For those already in Salt Lake City ready for this years’ KubeCon North America, I’m jealous! I’ll be sitting this one out this year, but it does give me time to sit at a real desk and talk Kubernetes security from a distance! (plus, my soda fridge doesn’t dissapear at specific times thoughout the day.) […]

Meet the Prowler Team at TechCrunch Disrupt 2024

Next week, Prowler will be at TechCrunch Disrupt 2024, participating in the Startup Battlefield 200. You’ll find us at booth O15 in the Security, Privacy, and Social Networking section of the Expo in Moscone West in San Francisco. For those in the Bay Area who are still deciding whether to attend, we’ve got a 50% discount on tickets please use this link to join us!

This is a great opportunity to meet Toni de la Fuente, the creator of Prowler and CEO. Toni’s expertise in cloud security and his commitment to open source make him the perfect person to discuss your cloud security needs. Whether you’re just getting started with securing your cloud environments or looking to scale your efforts across multi-cloud and Kubernetes setups, Toni will walk you through how Prowler’s approach simplifies cloud security, providing transparency and control every step of the way.

Come Visit Us at Booth O15

We’d love to connect with you in person. Drop by our booth to chat with our team, including our first Developer Relations hire, Matt Johnson. We’re looking forward to discussing how Prowler can support your cloud strategy and sharing our passion for building secure, scalable, and open cloud environments.

And of course, no booth visit is complete without some swag. Make sure to pick up our exclusive Prowler stickers and other goodies when you stop by.

We’ll See You at TechCrunch Disrupt!

We’re excited to be part of the community at TechCrunch Disrupt and look forward to engaging with attendees, whether you’re a seasoned pro or just starting your cloud journey. We hope to see you next week at booth O15!

Meet Prowler at CloudSecNext Summit in Denver

Next week, Prowler is heading to CloudSecNext Summit 2024 in Denver, and we want to connect with you! Whether you’re a seasoned cloud security practitioner or just beginning your journey, this is your chance to dive deep into the world of open-source security with the creator and maintainers of Prowler themselves.

Workshop: Put Detection and Remediation Engineering to Work with Open Source: A Practitioner’s Perspective

📅 Date: Monday, September 30, 2024
Time: 1:30 PM – 3:30 PM MT
📍 Location: Sheraton Denver Downtown, Denver CO

🛠 Speakers:

  • Toni de la Fuente, Creator and CEO, Prowler
  • Pedro Martin, Cloud Security Engineer, Prowler

At Prowler, we believe in Open Cloud Security—security that’s transparent, accessible, and adaptable to any cloud environment. During our workshop, Toni de la Fuente and Pedro Martin will discuss the realities of cloud security from a practitioner’s perspective, sharing real-world experiences of building security tools for fast-moving, multi-cloud environments. You’ll hear firsthand how open-source tools like Prowler are reshaping the way teams approach cloud security and why now, more than ever, open cloud security matters.

Whether you’re dealing with the complexities of multi-cloud architecture, compliance checks, or automating incident response, this session will equip you with insights on how to make cloud security more scalable and effective.

Why We’re Going

At Prowler, we’re passionate about building a future where security isn’t locked behind vendor paywalls or hidden in proprietary systems. We’re attending CloudSecNext to engage directly with security leaders and practitioners who share our vision of an open cloud security movement. Our goal is to foster collaboration, exchange ideas, and help you understand how open-source solutions like Prowler can make a tangible impact on your organization.

Download Prowler Today

Can’t make it to Denver? You can still experience the power of Prowler by downloading it directly. With 10M+ downloads, Prowler is trusted by teams all over the world. Get started with cloud security assessments, incident response, and compliance checks by downloading Prowler here.

We’re excited to connect, share our latest updates, and continue building a strong community of cloud security practitioners.

For more details on the event and to secure your spot or attend other talks virtually, visit the CloudSecNext Summit website.

Prowler Selected for Startup Battlefield 200 at TechCrunch Disrupt 2024

We’re excited to announce that Prowler has been chosen to participate in Startup Battlefield 200 at TechCrunch Disrupt 2024! Being part of this highly competitive group of 200 startups, selected from thousands of applicants, is a huge honor.

TechCrunch Disrupt, held from October 28-30 at Moscone West in San Francisco, is renowned for showcasing cutting-edge technologies and startups that push the boundaries of innovation. Past companies like Dropbox, Cloudflare, and Fitbit have all made their mark at Disrupt, and we’re excited to add Prowler to that list.

We’re challenging the cloud security industry’s reliance on closed, proprietary systems. As our Founder and CEO, Toni de la Fuente, puts it:

“We’re incredibly honored to be chosen as part of TechCrunch Disrupt’s Startup Battlefield 200. At Prowler, we’re not just building a company, we’re building a movement. We offer a real alternative to the status quo in cloud security—a space that has been dominated for far too long by closed, proprietary, black-box solutions. The true heroes in this industry, the practitioners, deserve tools that empower them with transparency, flexibility, and choice. This opportunity at TechCrunch Disrupt allows us to share our vision with the world and drive forward the future of open cloud security.”

About Startup Battlefield 200

TechCrunch’s Startup Battlefield 200 is the premier competition for startups across the globe, showcasing groundbreaking innovations across various industries, including AI, SaaS, security, and more. The chosen companies will receive training, access to private events, masterclasses, and investor networking opportunities.

About TechCrunch Disrupt

TechCrunch Disrupt is the leading platform for unveiling transformative startups and technologies. Every year, it gathers top entrepreneurs, investors, and innovators for interviews, product demos, networking, and the legendary Startup Battlefield competition.

Stay tuned for more updates as we prepare for TechCrunch Disrupt 2024!

Prowler Achieves SOC 2 Type 2 Compliance

At Prowler, security is more than just a priority—it’s a core value that shapes everything we do. We know that when it comes to managing your cloud environments, you need to trust that your data is handled with the utmost care. That’s why we’re excited to share some big news: Prowler is now SOC 2 Type 2 compliant.

What’s SOC 2 Type II Anyway?

If you’re not familiar, SOC 2 is a set of standards developed by the American Institute of Certified Public Accountants (AICPA). It’s all about making sure service providers (like us) manage your data securely.

SOC 2 Type I gives you a snapshot of how well we’ve designed our security processes. SOC 2 Type 2 takes it a step further, evaluating how effective those processes are over time. In other words, SOC 2 Type 2 isn’t just a one-time check—it’s an ongoing promise that we’re keeping your data secure, consistently.

