Prowler 5.0.2 - Powerslave

API

Fixes

• fix(RLS): enforce config security by @prowler-bot in #6190
• feat(celery): Add configurable broker visibility timeout setting by @prowler-bot in #6246

Chores

• chore(rls): rename tenant_transaction to rls_transaction by @prowler-bot in #6203

SDK

Fixes

• fix(.env): remove comment by @prowler-bot in #6242

Chores

• chore(version): update Prowler version by @MrCloudSec in #6196

Full Changelog: 5.0.1...5.0.2

Prowler 5.0.1 - Powerslave

UI

Fixes

• fix(invitations): remove wrong url by @prowler-bot in #6012
• fix(users): user detail can be edited now properly by @prowler-bot in #6137

Chores

• chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /ui by @prowler-bot in #6176
• chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /ui by @prowler-bot in #6175
• chore: delete unneeded requirements file by @prowler-bot in #6058

API

Fixes

• fix(deploy): temporal fix for the alpine-python segmentation fault by @prowler-bot in #6115
• fix(tenant): fix delete tenants behavior by @prowler-bot in #6014

SDK

Fixes

• fix(app): add support for TLS 1.3 to Web Apps check by @prowler-bot in #6144
• fix(aurora): Add default ports to the check of using non default ports by @prowler-bot in #6151
• fix(autoscaling): autoscaling_group_launch_configuration_requires_imdsv2 fails if Launch Template is used by @prowler-bot in #6147
• fix(aws): check AWS Owned keys in firehose_stream_encrypted_at_rest by @prowler-bot in #6121
• fix(aws): get firewall manager managed rule groups by @prowler-bot in #6124
• fix(aws): set IAM identity as resource in threat detection by @prowler-bot in #6118
• fix(aws): set same severity for EC2 IMDSv2 checks by @prowler-bot in #6104
• fix(aws): set unique resource IDs by @prowler-bot in #6192
• fix(backup): modify list recovery points call by @prowler-bot in #6096
• fix(compliance_tables): add correct values for findings by @prowler-bot in #6127
• fix(gcp): make sure default project is active by @prowler-bot in #6113
• fix(iam): set unique resource id for each user access key by @prowler-bot in #6134
• fix(rds): add invalid SG to status_extended by @prowler-bot in #6170

Chores

• chore(actions): standardize names by @prowler-bot in #6092

Full Changelog: 5.0.0...5.0.1

Prowler 4.6.2 - Blood Brothers

What's Changed

Fixes

• fix(aws): check AWS Owned keys in firehose_stream_encrypted_at_rest by @prowler-bot in #6120
• fix(aws): get firewall manager managed rule groups by @prowler-bot in #6123
• fix(aws): set IAM identity as resource in threat detection by @prowler-bot in #6117
• fix(aws): set same severity for EC2 IMDSv2 checks by @prowler-bot in #6103
• fix(backup): modify list recovery points call by @prowler-bot in #6057
• fix(compliance_tables): add correct values for findings by @prowler-bot in #6126
• fix(gcp): make sure default project is active by @prowler-bot in #6112
• fix(tests): use datetime.datetime.now() in GCP kms_key_rotation_enabled by @prowler-bot in #6083

