DEV Community

Madhu Kumar for AWS Community Builders

Posted on

How to perform AWS security best practices assessments, incident response and forensics readiness with Prowler

Prowler

Description

Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response.

It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks including related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2 and others.

Read more about CIS Amazon Web Services Foundations Benchmark v1.2.0 - 05-23-2018

High level architecture

Prowler

Requirements and Installation

Prowler has been written in bash using AWS-CLI underneath and it works in Linux, Mac OS or Windows with cygwin or virtualisation. Also requires jq and detect-secrets to work properly.

Installing on macOS:

Pre-requisites-1: Install awscli
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

 ~ ๎‚ฐ brew install awscli                                                                                                                                                          
==> Downloading https://ghcr.io/v2/homebrew/core/gdbm/manifests/1.23
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/gdbm/blobs/sha256:0d0aeea95f9e7b4ccfa1e8d7f3a83b3b4d604eac1178e4f88ad51d132ad1f7cd
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:0d0aeea95f9e7b4ccfa1e8d7f3a83b3b4d604eac1178e4f88ad51d132ad1f7cd?se=2022-02-27T11%3A50%3A00Z&sig=dJo3OQOO0eZnkuyklfneSj
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/mpdecimal/manifests/2.5.1
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/mpdecimal/blobs/sha256:73e9acc9ca851c0d7fb92fdb223bf63595c319d7c5e01049388ce7989777852c
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:73e9acc9ca851c0d7fb92fdb223bf63595c319d7c5e01049388ce7989777852c?se=2022-02-27T11%3A50%3A00Z&sig=bCdulNokukDii1yNIdDppm
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/ca-certificates/manifests/2022-02-01
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/ca-certificates/blobs/sha256:40e00f88df310bc2dc42aefb3e834c0a3022f125fecdf21f26431d12a104dbc0
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:40e00f88df310bc2dc42aefb3e834c0a3022f125fecdf21f26431d12a104dbc0?se=2022-02-27T11%3A50%3A00Z&sig=FHgfhW%2Bb7DoB%2FIvJPL
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/openssl/1.1/manifests/1.1.1m
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/openssl/1.1/blobs/sha256:bac056f55bf254752ed522eccf37cf2c7cfdc38d46b2c469a777f5feb41cbbc4
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:bac056f55bf254752ed522eccf37cf2c7cfdc38d46b2c469a777f5feb41cbbc4?se=2022-02-27T11%3A50%3A00Z&sig=ihmy38A%2B1XtzeN0CBQv0
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/readline/manifests/8.1.2
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/readline/blobs/sha256:976185ec243284d74eb8b9c554d944cbc0208c26495193bcd28fdf12a08f134e
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:976185ec243284d74eb8b9c554d944cbc0208c26495193bcd28fdf12a08f134e?se=2022-02-27T11%3A50%3A00Z&sig=j6pYkvoxke%2FwvMAKy8iI
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/sqlite/manifests/3.38.0
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/sqlite/blobs/sha256:9e77132d9e64fcca7abb562cf6980ce578f961041187dbf84b6d1d85eb2388a2
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:9e77132d9e64fcca7abb562cf6980ce578f961041187dbf84b6d1d85eb2388a2?se=2022-02-27T11%3A50%3A00Z&sig=dGAHhFNTH6moSeW1fSgZJ2
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/xz/manifests/5.2.5
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/xz/blobs/sha256:099055bb0afb3dfd454e72ce2228a0fad54e90ef63577e33d18b9c92a444317a
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:099055bb0afb3dfd454e72ce2228a0fad54e90ef63577e33d18b9c92a444317a?se=2022-02-27T11%3A50%3A00Z&sig=WtJ1o5hzyyVhscY3o2Ln91
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/python/3.9/manifests/3.9.10
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/python/3.9/blobs/sha256:be3b63b24b595b7dadd25913c916cdf1c451cd5cf8068b3b2e98e6d8c40012a4
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:be3b63b24b595b7dadd25913c916cdf1c451cd5cf8068b3b2e98e6d8c40012a4?se=2022-02-27T11%3A50%3A00Z&sig=C2XDSS%2FrlaogO%2F24FG
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/six/manifests/1.16.0_2-1
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/six/blobs/sha256:560f73cafaea617d44f93beffdac91ac3b93095b1b64ff3877c5c4903f1cb001
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:560f73cafaea617d44f93beffdac91ac3b93095b1b64ff3877c5c4903f1cb001?se=2022-02-27T11%3A50%3A00Z&sig=Qar1WPal%2BEZOCiycUwM2
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/awscli/manifests/2.4.21
######################################################################## 100.0%
==> Downloading https://ghcr.io/v2/homebrew/core/awscli/blobs/sha256:8509e291d1bac898b135f57ea5997057752bc48f96e92a8bc39ad8816239b202
==> Downloading from https://pkg-containers.githubusercontent.com/ghcr1/blobs/sha256:8509e291d1bac898b135f57ea5997057752bc48f96e92a8bc39ad8816239b202?se=2022-02-27T11%3A50%3A00Z&sig=0YHe4d3%2BLQ2OgcGlm89B
######################################################################## 100.0%
==> Installing dependencies for awscli: gdbm, mpdecimal, ca-certificates, openssl@1.1, readline, sqlite, xz, python@3.9 and six
==> Installing awscli dependency: gdbm
==> Pouring gdbm--1.23.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/gdbm/1.23: 24 files, 956.7KB
==> Installing awscli dependency: mpdecimal
==> Pouring mpdecimal--2.5.1.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/mpdecimal/2.5.1: 71 files, 2.1MB
==> Installing awscli dependency: ca-certificates
==> Pouring ca-certificates--2022-02-01.all.bottle.tar.gz
==> Regenerating CA certificate bundle from keychain, this may take a while...
๐Ÿบ  /usr/local/Cellar/ca-certificates/2022-02-01: 3 files, 213.4KB
==> Installing awscli dependency: openssl@1.1
==> Pouring openssl@1.1--1.1.1m.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/openssl@1.1/1.1.1m: 8,081 files, 18.5MB
==> Installing awscli dependency: readline
==> Pouring readline--8.1.2.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/readline/8.1.2: 48 files, 1.6MB
==> Installing awscli dependency: sqlite
==> Pouring sqlite--3.38.0.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/sqlite/3.38.0: 11 files, 4.4MB
==> Installing awscli dependency: xz
==> Pouring xz--5.2.5.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/xz/5.2.5: 95 files, 1.3MB
==> Installing awscli dependency: python@3.9
==> Pouring python@3.9--3.9.10.monterey.bottle.tar.gz
==> /usr/local/Cellar/python@3.9/3.9.10/bin/python3 -m ensurepip
==> /usr/local/Cellar/python@3.9/3.9.10/bin/python3 -m pip install -v --no-deps --no-index --upgrade --isolated --target=/usr/local/lib/python3.9/site-packages /usr/local/Cellar/python@3.9/3.9.10/Framewor
๐Ÿบ  /usr/local/Cellar/python@3.9/3.9.10: 3,080 files, 54.9MB
==> Installing awscli dependency: six
==> Pouring six--1.16.0_2.all.bottle.1.tar.gz
๐Ÿบ  /usr/local/Cellar/six/1.16.0_2: 20 files, 122.3KB
==> Installing awscli
==> Pouring awscli--2.4.21.monterey.bottle.tar.gz
==> Caveats
The "examples" directory has been installed to:
  /usr/local/share/awscli/examples

zsh completions and functions have been installed to:
  /usr/local/share/zsh/site-functions
==> Summary
๐Ÿบ  /usr/local/Cellar/awscli/2.4.21: 12,403 files, 98.0MB
==> Running `brew cleanup awscli`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
==> Caveats
==> awscli
The "examples" directory has been installed to:
  /usr/local/share/awscli/examples

zsh completions and functions have been installed to:
  /usr/local/share/zsh/site-functions

Enter fullscreen mode Exit fullscreen mode

Pre-requisites-2: Install jq

jq is a lightweight and flexible command-line JSON processor

 ~/Documents/prowler/prowler  master ๎‚ฐ brew install jq                                                                                                                                       
==> Downloading https://ghcr.io/v2/homebrew/core/jq/manifests/1.6-1
Already downloaded: /Users/macpro/Library/Caches/Homebrew/downloads/fc2724606b6ebef1ba0db7d7ae84cfca1df8cfed9e58e3a8714413b3676935f7--jq-1.6-1.bottle_manifest.json
==> Downloading https://ghcr.io/v2/homebrew/core/jq/blobs/sha256:7fee6ea327062b37d34ef5346a84810a1752cc7146fff1223fab76c9b45686e0
Already downloaded: /Users/macpro/Library/Caches/Homebrew/downloads/de57802c1c3740b0761a664bea8c9f15347d4049295d0c81cd6368eda6b34953--jq--1.6.monterey.bottle.1.tar.gz
==> Pouring jq--1.6.monterey.bottle.1.tar.gz
๐Ÿบ  /usr/local/Cellar/jq/1.6: 18 files, 1.1MB
==> Running `brew cleanup jq`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Enter fullscreen mode Exit fullscreen mode

Pre-requisites-3: Install detect-secrets

 ~/Documents/prowler/prowler  master ๎‚ฐ brew install detect-secrets                                                                                                                       
Running `brew update --preinstall`...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> Updated Formulae
Updated 2 formulae.

==> Downloading https://ghcr.io/v2/homebrew/core/detect-secrets/manifests/1.2.0
Already downloaded: /Users/macpro/Library/Caches/Homebrew/downloads/2bc8b428481bdd5d7b761dd35c815afc1f89566bba036e3f3024095a08847c56--detect-secrets-1.2.0.bottle_manifest.json
==> Downloading https://ghcr.io/v2/homebrew/core/detect-secrets/blobs/sha256:483d2bd7fa7a791cef6d92273d53c40c32055d986f9976eef5d78332d16b47b0
Already downloaded: /Users/macpro/Library/Caches/Homebrew/downloads/02f1e9c7e1532b55d0186fc4edc39578e0f571e161d6fd7f5a82ccbe83192020--detect-secrets--1.2.0.monterey.bottle.tar.gz
==> Pouring detect-secrets--1.2.0.monterey.bottle.tar.gz
๐Ÿบ  /usr/local/Cellar/detect-secrets/1.2.0: 937 files, 11.6MB
==> Running `brew cleanup detect-secrets`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Enter fullscreen mode Exit fullscreen mode

Pre-requisites-4: aws configure

Run "aws configure" and enter the required values to access your AWS account and run the audits. Prowler uses aws-cli in the background, so it uses your existing AWS credentials that you entered in "aws configure" to perform the audits.

~/Documents/prowler/prowler  master ๎‚ฐ aws configure                                                                                                                                    
AWS Access Key ID [****************:
AWS Secret Access Key [****************]:
Default region name [eu-xxxxxx-1]:
Default output format [json]:
Enter fullscreen mode Exit fullscreen mode

Install prowler

Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response.

Install Prowler on macOS:

 ~/Documents/prowler ๎‚ฐ git clone https://github.com/prowler-cloud/prowler                                                                                                                 

Cloning into 'prowler'...
remote: Enumerating objects: 9457, done.
remote: Counting objects: 100% (3011/3011), done.
remote: Compressing objects: 100% (940/940), done.
remote: Total 9457 (delta 2260), reused 2699 (delta 2063), pack-reused 6446
Receiving objects: 100% (9457/9457), 55.23 MiB | 25.25 MiB/s, done.
Resolving deltas: 100% (6780/6780), done.

 ~/Documents/prowler ๎‚ฐ ls                                                                                                                                                                    
prowler

 ~/Documents/prowler ๎‚ฐ cd prowler                                                                                                                                                            

 ~/Documents/prowler/prowler  master ๎‚ฐ ls                                                                                                                                            
48:                          Pipfile                      command                      iam                          line                         util
CODE_OF_CONDUCT.md           README.md                    docs                         include                      not                          whitelist_sample.txt
LICENSE                      checklist.txt                found                        integrations                 output
LIST_OF_CHECKS_AND_GROUPS.md checks                       groups                       jq:                      prowler
Enter fullscreen mode Exit fullscreen mode

Prowler in action

Sample screenshot of default console report first lines of command ./prowler:
Image description

Sample screenshot of the html output -M html:
Image description

Trust Boundaries Checks:
This group of checks helps to analyse a particular AWS account (subject) on existing links to other AWS accounts across various AWS services, in order to identify untrusted links.

~/Documents/prowler/prowler  master ๎‚ฐ ./prowler -g trustboundaries                                                                                                               
                          _
  _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |
 | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.7.0-24January2022
 |_| the handy cloud security tool
 Date: Sun 27 Feb 2022 15:32:33 CET
 Color code for results:
 -  INFO (Information)
 -  PASS (Recommended value)
 -  WARNING (Ignored by whitelist)
 -  FAIL (Fix required)
 This report is being generated using credentials below:
 AWS-CLI Profile: [default] AWS API Region: [eu-central-1] AWS Filter Region: [all]
 AWS Account: [xxxxxxxxxxx] UserId: [xxxxxxxxxxx]
 Caller Identity ARN: [arn:aws:iam::xxxxxx:user/xxxxxx]
16.0 Find cross-account trust boundaries - [trustboundaries] ******* -  []
7.89 [extra789] Find trust boundaries in VPC endpoint services connections - vpc [Medium]
7.90 [extra790] Find trust boundaries in VPC endpoint services whitelisted principles - vpc [Medium]
Enter fullscreen mode Exit fullscreen mode

Generate Forensics ready report:

~/Documents/prowler/prowler  master ๎‚ฐ ./prowler -M html -g forensics-ready                                                                                                          
                          _
  _ __  _ __ _____      _| | ___ _ __
 | '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
 | |_) | | | (_) \ V  V /| |  __/ |
 | .__/|_|  \___/ \_/\_/ |_|\___|_|v2.7.0-24January2022
 |_| the handy cloud security tool
 Date: Sun 27 Feb 2022 13:55:25 CET
 Color code for results:
 -  INFO (Information)
 -  PASS (Recommended value)
 -  WARNING (Ignored by whitelist)
 -  FAIL (Fix required)
 This report is being generated using credentials below:
 AWS-CLI Profile: [default] AWS API Region: [eu-xxxxx-1] AWS Filter Region: [all]
 AWS Account: [xxxxxx] UserId: [xxxxxxxx]
 Caller Identity ARN: [arn:aws:iam::xxxxxx:user/xxxxxx]
8.0 Forensics Readiness - [forensics-ready] ************************ -  []
2.1 [check21] Ensure CloudTrail is enabled in all regions - cloudtrail [High]
2.2 [check22] Ensure CloudTrail log file validation is enabled - cloudtrail [Medium]
       PASS! eu-central-1: Trail arn:aws:cloudtrail:eu-central-1:xxxxxxx:trail/xxx_xxx_Trail log file validation enabled
2.3 [check23] Ensure the S3 bucket CloudTrail logs to is not publicly accessible - cloudtrail [Critical]
2.4 [check24] Ensure CloudTrail trails are integrated with CloudWatch Logs - cloudtrail [Low]
2.5 [check25] Ensure AWS Config is enabled in all regions - configservice [Medium]
       PASS! eu-north-1: AWS Config recorder enabled
       FAIL! ap-south-1: AWS Config recorder disabled
       FAIL! eu-west-3: AWS Config recorder disabled
       FAIL! eu-west-2: AWS Config recorder disabled
       FAIL! eu-west-1: AWS Config recorder disabled
       FAIL! ap-northeast-3: AWS Config recorder disabled
       FAIL! ap-northeast-2: AWS Config recorder disabled
       FAIL! ap-northeast-1: AWS Config recorder disabled
       FAIL! sa-east-1: AWS Config recorder disabled
       FAIL! ca-central-1: AWS Config recorder disabled
       FAIL! ap-southeast-1: AWS Config recorder disabled
       FAIL! ap-southeast-2: AWS Config recorder disabled
       FAIL! eu-central-1: AWS Config recorder disabled
       FAIL! us-east-1: AWS Config recorder disabled
       FAIL! us-east-2: AWS Config recorder disabled
       FAIL! us-west-1: AWS Config recorder disabled
       FAIL! us-west-2: AWS Config recorder disabled
2.6 [check26] Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket - s3 [Medium]
2.7 [check27] Ensure CloudTrail logs are encrypted at rest using KMS CMKs - cloudtrail [Medium]
2.9 [check29] Ensure VPC Flow Logging is Enabled in all VPCs - vpc [Medium]
       FAIL! eu-north-1: VPC vpc-xxxxxx VPCFlowLog is disabled
       FAIL! ap-south-1: VPC vpc-xxxxxx VPCFlowLog is disabled
       FAIL! eu-west-3: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! eu-west-2: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! ap-northeast-3: VPC vpc-xx VPCFlowLog is disabled
       FAIL! ap-northeast-2: VPC vpc-xx VPCFlowLog is disabled
       FAIL! ap-northeast-1: VPC vpc-xx VPCFlowLog is disabled
       FAIL! sa-east-1: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! ca-central-1: VPC vpc-xxxx VPCFlowLog is disabled
       FAIL! ap-southeast-1: VPC vpc-xx VPCFlowLog is disabled
       FAIL! ap-southeast-2: VPC vpc-xx VPCFlowLog is disabled
       FAIL! eu-central-1: VPC vpc-xxxx VPCFlowLog is disabled
       FAIL! eu-central-1: VPC vpc-xxxx VPCFlowLog is disabled
       FAIL! eu-central-1: VPC vpc-xxxx VPCFlowLog is disabled
       FAIL! eu-central-1: VPC vpc-xxxx VPCFlowLog is disabled
       FAIL! us-east-1: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! us-east-2: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! us-west-1: VPC vpc-xxxxxxx VPCFlowLog is disabled
       FAIL! us-west-2: VPC vpc-xxxxxxx VPCFlowLog is disabled
7.12 [extra712] Check if Amazon Macie is enabled - macie [Low]
       FAIL! eu-central-1: No Macie related IAM roles found. It is most likely not to be enabled
7.13 [extra713] Check if GuardDuty is enabled - guardduty [High]
       PASS! eu-north-1: GuardDuty detector xxxxxxx enabled
       PASS! ap-south-1: GuardDuty detector xxxxxxx enabled
       PASS! eu-west-3: GuardDuty detector xxxxxxx enabled
       PASS! eu-west-2: GuardDuty detector xxxxxxx enabled
       PASS! eu-west-1: GuardDuty detector xxxxxxx enabled
       FAIL! ap-northeast-3: GuardDuty detector not configured!
       PASS! ap-northeast-2: GuardDuty detector xxxxxx enabled
       PASS! ap-northeast-1: GuardDuty detector xxxxxx enabled
       PASS! sa-east-1: GuardDuty detector xxxxxxx enabled
       PASS! ca-central-1: GuardDuty detector xxxxxxx enabled
       PASS! ap-southeast-1: GuardDuty detector xxxxxx enabled
       PASS! ap-southeast-2: GuardDuty detector xxxxxx enabled
       PASS! eu-central-1: GuardDuty detector xxxxxxx enabled
       PASS! us-east-1: GuardDuty detector xxxxxxx enabled
       PASS! us-east-2: GuardDuty detector xxxxxxx enabled
       PASS! us-west-1: GuardDuty detector xxxxxxx enabled
       PASS! us-west-2: GuardDuty detector xxxxxxx enabled
7.14 [extra714] Check if CloudFront distributions have logging enabled - cloudfront [Medium]
       INFO! eu-central-1: No CloudFront distributions found
7.15 [extra715] Check if Amazon Elasticsearch Service (ES) domains have logging enabled - es [Medium]
       INFO! eu-north-1: No Amazon ES domain found
       INFO! ap-south-1: No Amazon ES domain found
       INFO! eu-west-3: No Amazon ES domain found
       INFO! eu-west-2: No Amazon ES domain found
       INFO! eu-west-1: No Amazon ES domain found
       INFO! ap-northeast-3: No Amazon ES domain found
       INFO! ap-northeast-2: No Amazon ES domain found
       INFO! ap-northeast-1: No Amazon ES domain found
       INFO! sa-east-1: No Amazon ES domain found
       INFO! ca-central-1: No Amazon ES domain found
       INFO! ap-southeast-1: No Amazon ES domain found
       INFO! ap-southeast-2: No Amazon ES domain found
       INFO! eu-central-1: No Amazon ES domain found
       INFO! us-east-1: No Amazon ES domain found
       INFO! us-east-2: No Amazon ES domain found
       INFO! us-west-1: No Amazon ES domain found
       INFO! us-west-2: No Amazon ES domain found
7.17 [extra717] Check if Elastic Load Balancers have logging enabled - elb [Medium]
       INFO! eu-north-1: No ELBs found
       INFO! ap-south-1: No ELBs found
       INFO! eu-west-3: No ELBs found
       INFO! eu-west-2: No ELBs found
       INFO! eu-west-1: No ELBs found
       INFO! ap-northeast-3: No ELBs found
       INFO! ap-northeast-2: No ELBs found
       INFO! ap-northeast-1: No ELBs found
       INFO! sa-east-1: No ELBs found
       INFO! ca-central-1: No ELBs found
       INFO! ap-southeast-1: No ELBs found
       INFO! ap-southeast-2: No ELBs found
       INFO! eu-central-1: No ELBs found
       INFO! us-east-1: No ELBs found
       INFO! us-east-2: No ELBs found
       INFO! us-west-1: No ELBs found
       INFO! us-west-2: No ELBs found
7.18 [extra718] Check if S3 buckets have server access logging enabled - s3 [Medium]
7.19 [extra719] Check if Route53 public hosted zones are logging queries to CloudWatch Logs - route53 [Medium]
       INFO! eu-central-1: No Route53 hosted zones found
7.20 [extra720] Check if Lambda functions invoke API operations are being recorded by CloudTrail - lambda [Low]
       INFO! ap-south-1: No Lambda functions found
       INFO! eu-west-3: No Lambda functions found
       INFO! eu-west-2: No Lambda functions found
       INFO! eu-west-1: No Lambda functions found
       FAIL! ap-northeast-3: Lambda function CUSTOM_CENTRALIZED_CLOUDTRAIL_CHECK NOT enabled in trail arn:aws:cloudtrail:eu-xxxxx-1:xxxxxxxxx:trail/xxx_xxx_Trail
       INFO! ap-northeast-2: No Lambda functions found
       INFO! ap-northeast-1: No Lambda functions found
       INFO! sa-east-1: No Lambda functions found
       INFO! ca-central-1: No Lambda functions found
       INFO! ap-southeast-1: No Lambda functions found
       INFO! ap-southeast-2: No Lambda functions found
       INFO! eu-central-1: No Lambda functions found
       INFO! us-east-1: No Lambda functions found
       INFO! us-east-2: No Lambda functions found
       INFO! us-west-1: No Lambda functions found
       INFO! us-west-2: No Lambda functions found
7.21 [extra721] Check if Redshift cluster has audit logging enabled - redshift [Medium]
       INFO! eu-north-1: No Redshift cluster configured
       INFO! ap-south-1: No Redshift cluster configured
       INFO! eu-west-3: No Redshift cluster configured
       INFO! eu-west-2: No Redshift cluster configured
       INFO! eu-west-1: No Redshift cluster configured
       INFO! ap-northeast-3: No Redshift cluster configured
       INFO! ap-northeast-2: No Redshift cluster configured
       INFO! ap-northeast-1: No Redshift cluster configured
       INFO! sa-east-1: No Redshift cluster configured
       INFO! ca-central-1: No Redshift cluster configured
       INFO! ap-southeast-1: No Redshift cluster configured
       INFO! ap-southeast-2: No Redshift cluster configured
       INFO! eu-central-1: No Redshift cluster configured
       INFO! us-east-1: No Redshift cluster configured
       INFO! us-east-2: No Redshift cluster configured
       INFO! us-west-1: No Redshift cluster configured
       INFO! us-west-2: No Redshift cluster configured
7.22 [extra722] Check if API Gateway has logging enabled - apigateway [Medium]
       INFO! eu-north-1: No API Gateway found
       INFO! ap-south-1: No API Gateway found
       INFO! eu-west-3: No API Gateway found
       INFO! eu-west-2: No API Gateway found
       INFO! eu-west-1: No API Gateway found
       INFO! ap-northeast-3: No API Gateway found
       INFO! ap-northeast-2: No API Gateway found
       INFO! ap-northeast-1: No API Gateway found
       INFO! sa-east-1: No API Gateway found
       INFO! ca-central-1: No API Gateway found
       INFO! ap-southeast-1: No API Gateway found
       INFO! ap-southeast-2: No API Gateway found
       INFO! eu-central-1: No API Gateway found
       INFO! us-east-1: No API Gateway found
       INFO! us-east-2: No API Gateway found
       INFO! us-west-1: No API Gateway found
       INFO! us-west-2: No API Gateway found
7.25 [extra725] Check if S3 buckets have Object-level logging enabled in CloudTrail - s3 [Medium]
       FAIL! eu-central-1: S3 bucket aws-athena-query-results-eu-central-1-xxxxxxxxx has Object-level logging disabled
7.101 [extra7101] Check if Amazon Elasticsearch Service (ES) domains have audit logging enabled - es [Low]
       INFO! eu-north-1: No Amazon ES domain found
       INFO! ap-south-1: No Amazon ES domain found
       INFO! eu-west-3: No Amazon ES domain found
       INFO! eu-west-2: No Amazon ES domain found
       INFO! eu-west-1: No Amazon ES domain found
       INFO! ap-northeast-3: No Amazon ES domain found
       INFO! ap-northeast-2: No Amazon ES domain found
       INFO! ap-northeast-1: No Amazon ES domain found
       INFO! sa-east-1: No Amazon ES domain found
       INFO! ca-central-1: No Amazon ES domain found
       INFO! ap-southeast-1: No Amazon ES domain found
       INFO! ap-southeast-2: No Amazon ES domain found
       INFO! eu-central-1: No Amazon ES domain found
       INFO! us-east-1: No Amazon ES domain found
       INFO! us-east-2: No Amazon ES domain found
       INFO! us-west-1: No Amazon ES domain found
       INFO! us-west-2: No Amazon ES domain found
7.94 [extra794] Ensure EKS Control Plane Audit Logging is enabled for all log types - eks [Medium]
       INFO! eu-north-1: No EKS clusters found
       INFO! ap-south-1: No EKS clusters found
       INFO! eu-west-3: No EKS clusters found
       INFO! eu-west-2: No EKS clusters found
       INFO! eu-west-1: No EKS clusters found
       INFO! ap-northeast-3: No EKS clusters found
       INFO! ap-northeast-2: No EKS clusters found
       INFO! ap-northeast-1: No EKS clusters found
       INFO! sa-east-1: No EKS clusters found
       INFO! ca-central-1: No EKS clusters found
       INFO! ap-southeast-1: No EKS clusters found
       INFO! ap-southeast-2: No EKS clusters found
       INFO! eu-central-1: No EKS clusters found
       INFO! us-east-1: No EKS clusters found
       INFO! us-east-2: No EKS clusters found
       INFO! us-west-1: No EKS clusters found
       INFO! us-west-2: No EKS clusters found

Enter fullscreen mode Exit fullscreen mode

Conclusion

Prowler provides dozens of security configuration checks related to services such as Amazon Redshift, Amazon ElasticCache, Amazon API Gateway and Amazon CloudFront. Integrating Prowler with AWS Security Hub will provide posture information about resources not currently covered by existing Security Hub integrations or compliance standards.

Use AWS Fargate and Prowler to send security configuration findings about AWS services to Security Hub โ€” https://aws.amazon.com/blogs/security/use-aws-fargate-prowler-send-security-configuration-findings-about-aws-services-security-hub

Top comments (0)