Prowler Versions Save

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

3.13.1

2 months ago

Fixes

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.13.0...3.13.1

3.13.0

2 months ago

El Dorado, come and play El Dorado, step this way Take a ticket for the ride El Dorado streets of gold See my ship is oversold You got one last chance to try

Iron Maiden's El Dorado song is part of the Final Frontier album, and it won a Grammy Award as the best metal song, not bad uh? This song talks about economic situation back in 2010. In the current situation of companies all over the place laying off people, I wanted to give virtual hugs to all that people from the Prowler Team and remember, Open Source is always rewarding for you to learn and for others!

Prowler 3.13 is probably the latest of the 3 series (v4 looks promising!). As you can see, we are working hard on Azure and many other features.

Enjoy it! 🀘🏽πŸ”₯

New features to highlight in this version:

πŸ’ͺ🏼 21 New Azure checks

  • Prowler is improving its Azure coverage by including 21 new checks that appears in the CIS Benchmark v2.0.0. (Thanks @pedrooot and @puchy22 for their contributions and performance!)

See all the new available checks with prowler azure -l

βœ… New CIS AWS Foundations Benchmark v3.0.0 Compliance

  • On Jan 31st, CIS released the new v3.0.0 for Amazon Web Services Foundations and it is now available on Prowler. You can execute the new CIS version with with prowler aws --compliance cis_3.0_aws

πŸ“Š New AWS Account Security Onboarding Compliance

  • It is based on the post from Artem Marusov, you can execute this checklist when onboarding new AWS Accounts to existing AWS Organization with prowler aws --compliance aws_account_security_onboarding_aws

πŸ₯³ Python 3.12 is now supported!

  • Now you can execute Prowler using Python 3.12. Install Prowler with pip install prowler and that's all!

πŸ“ Custom Output File in Quick Inventory

  • Support for the already existing options -F (output file) when using the quick inventory feature (-i) on AWS. You can test it with prowler aws -i -F custom-output-file.csv

Features

Fixes

Chores

Dependencies

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.12.1...3.13.0

3.12.1

3 months ago

Fixes

Chores

Docs

Dependencies

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.12.0...3.12.1

3.12.0

3 months ago

Just sixteen, a pickup truck, out of money, out of luck I've got nowhere to call my own, hit the gas, and here I go I'm running free yeah, I'm running free I'm running free yeah, oh I'm running free

Iron Maiden's Running Free song was published as single of their first album back in 1980. This song is all about running wild and running free as we do at Prowler, making cloud security open and transparent, easy to use and easy to customize, for you and thousands of organizations around the world.

hit the gas, and here I go! This version is full of new features and important improvements requested by our vibrant community. Go ahead and smash your electric guitar and use Prowler straightaway by yourself or just using our service at prowler.com.

Enjoy it! 🀘🏽πŸ”₯

New features to highlight in this version:

✍️ Custom Checks Metadata

  • Now you can override the Severity from a check using the --custom-checks-metadata-file custom_checks_metadata.yaml. (Thanks @venkyvajrala for the feature!)

See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/

πŸ‘· Custom AWS Role Session name

  • Now you can customize the Role Session name that Prowler uses when assuming an AWS Role with --role-session-name <role_session_name>.

See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#custom-role-session-name

πŸ”§ Scan only AWS enabled regions

  • Prowler now only scans AWS regions if they are enabled making the scan faster without the need to review services in regions that are not enabled.

🧡 Improved threading using ThreadPoolExecutor

  • For the AWS Service now we use a ThreadPoolExecutor to improve concurrency management and allowing to parallelise per resources not only per regions. Thanks to @Fennerr for the improvement!

πŸ› Bug fixing

  • Now the AWS Lambda service scans each Lambda function for secrets without the need to persist the code in memory therefore reducing drastically the memory usage.
  • Tons of bug fixes in services, outputs, checks and some other core functions.

Features

Fixes

Chores

Docs

Dependencies

Tests

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.3...3.12.0

3.11.3

5 months ago

What's Changed

Fixes

Chores

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.2...3.11.3

3.11.2

5 months ago

What's Changed

Fixes

Chores

Builds

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.1...3.11.2

3.11.1

5 months ago

What's Changed

Fixes

Chores

Builds

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.0...3.11.1

3.11.0

6 months ago

Sailing on and on and north across the sea Sailing on and on and north 'til all is calm

Dare to delve into this spectral realm, where the frightful protection of Prowler awaits you. Happy haunting and secure coding this Halloween! πŸ§›β€β™‚οΈπŸ•ΈοΈπŸŒ™

New features to highlight in this version:

πŸ”Ž Ignore Findings from services not in actual use

  • Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler's reports. prowler <provider> --ignore-unused-services

See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/

βš™οΈ New AWS Allowlist including AWS Control Tower resources

  • New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone: prowler aws --allowlist prowler/config/aws_allowlist.yaml

See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist

🏷️ STS V2 Tokens

  • Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.