Chores

• chore(container): upload v4 with correct tags by @MrCloudSec in #6093
• chore(containers): support for v4.6 branch by @prowler-bot in #6084
• chore(dependabot): Update for UI and v4 by @prowler-bot in #6087
• chore(deps): bump boto3 from 1.35.66 to 1.35.77 by @dependabot in #6107
• chore(deps): bump botocore from 1.35.66 to 1.35.76 by @dependabot in #6071
• chore(deps): bump botocore from 1.35.76 to 1.35.77 by @dependabot in #6100
• chore(deps): bump microsoft-kiota-abstractions from 1.6.2 to 1.6.6 by @dependabot in #6080
• chore(deps): bump msgraph-sdk from 1.12.0 to 1.14.0 by @dependabot in #6074
• chore(deps): bump slack-sdk from 3.33.4 to 3.33.5 by @dependabot in #6077
• chore(deps): bump trufflesecurity/trufflehog from 3.84.1 to 3.85.0 by @dependabot in #6067
• chore(deps-dev): bump bandit from 1.7.10 to 1.8.0 by @dependabot in #6072
• chore(deps-dev): bump coverage from 7.6.7 to 7.6.9 by @dependabot in #6076
• chore(deps-dev): bump mkdocs-material from 9.5.45 to 9.5.48 by @dependabot in #6078
• chore(deps-dev): bump pylint from 3.3.1 to 3.3.2 by @dependabot in #6099
• chore(deps-dev): bump pytest from 8.3.3 to 8.3.4 by @dependabot in #6075
• chore(deps-dev): bump vulture from 2.13 to 2.14 by @dependabot in #6069
• chore(version): update Prowler version by @MrCloudSec in #5969

Full Changelog: 4.6.1...4.6.2

Prowler 5.0.0 - Powerslave 🚀

Tell me why I had to be a powerslave
I don't wanna die, I'm a god
Why can't I live on?
When the life giver dies
All around is laid waste
And in my last hour
I'm a slave to the power of death

Powerslave was the fifth studio album by Iron Maiden, released on 3 September 1984. 🎸 Fast forward 40 years and 3 months later, we are thrilled to announce the release of Prowler 5.0 a.k.a. Powerslave — our most advanced and comprehensive release to date. Powerslave, also the seventh song on that iconic album, was written by Bruce Dickinson and explores an Egyptian pharaoh's wondering why he has to die, we know that is exactly what we think about Open Source, as soon as it is released, a piece of Open Source software will never die. 🌟

Prowler 5.0.0 - Powerslave is meant to be a game changer 🕹️ in the Cloud Security space as it comes with many new and needed features for our community of users and customers. If we want the cloud adoption to keep growing, we need more Open Source software to help gain confidence in the cloud with open, agnostic and transparent tools, that is what we call of the Open Cloud Security movement. 🌐

---

🎉 What's New?

🖥️ Enhanced UI, API, SDK, and Persistent Storage

• A brand-new UI component to unify all scans and drill down into findings and more.
• Robust APIs to solve a variety of use cases.
• SDKs for seamless integration and automation.
• Persistent storage for reporting, ensuring that your security insights are comprehensive and always accessible.

🔄 Continuous Monitoring and One-Time Assessments

• Support for both continuous monitoring and ad-hoc security assessments.
• Why settle for one-time assessments when you can stay continuously protected? 🛡️

📚 Expanded Detection and Remediation Control Framework

• Over 1,000 security controls across AWS, Azure, Google Cloud, and Kubernetes.
• Numerous remediation options to secure your cloud infrastructure effectively.

🤖 AI-Driven Control Creation

• Leveraging artificial intelligence to automatically generate new detection checks and remediations.
• Stay ahead of the latest threats with cutting-edge security measures. ⚡

---

💾 Get Started

From today, you can:

• Use the Prowler platform on-premises by downloading and running it yourself. As usual, using just the powerful CLI with the same output formats as always (pipx install prowler), or for the whole platform together with new components, just run docker compose up -d from the root folder of Prowler repo, open https://localhost:3000, add your user and start making your cloud secure.
• Or use all in one place, Prowler as a Cloud Service managed by us 🌩️ Visit prowler.com and sign up for 15 days free and let us know what do you think! 🗨️

---

🔮 What’s Next?

