Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
last_attempted_execution_date
is None by @sergargar in https://github.com/prowler-cloud/prowler/pull/3394
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.13.0...3.13.1
El Dorado, come and play El Dorado, step this way Take a ticket for the ride El Dorado streets of gold See my ship is oversold You got one last chance to try
Iron Maiden's El Dorado song is part of the Final Frontier album, and it won a Grammy Award as the best metal song, not bad uh? This song talks about economic situation back in 2010. In the current situation of companies all over the place laying off people, I wanted to give virtual hugs to all that people from the Prowler Team and remember, Open Source is always rewarding for you to learn and for others!
Prowler 3.13 is probably the latest of the 3 series (v4 looks promising!). As you can see, we are working hard on Azure and many other features.
Enjoy it! π€π½π₯
πͺπΌ 21 New Azure checks
See all the new available checks with
prowler azure -l
β New CIS AWS Foundations Benchmark v3.0.0 Compliance
prowler aws --compliance cis_3.0_aws
π New AWS Account Security Onboarding Compliance
prowler aws --compliance aws_account_security_onboarding_aws
π₯³ Python 3.12 is now supported!
pip install prowler
and that's all!π Custom Output File in Quick Inventory
prowler aws -i -F custom-output-file.csv
defender_auto_provisioning_log_analytics_agent_vms_on
by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3322
defender_ensure_system_updates_are_applied
and defender_auto_provisioning_vulnerabilty_assessments_machines_on
by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3327
storage_ensure_private_endpoints_in_storage_accounts
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3326
storage_key_rotation_90_days
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3323
defender_ensure_iot_hub_defender_is_on
by @puchy22 in https://github.com/prowler-cloud/prowler/pull/3367
sqlserver_auditing_retention_90_days
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3345
sqlserver_vulnerability_assessment_enabled
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3349
storage_ensure_soft_delete_is_enabled
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3334
sqlserver_auditing_retention_90_days
by @pedrooot in https://github.com/prowler-cloud/prowler/pull/3365
rds_instance_no_public_access
by @sergargar in https://github.com/prowler-cloud/prowler/pull/3341
s3:Get*
case to s3_bucket_policy_public_write_access
by @sergargar in https://github.com/prowler-cloud/prowler/pull/3364
inspector2_findings_exist
check into two by @sergargar in https://github.com/prowler-cloud/prowler/pull/3338
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.12.1...3.13.0
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.12.0...3.12.1
Just sixteen, a pickup truck, out of money, out of luck I've got nowhere to call my own, hit the gas, and here I go I'm running free yeah, I'm running free I'm running free yeah, oh I'm running free
Iron Maiden's Running Free song was published as single of their first album back in 1980. This song is all about running wild and running free as we do at Prowler, making cloud security open and transparent, easy to use and easy to customize, for you and thousands of organizations around the world.
hit the gas, and here I go! This version is full of new features and important improvements requested by our vibrant community. Go ahead and smash your electric guitar and use Prowler straightaway by yourself or just using our service at prowler.com.
Enjoy it! π€π½π₯
βοΈ Custom Checks Metadata
--custom-checks-metadata-file custom_checks_metadata.yaml
. (Thanks @venkyvajrala for the feature!)See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/
π· Custom AWS Role Session name
--role-session-name <role_session_name>
.See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#custom-role-session-name
π§ Scan only AWS enabled regions
𧡠Improved threading using ThreadPoolExecutor
ThreadPoolExecutor
to improve concurrency management and allowing to parallelise per resources not only per regions. Thanks to @Fennerr for the improvement!π Bug fixing
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.3...3.12.0
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.2...3.11.3
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.1...3.11.2
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.11.0...3.11.1
Sailing on and on and north across the sea Sailing on and on and north 'til all is calm
Dare to delve into this spectral realm, where the frightful protection of Prowler awaits you. Happy haunting and secure coding this Halloween! π§ββοΈπΈοΈπ
π Ignore Findings from services not in actual use
prowler <provider> --ignore-unused-services
See more in https://docs.prowler.cloud/en/latest/tutorials/ignore-unused-services/
βοΈ New AWS Allowlist including AWS Control Tower resources
prowler aws --allowlist prowler/config/aws_allowlist.yaml
See more in https://docs.prowler.cloud/en/latest/tutorials/allowlist/#default-aws-allowlist
π·οΈ STS V2 Tokens
See more in https://docs.prowler.cloud/en/latest/tutorials/aws/role-assumption/#sts-endpoint-region
β New 9 checks for AWS!
