For those already in Salt Lake City ready for this years’ KubeCon North America, I’m jealous! I’ll be sitting this one out this year, but it does give me time to sit at a real desk and talk Kubernetes security from a distance! (plus, my soda fridge doesn’t dissapear at specific times thoughout the day.) […]

ProwlerPro Joins AWS Marketplace to Enhance Cloud Security Offerings

ProwlerPro has joined the AWS Marketplace. This collaboration aims to provide businesses with improved options for securing their cloud environments. ProwlerPro offers comprehensive features, including vulnerability management, compliance monitoring, and configuration auditing, tailored specifically for AWS deployments.

By joining the AWS Marketplace, ProwlerPro aims to simplify the process of discovering, purchasing, and deploying ProwlerPro. Customers can now access ProwlerPro seamlessly through the AWS Marketplace’s trusted platform. This integration showcases the ongoing efforts of ProwlerPro’s engineering team and highlights the collaborative work between ProwlerPro and AWS.

Toni de la Fuente, the lead engineer behind ProwlerPro, expressed enthusiasm for the collaboration, stating, “Prowler is already the top tool for securing the AWS cloud, we are thrilled to share ProwlerPro to help businesses secure their cloud environments effectively.”

ProwlerPro offers an array of features designed to enhance cloud security. Real-time vulnerability assessments, compliance monitoring based on industry standards, and comprehensive configuration auditing are just a few of the key capabilities. The tool’s user-friendly interface and robust reporting features enable businesses to identify and mitigate potential security risks efficiently.

We’re looking forward to a bright future where organizations of all sizes trust ProwlerPro to fortify their AWS cloud environments and navigate the evolving threat landscape effectively.


We’re hosting our first meetup in Madrid

Join us next week in Madrid!

🇪🇸 El día 22 de Junio en Madrid hacemos nuestro primer evento presencial para la comunidad de Seguridad en la Nube y DevSecOps. Aprenderás sobre Prowler Open Source y ProwlerPro, además nos acompañarán nuestros amigos de Jit.io con Aviram Shmueli para enseñarnos como implementar buenas prácticas en DevSecOps. Apúntate aquí! https://lnkd.in/dKsJWnW9

🇬🇧 This June 22nd in Madrid we celebrate our first in-person event for the Cloud Security and DevSecOps community. You will learn about Prowler Open Source and ProwlerPro, additionally we will have Jit.io with Aviram Shmueli that will teach us how to implement DevSecOps best practices.

Agenda:

10 AM: Bienvenida y Desayuno (café, infusiones, zumo, fruta y dulces).

10.30 AM: Prowler y ProwlerPro: Securiza tu infraestructura en la nube en minutos.

11 AM: Jit.io: Buenas prácticas de DevSecOps y cómo integrar Prowler en producción.

11.30 AM to 13.30: Workshops:

  • Uso avanzado y personalización de Prowler.
  • – Cómo comenzar a usar Jit.io y mejorar tu seguridad en CI/CD en minutos.

13.30: Comida: tapas variadas y networking

Register free for the meetup.


Meet the ProwlerPro Team at fwd:CloudSec 2023


We are eager to get back to in-person events, and are kicking things off this summer with fwd:CloudSec 2023 June 11-12 in Anaheim, CA. We’re excited to be a Silver level sponsor this year!

We invite you to stop by our booth to learn more about ProwlerPro and our cloud security solutions, and pick up some ProwlerPro swag! Prowler Open Source creator Toni de la Fuente will be at our booth to answer any questions you have and to demonstrate how our platform can help you secure your cloud environment. 

Start your ProwlerPro 15-day free trial

ProwlerPro helps organizations securely operate their cloud-based infrastructure by providing:

  • Automatic monitoring of cloud infrastructure for potential misconfigurations and vulnerabilities
  • Verification of compliance with key security and data protection frameworks
  • Comprehensive, easy to understand visualizations of your cloud infrastructure with the ability to filter and drill down to specific regions, accounts, services, issues and remediations
  • Remediations and hardening recommendations based on detected vulnerabilities and issues.
  • Fast, easy, and, agentless installation and integration into common alerting platforms

During your 15 day trial period you have full access to ProwlerPro with scanning of unlimited resources. After your free trial, the cost is simply $0.001 per resource. Getting started is simple and we have resources to help along the way:

  • Documentation – We have docs to guide you through the process including creating the ProwlerProScanRole in your AWS accounts using our CloudFormation or Terraform templates. 
  • Connect with our Engineers – You can join our Slack Channel for direct access to our engineering team and other security professionals or you can email us at support@prowler.com.     
  • Connect with Sales – You can schedule a ProwlerPro Overview and Demo with one of our team members here

We hope you enjoy ProwlerPro and can’t wait to see you at fwd:CloudSec!


Make AWS Security Easy

ProwlerPro is the most comprehensive CSPM solution for Amazon Web Services (AWS). Start your free trial today.

