Sign up for Prowler Updates

Please enable JavaScript in your browser to complete this form.
Toni de la Fuente headshot
Toni de la Fuente // May 8, 2023

New checks and engine updated to v3.4

ProwlerPro is now using Prowler Open Source as scanner engine v3.4 and new checks are added.

New services covered like Organizations best practices, SSM Incidents, Resource Explorer, Backup, additional checks for CloudTrail, ECR scan on push check updated, GuardDuty, VPC best practices, IAM. Now iam_policy_no_administrative_privileges has been renamed to iam_customer_unattached_policy_no_administrative_privileges and the following new important IAM checks:

  • iam_aws_attached_policy_no_administrative_privileges: Ensure IAM AWS-Managed policies that allow full “:” administrative privileges are not attached – iam [high]
  • iam_customer_attached_policy_no_administrative_privileges: Ensure IAM Customer-Managed policies that allow full “:” administrative privileges are not attached – iam [high]
  • iam_customer_unattached_policy_no_administrative_privileges: Ensure IAM policies that allow full “:” administrative privileges are not created – iam [low]

Recent Articles

Screenshot at
April 24, 2025

Prowler Wins DefectDojo’s Best Infrastructure Security Tool for Open-Source Cybersecurity

We’re honored to share that Prowler has been named as one of the Best Infrastructure Security Tools in the inaugural DefectDojo Open-Source Security Awards. This recognition means a lot—not just...

Screenshot at
April 24, 2025

Welcoming Gabriele Columbro as a Trusted Advisor to Prowler

At Prowler, we believe the future of security is open. It’s built in public, by communities who choose transparency over obscurity and collaboration over control. That’s why we’re thrilled to...

Screenshot at
April 15, 2025

Announcing a New Partnership with InstaSecure

At Prowler, we’ve always believed that visibility is just the beginning. Seeing your cloud risks—clearly, quickly, and comprehensively—is foundational. But in today’s complex environments, it’s not enough. Security teams don’t...