Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.2...3.16.3
There goes the siren that warns of the air raid There comes the sound of the guns sending flak Out for the scramble we've got to get airborne Got to get up for the coming attack
Here we have Prowler 4.1.0 Aces High π ready to help you improve your Cloud security with this Iron Maiden song.
ποΈ GCP flags to list, exclude/include Project IDs
--project-ids
flag allows you to use *
, as a prefix or suffix, to include the project ids you want to scan.--list-project-ids
allows you to copy and paste values and know the accessible projects to be scanned with the provided crendentials.--excluded-project-ids
flag allows you to exclude the projects to be scanned and it also accepts *
.π¨ 13 new fixers (remediations) for AWS
prowler aws --list-fixers
then go per check to remediate the failed findings by prowler aws --check guardduty_is_enabled --fixer
.fixer_config.yaml
file present in the prowler/config
folder. You can read more about the fixer and how to configure it here
π New fields for the OCSF Detection Finding
check_id
, compliance
and all the Prowler check's metadata within the OCSF Detection Finding that Prowler generates in the .ocsf.json
output file. You can read more about this finding format here.π§ Other issues and bug fixes solved for all the cloud providers
if
by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/3733
Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.1...4.1.0
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.1...3.16.2
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...3.16.1
Full Changelog: https://github.com/prowler-cloud/prowler/compare/4.0.0...4.0.1
You'll take my life, but I'll take yours too You'll fire your musket, but I'll run you through So when you're waiting for the next attack You'd better stand, there's no turning back
When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper
as in the command line sounds good but I thought prowler
was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back
Enjoy Prowler - The Trooooooooper! π€π½π₯ song!
--sts-endpoint-region
since we use AWS STS regional tokens.--quiet
option has been deprecated, now use the --status
flag to select the finding's status you want to get from PASS
, FAIL
or MANUAL
.--send-sh-only-fails
or --security-hub --status FAIL
INFO
finding's status has changed MANUAL
.We have deprecated some of our outputs formats:
prowler dashboard
)Dashboard
prowler dashboard
and enjoy overview data and compliance.
ποΈ New Kubernetes provider
prowler kubernetes --kubeconfig-file <kube.yaml>
π Compliance
output/compliance
AWS
--scan-unused-services
.prowler aws --category threat-detection
for Enumeration and Privilege Escalation type of activities.πΊοΈ Azure
π Mutelist
π Outputs
π» Providers
π¨ Fixer
--fix
to allow you to remediate findings. You can list all the available fixers with prowler aws --list-fixers
--namespaces
argument and solve bugs by @sergargar in https://github.com/prowler-cloud/prowler/pull/3431
--sts-endpoint-region
by @sergargar in https://github.com/prowler-cloud/prowler/pull/3046
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.16.0...4.0.0
Turn the spotlights on the people Switch the dial and eat the worm Take your chances, kill the engine Drop your bombs and let it burn
Enjoy the last release of Prowler v3 π€π½π₯ with this Iron Maiden song!
πͺπΌ 17 New Azure checks
prowler azure --list-checks
π Azure CIS v2.0 and v2.1 coverage
prowler azure --compliance cis_2.1_azure
π§ More fixes and updates for all the providers
vm_ensure_using_managed_disks
metadata by @Hugo966 in https://github.com/prowler-cloud/prowler/pull/3617
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.3...3.16.0
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.2...3.15.3
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.1...3.15.2
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.15.0...3.15.1