Why This Matters to You

Getting SOC 2 Type 2 compliance isn’t just about ticking a box. It’s about giving you peace of mind. Here’s why it’s a big deal:

  • Proving We Walk the Walk: SOC 2 Type 2 is about more than just having the right policies on paper. It’s about showing that those policies work, day in and day out. You can trust that we’re not just saying we’re secure—we’re proving it.
  • Independent Validation: The process involves detailed third-party audits that dig deep into our practices. It’s a rigorous check, and passing it means our security measures aren’t just solid—they’re rock solid.
  • Building Trust: We know trust is earned, not given. Achieving SOC 2 Type 2 compliance is one way we’re working to earn yours. It’s our commitment to being transparent and reliable when it comes to handling your data.
Security Is What We Do

Our mission is to help organizations of all sizes stay compliant with a wide range of security standards and frameworks. Whether you’re working with CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC 2, GxP, the AWS Well-Architected Security framework, ENS, or more, Prowler has you covered.

But we don’t just stop at helping you meet these standards. We’re here to guide you through the complexities of compliance, making it as seamless as possible. Here’s how:

  • Comprehensive Framework Support: Prowler offers built-in support for a wide range of security frameworks. This means you can easily map your cloud security practices to the specific compliance requirements that matter most to your organization. Whether you need to align with multiple frameworks or focus on a particular one, Prowler provides the tools to help you stay compliant across the board.
  • Customizable Compliance Reports: With Prowler, you can generate detailed compliance reports that are tailored to your needs. These reports help you see where you stand, identify any gaps, and provide the documentation you need for internal audits or regulatory reviews.
  • Community and Collaboration: We believe in the power of open source and community-driven innovation. That’s why we actively engage with our community to share best practices, provide support, and collaborate on new features. Our community isn’t just a group of users—it’s a network of like-minded professionals who are passionate about security and compliance. Together, we’re building stronger, more secure cloud environments for everyone.
  • Ongoing Updates and Improvements: Compliance isn’t static. As regulations evolve and new standards emerge, Prowler continuously updates its tools and resources to keep you ahead of the curve. Our commitment to continuous improvement means you can rely on us to help you stay compliant, no matter how the landscape changes.
How We Got Here: With a Little Help from Our Friends

Getting to SOC 2 Type 2 compliance was no small feat. It took a lot of hard work, and we didn’t do it alone. We partnered with Insight Assurance. and they confirmed our alignment with the stringent requirements of SOC 2 Type 2, bolstering our data security practices and enhancing trust with our stakeholders.

Here’s how it all came together:

  1. Continuous Improvement: Since we achieved SOC 2 Type I compliance, we’ve been busy refining our security processes. We’re always looking for ways to do better, and this milestone is proof of that commitment.
  2. Collaborative Effort: Our team—alongside Insight Assurance—worked to ensure everything was in place. From engineering to operations, it was a cross-functional effort that brought us to where we are today.
  3. Third-Party Audits: We didn’t just self-assess; we brought in independent auditors to take a close look at how we operate. Their detailed review confirmed that our controls weren’t just set up correctly—they were actually working effectively over time.
  4. Transparency: Throughout the process, we documented everything. This wasn’t just about passing an audit; it was about ensuring that our practices are transparent and well-documented, so you know exactly what you’re getting with Prowler.
What’s Next?

Achieving SOC 2 Type 2 compliance is a huge win, but we’re not stopping here. Security is a continuous journey, and we’re committed to staying ahead of the curve. We’ll keep refining our processes, staying vigilant, and doing everything we can to protect your data. To learn more you can visit our trust center: https://trust.prowler.com

This achievement is just one of many steps we’re taking to ensure Prowler is a name you can continue to trust.

Securing the Cloud, One Scan at a Time

In the world of cloud security, milestones are more than just numbers; they represent our collective progress towards a safer, more secure digital landscape. Today, I am humbled to share that Prowler has reached a significant milestone: scanning over 3 million resources per day. This achievement is a testament to our dedication to improving Cloud Security Posture Management (CSPM) one scan at a time.

A Brief History of Prowler

Our journey began in 2016 when I released the first lines of Prowler as a single file BASH script under the Apache License. From those humble beginnings, Prowler quickly gained traction. By 2018, Prowler had almost 2,000 GitHub Stars and was presented at BlackHat EU Arsenal, marking its rise as a popular tool for AWS security.

In 2019, I joined AWS as a Security Engineer and continued to improve Prowler, which became the go-to tool for Cloud Security Assessments. By 2021, after four years as a multi-file BASH script, Prowler was rewritten in Python and presented at BlackHat US Arsenal, boasting 6,000 GitHub Stars.

The year 2022 marked a significant turning point when I left AWS to work full-time on Prowler, transforming it into a multi-cloud platform. By July 2023, Prowler had spun off to become a dedicated company, supporting Azure, Google Cloud, and starting Kubernetes support. This year, we proudly announced the Open Cloud Security movement with the release of Prowler v4, featuring a new UI and image. Today, with a team of 16 employees and 10,000+ GitHub Stars, we continue to push the boundaries of cloud security.

The Journey to 3 Million

When I first started Prowler, our mission was clear: to build a security tool that empowers organizations to protect their digital assets. We envisioned a tool that could seamlessly integrate with various cloud environments, providing comprehensive visibility and actionable insights using open standards to guarantee and enhance adoption. Today, with over 3 million resources scanned daily, we are closer than ever to realizing that vision.

This milestone isn’t just about the numbers; it’s about the impact. Every scan contributes to identifying vulnerabilities, ensuring compliance, and fortifying defenses. In essence, every scan makes the cloud, Kubernetes, and other digital environments safer.

The Power of Open Source

At Prowler, we believe in the power of Open Source. Our community-driven approach allows us to harness the collective expertise and experiences of security professionals worldwide. This collaboration drives innovation and ensures that Prowler evolves to meet the ever-changing security landscape.

By scanning millions of resources daily, we gather invaluable data that helps us improve Prowler continuously. This iterative process of learning and adapting is at the core of our open cloud security movement.

Enhancing CSPM

Cloud security is not a destination; it’s a journey. With each scan, Prowler provides detailed insights into your multi-cloud and Kubernetes environments, highlighting areas of risk and offering recommendations for mitigation. This proactive approach to CSPM helps organizations stay ahead of potential threats, ensuring that their cloud infrastructure is not only compliant but also secure.