ProwlerPro Updates


I am thrilled to announce that ProwlerPro is now a member of the Amazon Web Services (AWS) Amazon Partner Network (APN)! As one of the most trusted and downloaded cloud security platforms out there, this is a big deal for us.

This certification validates ProwlerPro as the most comprehensive and easy-to-use platform for AWS security. As part of this exciting development, we have also launched multi-account support for unlimited AWS accounts, adding to our already industry-leading suite of security features.

With support for multiple AWS accounts, security professionals can now seamlessly work across their entire AWS environment, ensuring greater visibility and control over their cloud deployment. This enterprise-grade feature automates the job of discovering, analyzing, and understanding the security posture of an entire cloud deployment across security assessment, incident responses, hardening and penetration testing automated checks.

What This Means for You

That’s the full implementation of ProwlerPro which includes easy set-up; a holistic view of your infrastructure for any AWS region; dashboards with actionable, direct insights for every level of your security posture; answers in minutes; and now, support for multiple AWS account scans!

What are resources?

Many people have asked what we mean by resources. ProwlerPro runs checks against your infrastructure. Those checks look for misconfigurations, security bad practices, etc. in your cloud resources (a cloud resource is a virtual machine, a security group, a bucket, a storage volume, etc). Each resource gets scanned in different ways by ProwlerPro every day, so we charge based on the number of resources.

With ProwlerPro you can: 

  • Sign up and try it free for 15 days
  • Make an account in just a few minutes
  • Scan up to 10,000 resources for free
  • See your results in dashboards with actionable, direct insights for every level of detail of your security posture
  • Get a holistic view of your infrastructure for any AWS region
  • Get answers in minutes
  • And now, scan multiple AWS accounts!

As the creator of Prowler Open Source, my goal has always been to give cloud security professionals the tools they need to ensure their systems remain secure and reliable, with all threats detected and traced in an easy-to-understand, streamlined solution. Our acceptance into the AWS Amazon Partner Program is an endorsement of the work we’ve done to date, and it will allow us to offer more features, products, and community services that enhance what was already a best-in-class product on the market.

The APN is a global community of AWS Partners that leverage programs, expertise, and resources to build, market, and sell customer offerings. As an APN member, ProwlerPro joins a global network of 100,000 Partners from more than 150 countries working with AWS to provide innovative solutions, solve technical challenges, win deals, and deliver value to mutual customers.

I invite you to see for yourself by signing up for your free trial. Once you’ve signed up we welcome you to join our ProwlerPro Slack.

We are honored to be a part of this community and excited to bring security to more cloud environments every day. Thanks for your continued support, and here’s to more exciting updates from ProwlerPro in the future!

Cheers,

Toni de la Fuente
Lead of ProwlerPro and Creator of Prowler Open Source


Make AWS Security Easy

ProwlerPro is the most comprehensive CSPM solution for Amazon Web Services (AWS). Start your free trial today.

Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.

Improving Your AWS CSPM with ProwlerPro

As organizations continue to move their data and applications to the cloud, ensuring the security of their cloud environment has become a top priority. Cloud Security Posture Management (CSPM) is a process of continuous monitoring and assessment of an organization’s cloud infrastructure to ensure compliance with security best practices and regulatory requirements. In this blog post, we will discuss what CSPM is and why hardening security in your AWS cloud is essential to your organization’s security.

CSPM involves monitoring and evaluating the security posture of your AWS cloud environment by identifying potential security risks, misconfigurations, and vulnerabilities. CSPM tools, like ProwlerPro, can automate the detection of security risks and batch them into severity enabling your security team to easily identify next steps to remediate them. 

AWS is one of the leading cloud service providers, and with more organizations moving their data and applications to the cloud, it has become a prime target for cyber attacks. AWS provides many security features and services, but it is still the responsibility of the organization to ensure that their AWS environment is secured.

Here are some reasons why hardening security in your AWS cloud is important:

Data Protection: Your AWS cloud environment may contain sensitive data, such as customer information, trade secrets, and financial data. Any data breach or theft can cause significant financial and reputational damage to your organization.

Regulatory Compliance: Many industries, such as healthcare and finance, have strict regulatory requirements for data security and privacy. Hardening security in your AWS cloud ensures that you comply with these regulations, avoiding fines and legal penalties.

Business Continuity: Cyber attacks can disrupt business operations, leading to lost revenue and productivity. Hardening security in your AWS cloud minimizes the risk of cyber attacks, ensuring business continuity.

ProwlerPro can help harden security in your AWS cloud with more than 250 checks across multiple security categories. ProwlerPro dashboards offer real-time visibility into your AWS security posture

ProwlerPro can also generate detailed reports that highlight security risks categorized by risk severity, providing a clear understanding of the issues that require immediate attention. ProwlerPro can save significant time and resources that would otherwise be spent on manual security checks. 