We're continuously adding new features! Keep track of upcoming updates here: roadmap.prowler.com 🛠️

Join us on this journey to revolutionize Open Cloud Security. 🌟

Prowler 4.6.1 - Blood Brothers

What's Changed

Fixes

• fix(aws): exclude threat detection checks if category not present by @prowler-bot in #5934
• fix(azure): containerregistry_not_publicly_accesible is not accurate by @prowler-bot in #5966
• fix(gcp): use session credentials to check if API is active by @prowler-bot in #5936
• fix(k8s): handle Kubernetes kubeconfig content correctly by @prowler-bot in #5967
• fix(list_by_service): execute lambda if requested by @prowler-bot in #5931
• fix(rds): add default key value to RDS event by @prowler-bot in #5965

Full Changelog: 4.6.0...4.6.1

Prowler 4.6.0 - Blood Brothers

And as you look all around at the world in dismay
What do you see, do you think we have learned?
Not if you're taking a look at the war-torn affray
Out in the streets where the babies are burnt

Prowler 4.6.0 - Blood Brothers 🚀 has arrived! Packed with exciting new AWS checks, fixers, and expanded Azure coverage, this release takes your cloud security to the next level. 🎸 While you explore, enjoy the classic Iron Maiden song that inspired this release.

This release is dedicated to the honor and memory of our contributor and friend Javier Hijas who helped Prowler and the Cloud Security Community with his talent over the last years, you will be always in our hearts Javi. Also, special thanks to our amazing new contributors: @drewkerrigan, @metahertz, and @vicferpoy! ⭐ We’d also like to thank @normanecg for all ENS features, @sansns, @StylusFrost, @garym-krrv, and @thomscode for their continued efforts and valuable PRs that keep improving Prowler! 🙌🚀

New features to highlight in this version

AWS

🔒 IAM Root Credentials Management

AWS recently introduced the ability to centrally manage root credentials with AWS Organizations (read more). Prowler now supports this feature with the new check iam_root_credentials_management_enabled, letting you verify whether root credentials management is enabled in your AWS account.

Try it out: prowler aws -c iam_root_credentials_management_enabled

🧑‍🔧 6 New Fixers!

Prowler now includes 6 new fixers to help you automatically remediate misconfigurations in AWS services like DocumentDB, EC2, KMS, Neptune, and RDS.
Run a specific fixer with:

prowler aws -c <check_id> --fixer

See all the new available fixers with prowler aws --list-fixers

1. documentdb_cluster_public_snapshot
2. ec2_ebs_public_snapshot
3. kms_cmk_not_deleted_unintentionally
4. neptune_cluster_public_snapshot
5. rds_instance_no_public_access
6. rds_snapshots_public_access

🚀 13 New AWS Checks Across 10 Services!

We’ve significantly expanded AWS coverage with 13 new checks, enhancing your security and compliance for services like AppSync, DMS, Firehose, Glue, Kinesis, and IAM.

See all the new available checks with prowler aws --list-checks

1. appsync_field_level_logging_enabled
2. appsync_graphql_api_no_api_key_authentication
3. dms_endpoint_redis_in_transit_encryption_enabled
4. dms_replication_task_source_logging_enabled
5. dms_replication_task_target_logging_enabled
6. firehose_stream_encrypted_at_rest
7. glue_etl_jobs_logging_enabled
8. iam_root_credentials_management_enabled
9. kinesis_stream_data_retention_period
10. memorydb_cluster_auto_minor_version_upgrades
11. mq_broker_not_publicly_accessible
12. servicecatalog_portfolio_shared_within_organization_only
13. storagegateway_gateway_fault_tolerant

⚙️ Improved Handling of Unknown Resources

Prowler now avoids creating mocked resource ARNs or IDs for non-existent resources. Instead, it will generate a standardized "Unknown" ARN and ID using the following patterns:

• Unknown resource ARN: arn:<partition>:<service>:<region>:<account-id>:resource-type/unknown
• Unknown resource ID: resource-type/unknown

Azure

💪🏼 New Azure AI Search Check

Thanks to our great contributor @StylusFrost, Prowler now includes Azure AI Search coverage with the new checkaisearch_service_not_publicly_accessible

Give it a try by scanning the Azure Container Registry with prowler azure --service aisearch

🇪🇸📜 Added ENS Compliance Framework

Thanks to @normanecg, Prowler now supports the ENS RD2022 compliance framework for Azure, ensuring enhanced compliance for Spanish organizations.