Looking Ahead

As we celebrate this milestone, we remain committed to our mission: to make cloud environments safer through innovation, collaboration, and education. We are grateful to our community for their unwavering support and contributions. Thank you for being part of the Prowler journey. Here’s to reaching new heights and making the cloud a safer place for everyone.

Prowler Joins the Okta Integration Network 🎉

We’re excited to announce that Prowler is now officially part of the Okta Integration Network.  By joining the OIN – Okta SAML support is now part of Prowler SaaS authentication. This integration brings together Prowler’s comprehensive cloud security assessments with Okta’s industry-leading identity management solutions, creating a seamless and powerful security experience.

Prowler is an open-source tool designed to help you perform detailed security assessments of your AWS, GCP, Azure and Kubernetes environments. Our mission is to ensure that your cloud infrastructure remains secure and compliant with key standards such as CIS, GDPR, and HIPAA.

What This Integration Means for You

Enhanced Security Visibility

With the Prowler and Okta integration, you gain a holistic view of your security landscape. Prowler’s thorough security assessments, combined with Okta’s robust identity management, provide unparalleled visibility into your cloud environment’s security status.

Streamlined Compliance

Managing compliance can be complex. Prowler helps you adhere to various compliance standards, while Okta ensures your identity management practices are aligned with these standards. Together, they simplify and enhance your compliance management process.

Simplified Security Management

The integration brings together security assessments and identity management into a unified interface. This streamlined approach reduces complexity and administrative burden, allowing your team to focus on what matters most.

Easy Integration

Getting started with the Prowler and Okta integration is straightforward. Detailed instructions and support are available on the Okta Integration Network page. We’ve designed the integration process to be user-friendly, so you can quickly and easily begin leveraging the combined power of Prowler and Okta.

Let’s Make Security Simpler

We’re thrilled about the enhanced security capabilities this integration offers. By joining the Okta Integration Network, Prowler continues to push the boundaries of innovation, delivering advanced security solutions that meet the evolving needs of our customers.

Explore the new integration and discover how it can enhance your security and identity management practices. As always, we value your feedback and look forward to hearing about your experiences with the Prowler-Okta integration.

Thank you for being a part of the Prowler community. Your support drives our continuous improvement.

Meet Prowler at fwd:CloudSec in Washington, D.C.

Prowler is thrilled to announce that we will be sponsoring and attending the fwd:CloudSec conference on June 17-18, 2024, in Arlington, VA, just outside of Washington DC. As a company dedicated to cloud security, we couldn’t be more excited to be part of this non-profit event that brings together experts from all major cloud platforms to discuss the latest research, strategies, and challenges in the field.

Visit Us at Booth #15

If you’re attending fwd:CloudSec 2024, be sure to stop by booth #15! This is your chance to meet our talented engineers, including Toni de la Fuente, our co-founder. We have some exclusive Prowler swag waiting for you, and we’re eager to talk with community members face to face. Whether you’re a seasoned cloud security professional or just starting out, we’d love to connect and discuss how Prowler can help you navigate the complex world of multi-cloud security.

Don’t Miss Our Talk: “Forged in Fire: Forging a Multi-Cloud Open Source Swiss-Army Knife”

Toni de la Fuente, Prowler creator and co-founder, will be delivering a talk titled “Forged in Fire: Forging a Multi-Cloud Open Source Swiss-Army Knife” alongside Sergio Garcia, a member of Prowler technical staff. The session will take place on June 17 from 10:10–10:50 AM (America/New_York) in Ballroom DE.

In this presentation, Toni will share his 12 years of expertise in securing cloud workloads and building open-source cloud security tools. He will discuss the evolution of cloud security across AWS, Azure, Google Cloud, and Kubernetes, and provide valuable insights on how to tackle the challenges of securing a multi-cloud environment without sacrificing simplicity and user-friendliness.

Attendees will walk away with a better understanding of how to improve their security posture by building a multi-faceted tool, as well as tips for overcoming the complexities of authentication, SDK variety, cloud provider inconsistencies, and compliance attribute mapping. Join us for an engaging session full of fire, iron, and a touch of blood and tears as we forge the ultimate tool for your cloud security arsenal.

We Look Forward to Seeing You

We look forward to seeing you at fwd:CloudSec 2024 and sharing our passion for cloud security with the community. Make sure to stop by booth #15 to say hello, grab some cool swag, and learn more about how Prowler can support your cloud security needs. Don’t miss Toni and Sergio’s talk for some invaluable insights into multi-cloud security!

P.S.: If you are located in Europe – don’t fret! We are also proud sponsors of fwd:CloudSec Europe and will see you this fall with even more swag and cloud security knowledge to drop.

A Milestone for Prowler: Announcing $6M in Seed Funding

As creator of Prowler Open Source back in 2016 and also co-founder and CTO of Prowler, I am both proud and exhilarated to share a pivotal moment in our journey: securing a $6 million seed funding round led by Decibel VC. This milestone is not just a testament to our team’s hard work and dedication but a clear indication of the faith the industry has in our vision for the future of cloud security.

From the Ground Up: The Journey of Prowler

Eight years ago I started to code a tool to make cloud security easy for everyone. Now, together with Casey Rosenthal, my fellow co-founder and our CEO, we have embarked on this journey to address a gap we saw in the cloud security landscape. Our backgrounds—mine steeped in the open-source community and Casey’s in engineering innovation—provided us with a unique perspective on how to tackle the challenges faced by security teams today.

Our Vision for Cloud Security

Our mission at Prowler has always been to redefine cloud security to be more open, adaptable, and community-focused. This approach is crucial for teams needing to swiftly respond to and monitor their environments in an era where traditional security measures fall short. The backing from Decibel VC is a significant boost, enabling us to empower security professionals further and safeguard our digital futures more effectively.

The Path Forward: Open, Transparent, and Community-Driven

With this new funding, we’re excited to enhance our existing features and introduce new innovations throughout 2024.

This investment reaffirms our belief in a future where cloud security is accessible, driven by its users, and grounded in transparency. Our strategy is to move towards creating an ecosystem that not only develops products but also fosters a community where open-source technology leads to more robust security solutions.