Hardening security in your AWS cloud is critical to ensuring the security and privacy of your data and applications. CSPM tools like ProwlerPro can help automate security audits, identify vulnerabilities and misconfigurations, and enable your team to prioritize the most critical actions to take. With the help of CSPM tools, organizations can maintain a strong security posture and minimize the risk of cyber attacks.

Start your 14 day free trial and see what ProwlerPro can uncover.


Navigating AWS Security: How ProwlerPro Makes it Easier

AWS security for the cloud can be a daunting task for many organizations. With so many different tools and options available, it can be hard to know where to start. In this blog post, we’re going to take a look at five ways AWS security for the cloud is hard, and how ProwlerPro can make it easier. 

  1. Keeping track of compliance failures. With ever-changing security policies, it’s hard to see all of your system’s compliance issues. ProwlerPro lets you easily see a list of compliance issues within your accounts for the CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, and ENS security frameworks. 
  2. Holistic view of your infrastructure: With so many different components in your infrastructure, it can be hard to keep track of how they all fit together and how they could impact the security of your organization. ProwlerPro can help by giving you a clear and comprehensive view of your entire infrastructure, showing you how all the different components might be vulnerable.
  3. Keeping an eye on network security: With so many different network security tools and options available, it can be hard to know which ones are right for your organization. ProwlerPro can help by providing a detailed report of all the AWS security in place, and highlighting any areas where you may be vulnerable.
  4. Vulnerability scanning: With the ever-changing threat landscape, it can be hard to keep track of all the vulnerabilities that exist in your infrastructure. ProwlerPro can help by providing automated vulnerability scanning, identifying any potential vulnerabilities in your system with clear dashboards that can be easily shared in your org.
  5. Staying compliant: With so many different compliance regulations to follow, it can be hard to know which ones apply to your organization, and how to stay compliant. ProwlerPro can help by providing a detailed report of all the compliance regulations that apply to your organization, and highlighting any areas where you may be falling short.

ProwlerPro is a powerful service that can help organizations make sense of AWS security for the cloud. With its detailed reports and easy-to-use dashboards, it makes it easy to stay on top of your organization’s cloud security posture and compliance. By using ProwlerPro, you can more easily ensure your AWS security is as strong as possible, and can keep sensitive data and resources safe from threats.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

Prowler Power-Ups: 9 Projects to Enhance Your Security Posture

Are you looking to enhance your AWS security with Prowler? Look no further! Here are 9 Prowler related projects that will save the day:

  1. Terraform AWS Prowler Monitoring: Create a collection of AWS log metric filters and alarms to monitor and alert on security-related events in your AWS environment. These checks and alarms satisfy section 3 of the CIS for AWS requirements of the Prowler Monitoring checks. 
  2. QuickSight powered AWS Security Dashboard: Building Prowler into a QuickSight dashboard allows for real-time visualization of security findings, making it easier to identify and address potential threats.
  3. CloudFormation template: Use this template to perform a point in time assessment of your AWS account, helping you and your team identify and remediate any security issues. We have this one as well for CodeBuild.
  4. Multi-Account Security Assessment: This assessment works for multiple accounts. This report also comes with an Excel template to use for reporting to management, allowing you to track and report on security findings over time.
  5. AWS Fargate: Use this code to perform security assessments in AWS Organizations using Prowler on AWS Fargate, making it easy to scale and automate security assessments across multiple accounts.
  6. Python Script: Easily share and communicate security findings with your team by using this script to generate an HTML report from a CSV.
  7. Ansible code for Splunk integration: Use the Ansible code for Splunk integration which includes a dashboard set up for Splunk, to get a better visibility of your security posture.
  8. Sample Helm chart for Prowler: This example Helm chart makes it easy to deploy Prowler on Kubernetes.
  9. CloudFormation and Terraform templates: The CloudFormation and Terraform templates which include the permissions needed for Prowler and ProwlerPro to assume the role and scan an account.

By implementing these Prowler related projects, you can improve your overall security posture and better protect your AWS environment from potential threats.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

Prowler: The Top Security Tool for Securing the Cloud

As more and more businesses move their operations to the cloud, the need for robust and reliable security tools has never been greater. This is where ProwlerPro comes in.

According to OSS Insight, Prowler is the top security tool for securing the cloud in December 2022 based on popularity growth (stars). This ranking of Prowler—the engine behind ProwlerPro– is a testament to the effectiveness and reliability of our product, and we’re proud to offer it to businesses everywhere.

Image captured January 17, 2023  – Credit https://ossinsight.io/collections/security-tool

One of the key advantages of ProwlerPro is the expertise of its engineers. Per capita, our engineers are responsible for securing more of the cloud than any other engineers in the world. This level of expertise ensures that ProwlerPro is constantly updated with the latest security features and practices to keep your business safe.

ProwlerPro also offers a wide range of features to protect your business from a variety of threats. Some of the key features include:

  • Automatic security configuration assessments
  • Compliance checks
  • Vulnerability scanning

Prowler version 3.1.0 was released this week and its code name is Revelations, the second song of the Peace of Mind album of Iron Maiden that was written by Bruce Dickinson. This last month has been a real revelation for us as we realized how our community has grown and how well received version 3 has been. We have surpassed 2 million downloads since the project started in 2016.

