Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
APACHE-2.0 License
Bot releases are hidden (Show)
Published by sergargar about 1 year ago
guardduty_is_enabled
by @sergargar in https://github.com/prowler-cloud/prowler/pull/2616
__get_object_lock_configuration__
warning logs by @jfagoagas in https://github.com/prowler-cloud/prowler/pull/2608
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.7.1...3.7.2
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.7.0...3.7.1
Published by sergargar over 1 year ago
Trapped in the web, but I cut the threads
Show you the gates of tomorrow
Trapped in the web, no mercy is shed
Show you the gates of tomorrow
Trapped in the web, slaves to the dead
Show you the gates of tomorrow
Trapped in the web, but I cut the threads
Show you the gates of tomorrow
As the song says, this version of Prowler is opening gates of tomorrow! More compliance frameworks like MITRE ATT&CK®, ISO27001 (2013), AWS Well-Architected Framework Reliability pillar (in addition to the existing Security pillar), better support for the Allowlist feature, with all 73 checks for GCP covering CIS Benchmark 2.0 for Google Cloud! Take this one and start closing doors to the bad guys!
🥳 GCP CIS v2.0.0 benchmark coverage!
prowler gcp --compliance cis_2.0_gcp
📝 New AWS compliance frameworks available
prowler aws --compliance mitre_attack_aws
prowler aws --compliance iso27001_2013_aws
prowler aws --compliance aws_well_architected_framework_reliability_pillar_aws
prowler aws --compliance ens_rd2022_aws
⚙️ Allowlist supports exceptions:
Allowlist:
Accounts:
"*":
Checks:
"ecs_task_definitions_no_environment_secrets":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Accounts:
- "0123456789012"
Regions:
- "eu-west-1"
- "eu-south-2" # Will ignore every resource in check ecs_task_definitions_no_environment_secrets except the ones in account 0123456789012 located in eu-south-2 or eu-west-1
"123456789012":
Checks:
"*":
Regions:
- "*"
Resources:
- "*"
Exceptions:
Resources:
- "test"
Tags:
- "environment=prod" # Will ignore every resource except in account 123456789012 except the ones containing the string "test" and tag environment=prod
multi-account-securityhub/run-prowler-securityhub.sh
to v3 by @sergargar in https://github.com/prowler-cloud/prowler/pull/2503
iam_role_cross_service_confused_deputy_prevention
by @sergargar in https://github.com/prowler-cloud/prowler/pull/2533
get_default_region
function in AWS Services by @sergargar in https://github.com/prowler-cloud/prowler/pull/2524
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.6.1...3.7.0
Published by sergargar over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.6.0...3.6.1
Published by sergargar over 1 year ago
Die With Your Boots On is a song of Iron Maiden's album Piece of mind, it is self explanatory, we like the vibe of that song in their lives, watch it here.
Basically, this is what we do here, we go all in or nothing! 💪🏼
We are bringing the best we have in this code of Prowler 3.6.0: some new checks, improved GCP support, new features, more fixes making it a better piece of software and more helpful for your daily job 😄
Remember to run pip install prowler --upgrade
and rock on! 🤘
🥳 GCP Multi-Project support:
prowler gcp --project-ids <Project ID 1> <Project ID 2> ... <Project ID N>
✅ 16 new checks for GCP (Thanks to @jit-contrib ! 💪🏼 ):
prowler gcp --list-checks
📝 OCSF Integration (Hello Amazon Security Lake!):
📊 AWS Well Architected Framework:
prowler aws --compliance aws_well_architected_framework_security_pillar_aws
⚙️ MFA supported in AWS:
--mfa
and Prowler will ask you to input the following values to get a new session:prowler aws --mfa
Enter ARN of MFA: arn:aws:iam::012345678910:mfa/xxxxxx
Enter MFA code: XXXXXX
--project-ids
flag and scan all projects by default by @sergargar in https://github.com/prowler-cloud/prowler/pull/2393
vpc_subnet_no_public_ip_by_default
by @senyberg in https://github.com/prowler-cloud/prowler/pull/2472
:
in regex by @n4ch04 in https://github.com/prowler-cloud/prowler/pull/2471
ec2_securitygroup_allow_ingress_from_internet_to_any_port
by @sergargar in https://github.com/prowler-cloud/prowler/pull/2449
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.5.3...3.6.0
Published by sergargar over 1 year ago
tags
parameter is a string, not a list by @kppullin in https://github.com/prowler-cloud/prowler/pull/2375
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.5.2...3.5.3
Published by sergargar over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.5.1...3.5.2
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.5.0...3.5.1
Published by sergargar over 1 year ago
I like the story behind this Iron Maiden song. Enjoy Prowler 3.5.0 - Dune!