Give it a try with prowler azure --compliance ens_rd2022_aws

GCP

🇪🇸📜 New ENS Compliance Framework

We’re excited to announce that Prowler now includes the ENS RD2022 compliance framework for GCP, courtesy of @normanecg!

Give it a try with prowler gcp --compliance ens_rd2022_aws

🔧 Other issues and bug fixes solved for all the cloud providers

What's Changed

Features

• feat(appsync): add new check appsync_field_level_logging_enabled by @MarioRgzLpz in #5602
• feat(appsync): add new check appsync_graphql_apis_no_api_key_authentication by @MarioRgzLpz in #5591
• feat(appsync): Add new service AppSync by @MarioRgzLpz in #5589
• feat(aws): add MemoryDB service by @sansns in #5546
• feat(aws): add new check iam_root_credentials_management_enabled by @MrCloudSec in #5801
• feat(aws): add new service firehose by @HugoPBrito in #5620
• feat(aws): get regions by partition by @pedrooot in #5748
• feat(aws): Update check metadata with logging category by @sansns in #5639
• feat(aws): Update check metadata with redudancy category by @sansns in #5640
• feat(azure): Add get_regions method for provider by @vicferpoy in #5774
• feat(azure): AI Search service check not publicly accesible by @StylusFrost in #5846
• feat(compliance): add ENSRD2022 for Azure and GCP by @pedrooot in #5746
• feat(dms): add new check dms_endpoint_redis_tls_enabled by @danibarranqueroo in #5583
• feat(dms): add new check dms_replication_task_source_logging_enabled by @danibarranqueroo in #5627
• feat(dms): add new check dms_replication_task_target_logging_enabled by @danibarranqueroo in #5631
• feat(documentdb): add new fixer documentdb_cluster_public_snapshot_fixer by @danibarranqueroo in #5759
• feat(ec2): add new fixer ec2_ebs_public_snapshot_fixer by @danibarranqueroo in #5825
• feat(firehose): add new check firehose_stream_encrypted_at_rest by @HugoPBrito in #5635
• feat(gcp): add get regions method by @pedrooot in #5756
• feat(jira): add jira integration by @pedrooot in #5629
• feat(kinesis): add new check kinesis_stream_data_retention_period by @HugoPBrito in #5547
• feat(kms): add new fixer kms_cmk_not_deleted_unintentionally_fixer by @danibarranqueroo in #5842
• feat(mq): add mq_broker_not_publicly_accessible check by @sansns in #5604
• feat(neptune): add new fixer neptune_cluster_public_snapshot_fixer by @danibarranqueroo in #5749
• feat(prowler-check-kreator): ProwlerChecKreator first version by @puchy22 in #5099
• feat(rds): add new fixer rds_instance_no_public_access_fixer by @danibarranqueroo in #5794
• feat(rds): add new fixer rds_snapshots_public_access_fixer by @danibarranqueroo in #5773
• feat(rds): add rds_cluster_protected_by_backup_plan check by @sansns in #5638
• feat(servicecatalog): Add new check servicecatalog_portfolio_shared_within_organization_only by @MarioRgzLpz in #5632
• feat(servicecatalog): Add new service servicecatalog by @MarioRgzLpz in #5618
• feat(sgw): add storagegateway_fault_tolerance check by @sansns in #5570

Fixes

• fix(aws): exclude member accounts in IAM Root Credentials check by @MrCloudSec in #5813
• fix(aws): remove cloudwatch_log_group_no_critical_pii_in_logs check by @MrCloudSec in #5736
• fix(aws): update EKS check in compliance frameworks by @MrCloudSec in #5672
• fix(compliance): CIS details for new EFS Controls by @garym-krrv in #5858
• fix(compliance): use subscriptionid instead of name for azure cis by @pedrooot in #5786
• fix(connection): return Connection on generic exception by @jfagoagas in #5636
• fix(docker): add g++ to Dockerfile for presidio-analyzer compatibility by @MrCloudSec in #5645
• fix(docs): provider typo by @HugoPBrito in #5713
• fix(docs): Update misc tutorial categories example by @drewkerrigan in #5644
• fix(ec2): add default value to Name key for image information by @puchy22 in #5747
• fix(ec2): unique finding per Security Group in high risk ports check by @MarioRgzLpz in #5697
• fix(gcp): do not require organization id to get projects by @MrCloudSec in #5637
• fix(gcp): scan only ACTIVE projects by @MrCloudSec in https://g...

