New features to highlight in this version:

🏷️ STS V2 Tokens (this will be in the SaaS immediately, so more regions may appear with findings)

  • Now Prowler will call Regional AWS STS endpoints to get session tokens valid in all AWS Regions.

See more in

New 9 checks for AWS! (this will be in the SaaS immediately, so more findings may appear)

  • New Account check account_maintain_different_contact_details_to_security_billing_and_operations
  • New CloudTrail check cloudtrail_multi_region_enabled_logging_management_events
  • New EC2 DataLifecycle Manager service and check dlm_ebs_snapshot_lifecycle_policy_exists
  • New EC2 EBS check ec2_ebs_volume_snapshots_exists
  • New DocumentDB service and check documentdb_instance_storage_encrypted
  • New Support check trustedadvisor_premium_support_plan_subscribed
  • New Neptune service and check neptune_uses_a_public_subnet
  • New Elasticache service and check elasticache_using_public_subnets
  • New IAM check iam_use_temporary_credentials

🔎 Ignore Findings from services not in actual use (this will be a roll out in the SaaS over the next weeks)

  • Prowler now allows you to ignore unused services findings, so you can reduce the number of findings in Prowler’s reports.
    prowler <provider> --ignore-unused-services

See more in

⚙️ New AWS Allowlist including AWS Control Tower resources (this will be nn the SaaS as a UI feature in a month)

  • New allowlist file that ensures that applies to all resources created by AWS Control Tower when setting up a landing zone:
    prowler aws --allowlist prowler/config/aws_allowlist.yaml

See more in

More details here