My Personal Reflections

As we step into this new chapter, I reflect on our journey and the challenges we’ve overcome. It’s a moment of immense pride and excitement for what lies ahead. Our mission to elevate community-driven cloud security as a cornerstone of Enterprise security strategies is more relevant than ever.

Join Us on this Journey

We’re not just building a product; we’re nurturing an ecosystem that champions stronger, community-driven security solutions. I invite you to join us on this exciting journey as we continue to reshape the cloud security landscape, making it more intuitive, transparent, and inclusive for everyone. 

About Us

Prowler is at the forefront of cloud security innovation, co-founded by myself, Toni de la Fuente, and Casey Rosenthal. We are committed to delivering solutions that meet the evolving challenges of cloud environments. Our platform is trusted worldwide, including by AWS, which relies on our open-source solutions for security checks and validations. Together, we are making cloud security more accessible, adaptable, and driven by the community.

Toni de la Fuente

ProwlerPro Joins AWS Marketplace to Enhance Cloud Security Offerings

ProwlerPro has joined the AWS Marketplace. This collaboration aims to provide businesses with improved options for securing their cloud environments. ProwlerPro offers comprehensive features, including vulnerability management, compliance monitoring, and configuration auditing, tailored specifically for AWS deployments.

By joining the AWS Marketplace, ProwlerPro aims to simplify the process of discovering, purchasing, and deploying ProwlerPro. Customers can now access ProwlerPro seamlessly through the AWS Marketplace’s trusted platform. This integration showcases the ongoing efforts of ProwlerPro’s engineering team and highlights the collaborative work between ProwlerPro and AWS.

Toni de la Fuente, the lead engineer behind ProwlerPro, expressed enthusiasm for the collaboration, stating, “Prowler is already the top tool for securing the AWS cloud, we are thrilled to share ProwlerPro to help businesses secure their cloud environments effectively.”

ProwlerPro offers an array of features designed to enhance cloud security. Real-time vulnerability assessments, compliance monitoring based on industry standards, and comprehensive configuration auditing are just a few of the key capabilities. The tool’s user-friendly interface and robust reporting features enable businesses to identify and mitigate potential security risks efficiently.

We’re looking forward to a bright future where organizations of all sizes trust ProwlerPro to fortify their AWS cloud environments and navigate the evolving threat landscape effectively.


We’re hosting our first meetup in Madrid

Join us next week in Madrid!

🇪🇸 El día 22 de Junio en Madrid hacemos nuestro primer evento presencial para la comunidad de Seguridad en la Nube y DevSecOps. Aprenderás sobre Prowler Open Source y ProwlerPro, además nos acompañarán nuestros amigos de Jit.io con Aviram Shmueli para enseñarnos como implementar buenas prácticas en DevSecOps. Apúntate aquí! https://lnkd.in/dKsJWnW9

🇬🇧 This June 22nd in Madrid we celebrate our first in-person event for the Cloud Security and DevSecOps community. You will learn about Prowler Open Source and ProwlerPro, additionally we will have Jit.io with Aviram Shmueli that will teach us how to implement DevSecOps best practices.

Agenda:

10 AM: Bienvenida y Desayuno (café, infusiones, zumo, fruta y dulces).

10.30 AM: Prowler y ProwlerPro: Securiza tu infraestructura en la nube en minutos.

11 AM: Jit.io: Buenas prácticas de DevSecOps y cómo integrar Prowler en producción.

11.30 AM to 13.30: Workshops:

  • Uso avanzado y personalización de Prowler.
  • – Cómo comenzar a usar Jit.io y mejorar tu seguridad en CI/CD en minutos.

13.30: Comida: tapas variadas y networking

Register free for the meetup.


Improving Your AWS CSPM with ProwlerPro

As organizations continue to move their data and applications to the cloud, ensuring the security of their cloud environment has become a top priority. Cloud Security Posture Management (CSPM) is a process of continuous monitoring and assessment of an organization’s cloud infrastructure to ensure compliance with security best practices and regulatory requirements. In this blog post, we will discuss what CSPM is and why hardening security in your AWS cloud is essential to your organization’s security.

CSPM involves monitoring and evaluating the security posture of your AWS cloud environment by identifying potential security risks, misconfigurations, and vulnerabilities. CSPM tools, like ProwlerPro, can automate the detection of security risks and batch them into severity enabling your security team to easily identify next steps to remediate them. 

AWS is one of the leading cloud service providers, and with more organizations moving their data and applications to the cloud, it has become a prime target for cyber attacks. AWS provides many security features and services, but it is still the responsibility of the organization to ensure that their AWS environment is secured.

Here are some reasons why hardening security in your AWS cloud is important:

Data Protection: Your AWS cloud environment may contain sensitive data, such as customer information, trade secrets, and financial data. Any data breach or theft can cause significant financial and reputational damage to your organization.

Regulatory Compliance: Many industries, such as healthcare and finance, have strict regulatory requirements for data security and privacy. Hardening security in your AWS cloud ensures that you comply with these regulations, avoiding fines and legal penalties.

Business Continuity: Cyber attacks can disrupt business operations, leading to lost revenue and productivity. Hardening security in your AWS cloud minimizes the risk of cyber attacks, ensuring business continuity.

ProwlerPro can help harden security in your AWS cloud with more than 250 checks across multiple security categories. ProwlerPro dashboards offer real-time visibility into your AWS security posture

ProwlerPro can also generate detailed reports that highlight security risks categorized by risk severity, providing a clear understanding of the issues that require immediate attention. ProwlerPro can save significant time and resources that would otherwise be spent on manual security checks. 

Hardening security in your AWS cloud is critical to ensuring the security and privacy of your data and applications. CSPM tools like ProwlerPro can help automate security audits, identify vulnerabilities and misconfigurations, and enable your team to prioritize the most critical actions to take. With the help of CSPM tools, organizations can maintain a strong security posture and minimize the risk of cyber attacks.

Start your 14 day free trial and see what ProwlerPro can uncover.


Navigating AWS Security: How ProwlerPro Makes it Easier

AWS security for the cloud can be a daunting task for many organizations. With so many different tools and options available, it can be hard to know where to start. In this blog post, we’re going to take a look at five ways AWS security for the cloud is hard, and how ProwlerPro can make it easier. 

