Skip to content

Prowler 4.6.0 - Blood Brothers

Compare
Choose a tag to compare
@MrCloudSec MrCloudSec released this 25 Nov 17:58
· 46 commits to v4.6 since this release
94b6fbd

And as you look all around at the world in dismay
What do you see, do you think we have learned?
Not if you're taking a look at the war-torn affray
Out in the streets where the babies are burnt

Prowler 4.6.0 - Blood Brothers 🚀 has arrived! Packed with exciting new AWS checks, fixers, and expanded Azure coverage, this release takes your cloud security to the next level. 🎸 While you explore, enjoy the classic Iron Maiden song that inspired this release.

This release is dedicated to the honor and memory of our contributor and friend Javier Hijas who helped Prowler and the Cloud Security Community with his talent over the last years, you will be always in our hearts Javi. Also, special thanks to our amazing new contributors: @drewkerrigan, @metahertz, and @vicferpoy! ⭐ We’d also like to thank @normanecg for all ENS features, @sansns, @StylusFrost, @garym-krrv, and @thomscode for their continued efforts and valuable PRs that keep improving Prowler! 🙌🚀

New features to highlight in this version

AWS

🔒 IAM Root Credentials Management

AWS recently introduced the ability to centrally manage root credentials with AWS Organizations (read more). Prowler now supports this feature with the new check iam_root_credentials_management_enabled, letting you verify whether root credentials management is enabled in your AWS account.

Try it out: prowler aws -c iam_root_credentials_management_enabled

🧑‍🔧 6 New Fixers!

Prowler now includes 6 new fixers to help you automatically remediate misconfigurations in AWS services like DocumentDB, EC2, KMS, Neptune, and RDS.
Run a specific fixer with:

prowler aws -c <check_id> --fixer

See all the new available fixers with prowler aws --list-fixers

1. documentdb_cluster_public_snapshot
2. ec2_ebs_public_snapshot
3. kms_cmk_not_deleted_unintentionally
4. neptune_cluster_public_snapshot
5. rds_instance_no_public_access
6. rds_snapshots_public_access

🚀 13 New AWS Checks Across 10 Services!

We’ve significantly expanded AWS coverage with 13 new checks, enhancing your security and compliance for services like AppSync, DMS, Firehose, Glue, Kinesis, and IAM.

See all the new available checks with prowler aws --list-checks

1. appsync_field_level_logging_enabled
2. appsync_graphql_api_no_api_key_authentication
3. dms_endpoint_redis_in_transit_encryption_enabled
4. dms_replication_task_source_logging_enabled
5. dms_replication_task_target_logging_enabled
6. firehose_stream_encrypted_at_rest
7. glue_etl_jobs_logging_enabled
8. iam_root_credentials_management_enabled
9. kinesis_stream_data_retention_period
10. memorydb_cluster_auto_minor_version_upgrades
11. mq_broker_not_publicly_accessible
12. servicecatalog_portfolio_shared_within_organization_only
13. storagegateway_gateway_fault_tolerant

⚙️ Improved Handling of Unknown Resources

Prowler now avoids creating mocked resource ARNs or IDs for non-existent resources. Instead, it will generate a standardized "Unknown" ARN and ID using the following patterns:

  • Unknown resource ARN: arn:<partition>:<service>:<region>:<account-id>:resource-type/unknown
  • Unknown resource ID: resource-type/unknown

Azure

💪🏼 New Azure AI Search Check

Thanks to our great contributor @StylusFrost, Prowler now includes Azure AI Search coverage with the new checkaisearch_service_not_publicly_accessible

Give it a try by scanning the Azure Container Registry with prowler azure --service aisearch

🇪🇸📜 Added ENS Compliance Framework

Thanks to @normanecg, Prowler now supports the ENS RD2022 compliance framework for Azure, ensuring enhanced compliance for Spanish organizations.

Give it a try with prowler azure --compliance ens_rd2022_aws

GCP

🇪🇸📜 New ENS Compliance Framework

We’re excited to announce that Prowler now includes the ENS RD2022 compliance framework for GCP, courtesy of @normanecg!

Give it a try with prowler gcp --compliance ens_rd2022_aws

🔧 Other issues and bug fixes solved for all the cloud providers

What's Changed

Features

Fixes

Chores

New Contributors

Full Changelog: 4.5.3...4.6.0