing_Supported_Resource_Types.htm).
 - **OpenStack**: Use types from [OpenStack Heat resource types](https://docs.openstack.org/heat/latest/template_guide/openstack.html).
+- **Alibaba Cloud**: Use types from [Alibaba Cloud ROS resource types](https://www.alibabacloud.com/help/en/ros/developer-reference/list-of-resource-types-by-service).
 - **Any other provider**: Use `NotDefined` due to lack of standardized resource types in their SDK or documentation.
 
 #### ResourceGroup

prowler/CHANGELOG.md

@@ -30,6 +30,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update Oracle Cloud Object Storage service metadata to new format [(#9379)](https://github.com/prowler-cloud/prowler/pull/9379)
 - Update Oracle Cloud Events service metadata to new format [(#9373)](https://github.com/prowler-cloud/prowler/pull/9373)
 - Update Oracle Cloud Identity service metadata to new format [(#9375)](https://github.com/prowler-cloud/prowler/pull/9375)
+- Update Alibaba Cloud services metadata to new format [(#10289)](https://github.com/prowler-cloud/prowler/pull/10289)
 
 ---
 

prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.metadata.json

@@ -1,33 +1,30 @@
 {
   "Provider": "alibabacloud",
   "CheckID": "actiontrail_multi_region_enabled",
-  "CheckTitle": "ActionTrail are configured to export copies of all Log entries",
-  "CheckType": [
-    "Unusual logon",
-    "Cloud threat detection"
-  ],
+  "CheckTitle": "ActionTrail is configured to export copies of all log entries across all regions",
+  "CheckType": [],
   "ServiceName": "actiontrail",
   "SubServiceName": "",
-  "ResourceIdTemplate": "acs:actiontrail::account-id:trail",
+  "ResourceIdTemplate": "",
   "Severity": "critical",
-  "ResourceType": "AlibabaCloudActionTrail",
+  "ResourceType": "ALIYUN::ACTIONTRAIL::Trail",
   "ResourceGroup": "monitoring",
-  "Description": "**ActionTrail** is a web service that records API calls for your account and delivers log files to you.\n\nThe recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the Alibaba Cloud service. ActionTrail provides a history of API calls for an account, including API calls made via the Management Console, SDKs, and command line tools.",
-  "Risk": "The API call history produced by ActionTrail enables **security analysis**, **resource change tracking**, and **compliance auditing**.\n\nEnsuring that a **multi-region trail** exists will detect unexpected activities occurring in otherwise unused regions. Global Service Logging should be enabled by default to capture events generated on Alibaba Cloud global services, ensuring the recording of management operations performed on all resources in an Alibaba Cloud account.",
+  "Description": "**Alibaba Cloud ActionTrail** is a service that records API calls made to your account and delivers log files containing the identity of the API caller, the time and source IP of the call, the request parameters, and the response elements returned by the service. Ensuring that a **multi-region trail** exists guarantees that management operations performed across all regions and global services are captured, enabling detection of unexpected activities in otherwise unused regions.",
+  "Risk": "Without a **multi-region trail** enabled, API calls made in regions outside the primary trail's scope will not be recorded. This creates blind spots in **security analysis**, **resource change tracking**, and **compliance auditing**, potentially allowing unauthorized or malicious activity to go undetected across your Alibaba Cloud account.",
   "RelatedUrl": "",
   "AdditionalURLs": [
     "https://www.alibabacloud.com/help/doc-detail/28829.htm",
-    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/enable-multi-region-trails.html"
+    "https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/enable-multi-region-trails.html"
   ],
   "Remediation": {
     "Code": {
       "CLI": "aliyun actiontrail CreateTrail --Name <trail_name> --OssBucketName <oss_bucket_for_actiontrail> --RoleName aliyunactiontraildefaultrole --SlsProjectArn <sls_project_arn_for_actiontrail> --SlsWriteRoleArn <sls_role_arn_for_actiontrail> --EventRW <api_type_for_actiontrail>",
       "NativeIaC": "",
-      "Other": "",
+      "Other": "1. Log on to the **ActionTrail Console**\n2. Click on **Trails** in the left navigation pane\n3. Click **Add new trail**\n4. Enter a trail name in the `Trail name` box\n5. Set **Yes** for `Apply Trail to All Regions`\n6. Specify an OSS bucket name in the `OSS bucket` box\n7. Specify an SLS project name in the `SLS project` box\n8. Click **Create**",
       "Terraform": "resource \"alicloud_actiontrail_trail\" \"example\" {\n  trail_name         = \"multi-region-trail\"\n  trail_region       = \"All\"\n  sls_project_arn    = \"acs:log:cn-hangzhou:123456789:project/actiontrail-project\"\n  sls_write_role_arn = data.alicloud_ram_roles.actiontrail.roles.0.arn\n}"
     },
     "Recommendation": {
-      "Text": "1. Log on to the **ActionTrail Console**\n2. Click on **Trails** in the left navigation pane\n3. Click **Add new trail**\n4. Enter a trail name in the `Trail name` box\n5. Set **Yes** for `Apply Trail to All Regions`\n6. Specify an OSS bucket name in the `OSS bucket` box\n7. Specify an SLS project name in the `SLS project` box\n8. Click **Create**",
+      "Text": "Enable a multi-region trail in ActionTrail to ensure all API calls across all regions are recorded and delivered to a centralized OSS bucket and SLS project for security analysis and compliance auditing.",
       "Url": "https://hub.prowler.com/check/actiontrail_multi_region_enabled"
     }
   },

prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.metadata.json

@@ -1,32 +1,30 @@
 {
   "Provider": "alibabacloud",
   "CheckID": "actiontrail_oss_bucket_not_publicly_accessible",
-  "CheckTitle": "The OSS used to store ActionTrail logs is not publicly accessible",
-  "CheckType": [
-    "Sensitive file tampering"
-  ],
+  "CheckTitle": "The OSS bucket used to store ActionTrail logs is not publicly accessible",
+  "CheckType": [],
   "ServiceName": "actiontrail",
   "SubServiceName": "",
-  "ResourceIdTemplate": "acs:oss::account-id:bucket-name",
+  "ResourceIdTemplate": "",
   "Severity": "critical",
-  "ResourceType": "AlibabaCloudOSSBucket",
+  "ResourceType": "ALIYUN::ACTIONTRAIL::Trail",
   "ResourceGroup": "storage",
-  "Description": "**ActionTrail** logs a record of every API call made in your Alibaba Cloud account. These log files are stored in an **OSS bucket**.\n\nIt is recommended that the **Access Control List (ACL)** of the OSS bucket, which ActionTrail logs to, prevents public access to the ActionTrail logs.",
-  "Risk": "Allowing **public access** to ActionTrail log content may aid an adversary in identifying weaknesses in the affected account's use or configuration.\n\nExposed audit logs can reveal sensitive information about your infrastructure, API usage patterns, and security configurations.",
+  "Description": "**Alibaba Cloud ActionTrail** logs a record of every API call made in your account and stores these log files in an **OSS bucket**. It is recommended that the **Access Control List (ACL)** of the OSS bucket used by ActionTrail is set to `private` to prevent unauthorized public access to sensitive audit log data.",
+  "Risk": "Allowing **public access** to the OSS bucket containing ActionTrail logs may expose sensitive information about your infrastructure, API usage patterns, and security configurations. An adversary could use this information to identify weaknesses in the affected account, leading to potential **data breaches**, **privilege escalation**, and **compliance violations**.",
   "RelatedUrl": "",
   "AdditionalURLs": [
-    "https://help.aliyun.com/document_detail/31954.html",
-    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/trail-bucket-publicly-accessible.html"
+    "https://www.alibabacloud.com/help/doc-detail/31954.htm",
+    "https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/trail-bucket-publicly-accessible.html"
   ],
   "Remediation": {
     "Code": {
       "CLI": "ossutil set-acl oss://<bucketName> private -b",
       "NativeIaC": "",
-      "Other": "",
+      "Other": "1. Log on to the **OSS Console**\n2. Right-click on the bucket and select **Basic Settings**\n3. In the Access Control List pane, click **Configure**\n4. The Bucket ACL tab shows three types of grants: `Private`, `Public Read`, `Public Read/Write`\n5. Ensure **Private** is set for the bucket\n6. Click **Save** to save the ACL",
       "Terraform": "resource \"alicloud_oss_bucket_public_access_block\" \"actiontrail\" {\n  bucket              = alicloud_oss_bucket.actiontrail.bucket\n  block_public_access = true\n}"
     },
     "Recommendation": {
-      "Text": "1. Log on to the **OSS Console**\n2. Right-click on the bucket and select **Basic Settings**\n3. In the Access Control List pane, click **Configure**\n4. The Bucket ACL tab shows three types of grants: `Private`, `Public Read`, `Public Read/Write`\n5. Ensure **Private** is set for the bucket\n6. Click **Save** to save the ACL",
+      "Text": "Set the ACL of the OSS bucket used to store ActionTrail logs to private to prevent unauthorized public access to sensitive audit log data.",
       "Url": "https://hub.prowler.com/check/actiontrail_oss_bucket_not_publicly_accessible"
     }
   },

prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.metadata.json

@@ -1,32 +1,30 @@
 {
   "Provider": "alibabacloud",
   "CheckID": "cs_kubernetes_cloudmonitor_enabled",
-  "CheckTitle": "CloudMonitor is set to Enabled on Kubernetes Engine Clusters",
-  "CheckType": [
-    "Threat detection during container runtime"
-  ],
+  "CheckTitle": "Kubernetes cluster has CloudMonitor enabled",
+  "CheckType": [],
   "ServiceName": "cs",
   "SubServiceName": "",
-  "ResourceIdTemplate": "acs:cs:region:account-id:cluster/{cluster-id}",
+  "ResourceIdTemplate": "",
   "Severity": "medium",
-  "ResourceType": "AlibabaCloudKubernetesCluster",
+  "ResourceType": "ALIYUN::CS::ManagedKubernetesCluster",
   "ResourceGroup": "container",
-  "Description": "The monitoring service in **Kubernetes Engine clusters** depends on the Alibaba Cloud **CloudMonitor** agent to access additional system resources and application services in virtual machine instances.\n\nThe monitor can access metrics about CPU utilization, disk traffic metrics, network traffic, and disk IO information, which help monitor signals and build operations in your Kubernetes Engine clusters.",
-  "Risk": "Without **CloudMonitor** enabled, you lack visibility into system metrics and custom metrics. System metrics measure the cluster's infrastructure, such as CPU or memory usage.\n\nWith CloudMonitor, a monitor controller is created that periodically connects to each node and collects metrics about its Pods and containers, then sends the metrics to CloudMonitor server.",
+  "Description": "**Alibaba Cloud CloudMonitor** agent provides visibility into system metrics for **Kubernetes Engine clusters**, including CPU utilization, disk traffic, network traffic, and disk IO information. Without the CloudMonitor agent enabled, operators lack critical observability into node and pod health, making it difficult to detect performance degradation or anomalous resource consumption. Enabling CloudMonitor ensures that a monitor controller is created to periodically connect to each node, collect metrics about its Pods and containers, and send them to the **CloudMonitor** server for analysis and alerting.",
+  "Risk": "Without **CloudMonitor** enabled on Kubernetes Engine clusters, there is no automated collection of system-level metrics such as CPU, memory, disk, and network usage. This lack of visibility can delay detection of **resource exhaustion**, **node failures**, and **abnormal workload behavior**, increasing the risk of undetected **availability** and **performance** issues. In a security context, the absence of monitoring data impairs the ability to identify **denial-of-service conditions** or **cryptojacking** activities running on cluster nodes.",
   "RelatedUrl": "",
   "AdditionalURLs": [
-    "https://help.aliyun.com/document_detail/125508.html",
-    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-cloud-monitor.html"
+    "https://www.alibabacloud.com/help/en/ack/",
+    "https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-cloud-monitor.html"
   ],
   "Remediation": {
     "Code": {
-      "CLI": "aliyun cs GET /clusters/[cluster_id]/nodepools to verify nodepools.kubernetes_config.cms_enabled is set to true for all node pools.",
+      "CLI": "aliyun cs GET /clusters/<cluster_id>/nodepools --header 'Content-Type=application/json' | jq '.nodepools[].kubernetes_config.cms_enabled'",
       "NativeIaC": "",
-      "Other": "",
+      "Other": "1. Log on to the **ACK Console**.\n2. Select the target cluster and click its name to open the cluster detail page.\n3. Select **Nodes** on the left column and click the **Monitor** link on the Actions column of the selected node.\n4. Verify that OS Metrics data exists in the CloudMonitor page.\n5. To enable: Click **Create Kubernetes Cluster** and set `CloudMonitor Agent` to **Enabled** under creation options.",
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "1. Log on to the **ACK Console**\n2. Select the target cluster and click its name to open the cluster detail page\n3. Select **Nodes** on the left column and click the **Monitor** link on the Actions column of the selected node\n4. Verify that OS Metrics data exists in the CloudMonitor page\n5. To enable: Click **Create Kubernetes Cluster** and set `CloudMonitor Agent` to **Enabled** under creation options",
+      "Text": "Enable the **CloudMonitor** agent during cluster creation by setting `CloudMonitor Agent` to **Enabled**. For existing clusters, verify that `cms_enabled` is set to `true` for all node pools.",
       "Url": "https://hub.prowler.com/check/cs_kubernetes_cloudmonitor_enabled"
     }
   },

prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.metadata.json

@@ -1,32 +1,30 @@
 {
   "Provider": "alibabacloud",
   "CheckID": "cs_kubernetes_cluster_check_recent",
-  "CheckTitle": "Cluster Check triggered within configured period for Kubernetes Clusters",
-  "CheckType": [
-    "Threat detection during container runtime"
-  ],
+  "CheckTitle": "Kubernetes cluster health check has been triggered within the configured period",
+  "CheckType": [],
   "ServiceName": "cs",
   "SubServiceName": "",
-  "ResourceIdTemplate": "acs:cs:region:account-id:cluster/{cluster-id}",
+  "ResourceIdTemplate": "",
   "Severity": "medium",
-  "ResourceType": "AlibabaCloudKubernetesCluster",
+  "ResourceType": "ALIYUN::CS::ManagedKubernetesCluster",
   "ResourceGroup": "container",
-  "Description": "**Kubernetes Engine's cluster check** feature helps you verify the system nodes and components healthy status.\n\nWhen you trigger the checking, the process validates the health state of each node in your cluster and also the cluster configuration (`kubelet`, `docker daemon`, `kernel`, and network `iptables` configuration). If there are consecutive health check failures, the diagnose reports to admin for further repair.",
-  "Risk": "Kubernetes Engine uses the node's health status to determine if a node needs to be repaired. A cluster health check includes: cloud resource healthy status including **VPC/VSwitch**, **SLB**, and every **ECS node** status in the cluster; the `kubelet`, `docker daemon`, `kernel`, `iptables` configurations on every node.\n\nWithout regular cluster checks, potential issues may go undetected and could lead to **cluster instability** or **security vulnerabilities**.",
+  "Description": "**Alibaba Cloud Kubernetes Engine** provides a cluster health check feature that validates the health state of each node and verifies the cluster configuration, including `kubelet`, `docker daemon`, `kernel`, and network `iptables` settings. Running these checks regularly ensures that cloud resources such as **VPC/VSwitch**, **SLB**, and every **ECS node** are functioning correctly. If consecutive health check failures are detected, diagnostic reports are generated for administrators to take corrective action.",
+  "Risk": "Without regular cluster health checks within the configured period, potential issues such as **node failures**, **misconfigured network rules**, or **degraded system components** may go undetected. This increases the risk of **cluster instability**, **service outages**, and **security vulnerabilities** that could be exploited by attackers. Delayed detection of unhealthy nodes or misconfigured components can also impact the **integrity** and **availability** of workloads running on the cluster.",
   "RelatedUrl": "",
   "AdditionalURLs": [
-    "https://help.aliyun.com/document_detail/114882.html",
-    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/cluster-check.html"
+    "https://www.alibabacloud.com/help/en/ack/",
+    "https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/cluster-check.html"
   ],
   "Remediation": {
     "Code": {
-      "CLI": "aliyun cs GET /clusters/[cluster_id]/checks to verify cluster checks are being run regularly. Trigger a check if needed.",
+      "CLI": "aliyun cs GET /clusters/<cluster_id>/checks --header 'Content-Type=application/json'",
       "NativeIaC": "",
-      "Other": "",
+      "Other": "1. Log on to the **ACK Console**.\n2. Select the target cluster and open the **More** pop-menu for advanced options.\n3. Select **Global Check** and click the **Start** button to trigger the checking.\n4. Verify the checking time and details in Global Check.\n5. It is recommended to trigger cluster checks at least once within the configured period.",
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "1. Log on to the **ACK Console**\n2. Select the target cluster and open the **More** pop-menu for advanced options\n3. Select **Global Check** and click the **Start** button to trigger the checking\n4. Verify the checking time and details in Global Check\n5. It is recommended to trigger cluster checks at least once within the configured period (default: weekly)",
+      "Text": "Trigger a cluster health check regularly within the configured period to ensure all nodes and system components are healthy. Use the **Global Check** feature in the ACK Console or the `aliyun cs` CLI to verify and trigger checks.",
       "Url": "https://hub.prowler.com/check/cs_kubernetes_cluster_check_recent"
     }
   },