  1. Keeping track of compliance failures. With ever-changing security policies, it’s hard to see all of your system’s compliance issues. ProwlerPro lets you easily see a list of compliance issues within your accounts for the CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, and ENS security frameworks. 
  2. Holistic view of your infrastructure: With so many different components in your infrastructure, it can be hard to keep track of how they all fit together and how they could impact the security of your organization. ProwlerPro can help by giving you a clear and comprehensive view of your entire infrastructure, showing you how all the different components might be vulnerable.
  3. Keeping an eye on network security: With so many different network security tools and options available, it can be hard to know which ones are right for your organization. ProwlerPro can help by providing a detailed report of all the AWS security in place, and highlighting any areas where you may be vulnerable.
  4. Vulnerability scanning: With the ever-changing threat landscape, it can be hard to keep track of all the vulnerabilities that exist in your infrastructure. ProwlerPro can help by providing automated vulnerability scanning, identifying any potential vulnerabilities in your system with clear dashboards that can be easily shared in your org.
  5. Staying compliant: With so many different compliance regulations to follow, it can be hard to know which ones apply to your organization, and how to stay compliant. ProwlerPro can help by providing a detailed report of all the compliance regulations that apply to your organization, and highlighting any areas where you may be falling short.

ProwlerPro is a powerful service that can help organizations make sense of AWS security for the cloud. With its detailed reports and easy-to-use dashboards, it makes it easy to stay on top of your organization’s cloud security posture and compliance. By using ProwlerPro, you can more easily ensure your AWS security is as strong as possible, and can keep sensitive data and resources safe from threats.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

Prowler Power-Ups: 9 Projects to Enhance Your Security Posture

Are you looking to enhance your AWS security with Prowler? Look no further! Here are 9 Prowler related projects that will save the day:

  1. Terraform AWS Prowler Monitoring: Create a collection of AWS log metric filters and alarms to monitor and alert on security-related events in your AWS environment. These checks and alarms satisfy section 3 of the CIS for AWS requirements of the Prowler Monitoring checks. 
  2. QuickSight powered AWS Security Dashboard: Building Prowler into a QuickSight dashboard allows for real-time visualization of security findings, making it easier to identify and address potential threats.
  3. CloudFormation template: Use this template to perform a point in time assessment of your AWS account, helping you and your team identify and remediate any security issues. We have this one as well for CodeBuild.
  4. Multi-Account Security Assessment: This assessment works for multiple accounts. This report also comes with an Excel template to use for reporting to management, allowing you to track and report on security findings over time.
  5. AWS Fargate: Use this code to perform security assessments in AWS Organizations using Prowler on AWS Fargate, making it easy to scale and automate security assessments across multiple accounts.
  6. Python Script: Easily share and communicate security findings with your team by using this script to generate an HTML report from a CSV.
  7. Ansible code for Splunk integration: Use the Ansible code for Splunk integration which includes a dashboard set up for Splunk, to get a better visibility of your security posture.
  8. Sample Helm chart for Prowler: This example Helm chart makes it easy to deploy Prowler on Kubernetes.
  9. CloudFormation and Terraform templates: The CloudFormation and Terraform templates which include the permissions needed for Prowler and ProwlerPro to assume the role and scan an account.

By implementing these Prowler related projects, you can improve your overall security posture and better protect your AWS environment from potential threats.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

Prowler: The Top Security Tool for Securing the Cloud

As more and more businesses move their operations to the cloud, the need for robust and reliable security tools has never been greater. This is where ProwlerPro comes in.

According to OSS Insight, Prowler is the top security tool for securing the cloud in December 2022 based on popularity growth (stars). This ranking of Prowler—the engine behind ProwlerPro– is a testament to the effectiveness and reliability of our product, and we’re proud to offer it to businesses everywhere.

Image captured January 17, 2023  – Credit https://ossinsight.io/collections/security-tool

One of the key advantages of ProwlerPro is the expertise of its engineers. Per capita, our engineers are responsible for securing more of the cloud than any other engineers in the world. This level of expertise ensures that ProwlerPro is constantly updated with the latest security features and practices to keep your business safe.

ProwlerPro also offers a wide range of features to protect your business from a variety of threats. Some of the key features include:

  • Automatic security configuration assessments
  • Compliance checks
  • Vulnerability scanning

Prowler version 3.1.0 was released this week and its code name is Revelations, the second song of the Peace of Mind album of Iron Maiden that was written by Bruce Dickinson. This last month has been a real revelation for us as we realized how our community has grown and how well received version 3 has been. We have surpassed 2 million downloads since the project started in 2016.

This version comes with a new AWS IAM check that prevents a cross-service confused deputy attack. We also added support for custom reports so it will be easier to generate outputs other than the CSV, JSON, HTML, etc. And we solved almost 30 issues.

With ProwlerPro, you can rest assured that your business is protected from the latest threats and vulnerabilities. Plus, with the ability to customize the security measures to fit your specific needs, ProwlerPro is the perfect solution for businesses of all sizes.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

ProwlerPro Dashboards II

Join us on Slack

Hello again. This is Sergio, one of the engineers of ProwlerPro and Prowler Open Source. In the previous video, we saw all the features of the Home dashboard, such as the Global Security Status per Region, which shows you another status per AWS region, or the Security Posture Evolution panel, which contains an AWS service graph with a history of the past and failed findings over the scans.

This time we will cover the Simple Status per AWS Service dashboard, which shows you the security status of each AWS service that ProwlerPro scans. So let’s see how can we get to this dashboard in ProwlerPro.

Let’s log in to your ProwlerPro account in prowler.pro. In our case, we are going to log in to our demo account. Okay, so right now we are on the ProwlerPro overview page. To go to the dashboards, we have to click either on the dashboard button or in the results. As we show in the previous video, the very first dashboard that you’ll see is the home dashboard.

To access the rest of the dashboards, you will have to click in the List of Dashboards drop down menu. In this case, I’m selecting the Simplest Status by AWS Services dashboard. As we already mentioned, this dashboard shows the security status per AWS service that ProwlerPro scans. Green indicates that all checks were passed in that service and red indicates that one or more checks in that service failed.

You can also play with the filters in this dashboard. For example, the AWS account filter lets you choose the accounts that you’d like to see the findings of, which is going to be useful when we release the multi-account feature. The assessment date lets you choose the date for which you want to see the services’ status and the AWS region lets you choose all the available AWS regions where you’re going to see the status of the services.

