prowler v3.11.1 releases: AWS security assessment, auditing and hardening
Prowler: AWS Security Tool
Prowler is a command-line tool for AWS Security Best Practices Assessment, Auditing, Hardening, and Forensics Readiness Tool.
It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks including those related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others.
Read more about CIS Amazon Web Services Foundations Benchmark v1.2.0 – 05-23-2018
Features
+200 checks covering security best practices across all AWS regions and most of AWS services and related to the next groups:
- Identity and Access Management [group1]
- Logging [group2]
- Monitoring [group3]
- Networking [group4]
- CIS Level 1 [cislevel1]
- CIS Level 2 [cislevel2]
- Extras see Extras section [extras]
- Forensics related group of checks [forensics-ready]
- GDPR [gdpr] Read more here
- HIPAA [hipaa] Read more here
- Trust Boundaries [trustboundaries] Read more here
- Secrets
- Internet exposed resources
- EKS-CIS
- Also includes PCI-DSS, ISO-27001, FFIEC, SOC2, ENS (Esquema Nacional de Seguridad of Spain).
- AWS FTR [FTR] Read more here
With Prowler you can:
- Get a direct colorful or monochrome report
- A HTML, CSV, JUNIT, JSON or JSON ASFF format report
- Send findings directly to Security Hub
- Run specific checks and groups or create your own
- Check multiple AWS accounts in parallel or sequentially
- And more! Read examples below
Changelog v3.11.1
Fixes
- fix(aws): check all conditions in IAM policy parser by @mtronrd in #3006
- fix(clean local output dirs): clean dirs when output to S3 by @n4ch04 in #2997
- fix(cloudtrail): handle HasInsightSelectors key by @sergargar in #2996
- fix(docs): improve allowlist examples by @sergargar in #2995
- fix(iam): do not list tags for inline policies by @sergargar in #3014
- fix(iam-sqs): handle exceptions for non-existent resources by @jfagoagas in #3010
- fix(rds): check if engines exist in region by @sergargar in #3012
- fix(s3 race condition): catch error if a bucket does not exist any longer by @kagahd in #3000
- fix(SQS): fix invalid SQS ARNs by @mtronrd in #3016
- refactor(allowlist): simplify and handle corner cases with exceptions empty and * by @jfagoagas in #3019
Chores
- chore(brew): remove brew action by @sergargar in #2994
- chore(regions_update): Changes in regions for AWS services. by @sergargar in #2993, #2998, #3001, #3007, #3011, #3020, #2992, #3008 and #3019
- docs(gcp): update GCP permissions by @sergargar in #3008
Builds
- build(deps): bump google-api-python-client from 2.105.0 to 2.106.0 by @dependabot in #3005
- build(deps): bump mkdocs-material from 9.4.7 to 9.4.8 by @dependabot in #3004
Install & Use
Copyright 2018 Netflix, Inc.
Source: https://github.com/Alfresco/