This version comes with a new AWS IAM check that prevents a cross-service confused deputy attack. We also added support for custom reports so it will be easier to generate outputs other than the CSV, JSON, HTML, etc. And we solved almost 30 issues.

With ProwlerPro, you can rest assured that your business is protected from the latest threats and vulnerabilities. Plus, with the ability to customize the security measures to fit your specific needs, ProwlerPro is the perfect solution for businesses of all sizes.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

ProwlerPro Dashboards II

Join us on Slack

Hello again. This is Sergio, one of the engineers of ProwlerPro and Prowler Open Source. In the previous video, we saw all the features of the Home dashboard, such as the Global Security Status per Region, which shows you another status per AWS region, or the Security Posture Evolution panel, which contains an AWS service graph with a history of the past and failed findings over the scans.

This time we will cover the Simple Status per AWS Service dashboard, which shows you the security status of each AWS service that ProwlerPro scans. So let’s see how can we get to this dashboard in ProwlerPro.

Let’s log in to your ProwlerPro account in prowler.pro. In our case, we are going to log in to our demo account. Okay, so right now we are on the ProwlerPro overview page. To go to the dashboards, we have to click either on the dashboard button or in the results. As we show in the previous video, the very first dashboard that you’ll see is the home dashboard.

To access the rest of the dashboards, you will have to click in the List of Dashboards drop down menu. In this case, I’m selecting the Simplest Status by AWS Services dashboard. As we already mentioned, this dashboard shows the security status per AWS service that ProwlerPro scans. Green indicates that all checks were passed in that service and red indicates that one or more checks in that service failed.

You can also play with the filters in this dashboard. For example, the AWS account filter lets you choose the accounts that you’d like to see the findings of, which is going to be useful when we release the multi-account feature. The assessment date lets you choose the date for which you want to see the services’ status and the AWS region lets you choose all the available AWS regions where you’re going to see the status of the services.

This filter can have one, more, or all regions. As you can see, the filters are applied automatically and the dashboard changes. Remember that all the panels are clickable. You can click in any service and see the details of the failed findings for each of them. For example, let’s click on the EC2 service.

We can see the failed findings that caused the EC2 service panel to be in red. These are four default BBC security groups that allow all types of traffic in four different regions. And for regions that doesn’t have the EBS default encryption activated. You can also play with the filters in this panel, for example, by selecting the severity you want to see.

Moreover, this panel allows you to export the results into a CSV or Excel format, so you can share these failed findings to a member of your team. To do this, click on the table title and select inspect data on the drill down menu that will appear. Now the CSV can be downloaded by clicking on Download CSV. The option download for Excel can be activated for using this CSV in Excel.

And that is all in this video. If you have any questions, please join our Slack group and post it in the Ask-a-Question channel. You can find the link below or at prowler.pro. It was a pleasure having you in this video. See you soon.


Sergio Garcia

Engineer at ProwlerPro

I’m a Cloud Security Engineer with experience in AWS. Among my roles, I completed an internship at Amazon and supported a digital bank to secure its assets in the cloud. I’m passionate about cloud automation, even more if it helps to ease security management.

Prowler v3 – Piece of Mind

Today we are releasing a new major version of Prowler 🎉🥳🎊🍾, the Version 3 aka Piece of Mind.

Take Prowler v3 as our 🎄Christmas gift 🎁 for the Cloud Security Community.


Artwork property of Iron Maiden

Piece of Mind was the fourth studio album of Iron Maiden. Its meaning fits perfectly with what we do with Prowler in both senses: being protected and at the same time, this is the software I would have wanted to write when I started Prowler back in 2016 (this is now, more than ever, a piece of my mind). Now this has been possible thanks to my awesome team at Verica.

No doubt that 2022 has been a pretty interesting year for us, we launched ProwlerPro and released many minor versions of Prowler. Now enjoy Sun and Steel while you keep reading these release notes.

If you are an Iron Maiden fan as I am, you have noticed the latest minor release of Prowler (2.12) was a song from this very same album, just a clue of what was coming! In Piece of Mind you can find one of the most popular heavy metal songs of all times, The Trooper, which will be a Prowler version to be released during 2023.

Prowler v3 is more than a new version of Prowler, it is a whole new piece of software, we have fully rewritten it in Python and we have made it multi-cloud adding Azure as our second supported Cloud Provider. Prowler v3 is also way faster, being able to scan an entire AWS account across all regions 37 times faster than before. Yes! You read it correctly, what before took hours now it takes literally few minutes or even seconds.

New documentation site:

We are also releasing today our brand new documentation site for Prowler at https://docs.prowler.cloud and it is also stored in the docs folder in the repo.

