To use each one, you need to pass the proper flag to the execution. Also -browser-auth needs the tenant id to be specified with -tenant-id. The other three cases do not need additional configuration, -az-cli-auth and -managed-identity-auth are automated options, -browser-auth needs the user to authenticate using the default browser to start the scan. AZ CLI / Browser / Managed Identity authentication If you try to execute Prowler with the -sp-env-auth flag and those variables are empty or not exported, the execution is going to fail. To allow Prowler assume the service principal identity to start the scan, it is needed to configure the following environment variables:Įxport AZURE_CLIENT_ID="XXXXXXXXX" export AZURE_TENANT_ID="XXXXXXXXX" export AZURE_CLIENT_SECRET="XXXXXXX" Service principal authentication by environment variables (Enterprise Application).Prowler for Azure supports the following authentication types: If you want Prowler to send findings to AWS Security Hub, make sure you also attach the custom policy prowler-security-hub.json. Moreover, some read-only additional permissions are needed for several checks, make sure you attach also the custom policy prowler-additions-policy.json to the role you are using. arn:aws:iam::aws:policy/job-function/ViewOnlyAccess.To make sure, add the following AWS managed policies to the user or role being used: Those credentials must be associated to a user or role with proper permissions to do all checks. Prowler is available as a project in PyPI, thus can be installed using pip with Python >= 3.9:Įxport AWS_ACCESS_KEY_ID="ASXXXXXXX" export AWS_SECRET_ACCESS_KEY="XXXXXXXXX" export AWS_SESSION_TOKEN="XXXXXXXXX"
Aws cis benchmark tool full#
The full documentation can now be found at Looking for Prowler v2 documentation?įor Prowler v2 Documentation, please go to. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. See all the things you and your team can do with ProwlerPro at prowler.pro
0 kommentar(er)