Prowler 4.5.3 - Another Life

What's Changed

• chore(ec2): add name from image information to status_extended by @prowler-bot in #5758
• chore(version): update Prowler version by @MrCloudSec in #5737
• fix(ec2): add default value to Name key for image information by @prowler-bot in #5754
• fix(gcp): scan only ACTIVE projects by @prowler-bot in #5752

Full Changelog: 4.5.2...4.5.3

Prowler 4.5.2 - Another Life

Important Changes

• fix(aws): remove cloudwatch_log_group_no_critical_pii_in_logs check by @MrCloudSec in #5735

  • This check has been removed due to dependencies on presidio-analyzer, which loads NLP modules and PII recognizers from external sources not included in Prowler’s dependencies. This approach is unsuitable for offline environments. Additionally:
    • Dependencies are unavailable on PyPI, complicating installation.
    • The NLP module (en-core-web-lg) is large (~400MB), and we need to assess whether this module is necessary.
    • The installation process adds excessive output to the terminal UI, impacting readability.

  We plan to reintroduce this check with dependencies fully defined and verified.

Fixes

• fix(ec2): Unique finding per Security Group in high-risk ports check by @prowler-bot in #5698

Chores

• chore(version): Updated Prowler version by @MrCloudSec in #5680

Full Changelog: 4.5.1...4.5.2

Prowler 4.5.1 - Another Life

What's Changed

Fixes

• fix(docker): add g++ to Dockerfile for presidio-analyzer compatibility by @prowler-bot in #5648
• fix(mutelist): set arguments while loading providers by @prowler-bot in #5673
• fix(guardduty): fix guardduty_is_enabled_fixer test by @prowler-bot in #5678
• fix(aws): update EKS check in compliance frameworks by @prowler-bot in #5675

Chores

• chore(aws): deprecate glue_etl_jobs_logging_enabled check by @prowler-bot in #5677
• chore(version): update Prowler version by @sergargar in #5679

Full Changelog: 4.5.0...4.5.1

Prowler 4.5.0 - Another Life

There's a feeling that's inside me
Telling me to get away
But I'm so tired of living
I might as well end today

Prowler 4.5.0 - Another Life 🚀 has arrived, packed with a host of new AWS checks and improvements! We also invite you to enjoy this classic Iron Maiden song.

A huge shout-out to our talented engineers @danibarranqueroo, @MarioRgzLpz, and @HugoPBrito for their amazing work on developing new checks, and a warm welcome to our new engineer @AdriiiPRodri!

Special thanks as well to @sansns for his outstanding contributions to new Fault Tolerance checks, and to our fantastic external contributors @SaintTamnoon, @jonathanbro, and @Nirbhay1997 for their valuable PRs 🥳.

New features to highlight in this version

AWS

🔒 Combat LLMJacking in AWS Bedrock

Following recent insights from Permiso Security on hijacking threats to GenAI infrastructure like AWS Bedrock, we’ve introduced five new checks in Prowler to bolster security:

1. bedrock_model_invocation_logging_enabled
2. cloudtrail_threat_detection_llm_jacking
3. bedrock_agent_guardrail_enabled
4. bedrock_guardrail_prompt_attack_filter_enabled
5. bedrock_guardrail_sensitive_information_filter_enabled.

These checks enhance logging, encryption, and guardrail configurations to monitor and mitigate unauthorized access, safeguarding sensitive data and helping detect emerging LLMJacking threats.