account_maintain_different_contact_details_to_security_billing_and_operations
cloudtrail_multi_region_enabled_logging_management_events
dlm_ebs_snapshot_lifecycle_policy_exists
ec2_ebs_volume_snapshots_exists
documentdb_instance_storage_encrypted
trustedadvisor_premium_support_plan_subscribed
neptune_cluster_uses_public_subnet
elasticache_cluster_uses_public_subnet
iam_user_with_temporary_credentials
Thanks to Jit @jit-contrib for their help on this checks.
Try them with prowler aws
and improve your security posture now! π
π Check Aliases are now supported
prowler <provider> -c/--checks <check_alias_1>
See more in https://docs.prowler.cloud/en/latest/tutorials/check-aliases/
--ignore-unused-services
argument to ignore findings from services not in actual use by @sergargar in https://github.com/prowler-cloud/prowler/pull/2936
enabled_in_account
parameter by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2979
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.10.0...3.11.0
Then they summoned me over to join in with them At the dance of the dead Into the circle of fire I followed them Into the middle I was led
Dance of Death is an Iron Maiden's song, released on their 2003 album of the same name. The song combines the band's signature heavy metal sound with progressive elements. Lyrically, the song tells a story of a medieval dance of death, a symbolic representation of mortality and the inevitability of death. The lyrics are filled with vivid and dark imagery, and the song features intricate guitar work and powerful vocals from Bruce Dickinson. Enjoy this great song (https://www.youtube.com/watch?v=3659fTXvFts) while reading what's new! πΈ
βοΈ New checks for AWS!
iam_role_administratoraccess_policy
.wafv2_webacl_logging_enabled
.iam_disable_90_days_credentials
, iam_disable_45_days_credentials
and iam_disable_30_days_credentials
) have been changed to two generic checks called iam_user_accesskey_unused
and iam_user_console_access_unused
. By default, it will fail when they are unused for 45 days, you can configure this value using the max_unused_access_keys_days
and max_console_access_days
configuration values. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/
Try them with prowler aws
and improve your security posture now! π
π·οΈ Security Hub Tagging
π§βπ€βπ§ Five new Prowler contributors!
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.9.0...3.10.0
As a young boy chasing dragons With your wooden sword so mighty You're St. George or you're David and you always killed the beast Times change very quickly and you had to grow up early A house in smoking ruins and the bodies at your feet
Sometimes chasing dragons and some times walking on the edge of the blade. This Iron Maiden's song Flash of the Blade tells a good history about what comes on the table these days. Enjoy this great song written by Bruce Dickinson back in 1984 (https://www.youtube.com/watch?v=Qx0s8OqgBIw) while reading what's new!
βοΈ New checks for AWS!
athena_workgroup_encryption
and athena_workgroup_enforce_configuration
.s3_bucket_kms_encryption
.ec2_instance_detailed_monitoring_enabled
.iam_inline_policy_no_administrative_privileges
with a new feature in the IAM service which now is capable of retrieving the inline policies for the Users, Roles and Groups.ecr_repositories_scan_vulnerabilities_in_latest_image
you can configure the minimum severity for this check to raise a FAIL finding using the ecr_repository_vulnerability_minimum_severity
configuration value. Read more at https://docs.prowler.cloud/en/latest/tutorials/configuration_file/
Try them with prowler aws
and improve your security posture now! π
ποΈ New CLI flag
--checks-file
flag. Try it with prowler aws --list-checks-json
.π Developer Guide
π§βπ€βπ§ Two new Prowler contributors!
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.8.2...3.9.0