🥳 Slack integration:
✅ 9 new checks for AWS:
iam_role_cross_account_readonlyaccess_policy
Ensure IAM Roles do not have ReadOnlyAccess access for external AWS accountsroute53_dangling_ip_subdomain_takeover
Check if Route53 Records contains dangling IPs (based on https://github.com/assetnote/ghostbuster)prowler aws --list-checks
🔨 Allowlist improvements:
iam_role_cross_account_readonlyaccess_policy
check by @sergargar in https://github.com/prowler-cloud/prowler/pull/2312
backup_vaults_exist
check title by @sergargar in https://github.com/prowler-cloud/prowler/pull/2317
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.4.1...3.5.0
Published by sergargar over 1 year ago
-v
by @sergargar in https://github.com/prowler-cloud/prowler/pull/2263
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.4.0...3.4.1
Published by sergargar over 1 year ago
Take a look in the pool and what do you see
In the dark depths there faces beckoning me
Can't you see them it's plain for all to see
They were there oh I know you don't believe me
Still Life is one of those jewels that Iron Maiden has (well… aren’t jewels all their songs? 😉) and it is so good that they also included it in their live double vhs/dvd/cd/lp called “Maiden England” back in 1988. The song is based on a book from Ramsey Campbell called "The Inhabitant of the lake and less welcome tenants”, and it is about somebody that see ghosts in the bottom of a lake and gets crazy about that. They are like cloud security vulnerabilities, they are everywhere and seems to be hard to beat them. Listen to the song here 🔥Still Life🔥 while hardening and reading below what we did.
A brand new version of Prowler 3.4.0 at your command! This version won’t make your ghosts to disappear but will help you to put them in their place and in line to start the journey of getting rid of them. Time to shine up your boots with pip install prowler --upgrade
.
☁️ New support for Google Cloud with 43 checks!:
prowler gcp --list-checks
for details and visit our Prowler GCP documentation here.✅ 21 new checks for AWS:
iam_policy_no_administrative_privileges
has been renamed to iam_customer_unattached_policy_no_administrative_privileges
prowler aws --list-checks
📊 New html report for Azure and GCP:
⚙️ Custom checks now supported:
-x/--checks-folder
for your custom checks.🏷️ Resource Tags supported in Allow list:
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.3.4...3.4.0
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.3.2...3.3.3
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.3.2...3.3.3
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.3.1...3.3.2
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.3.0...3.3.1
Published by toniblyx over 1 year ago
Through earth and water, fire and wind
You came at last, nothing was the end...
As this series of Prowler versions, Sun and Steel is a song part of Piece of Mind album of Iron Maiden. In this side of the world (north hemisphere), spring is about to start and this song is about Sun (and Steel) so here you go! 🤘🏽See below the amazing new features we have added to Prowler 3.3.0 🔥Sun and Steel🔥
🏷️ Resource Tags everywhere:
⚖️ Compliance everywhere:
🛡️ Security Hub integration with compliance from Prowler:
📊 New inventory output include regions:
prowler -i
) the output is as nice as this one:✅ 3 new checks:
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.2.4...3.3.0
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.2.3...3.2.4
Published by jfagoagas over 1 year ago
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.2.2...3.2.3
Published by sergargar over 1 year ago
us-east-1
in remediation by @sergargar in https://github.com/prowler-cloud/prowler/pull/1958
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.2.1...3.2.2
Published by sergargar over 1 year ago
"
in regex patterns by @sergargar in https://github.com/prowler-cloud/prowler/pull/1943
Full Changelog: https://github.com/prowler-cloud/prowler/compare/3.2.0...3.2.1