See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region

βœ… New 9 checks for AWS!

  • New Account check account_maintain_different_contact_details_to_security_billing_and_operations
  • New CloudTrail check cloudtrail_multi_region_enabled_logging_management_events
  • New EC2 DataLifecycle Manager service and check dlm_ebs_snapshot_lifecycle_policy_exists
  • New EC2 EBS check ec2_ebs_volume_snapshots_exists
  • New DocumentDB service and check documentdb_instance_storage_encrypted
  • New Support check trustedadvisor_premium_support_plan_subscribed
  • New Neptune service and check neptune_cluster_uses_public_subnet
  • New Elasticache service and check elasticache_cluster_uses_public_subnet
  • New IAM check iam_user_with_temporary_credentials

Thanks to Jit @jit-contrib for their help on this checks.

Try them with prowler aws and improve your security posture now! πŸ”’

πŸ“ Check Aliases are now supported

  • Now, Prowler allows you to use aliases for the checks. You only have to add the CheckAliases key to the check's metadata with a list of the aliases and then, you can execute it with: prowler <provider> -c/--checks <check_alias_1>

See more in https://docs.prowler.cloud/en/latest/tutorials/check-aliases/

What's Changed

Features

Fixes

Documentation

Chores

Dependencies

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.10.0...3.11.0

3.10.0

6 months ago

Then they summoned me over to join in with them At the dance of the dead Into the circle of fire I followed them Into the middle I was led

Dance of Death is an Iron Maiden's song, released on their 2003 album of the same name. The song combines the band's signature heavy metal sound with progressive elements. Lyrically, the song tells a story of a medieval dance of death, a symbolic representation of mortality and the inevitability of death. The lyrics are filled with vivid and dark imagery, and the song features intricate guitar work and powerful vocals from Bruce Dickinson. Enjoy this great song (https://www.youtube.com/watch?v=3659fTXvFts) while reading what's new! 🎸

New features to highlight in this version:

βš™οΈ New checks for AWS!

  • New AWS IAM check iam_role_administratoraccess_policy.
  • New AWS WAFv2 check wafv2_webacl_logging_enabled.
  • Now the AWS IAM credentials checks (iam_disable_90_days_credentials, iam_disable_45_days_credentials and iam_disable_30_days_credentials) have been changed to two generic checks called iam_user_accesskey_unused and iam_user_console_access_unused. By default, it will fail when they are unused for 45 days, you can configure this value using the max_unused_access_keys_days and max_console_access_days configuration values. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with prowler aws and improve your security posture now! πŸ”’

🏷️ Security Hub Tagging

  • Now Prowler will add AWS Resource Tags to every Security Hub finding and to json-asff outputs!

πŸ§‘β€πŸ€β€πŸ§‘ Five new Prowler contributors!

  • Many thanks to @CameronTStark, @sbldevnet, @JackStuart, @devopspacellp and @taylerhaviland for including more checks and keep improving Prowler!

What's Changed

Features

Fixes

Chores

Dependencies

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.9.0...3.10.0

3.9.0

8 months ago

As a young boy chasing dragons With your wooden sword so mighty You're St. George or you're David and you always killed the beast Times change very quickly and you had to grow up early A house in smoking ruins and the bodies at your feet

Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song Flash of the Blade tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!

New features to highlight in this version:

βš™οΈ New checks for AWS!

  • New AWS Athena service with two new checks athena_workgroup_encryption and athena_workgroup_enforce_configuration.
  • New AWS S3 check s3_bucket_kms_encryption.
  • New AWS EC2 check ec2_instance_detailed_monitoring_enabled.
  • New AWS IAM check iam_inline_policy_no_administrative_privileges with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups.
  • Now in the AWS ECR ecr_repositories_scan_vulnerabilities_in_latest_image you can configure the minimum severity for this check to raise a FAIL finding using the ecr_repository_vulnerability_minimum_severity configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/

Try them with prowler aws and improve your security posture now! πŸ”’

πŸ–ŒοΈ New CLI flag

  • List all the checks in JSON format, ready to be consumed by the --checks-file flag. Try it with prowler aws --list-checks-json.

πŸ“– Developer Guide

πŸ§‘β€πŸ€β€πŸ§‘ Two new Prowler contributors!

  • Many thanks to @vysakh-devopspace and @gerardocampo for including more checks and keep improving Prowler!

What's Changed

Features

Fixes

Chores

Security

Documentation

Dependencies

Tests

New Contributors

Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.8.2...3.9.0