What’s Changed:

Here is a list of the most important changes in Prowler v3:

  • 🐍 Python: we got rid of all bash and it is now all in Python.
  • 🚀 Faster: huge performance improvements.
    An account that took 2.5 hours to scan in v2 now only takes 4 minutes to scan in v3.
  • 💻 Developers and Community: we have made it easier to contribute with new checks and new compliance frameworks. We also included unit tests and native logging features. And now the CLI supports long arguments and options.
  • ☁️ Multi-cloud: in addition to AWS, we have added Azure.
  • Checks and Groups: all checks are now more comprehensive and we provide resolution actions in most of them. Their ID is no longer tight to CIS but they are self-explanatory. Groups now are dynamically generated based on checks metadata like services, categories, severity and more).
  • ⚖️ Compliance: we are including full support for CIS 1.4, CIS 1.5 and the new Spanish ENS in this release, more to come soon! Compliance also has its own output file with its own metadata and to create your own is easier than ever before making more comprehensive reports.
  • 🧩 Compatibility with v2: most of the options are the same in this version in order to support backward compatibility however some options like assume role or AWS Organizations query are now different and easier to use.
  • 🔄 Consolidated output formats: now both CSV and JSON reports come with the same attributes and compared to v2, they come with more than 40 values per finding. HTML, CSV and JSON are created every time you run prowler.
  • 📊 Quick Inventory: introduced in v2, we have fine tuned the Quick Inventory feature and now you can get a list of all resources in your AWS accounts within seconds.

Prowler new default overview:

prowler-3-output

Prowler updated HTML report:

html-output

Prowler compliance overview:

compliance-cis-sample

Prowler list of Azure checks:

azure-checks

What is coming next?

  • More Cloud Providers and more checks: in addition to adding more new checks to AWS and Azure, we plan to include GCP and OCI soon, let us know if you want to contribute!
  • XML-JUNIT support: we didn’t add that to v3, if you miss it, let us know in https://github.com/prowler-cloud/prowler/discussions
  • Compliance: we will add more compliance frameworks to have as many as in Prowler v2, we appreciate help though!
  • Tags based audit: you will be able to scan only those resources with specific tags.

Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.


Win ProwlerPro Swag!

Be one of the next 50 people to sign up and complete a scan in ProwlerPro and win exclusive ProwlerPro swag like Miir coffee mugs, hats, North Face jackets and more.

ProwlerPro Dashboards I

Join us on Slack

Hello everyone. My name is Sergio, one of the engineers of ProwlerPro, the most comprehensive AWS security tool trusted by teams and organizations at any scale. ProwlerPro gives you a holistic view of the security status in your cloud infrastructure with detailed dashboard that you can drill down into. This is the first of a series of videos where we will show you the ProwlerPro dashboards as well as some other great features.

When you get started with ProwlerPro, one of the first things you will see is the home dashboard, which we are covering this video. So let’s go through an example of accessing your results in your very first scan.

Okay, so right now we are on the ProwlerPro overview page. To go to the dashboards, we have to click either in the dashboard folder or in the results. The first dashboard that you’ll see is the home dashboard, which is the one we cover in this video. In a single glance, this dashboard shows general indicators regarding the security posture of your cloud account.

But first of all, let’s take a look at the filters. This contains dynamic variables, and there are three of them. The AWS account filter lets you choose the counts that you’d like to see the findings, which is going to be useful when we release the multi-account feature. The assessment date, lets you choose the date for which you want to see the result, and the AWS region lets you choose all the valuable AWS regions where you want to see the results.

This filter can have one, more, or all regions. As you can see, the filters are ultimately applied and the dashboard changes. Now let’s repeat the panels. We can see some numerical indicators such as the cloud accounts. In this case, there is only one cloud account since the free tier only allows one AWS account per user. We can also see the total findings, the text executed, and the services that were outdated.

The total findings are broken down based on its status, which can either fail, pass, or allowlisted. This allowlisted status appears because the allowlisted functionality will be available soon in Prowlerpro. This breakdown can also be seen in the overall status by result, by chart, or in the security post revolution time series panel which represents an historic security status.

The time range of this graph can be changed in the top right corner. Let’s change it to seven days. Now you can see that this graph has changed to a seven days period. The failed findings are also broken down based on its severity, which can be either critical, high, medium, low, or informational. This information is also presented in the count of failed findings by severity pie chart.

Remember that all the panels are clickable. For example, you can click on the critical failed findings and see details of those findings. For instance, there is a critical finding since a hardware MFA is not enabled for the root account, and you can see all the information here such as the result extended and the remediation.

This panel allows you to export the results into a CSV or Excel format. To do this, click on the table title and select inspect data on the drill down menu that will appear. Now, the CSV can be downloaded by clicking on the download CSV button. Optionally, the option download for Excel can be activated for using this CSV in Excel.

Okay, so let’s go back to the home dashboard. We can do this by either selecting it on the list of dashboards drill down menu, or clicking on the ProwlerPro logo. The global security status per region panel, shows a dot per AWS region, and gives you an overview of the findings when the mouse hovers over the regions. The color for its AWS region depends on how many failed findings there are.