🛡️ New Checks to Address IAM Access Analyzer Gaps

In their latest post on securityrunners.io, @SecurityRunners identified gaps in IAM Access Analyzer's ability to detect publicly exposed resources. To close these gaps, we’ve introduced new checks: cloudwatch_log_group_not_publicly_accessible, ses_identities_not_publicly_accessible, glue_data_catalogs_not_publicly_accessible, and secretsmanager_not_publicly_accessible, helping to reliably identify and secure public resources.

🚀 More checks!

Prowler has significantly expanded its AWS coverage, adding 104 new checks across 42 AWS services, including popular ones like Bedrock, DMS, FSx, GuardDuty, SES and WAF, to enhance your cloud security and compliance posture.

See all the new available checks with prowler aws --list-checks

1. apigateway_restapi_cache_encrypted
2. apigateway_restapi_tracing_enabled
3. athena_workgroup_logging_enabled
4. autoscaling_group_capacity_rebalance_enabled
5. autoscaling_group_elb_health_check_enabled
6. autoscaling_group_launch_configuration_no_public_ip
7. autoscaling_group_launch_configuration_requires_imdsv2
8. autoscaling_group_multiple_instance_types
9. autoscaling_group_using_ec2_launch_template
10. backup_recovery_point_encrypted
11. bedrock_agent_guardrail_enabled
12. bedrock_guardrail_prompt_attack_filter_enabled
13. bedrock_guardrail_sensitive_information_filter_enabled
14. bedrock_model_invocation_logging_enabled
15. bedrock_model_invocation_logs_encryption_enabled
16. cloudfront_distributions_s3_origin_non_existent_bucket
17. cloudtrail_threat_detection_enumeration
18. cloudtrail_threat_detection_llm_jacking
19. cloudtrail_threat_detection_privilege_escalation
20. cloudwatch_alarm_actions_alarm_state_configured
21. cloudwatch_alarm_actions_enabled
22. cloudwatch_log_group_no_critical_pii_in_logs
23. cloudwatch_log_group_not_publicly_accessible
24. codebuild_project_logging_enabled
25. codebuild_project_no_secrets_in_variables
26. codebuild_project_s3_logs_encrypted
27. codebuild_report_group_export_encrypted
28. config_recorder_using_aws_service_role
29. datasync_task_logging_enabled
30. directconnect_connection_redundancy
31. directconnect_virtual_interface_redundancy
32. dms_endpoint_mongodb_authentication_enabled
33. dms_endpoint_neptune_iam_authorization_enabled
34. documentdb_cluster_multi_az_enabled
35. dynamodb_accelerator_cluster_multi_az
36. dynamodb_table_autoscaling_enabled
37. ecs_cluster_container_insights_enabled
38. ecs_service_fargate_latest_platform_version
39. ecs_task_definitions_logging_block_mode
40. ecs_task_set_no_assign_public_ip
41. efs_access_point_enforce_root_directory
42. efs_access_point_enforce_user_identity
43. efs_mount_target_not_publicly_accessible
44. eks_cluster_not_publicly_accessible
45. elasticbeanstalk_environment_cloudwatch_logging_enabled
46. elasticbeanstalk_environment_enhanced_health_reporting
47. elasticbeanstalk_environment_managed_updates_enabled
48. elb_desync_mitigation_mode
49. elb_ssl_listeners_use_acm_certificate
50. elbv2_cross_zone_load_balancing_enabled
51. elbv2_nlb_tls_termination_enabled
52. eventbridge_global_endpoint_event_replication_enabled
53. fsx_file_system_copy_tags_to_backups_enabled
54. fsx_file_system_copy_tags_to_volumes_enabled
55. fsx_windows_file_system_multi_az_enabled
56. glue_data_catalogs_not_publicly_accessible
57. glue_etl_jobs_logging_enabled
58. glue_ml_transform_encrypted_at_rest
59. guardduty_ec2_malware_protection_enabled
60. guardduty_eks_audit_log_enabled
61. guardduty_eks_runtime_monitoring_enabled
62. guardduty_lambda_protection_enabled
63. iam_policy_cloudshell_admin_not_attached
64. kafka_connector_in_transit_encryption_enabled
65. kinesis_stream_encrypted_at_rest
66. macie_automated_sensitive_data_discovery_enabled
67. mq_broker_active_deployment_mode
68. mq_broker_auto_minor_version_upgrades
69. mq_broker_cluster_deployment_mode
70. mq_broker_logging_enabled
71. networkfirewall_logging_enabled
72. networkfirewall_multi_az
73. networkfirewall_policy_default_action_fragmented_packets
74. networkfirewall_policy_default_action_full_packets
75. opensearch_service_domains_fault_tolerant_data_nodes
76. opensearch_service_domains_fault_tolerant_master_nodes
77. opensearch_service_domains_not_publicly_accessible
78. rds_cluster_protected_by_backup_plan
79. rds_instance_transport_encrypted
80. redshift_cluster_encrypted_at_rest
81. redshift_cluster_enhanced_vpc_routing
82. redshift_cluster_in_transit_encryption_enabled
83. redshift_cluster_multi_az_enabled
84. redshift_cluster_non_default_database_name
85. redshift_cluster_non_default_username
86. s3_bucket_event_notifications_enabled
87. s3_multi_region_access_point_public_access_block
88. secretsmanager_not_publicly_accessible
89. secretsmanager_secret_rotated_periodically
90. secretsmanager_secret_unused
91. ses_identity_not_publicly_accessible
92. transfer_server_in_transit_encryption_enabled
93. vpc_endpoint_multi_az_enabled
94. waf_global_rule_with_conditions
95. waf_global_rulegroup_not_empty
96. waf_global_webacl_logging_enabled
97. waf_global_webacl_with_rules
98. waf_regional_rule_with_conditions
99. waf_regional_rulegroup_not_empty
100. waf_regional_webacl_with_rules
101. wafv2_webacl_rule_logging_enabled
102. wafv2_webacl_with_rules

