Secure Your Cloud with Prowler [Cheat Sheet & Lab]
When it comes to securing cloud environments, automation and tooling can be a huge help, especially for tasks that should run on a regular basis. But how do you know which tool to use? How do you know which one is right for your use case?
To help answer these questions, we create cheat sheets, hands-on labs, and other training materials where you can learn about various cloud security tools, including their use cases, and how to use them.
In this article, we’ll showcase a popular open-source cloud security option called Prowler which is a multi-cloud open-source CSPM (Cloud Security Posture Management) tool.
Let’s dive into what it does, how it works, and how to get started with it.
Imagine this common scenario…
Your manager comes to you and says: “I need you to perform a security assessment across all of our cloud accounts, I need you to inventory our assets in those accounts, and I need you to run CIS compliance checks to generate a prioritized list of non-compliant resources…all by end of week next week.”
Your response: “Sure thing, no problem!”
Then, you download this cheat sheet, you download Prowler, and you get to work. Couple of days later, you’re done with your task, and you take the rest of the week off before submitting the report on Friday.
…I’m kidding, of course (sort of).
All jokes aside, I partnered with Toni de la Fuente (Prowler’s creator) to create this cheat sheet that will help you get started using Prowler. Feel free to download it, share with colleagues, and share on social media.
About Prowler
So what does Prowler do, though? Well, it’s a tool you can use to:
- Run cloud security assessments & audits (across AWS, Azure, Google Cloud, and Kubernetes)
- Run compliance checks across many frameworks (CIS, NIST, AWS Well Architected, etc…)
- Continuously monitor your accounts & resources
- Help with incident response
- Harden resources, perform remediation, and run forensics
Getting started with Prowler
Getting started is super easy, since you can download it locally or in CloudShell.
Later on, you can build out pipelines and integrate with S3, Security Hub, Slack, Shodan, and more.
Once installed, you can run:
❯ prowler -h
To make sure that it installed successfully.
Then, if you haven’t already, you’ll need to configure your AWS CLI with credentials for the account(s) you want to run Prowler against:
aws configure
Basic Usage
Once installed and once you have AWS CLI credentials set up, you can start to run basic commands like:
❯ prowler aws -h
To see what options you have access to and can issue, for a particular provider.
List out all supported services in a provider
To view a list of all supported services for a particular provider, you can run:
❯ prowler aws --list-services
Code language: PHP (php)
List checks by cloud provider and by service
You can also list out what checks are available per provider and per service, like this:
❯ prowler aws --list-checks -s s3
Code language: PHP (php)
You’ll see a result like this:
[s3_account_level_public_access_blocks] Check S3 Account Level Public Access Block. - s3 [high]
[s3_bucket_acl_prohibited] Check if S3 buckets have ACLs enabled - s3 [medium]
[s3_bucket_default_encryption] Check if S3 buckets have default encryption (SSE) enabled or use a bucket po
licy to enforce it. - s3 [medium]
[s3_bucket_kms_encryption] Check if S3 buckets have KMS encryption enabled. - s3 [medium]
[...SNIP...]
There are 14 available checks.
Code language: CSS (css)
List available categories by provider
As a next step, I’d recommend running:
❯ prowler aws --list-checks
Code language: PHP (php)
To view a list of all available checks for AWS specifically, and not just one single service. Of course, if you run on Azure, you’d want to list those checks instead.
Scan specific services only
Once you’ve picked a provider, you can scan for misconfigurations across your entire AWS environment, or you can scan for specific services, like this:
❯ prowler aws --services s3 ec2
Or you can scan for just a single service like this:
❯ prowler aws -s s3
Viewing results
To view the results, you can either open them in your local browser, list them out in your terminal, or open the CSV or JSON files manually. Prowler comes out of the box with a dashboard that runs on localhost, which you can access via your browser to view tables, graphs, etc…
Learn more with free training workshops
If you’d like to learn more about Prowler and see it being used in action, we hosted multiple live training workshops, including one with Toni:
Launch our free 🧪 Hands-On Lab: Find S3 Security Misconfigurations with Prowler
We also have a Hands-On Lab you can deploy to practice using Prowler in one of our AWS environments instead of your own. Our labs provide a safe environment to try out tools and developer deep AWS security expertise.
Responses