Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
Project description
Prowler SaaS and Prowler Open Source are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
Learn more at prowler.com
Description
Prowler is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call Prowler SaaS.
Prowler CLI
prowler <provider>
Prowler Dashboard
prowler dashboard
It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
Provider | Checks | Services | Compliance Frameworks | Categories |
---|---|---|---|---|
AWS | 553 | 77 -> prowler aws --list-services |
30 -> prowler aws --list-compliance |
9 -> prowler aws --list-categories |
GCP | 77 | 13 -> prowler gcp --list-services |
2 -> prowler gcp --list-compliance |
2 -> prowler gcp --list-categories |
Azure | 138 | 17 -> prowler azure --list-services |
3 -> prowler azure --list-compliance |
2 -> prowler azure --list-categories |
Kubernetes | 83 | 7 -> prowler kubernetes --list-services |
1 -> prowler kubernetes --list-compliance |
7 -> prowler kubernetes --list-categories |
💻 Installation
Pip package
Prowler is available as a project in PyPI, thus can be installed using pip with Python >= 3.9, < 3.13:
pip install prowler
prowler -v
More details at https://docs.prowler.com
Containers
The available versions of Prowler are the following:
latest
: in sync withmaster
branch (bear in mind that it is not a stable version)v3-latest
: in sync withv3
branch (bear in mind that it is not a stable version)<x.y.z>
(release): you can find the releases here, those are stable releases.stable
: this tag always point to the latest release.v3-stable
: this tag always point to the latest release for v3.
The container images are available here:
From GitHub
Python >= 3.9, < 3.13 is required with pip and poetry:
git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -v
If you want to clone Prowler from Windows, use
git config core.longpaths true
to allow long file paths.
📐✏️ High level architecture
You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.
Deprecations from v3
General
Allowlist
now is calledMutelist
.- The
--quiet
option has been deprecated, now use the--status
flag to select the finding's status you want to get from PASS, FAIL or MANUAL. - All
INFO
finding's status has changed toMANUAL
. - The CSV output format is common for all the providers.
We have deprecated some of our outputs formats:
- The native JSON is replaced for the JSON OCSF v1.1.0, common for all the providers.
AWS
- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
- To send only FAILS to AWS Security Hub, now use either
--send-sh-only-fails
or--security-hub --status FAIL
.
📖 Documentation
Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/
📃 License
Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file prowler-4.5.3.tar.gz
.
File metadata
- Download URL: prowler-4.5.3.tar.gz
- Upload date:
- Size: 1.9 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.4 CPython/3.10.12 Linux/6.5.0-1025-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0c37d0c6421db72c03147fc709d28876c7b0346793802f76a0dd593265fd6642 |
|
MD5 | abd5260b44b0a535e234c05b4d8ed858 |
|
BLAKE2b-256 | efef289bcb8057568833bbefd415ba7d16823897df2b1772de4a7f9484ce148d |
File details
Details for the file prowler-4.5.3-py3-none-any.whl
.
File metadata
- Download URL: prowler-4.5.3-py3-none-any.whl
- Upload date:
- Size: 3.6 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.4 CPython/3.10.12 Linux/6.5.0-1025-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ede3af99a81f13277782862017e0249b9a3d40ccee8484929a89245dc1c9c3e2 |
|
MD5 | 252c3c464f7618037f5b40e09d5aeb16 |
|
BLAKE2b-256 | af91cd1d21600ecd2ad8e3bc78046fa4a3ebf20335cfcf8ce7e9e33419d43f55 |