The color will be green if there are zero failed findings in the corresponding region. This regional occupation is also represented in the count of past and failed findings per region bar chart panel where we can see the total findings per region. The last three panels are bar charts too. First, we have the services with more failed resources, which represents the AWS services with the most failed findings, then the count of any result by service name, which shows the total findings for its AWS service.

And finally, the affected resources by check ID bar chart, which displays the number of failed findings per Prowler check. And that was all. If you have any questions about this task board, please join our Slack group and post it in the Ask a Question channel. Find the link below or at prowler.pro. It was a pleasure having you in this video.

See you soon.


Sergio Garcia

Engineer at ProwlerPro

I’m a Cloud Security Engineer with experience in AWS. Among my roles, I completed an internship at Amazon and supported a digital bank to secure its assets in the cloud. I’m passionate about cloud automation, even more if it helps to ease security management.

Announcing ProwlerPro SaaS

Today we announce the launch of ProwlerPro SaaS. This is the most comprehensive, free security tool for AWS. We’re very excited about how easy it is to use, how fast you can start understanding your entire security posture, and how it’s going to help the safety and security of the internet.

We announced ProwlerPro, a self-hosted solution available in the AWS Marketplace, back in April.  We got such a positive response from that, we thought, “let’s make this even easier.” And if you know me, you know that I’m passionate about open source. You get the best of both worlds in ProwlerPro SaaS.

The ProwlerPro SaaS Difference

This SaaS is built on top of Prowler OSS which means you can still automate the job of discovering, analyzing, and understanding the security posture of an entire cloud deployment. But with ProwlerPro SaaS, you get all of that out of the box. There’s very little set-up, and because it’s a SaaS, you can create your account and run your first scan in minutes.  

ProwlerPro provides a map for where to focus your energy, and then charts trends so that you can see your security posture improve over time and detect when new vulnerabilities emerge.

ProwlerPro SaaS automatically gives you parallelized processing for faster results. We’ve built a suite of dashboards that you can drill down into for direct insights at all levels of your security posture. Last but not least, you’ll get a holistic view of your infrastructure no matter the AWS region you use. ProwlerPro SaaS is simple and safe enough for practitioners and managers alike.

Carrying the Torch 

Prowler OSS still burns brightly in my heart. It is a very popular AWS security tool and is the de facto choice for AWS CSPM (Cloud Security Posture Management). We will continue to maintain Prowler OSS. I believe in the importance of keeping open source projects alive and active. By providing ProwlerPro SaaS for free, we are investing our time and energy in the Prowler community and in the security of the internet. 

Speaking of the Future

We believe ProwlerPro will upend the way cloud security operates by offering the first true DevSecOps experience and this is only the beginning. Customer feedback and analysis of usage patterns on the SaaS will drive prioritization for ProwlerPro’s future. We have set our sights on providing the most comprehensive set of CSPM checks for all major cloud vendors and platforms. ProwlerPro will be the go-to cloud security resource for security professionals.
Once security professionals get a taste of what ProwlerPro can do, we believe they will be more than willing to invest in ProwlerPro in the near future. It’s so easy, we hope that everyone, no matter the size of the organization, who wants to harden their AWS accounts and improve their security use this ProwlerPro SaaS to do so.


Watch the Demo


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.

Preventing AWS Ransomware Attacks With Prowler Open Source

It’s criminally easy to roll out a fear-mongering list of industries, victims, and financial penalties related to ransomware. Gas pipelines, healthcare systems, local governments, all have been hit. Nearly every headline is some form of: “And it’s only getting worseare Ransomware attacks the new digital pandemic?”  It can seem inevitable, but when it comes to your AWS environment, there’s a few things you can do to protect yourself by reducing your attack surface, and then use Prowler to keep an eye on it all continuously. 

AWS Ransomware Best Practices

Ransomware attacks are only successful when you don’t have backups of your data so the attacker can hold your data hostage. Reducing your attack surface and putting consistent data backup/recovery processes in place will help you thwart malicious activity (and recover from application failures as well).

Implement IAM Best Practices 

These include setting least privilege policies, preventing IAM key leakage, applying policies only at the group level, and more. See our previous post on IAM checks in Prowler for all the details on this.

Enable S3 Object Versioning 

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures. 

Replicate S3 Buckets 

AWS offers a built-in mechanism for replicating buckets to different S3 buckets for backup purposes, including mitigating malicious delete operations.

Prevent Deletion with S3 Object Lock 

Per AWS, Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.

Use GuardDuty S3 Findings 

GuardDuty monitors and generates findings for suspicious access to data stored in your S3 buckets.

Prowler Ransomware Checks

Running a Prowler check is quick and easy. The basic command is prowler, and if you run it without options it will use your environment variable credentials (if they exist) or will default to using the ~/.aws/credentials file and run checks over all regions when needed. To install prowler just make sure you have Python 3.9 or newer and PIP then pip install prowler.