This filter can have one, more, or all regions. As you can see, the filters are applied automatically and the dashboard changes. Remember that all the panels are clickable. You can click in any service and see the details of the failed findings for each of them. For example, let’s click on the EC2 service.

We can see the failed findings that caused the EC2 service panel to be in red. These are four default BBC security groups that allow all types of traffic in four different regions. And for regions that doesn’t have the EBS default encryption activated. You can also play with the filters in this panel, for example, by selecting the severity you want to see.

Moreover, this panel allows you to export the results into a CSV or Excel format, so you can share these failed findings to a member of your team. To do this, click on the table title and select inspect data on the drill down menu that will appear. Now the CSV can be downloaded by clicking on Download CSV. The option download for Excel can be activated for using this CSV in Excel.

And that is all in this video. If you have any questions, please join our Slack group and post it in the Ask-a-Question channel. You can find the link below or at prowler.pro. It was a pleasure having you in this video. See you soon.


Sergio Garcia

Engineer at ProwlerPro

I’m a Cloud Security Engineer with experience in AWS. Among my roles, I completed an internship at Amazon and supported a digital bank to secure its assets in the cloud. I’m passionate about cloud automation, even more if it helps to ease security management.

Prowler v3 – Piece of Mind

Today we are releasing a new major version of Prowler 🎉🥳🎊🍾, the Version 3 aka Piece of Mind.

Take Prowler v3 as our 🎄Christmas gift 🎁 for the Cloud Security Community.


Artwork property of Iron Maiden

Piece of Mind was the fourth studio album of Iron Maiden. Its meaning fits perfectly with what we do with Prowler in both senses: being protected and at the same time, this is the software I would have wanted to write when I started Prowler back in 2016 (this is now, more than ever, a piece of my mind). Now this has been possible thanks to my awesome team at Verica.

No doubt that 2022 has been a pretty interesting year for us, we launched ProwlerPro and released many minor versions of Prowler. Now enjoy Sun and Steel while you keep reading these release notes.

If you are an Iron Maiden fan as I am, you have noticed the latest minor release of Prowler (2.12) was a song from this very same album, just a clue of what was coming! In Piece of Mind you can find one of the most popular heavy metal songs of all times, The Trooper, which will be a Prowler version to be released during 2023.

Prowler v3 is more than a new version of Prowler, it is a whole new piece of software, we have fully rewritten it in Python and we have made it multi-cloud adding Azure as our second supported Cloud Provider. Prowler v3 is also way faster, being able to scan an entire AWS account across all regions 37 times faster than before. Yes! You read it correctly, what before took hours now it takes literally few minutes or even seconds.

New documentation site:

We are also releasing today our brand new documentation site for Prowler at https://docs.prowler.cloud and it is also stored in the docs folder in the repo.

What’s Changed:

Here is a list of the most important changes in Prowler v3:

  • 🐍 Python: we got rid of all bash and it is now all in Python.
  • 🚀 Faster: huge performance improvements.
    An account that took 2.5 hours to scan in v2 now only takes 4 minutes to scan in v3.
  • 💻 Developers and Community: we have made it easier to contribute with new checks and new compliance frameworks. We also included unit tests and native logging features. And now the CLI supports long arguments and options.
  • ☁️ Multi-cloud: in addition to AWS, we have added Azure.
  • Checks and Groups: all checks are now more comprehensive and we provide resolution actions in most of them. Their ID is no longer tight to CIS but they are self-explanatory. Groups now are dynamically generated based on checks metadata like services, categories, severity and more).
  • ⚖️ Compliance: we are including full support for CIS 1.4, CIS 1.5 and the new Spanish ENS in this release, more to come soon! Compliance also has its own output file with its own metadata and to create your own is easier than ever before making more comprehensive reports.
  • 🧩 Compatibility with v2: most of the options are the same in this version in order to support backward compatibility however some options like assume role or AWS Organizations query are now different and easier to use.
  • 🔄 Consolidated output formats: now both CSV and JSON reports come with the same attributes and compared to v2, they come with more than 40 values per finding. HTML, CSV and JSON are created every time you run prowler.
  • 📊 Quick Inventory: introduced in v2, we have fine tuned the Quick Inventory feature and now you can get a list of all resources in your AWS accounts within seconds.

Prowler new default overview:

prowler-3-output

Prowler updated HTML report:

html-output

Prowler compliance overview:

compliance-cis-sample

Prowler list of Azure checks:

azure-checks

What is coming next?

  • More Cloud Providers and more checks: in addition to adding more new checks to AWS and Azure, we plan to include GCP and OCI soon, let us know if you want to contribute!
  • XML-JUNIT support: we didn’t add that to v3, if you miss it, let us know in https://github.com/prowler-cloud/prowler/discussions
  • Compliance: we will add more compliance frameworks to have as many as in Prowler v2, we appreciate help though!
  • Tags based audit: you will be able to scan only those resources with specific tags.

Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

ProwlerPro Dashboards I

Join us on Slack

Hello everyone. My name is Sergio, one of the engineers of ProwlerPro, the most comprehensive AWS security tool trusted by teams and organizations at any scale. ProwlerPro gives you a holistic view of the security status in your cloud infrastructure with detailed dashboard that you can drill down into. This is the first of a series of videos where we will show you the ProwlerPro dashboards as well as some other great features.

When you get started with ProwlerPro, one of the first things you will see is the home dashboard, which we are covering this video. So let’s go through an example of accessing your results in your very first scan.

Okay, so right now we are on the ProwlerPro overview page. To go to the dashboards, we have to click either in the dashboard folder or in the results. The first dashboard that you’ll see is the home dashboard, which is the one we cover in this video. In a single glance, this dashboard shows general indicators regarding the security posture of your cloud account.

But first of all, let’s take a look at the filters. This contains dynamic variables, and there are three of them. The AWS account filter lets you choose the counts that you’d like to see the findings, which is going to be useful when we release the multi-account feature. The assessment date, lets you choose the date for which you want to see the result, and the AWS region lets you choose all the valuable AWS regions where you want to see the results.

This filter can have one, more, or all regions. As you can see, the filters are ultimately applied and the dashboard changes. Now let’s repeat the panels. We can see some numerical indicators such as the cloud accounts. In this case, there is only one cloud account since the free tier only allows one AWS account per user. We can also see the total findings, the text executed, and the services that were outdated.