Azure

💪🏼 New checks for Azure Container Registry

A big thanks to @johannes-engler-mw for helping expand Prowler's Azure coverage with new checks for Azure Container Registry: containerregistry_uses_private_link and containerregistry_not_publicly_accessible.

Give them a try by scanning the Azure Container Registry with prowler azure --service containerregistry

GCP

🔎 Scan your GCP Organization

Now you can limit the scan to projects within a specific Google Cloud organization by using the --organization-id option with the GCP organization ID:
prowler gcp --organization-id organization-id

See more in our documentation

OCSF

Breaking changes from v1.2.0 to v1.3.0

We have updated the OCSF output to be compatible with the v1.3.0 version. From v1.2.0 to v1.3.0 the format has the several changes, in the form of additions, changes and some breaking changes:

• Add finding_info.created_time_dt as a timestamp.
• Change finding_info.created_time from a timestamp to a unix timestamp.
• Add finding_info.name with the finding's resource name.
• Add finding_info.types with the Prowler's check type.
• Add time_dt as a timestamp.
• Rename event_time to time and change the format from a timestamp to a unix timestamp.
• Remove container object.
• Add metadata.product.uid with prowler.
• Add metadata.profiles with:
  • ["cloud", "datetime"] for the Cloud providers.
  • ["container", "datetime"] for the Kubernetes provider.
• Fix type_name with Detection Finding: Create.
• Fix cloud.type format.

🔧 Other issues and bug fixes solved for all the cloud providers

What's Changed

Features

• feat(apigateway): add new check apigateway_restapi_cache_encrypted by @danibarranqueroo in #5448
• feat(apigateway): add new check apigateway_restapi_tracing_enabled by @danibarranqueroo in #5470
• feat(athena): add new check athena_workgroup_logging_enabled by @puchy22 in #5468
• feat(autoscaling): add new check autoscaling_group_elb_health_check_enabled by @danibarranqueroo in #5330
• feat(autoscaling): add new check autoscaling_group_launch_configuration_no_public_ip by @danibarranqueroo in #5359
• feat(autoscaling): add new check autoscaling_group_launch_configuration_requires_imdsv2 by @danibarranqueroo in #5356
• feat(autoscaling): add new check `aut...