Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation.
Details
The tool includes hundreds of controls that align with various frameworks like CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, the AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme), and custom security frameworks.
“Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community,” Toni de la Fuente, the creator of Prowler, told Help Net Security.
You can run Prowler from your workstation, an EC2 instance, Fargate, or any other container, Codebuild, CloudShell, and Cloud9. The tool was written in Python using the AWS SDK (Boto3), Azure SDK, and GCP API Python Client.
Future plans
The developers are expanding Prowler with additional checks for Azure and GCP and full Kubernetes support in the upcoming version 4.0, which is scheduled for release in March.
A new feature, ‘filters,’ is being introduced to enable users to eliminate irrelevant elements, making their assessments more targeted and meaningful, complemented by new local dashboards. This is just a part of the exciting updates on the horizon.
Prowler is available for free on GitHub.
Must read: 15 open-source cybersecurity tools you’ll wish you’d known earlier
More open-source tools to consider: