vulcan-checks
vulcan-checks copied to clipboard
prowler v3
- Allow prowler check without assume role svc
- Upgrade to prowler 3
Prowler removed -g
and added --compliance
and now allow many more.
prowler aws --list-compliance
- cisa_aws
- soc2_aws
- cis_1.4_aws
- cis_1.5_aws
- mitre_attack_aws
- gdpr_aws
- aws_foundational_security_best_practices_aws
- iso27001_2013_aws
- hipaa_aws
- cis_2.0_aws
- gxp_21_cfr_part_11_aws
- aws_well_architected_framework_security_pillar_aws
- gxp_eu_annex_11_aws
- nist_800_171_revision_2_aws
- nist_800_53_revision_4_aws
- nist_800_53_revision_5_aws
- ens_rd2022_aws
- nist_csf_1.1_aws
- aws_well_architected_framework_reliability_pillar_aws
- aws_audit_manager_control_tower_guardrails_aws
- rbi_cyber_security_framework_aws
- ffiec_aws
- pci_3.2.1_aws
- fedramp_moderate_revision_4_aws
- fedramp_low_revision_4_aws
Also the CIS level
is not available as a parameter or json output. This PR loads an internal json file to allow infer the level.
TBD if we are going to extend the check to allow all the compliance supported by prowler or restrict to cis cis_2.0_aws
.