Secure Your Cloud with Prowler [Cheat Sheet & Lab]

Prowler cheat sheet for cloud security

When it comes to securing cloud environments, automation and tooling can be a huge help, especially for tasks that should run on a regular basis. But how do you know which tool to use? How do you know which one is right for your use case?

To help answer these questions, we create cheat sheets, hands-on labs, and other training materials where you can learn about various cloud security tools, including their use cases, and how to use them.

In this article, we’ll showcase a popular open-source cloud security option called Prowler which is a multi-cloud open-source CSPM (Cloud Security Posture Management) tool.

Let’s dive into what it does, how it works, and how to get started with it.

Imagine this common scenario…

Your manager comes to you and says: “I need you to perform a security assessment across all of our cloud accounts, I need you to inventory our assets in those accounts, and I need you to run CIS compliance checks to generate a prioritized list of non-compliant resources…all by end of week next week.”

Your response: “Sure thing, no problem!”

Then, you download this cheat sheet, you download Prowler, and you get to work. Couple of days later, you’re done with your task, and you take the rest of the week off before submitting the report on Friday.

…I’m kidding, of course (sort of).

All jokes aside, I partnered with Toni de la Fuente (Prowler’s creator) to create this cheat sheet that will help you get started using Prowler. Feel free to download it, share with colleagues, and share on social media.

Download this cheat sheet

About Prowler

So what does Prowler do, though? Well, it’s a tool you can use to:

  • Run cloud security assessments & audits (across AWS, Azure, Google Cloud, and Kubernetes)
  • Run compliance checks across many frameworks (CIS, NIST, AWS Well Architected, etc…)
  • Continuously monitor your accounts & resources
  • Help with incident response
  • Harden resources, perform remediation, and run forensics

Getting started with Prowler

Getting started is super easy, since you can download it locally or in CloudShell.

Later on, you can build out pipelines and integrate with S3, Security Hub, Slack, Shodan, and more.

Once installed, you can run:

❯ prowler -h

To make sure that it installed successfully.

Prowler's help menu

Then, if you haven’t already, you’ll need to configure your AWS CLI with credentials for the account(s) you want to run Prowler against:

aws configure

Basic Usage

Once installed and once you have AWS CLI credentials set up, you can start to run basic commands like:

❯ prowler aws -h

To see what options you have access to and can issue, for a particular provider.

Prowler aws help command

List out all supported services in a provider

To view a list of all supported services for a particular provider, you can run:

❯ prowler aws --list-servicesCode language: PHP (php)
Prowler list AWS services

List checks by cloud provider and by service

You can also list out what checks are available per provider and per service, like this:

❯ prowler aws --list-checks -s s3Code language: PHP (php)

You’ll see a result like this:

[s3_account_level_public_access_blocks] Check S3 Account Level Public Access Block. - s3 [high]
[s3_bucket_acl_prohibited] Check if S3 buckets have ACLs enabled - s3 [medium]
[s3_bucket_default_encryption] Check if S3 buckets have default encryption (SSE) enabled or use a bucket po
licy to enforce it. - s3 [medium]
[s3_bucket_kms_encryption] Check if S3 buckets have KMS encryption enabled. - s3 [medium]
[...SNIP...]

There are 14 available checks.Code language: CSS (css)

List available categories by provider

As a next step, I’d recommend running:

❯ prowler aws --list-checksCode language: PHP (php)

To view a list of all available checks for AWS specifically, and not just one single service. Of course, if you run on Azure, you’d want to list those checks instead.

Scan specific services only

Once you’ve picked a provider, you can scan for misconfigurations across your entire AWS environment, or you can scan for specific services, like this:

❯ prowler aws --services s3 ec2

Or you can scan for just a single service like this:

❯ prowler aws -s s3

Viewing results

To view the results, you can either open them in your local browser, list them out in your terminal, or open the CSV or JSON files manually. Prowler comes out of the box with a dashboard that runs on localhost, which you can access via your browser to view tables, graphs, etc…

Prowler dashboard of cloud security findings
Prowler dashboard table of findings and security checks

Learn more with free training workshops

If you’d like to learn more about Prowler and see it being used in action, we hosted multiple live training workshops, including one with Toni:

Launch our free 🧪 Hands-On Lab: Find S3 Security Misconfigurations with Prowler

We also have a Hands-On Lab you can deploy to practice using Prowler in one of our AWS environments instead of your own. Our labs provide a safe environment to try out tools and developer deep AWS security expertise.

Hands-on Lab to find S3 security misconfigurations using Prowler
Launch this Hands-On Lab >

> More AWS Security Cheat Sheets <

Related Articles

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.