The total findings are broken down based on its status, which can either fail, pass, or allowlisted. This allowlisted status appears because the allowlisted functionality will be available soon in Prowlerpro. This breakdown can also be seen in the overall status by result, by chart, or in the security post revolution time series panel which represents an historic security status.

The time range of this graph can be changed in the top right corner. Let’s change it to seven days. Now you can see that this graph has changed to a seven days period. The failed findings are also broken down based on its severity, which can be either critical, high, medium, low, or informational. This information is also presented in the count of failed findings by severity pie chart.

Remember that all the panels are clickable. For example, you can click on the critical failed findings and see details of those findings. For instance, there is a critical finding since a hardware MFA is not enabled for the root account, and you can see all the information here such as the result extended and the remediation.

This panel allows you to export the results into a CSV or Excel format. To do this, click on the table title and select inspect data on the drill down menu that will appear. Now, the CSV can be downloaded by clicking on the download CSV button. Optionally, the option download for Excel can be activated for using this CSV in Excel.

Okay, so let’s go back to the home dashboard. We can do this by either selecting it on the list of dashboards drill down menu, or clicking on the ProwlerPro logo. The global security status per region panel, shows a dot per AWS region, and gives you an overview of the findings when the mouse hovers over the regions. The color for its AWS region depends on how many failed findings there are.

The color will be green if there are zero failed findings in the corresponding region. This regional occupation is also represented in the count of past and failed findings per region bar chart panel where we can see the total findings per region. The last three panels are bar charts too. First, we have the services with more failed resources, which represents the AWS services with the most failed findings, then the count of any result by service name, which shows the total findings for its AWS service.

And finally, the affected resources by check ID bar chart, which displays the number of failed findings per Prowler check. And that was all. If you have any questions about this task board, please join our Slack group and post it in the Ask a Question channel. Find the link below or at prowler.pro. It was a pleasure having you in this video.

See you soon.


Sergio Garcia

Engineer at ProwlerPro

I’m a Cloud Security Engineer with experience in AWS. Among my roles, I completed an internship at Amazon and supported a digital bank to secure its assets in the cloud. I’m passionate about cloud automation, even more if it helps to ease security management.

Preventing AWS Ransomware Attacks With Prowler Open Source

It’s criminally easy to roll out a fear-mongering list of industries, victims, and financial penalties related to ransomware. Gas pipelines, healthcare systems, local governments, all have been hit. Nearly every headline is some form of: “And it’s only getting worseare Ransomware attacks the new digital pandemic?”  It can seem inevitable, but when it comes to your AWS environment, there’s a few things you can do to protect yourself by reducing your attack surface, and then use Prowler to keep an eye on it all continuously. 

AWS Ransomware Best Practices

Ransomware attacks are only successful when you don’t have backups of your data so the attacker can hold your data hostage. Reducing your attack surface and putting consistent data backup/recovery processes in place will help you thwart malicious activity (and recover from application failures as well).

Implement IAM Best Practices 

These include setting least privilege policies, preventing IAM key leakage, applying policies only at the group level, and more. See our previous post on IAM checks in Prowler for all the details on this.

Enable S3 Object Versioning 

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures. 

Replicate S3 Buckets 

AWS offers a built-in mechanism for replicating buckets to different S3 buckets for backup purposes, including mitigating malicious delete operations.

Prevent Deletion with S3 Object Lock 

Per AWS, Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.

Use GuardDuty S3 Findings 

GuardDuty monitors and generates findings for suspicious access to data stored in your S3 buckets.

Prowler Ransomware Checks

Running a Prowler check is quick and easy. The basic command is prowler, and if you run it without options it will use your environment variable credentials (if they exist) or will default to using the ~/.aws/credentials file and run checks over all regions when needed. To install prowler just make sure you have Python 3.9 or newer and PIP then pip install prowler.

To run a single check, use option -c and the check ID:

prowler aws -c cloudtrail_logs_s3_bucket_is_not_publicly_accessible

For multiple checks, separate them with a comma: 

prowler aws -c cloudtrail_logs_s3_bucket_is_not_publicly_accessible \
           ec2_ebs_public_snapshot \
           s3_bucket_public_access

Check out the Prowler docs for the full usage details and tutorials. 

Check for open common ports

  • SSH access via EC2 Security Group (Server-level control)
  • RDP access via EC2 Security Group (Server-level control)
  • SSH access via Network ACL (Subnet-level control)
  • Microsoft RDP via Network ACL
  • FTP ports 20 or 21
  • Kafka port 9092
  • Telnet port 23
  • Windows SQL Server ports 1433 or 1434
  • Network ACLs ingress from 0.0.0.0/0 to any port
  • Security groups ingress from 0.0.0.0/0 or ::/0 to any port
  • Oracle ports 1521 or 2483
  • MySQL port 3306
  • Postgres port 5432
  • Redis port 6379
  • MongoDB ports 27017 and 27018
  • Cassandra ports 7199 or 9160 or 8888
  • Memcached port 11211
  • Elasticsearch/Kibana ports

Check now if you have any of those ports open to the internet with:

prowler aws -c ec2_networkacl_allow_ingress_any_port \
ec2_networkacl_allow_ingress_tcp_port_22 \
ec2_networkacl_allow_ingress_tcp_port_3389 \
ec2_securitygroup_allow_ingress_from_internet_to_any_port \
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23

Internet-exposed Resources

The list of things you don’t want exposed to the internet is pretty significant. Thankfully, Prowler has you covered with these checks for resources that could be set as public:

  • EBS Snapshots
  • EC2 AMIs
  • ECR repositories
  • RDS instances
  • Elastic Load Balancers 
  • EC2 Instances
  • EC2 instances with Instance Profiles attached
  • Redshift Clusters
  • Elasticsearch Service (ES) domains (or if it has open policy access)
  • RDS and Cluster Snapshots
  • SQS queues policy 
  • SNS topics policy 
  • API Gateway endpoint
  • Exposed KMS keys
  • S3 bucket for CloudTrail logs: Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.
  • Lambda functions’ resource-based policies

Check now if you have internet exposed resources with:

prowler aws -c ec2_ebs_public_snapshot \
           ec2_ami_public \
           ecr_repositories_not_publicly_accessible \
           rds_instance_no_public_access \
           elb_internet_facing \
           elbv2_internet_facing \
           ec2_instance_public_ip \
           ec2_instance_internet_facing_with_instance_profile \
           redshift_cluster_public_access \
           opensearch_service_domains_not_publicly_accessible \
           rds_snapshots_public_access \
           sqs_queues_not_publicly_accessible \
           sns_topics_not_publicly_accessible \
           apigateway_endpoint_public \
           kms_key_not_publicly_accessible \
           cloudtrail_logs_s3_bucket_is_not_publicly_accessible \
           awslambda_function_not_publicly_accessible