To run a single check, use option -c and the check ID:

prowler aws -c cloudtrail_logs_s3_bucket_is_not_publicly_accessible

For multiple checks, separate them with a comma: 

prowler aws -c cloudtrail_logs_s3_bucket_is_not_publicly_accessible \
           ec2_ebs_public_snapshot \
           s3_bucket_public_access

Check out the Prowler docs for the full usage details and tutorials. 

Check for open common ports

  • SSH access via EC2 Security Group (Server-level control)
  • RDP access via EC2 Security Group (Server-level control)
  • SSH access via Network ACL (Subnet-level control)
  • Microsoft RDP via Network ACL
  • FTP ports 20 or 21
  • Kafka port 9092
  • Telnet port 23
  • Windows SQL Server ports 1433 or 1434
  • Network ACLs ingress from 0.0.0.0/0 to any port
  • Security groups ingress from 0.0.0.0/0 or ::/0 to any port
  • Oracle ports 1521 or 2483
  • MySQL port 3306
  • Postgres port 5432
  • Redis port 6379
  • MongoDB ports 27017 and 27018
  • Cassandra ports 7199 or 9160 or 8888
  • Memcached port 11211
  • Elasticsearch/Kibana ports

Check now if you have any of those ports open to the internet with:

prowler aws -c ec2_networkacl_allow_ingress_any_port \
ec2_networkacl_allow_ingress_tcp_port_22 \
ec2_networkacl_allow_ingress_tcp_port_3389 \
ec2_securitygroup_allow_ingress_from_internet_to_any_port \
ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 \
ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23

Internet-exposed Resources

The list of things you don’t want exposed to the internet is pretty significant. Thankfully, Prowler has you covered with these checks for resources that could be set as public:

  • EBS Snapshots
  • EC2 AMIs
  • ECR repositories
  • RDS instances
  • Elastic Load Balancers 
  • EC2 Instances
  • EC2 instances with Instance Profiles attached
  • Redshift Clusters
  • Elasticsearch Service (ES) domains (or if it has open policy access)
  • RDS and Cluster Snapshots
  • SQS queues policy 
  • SNS topics policy 
  • API Gateway endpoint
  • Exposed KMS keys
  • S3 bucket for CloudTrail logs: Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.
  • Lambda functions’ resource-based policies

Check now if you have internet exposed resources with:

prowler aws -c ec2_ebs_public_snapshot \
           ec2_ami_public \
           ecr_repositories_not_publicly_accessible \
           rds_instance_no_public_access \
           elb_internet_facing \
           elbv2_internet_facing \
           ec2_instance_public_ip \
           ec2_instance_internet_facing_with_instance_profile \
           redshift_cluster_public_access \
           opensearch_service_domains_not_publicly_accessible \
           rds_snapshots_public_access \
           sqs_queues_not_publicly_accessible \
           sns_topics_not_publicly_accessible \
           apigateway_endpoint_public \
           kms_key_not_publicly_accessible \
           cloudtrail_logs_s3_bucket_is_not_publicly_accessible \
           awslambda_function_not_publicly_accessible

There’s a few other useful checks in this set: 

  • Are CloudFront distributions set to HTTPS
  • S3 buckets that are open to Everyone or Any AWS user
  • S3 buckets which allow WRITE access
  • Ensure a log metric filter and alarm exist for S3 bucket policy changes: Monitoring unauthorized API calls will help reveal application errors and detect malicious activity.
  • Do S3 buckets have Object-level logging enabled in CloudTrail: You can’t use logs for threat analysis if they don’t exist! 
  • Do S3 buckets have default encryption (SSE) enabled: Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.
  • Check if EFS File systems have backup enabled
  • Ensure EKS Clusters are created with Private Endpoint Enabled and Public Access Disabled
  • Find VPC security groups with wide-open public IPv4 CIDR ranges 
  • Restrict Access to the EKS Control Plane Endpoint
  • Check if any of the Elastic or Public IP are in Shodan 
  • Check connection and authentication for both:
    • Internet exposed Elasticsearch/Kibana ports 
    • Internet exposed Amazon Elasticsearch Service (ES) domains 

Check all these with:

prowler aws -c cloudfront_distributions_https_enabled \
           s3_bucket_public_access \
           s3_bucket_policy_public_write_access \
           cloudwatch_log_metric_filter_for_s3_bucket_policy_changes \
           cloudtrail_s3_dataevents_write_enabled \
           s3_bucket_default_encryption \
           cloudfront_distributions_logging_enabled \
           eks_endpoints_not_publicly_accessible \
           ec2_securitygroup_allow_wide_open_public_ipv4 \
           eks_control_plane_endpoint_access_restricted \
           ec2_instance_public_ip

If you have a Shodan.io API key, add this at the end:

