Skip to content

Prowler 4.0.0 - The Trooper

Compare
Choose a tag to compare
@jfagoagas jfagoagas released this 04 Apr 14:11
0659084

You'll take my life, but I'll take yours too
You'll fire your musket, but I'll run you through
So when you're waiting for the next attack
You'd better stand, there's no turning back

When I started Prowler almost eight years ago, I thought about calling it The Trooper (thetrooper as in the command line sounds good but I thought prowler was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and when you're waiting for the next attack, you'd better stand, there's no turning back

Enjoy Prowler - The Trooooooooper! 🤘🏽🔥 song!

Screenshot 2024-04-04 at 13 00 24

Breaking Changes

  • Allowlist now is called Mutelist
  • Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
  • The --quiet option has been deprecated, now use the --status flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
  • To send only FAILS to AWS Security Hub, now use either --send-sh-only-fails or --security-hub --status FAIL
  • All INFO finding's status has changed MANUAL.

We have deprecated some of our outputs formats:

  • The HTML is replaced for the new Prowler Dashboard (prowler dashboard)
  • The JSON is replaced for the JSON OCSF v1.1.0

New features to highlight in this version

Dashboard

  • Prowler has local dashboard to play with gathered data easier. Run prowler dashboard and enjoy overview data and compliance.
    Screenshot 2024-04-02 at 20 14 04 (1)

🎛️ New Kubernetes provider

  • Prowler has a new Kubernetes provider to improve the security posture of your clusters! Try it now with prowler kubernetes --kubeconfig-file <kube.yaml>
  • CIS Benchmark 1.8 for K8s is included.

📄 Compliance

  • All compliance frameworks are executed by default and stored in a new location: output/compliance

AWS

  • The AWS provider execution by default does not scan unused services, you can enable it with --scan-unused-services.
  • 2 new checks to detect possible threads, try it now with prowler aws --category threat-detection for Enumeration and Privilege Escalation type of activities.

🗺️ Azure

  • All Azure findings includes the location!
  • CIS Benchmark for Azure 2.0 and 2.1 is included.

🔇 Mutelist

  • The renamed mutelist feature is available for all the providers.
  • In AWS a default allowlist is included in the execution.

🌐 Outputs

  • Prowler now the outputs in a common format for all the providers.
  • The only JSON output now follows the OCSF Schema v1.1.0

💻 Providers

  • We have unified the way of including new providers for easier development and to add new ones.

🔨 Fixer

  • We have included a new argument --fix to allow you to remediate findings. You can list all the available fixers with prowler aws --list-fixers

Features

  • feat(mute list): change allowlist to mute list by @sergargar in #3039
  • feat(CloudProvider): introduce global provider Azure&GCP by @n4ch04 in #3069
  • feat(compliance): execute all compliance by default by @sergargar in #3003
  • feat(kubernetes): add Kubernetes provider by @sergargar in #3226
  • feat(status): add --status flag by @sergargar in #3238
  • feat(AwsProvider): include new structure for AWS provider by @n4ch04 in #3252
  • feat(kubernetes): add etcd, controllermanager and rbac services by @sergargar in #3261
  • feat(apiserver): new 9 Kubernetes ApiServer checks by @sergargar in #3288
  • feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3289
  • feat(apiserver): new 10 Kubernetes ApiServer checks by @sergargar in #3290
  • feat(controllermanager): add checks for Kubernetes Controller Manager by @sergargar in #3291
  • feat(etcd): add checks for Kubernetes etcd by @sergargar in #3294
  • feat(kubelet): add 10 checks of Kubernetes Kubelet service by @sergargar in #3302
  • feat(rbac): add 9 checks of Kubernetes RBAC service by @sergargar in #3314
  • feat(core): add 13 checks of Kubernetes Core service by @sergargar in #3315
  • feat(kubelet): add 6 checks of Kubelet configuration files on the worker nodes by @sergargar in #3335
  • feat(namespace): add --namespaces argument and solve bugs by @sergargar in #3431
  • feat(mutelist): add Mute List for all providers by @sergargar in #3548
  • feat(azure): locations added to Azure findings by @Hugo966 in #3596
  • feat(compliance): Add CIS 1.8 framework for Kubernetes by @pedrooot in #3600
  • feat(cloudtrail): add threat detection checks for AWS (enum and priv escalation) by @sergargar in #3602
  • feat(fixer): add Prowler Fixer feature! by @sergargar in #3634
  • feat(dashboards): add new Prowler dashboards by @pedrooot in #3575

Documentation

Fixes

  • fix(gcp): fix error in generating compliance by @sergargar in #3201
  • fix(kubernetes): improve in-cluster execution by @sergargar in #3397
  • fix(shodan): Make it available for all the providers by @jfagoagas in #3500
  • fix(azure): use subscriptions in get_locations by @jfagoagas in #3541
  • fix(compliance): fix csv output for framework Mitre Attack by @pedrooot in #3574
  • fix(quickinventory): Adapt for the new AWS provider class by @jfagoagas in #3569
  • fix(mapping): handle None attributes in data by @sergargar in #3588
  • fix(securityhub): Add validation and handle errors by @jfagoagas in #3590
  • fix(providers): import modules also from outside of directory by @sergargar in #3595

Chores

Full Changelog: 3.16.0...4.0.0