prowler v2.12 releases: AWS security assessment, auditing and hardening
Prowler: AWS Security Tool
Prowler is a command-line tool for AWS Security Best Practices Assessment, Auditing, Hardening, and Forensics Readiness Tool.
It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks including related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2 and others.
Read more about CIS Amazon Web Services Foundations Benchmark v1.2.0 – 05-23-2018
Features
+200 checks covering security best practices across all AWS regions and most of AWS services and related to the next groups:
- Identity and Access Management [group1]
- Logging [group2]
- Monitoring [group3]
- Networking [group4]
- CIS Level 1 [cislevel1]
- CIS Level 2 [cislevel2]
- Extras see Extras section [extras]
- Forensics related group of checks [forensics-ready]
- GDPR [gdpr] Read more here
- HIPAA [hipaa] Read more here
- Trust Boundaries [trustboundaries] Read more here
- Secrets
- Internet exposed resources
- EKS-CIS
- Also includes PCI-DSS, ISO-27001, FFIEC, SOC2, ENS (Esquema Nacional de Seguridad of Spain).
- AWS FTR [FTR] Read more here
With Prowler you can:
- Get a direct colorful or monochrome report
- A HTML, CSV, JUNIT, JSON or JSON ASFF format report
- Send findings directly to Security Hub
- Run specific checks and groups or create your own
- Check multiple AWS accounts in parallel or sequentially
- And more! Read examples below
Changelog v2.12
🔥Important changes in this version (read this!)🔥:
New checks:
7.195 [check7195] Ensure CodeArtifact internal packages do not allow external public source publishing. – codeartifact [Critical]
Other changes:
- CloudTrail checks check21, check22, check23, check24, check26, check27 now include shadow trails in the results (those trails used for multi-region and AWS organizations)
- New group called
cisig2for CIS Critical Security Controls v8 by @artfulbodger - We have deprecated Discord and now we only use Slack, join us here!
New features:
- feat(checks): Adding commands for checks 117 and 118 by @belialboy in #1289
- feat(extra780): Check for Cognito or SAML authentication on OpenSearch by @kagahd in #1291
- feat(extra7195): Added check for dependency confusion in codeartifact by @congon4tor in #1329
- feat(group): CIS Critical Security Controls v8 by @artfulbodger in #1347
- feat(audit_id): add optional audit_id field to postgres connector by @sergargar in #1362
- feat(db-connector): Include UUID for findings ID by @n4ch04 in #1368
- feat(slack): add Slack badge to README instead of deprecated Discord by @sergargar in #1401
- feat(extra7111): Exception handling by @n4ch04 in #1408
- feat(stable tag): Inclusion of stable tag point to last release by @n4ch04 in #1419
- docs(spelling): Typo corrections by @olivier987654 in #1394
Enhancements:
- chore(issues): Link Q&A by @jfagoagas in #1305
- docs(outputs): added CVS and JSON details by @jfagoagas in #1313
- docs(dockerfile): Dockerfile build instructions by @walkerab in #1370
- chore(actions): Bump Trufflehog to v3.13.0 by @gliptak in #1382
- delete(shortcut.sh): Remove ScoutSuite by @jfagoagas in #1388
- fix(checks): CloudTrail checks 2.X now include shadow trails in the results (those trails used for multi-region and AWS organizations)
Fixes:
- fix(check12): Improve remediation by @jfagoagas in #1281
- fix(extra712): changed Macie service detection by @williambrady in #1286
- fix(permissions): Include missing appstream:DescribeFleets permission by @jfagoagas in #1278
- fix(appstream): Handle timeout errors by @jfagoagas in #1296
- fix(security-groups): Include TCP as the IpProtocol by @jfagoagas in #1323
- fix(credential_report): Do not generate for 117 and 118 by @jfagoagas in #1322
- fix(inventory): Variable assigning syntax in inventory mode by @JArmandoG in #1283
- fix(check120): correct AWS support policy name by @JArmandoG in #1328
- fix(postgresql): Connector field by @jfagoagas in #1372
- fix(postgresql): Missing space by @jfagoagas in #1374
- fix(checks): Include missing output in checks by @n4ch04 in #1380
- fix(checks): Handle checks not returning result by @n4ch04 in #1383
- fix(inventory): quick inventory input fixed by @sergargar in #1397
- fix(check_extra77): Add missing check_resource_id to the report by @kagahd in #1402
- fix(missing permissions): add missing permissions of checks by @sergargar in #1403
- fix(region_bugs): Remove duplicate outputs by @sergargar in #1390
- fix(extra740): remove additional info and fix max_items by @sergargar in #1405
- fix(extra77): Deleted resource id from exception results by @n4ch04 in #1409
- fix(extra7183): Exception handling error UnsupportedOperationException by @n4ch04 in #1410
- fix(extra7184): Error handling GetSnapshotLimits api call by @n4ch04 in #1411
Screenshot
- Sample screenshot of report first lines:
- Sample screenshot of a single check for check 3.3:
Copyright 2018 Netflix, Inc.
Source: https://github.com/Alfresco/