--shodan <shodan_api_key>

RDS Checks

  • Publicly accessible RDS instances: Publicly accessible databases could expose sensitive data to bad actors—check if they exist, and if so, confirm there is a legitimate business reason.
  • Are RDS Snapshots or Cluster Snapshots public: If your RDS snapshot is public then the data which is backed up in that snapshot is accessible to all other AWS accounts.
  • Is storage encrypted: Use a CMK where possible, which will provide additional management and privacy benefits.
  • Is automated backup enabled: Be sure you have automated backup established for production data, with a clearly defined retention period. 
  • Are RDS instances integrated with CloudWatch logs: These logs help you monitor how your services are being used and assist with threat analysis when needed.
  • Is deletion protection enabled: If not, you can set it up in your AWS management console for any of your production instances.
  • Is minor version upgrade enabled: Auto Minor Version Upgrade does pretty much what it says: it automatically upgrades when a new minor database engine version is available. Such minor version upgrades often patch security vulnerabilities and fix bugs.
  • Is enhanced monitoring enabled: First you need to create an IAM role and then you can enable Enhanced Monitoring, which uses a smaller monitoring interval for more frequent reporting of OS metrics.
  • Is multi-AZ enabled: With a single-AZ deployment configuration, Amazon RDS can’t automatically fail over to a standby availability zone.

Check  RDS now with:

prowler aws --service rds

Stay tuned for the next post in this series!


Sign up for Prowler Training

This free course covers everything from the history of Prowler to advanced features.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.

Continuous AWS IAM Security With Prowler

Ensuring proper, consistent Identity and Access Management (IAM) in AWS is both a toil-heavy chore and a persistent risk. Often, engineers are expected to be responsible for this when they may or may not know what the specific access should look like for their application. In other cases, a lone (and typically overwhelmed) cloud security expert is saddled with an insurmountable amount of custom policy development, which can significantly slow down engineering and product release velocity. In the worst case scenario, overly permissive configurations can lead to an event like the Capital One hack in 2019.

It doesn’t have to be this way. You can have development velocity and security working in lockstep with just a few easy Prowler IAM checks. (If you’re not familiar with Prowler, check out our first post in this series.) For each check we list below, you’ll also get remediation steps to help if your environment fails that check.

The Prowler IAM checks fall into roughly 5 groupings that are based off the AWS IAM Security best practices:

Root Account Protections

AWS recommends that you treat your root user access key “like you would your credit card numbers or any other sensitive secrets.” You only want it to set up your admin account, and then you want to use roles and groups to delegate permissions. This set of checks helps you see if/when the root account has been accessed, ensure MFA is enabled, and control access keys for the root account, including:

Key and Credential Rotation

AWS recommends rotating access keys every 90 days, and disabling credentials that are unused for 90 days or greater. These checks confirm those timelines, plus an extra one for those that prefer a shorter window.

Password Hygiene

Policing passwords is no fun, and if you use SAML you don’t have to worry about this (but having these checks properly set up is still a good practice)! If you are using AWS IAM as a user and password database, these checks make it simple to see if something snuck through that shouldn’t have. This set checks for:

Admin/Ops Details

Keep your who, where, what details up to date in case something goes wrong. This set covers important details like:

Users, Roles, and Groups

By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles. AWS recommends that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grows. Reducing access management complexity may in turn reduce the opportunity for a user to inadvertently receive or retain excessive privileges. This set verifies that:

Privilege Escalation

We made a special category for this, because it’s something that can catch you off guard in really nasty ways. Essentially, users with some IAM permissions may be allowed to elevate their privileges up to administrator rights. It’s critical to know if you have any of those privileges lurking in your infrastructure that an attacker could potentially exploit, from things like creating a new version of an IAM policy, to making a new EC2 instance and gaining access to all the permissions that the associated instance profile/service role has, or creating a new user access key that could grant them full administrator access (and a bunch more bad things that stem from privilege escalation). 

Logs and Alerts

Root account logins, unauthorized API calls, and policy changes or auth failures could all be simple mistakes or signs of malicious activity. Either way, find out as soon as possible with this set of checks that makes sure log metric filters and alarms exist for:

This is the tip of the Prowler iceberg, which has over 240 checks for comprehensive coverage of all your AWS use cases. Stay tuned for our next post in this series, which covers key Prowler checks for preventing ransomware attacks.


Sign up for Prowler Training

This free course covers everything from the history of Prowler to advanced features.


Toni de la Fuente

Founder of Prowler Open Source & Lead of Prowler Pro

I’m founder of Prowler Open Source, tool for AWS security best practices. I also worked for AWS as security engineer and security consultant. I’m passionate about FLOSS (Free Libre Open Source Software) in general and Information Security, Incident Response and Digital Forensics in particular. I like everything related to cloud computing and automation. I have done some things for security and the Open Source community like Prowler, phpRADmin, Nagios plugin for Alfresco, Alfresco BART (backup tool). I’ve also contributed in books and courses related to Linux, Monitoring and AWS Security for PacktPublishing.