fix(ocsf): Add resource details to data (#3819)

docs/tutorials/reporting.md

@@ -136,7 +136,10 @@ The JSON-OCSF output format implements the [Detection Finding](https://schema.oc
             "labels": [],
             "name": "123456789012",
             "type": "AwsCloudTrailTrail",
-            "uid": "arn:aws:cloudtrail:ap-northeast-1:123456789012:trail"
+            "uid": "arn:aws:cloudtrail:ap-northeast-1:123456789012:trail",
+            "data": {
+                "details": ""
+            },     
         }
     ],
     "category_name": "Findings",
@@ -320,7 +323,7 @@ The following is the mapping between the native JSON and the Detection Finding f
 | StatusExtended | status_detail |
 | Severity | severity |
 | ResourceType | resources.type |
-| ResourceDetails | _Not mapped yet_ |
+| ResourceDetails | resources.data.details |
 | Description | finding_info.desc |
 | Risk | risk_details _Available from OCSF 1.2_ |
 | RelatedUrl | unmapped.related_url |

prowler/lib/outputs/json_ocsf/json_ocsf.py

@@ -96,6 +96,7 @@ def fill_json_ocsf(finding_output: FindingOutput) -> DetectionFinding:
                     # TODO: this should be included only if using the Cloud profile
                     cloud_partition=finding_output.partition,
                     region=finding_output.region,
+                    data={"details": finding_output.resource_details},
                 )
             ],
             metadata=Metadata(

tests/lib/outputs/json_ocsf/json_ocsf_test.py

@@ -96,6 +96,7 @@ def test_finding_output_cloud_pass_low_muted(self):
         assert resource_details[0].type == finding_output.resource_type
         assert resource_details[0].cloud_partition == finding_output.partition
         assert resource_details[0].region == finding_output.region
+        assert resource_details[0].data == {"details": finding_output.resource_details}
 
         resource_details_group = resource_details[0].group
         assert isinstance(resource_details_group, Group)