There’s a few other useful checks in this set: 

  • Are CloudFront distributions set to HTTPS
  • S3 buckets that are open to Everyone or Any AWS user
  • S3 buckets which allow WRITE access
  • Ensure a log metric filter and alarm exist for S3 bucket policy changes: Monitoring unauthorized API calls will help reveal application errors and detect malicious activity.
  • Do S3 buckets have Object-level logging enabled in CloudTrail: You can’t use logs for threat analysis if they don’t exist! 
  • Do S3 buckets have default encryption (SSE) enabled: Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.
  • Check if EFS File systems have backup enabled
  • Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled
  • Find VPC security groups with wide-open public IPv4 CIDR ranges 
  • Restrict Access to the EKS Control Plane Endpoint
  • Check if any of the Elastic or Public IP are in Shodan 
  • Check connection and authentication for both:
    • Internet exposed Elasticsearch/Kibana ports 
    • Internet exposed Amazon Elasticsearch Service (ES) domains 

Check all these with:

prowler aws -c cloudfront_distributions_https_enabled \
           s3_bucket_public_access \
           s3_bucket_policy_public_write_access \
           cloudwatch_log_metric_filter_for_s3_bucket_policy_changes \
           cloudtrail_s3_dataevents_write_enabled \
           s3_bucket_default_encryption \
           cloudfront_distributions_logging_enabled \
           eks_endpoints_not_publicly_accessible \
           ec2_securitygroup_allow_wide_open_public_ipv4 \
           eks_control_plane_endpoint_access_restricted \
           ec2_instance_public_ip

If you have a Shodan.io API key, add this at the end:

--shodan <shodan_api_key>

RDS Checks

  • Publicly accessible RDS instances: Publicly accessible databases could expose sensitive data to bad actors—check if they exist, and if so, confirm there is a legitimate business reason.
  • Are RDS Snapshots or Cluster Snapshots public: If your RDS snapshot is public then the data which is backed up in that snapshot is accessible to all other AWS accounts.
  • Is storage encrypted: Use a CMK where possible, which will provide additional management and privacy benefits.
  • Is automated backup enabled: Be sure you have automated backup established for production data, with a clearly defined retention period. 
  • Are RDS instances integrated with CloudWatch logs: These logs help you monitor how your services are being used and assist with threat analysis when needed.
  • Is deletion protection enabled: If not, you can set it up in your AWS management console for any of your production instances.
  • Is minor version upgrade enabled: Auto Minor Version Upgrade does pretty much what it says: it automatically upgrades when a new minor database engine version is available. Such minor version upgrades often patch security vulnerabilities and fix bugs.
  • Is enhanced monitoring enabled: First you need to create an IAM role and then you can enable Enhanced Monitoring, which uses a smaller monitoring interval for more frequent reporting of OS metrics.
  • Is multi-AZ enabled: With a single-AZ deployment configuration, Amazon RDS can’t automatically fail over to a standby availability zone.

Check  RDS now with:

prowler aws --service rds

Stay tuned for the next post in this series!


Sign up for Prowler Training

This free course covers everything from the history of Prowler to advanced features.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.

Continuous AWS IAM Security With Prowler

Ensuring proper, consistent Identity and Access Management (IAM) in AWS is both a toil-heavy chore and a persistent risk. Often, engineers are expected to be responsible for this when they may or may not know what the specific access should look like for their application. In other cases, a lone (and typically overwhelmed) cloud security expert is saddled with an insurmountable amount of custom policy development, which can significantly slow down engineering and product release velocity. In the worst case scenario, overly permissive configurations can lead to an event like the Capital One hack in 2019.

It doesn’t have to be this way. You can have development velocity and security working in lockstep with just a few easy Prowler IAM checks. (If you’re not familiar with Prowler, check out our first post in this series.) For each check we list below, you’ll also get remediation steps to help if your environment fails that check.

The Prowler IAM checks fall into roughly 5 groupings that are based off the AWS IAM Security best practices:

Root Account Protections

AWS recommends that you treat your root user access key “like you would your credit card numbers or any other sensitive secrets.” You only want it to set up your admin account, and then you want to use roles and groups to delegate permissions. This set of checks helps you see if/when the root account has been accessed, ensure MFA is enabled, and control access keys for the root account, including:

Key and Credential Rotation

AWS recommends rotating access keys every 90 days, and disabling credentials that are unused for 90 days or greater. These checks confirm those timelines, plus an extra one for those that prefer a shorter window.

Password Hygiene

Policing passwords is no fun, and if you use SAML you don’t have to worry about this (but having these checks properly set up is still a good practice)! If you are using AWS IAM as a user and password database, these checks make it simple to see if something snuck through that shouldn’t have. This set checks for:

Admin/Ops Details

Keep your who, where, what details up to date in case something goes wrong. This set covers important details like:

Users, Roles, and Groups

By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. AWS recommends that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grows. Reducing access management complexity may in turn reduce the opportunity for a user to inadvertently receive or retain excessive privileges. This set verifies that:

Privilege Escalation

We made a special category for this, because it’s something that can catch you off guard in really nasty ways. Essentially, users with some IAM permissions may be allowed to elevate their privileges up to administrator rights. It’s critical to know if you have any of those privileges lurking in your infrastructure that an attacker could potentially exploit, from things like creating a new version of an IAM policy, to making a new EC2 instance and gaining access to all the permissions that the associated instance profile/service role has, or creating a new user access key that could grant them full administrator access (and a bunch more bad things that stem from privilege escalation). 

Logs and Alerts

Root account logins, unauthorized API calls, and policy changes or auth failures could all be simple mistakes or signs of malicious activity. Either way, find out as soon as possible with this set of checks that makes sure log metric filters and alarms exist for:

This is the tip of the Prowler iceberg, which has over 240 checks for comprehensive coverage of all your AWS use cases. Stay tuned for our next post in this series, which covers key Prowler checks for preventing ransomware attacks.


Sign up for Prowler Training

This free course covers everything from the history of Prowler to advanced features.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.