prowler | security tool to perform AWS security best practices | Security library
kandi X-RAY | prowler Summary
kandi X-RAY | prowler Summary
Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks including related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2 and others. Read more about CIS Amazon Web Services Foundations Benchmark v1.2.0 - 05-23-2018.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of prowler
prowler Key Features
prowler Examples and Code Snippets
Community Discussions
Trending Discussions on prowler
QUESTION
I've implemented django-DefectDojo and trying to upload This sample-scan file but it throws me the following error in the logs.
Everything is perfectly installed and other files are being uploaded(whichever I require) but this file.
Error Thrown
Server Error (500)
Logs
ANSWER
Answered 2020-Feb-10 at 12:49This is file parsing error, and DefectDoJo AWS Prowler Parser expects input file to be in .csv
format with header row as in default prowler csv output - all capital letters.
Example .csv
file (based on your .json
file) to be imported (although not tested) - data in the same order as was in .json
, timestamp removed, header row added with names as expected by DoJo and matching data types:
Accepted CSV format that matches (default) json data order, as some fields have different names in .json
and .csv
. Actual order does not matter for DoJo import.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install prowler
Make sure the latest version of AWS-CLI is installed on your workstation (it works with either v1 or v2), and other components needed, with Python pip already installed: pip install awscli NOTE: detect-secrets Yelp version is no longer supported the one from IBM is mantained now. Use the one mentioned below or the specific Yelp version 1.0.3 to make sure it works as expected (pip install detect-secrets==1.0.3): pip install "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets" AWS-CLI can be also installed it using "brew", "apt", "yum" or manually from https://aws.amazon.com/cli/, but detect-secrets has to be installed using pip or pip3. You will need to install jq to get the most from Prowler.
Make sure jq is installed: examples below with "apt" for Debian alike and "yum" for RedHat alike distros (like Amazon Linux): sudo apt install jq sudo yum install jq
Previous steps, from your workstation: git clone https://github.com/toniblyx/prowler cd prowler
Since Prowler users AWS CLI under the hood, you can follow any authentication method as described here. Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or intance profile): aws configure or export AWS_ACCESS_KEY_ID="ASXXXXXXX" export AWS_SECRET_ACCESS_KEY="XXXXXXXXX" export AWS_SESSION_TOKEN="XXXXXXXXX"
Those credentials must be associated to a user or role with proper permissions to do all checks. To make sure, add the AWS managed policies, SecurityAudit and ViewOnlyAccess, to the user or role being used. Policy ARNs are: arn:aws:iam::aws:policy/SecurityAudit arn:aws:iam::aws:policy/job-function/ViewOnlyAccess Additional permissions needed: to make sure Prowler can scan all services included in the group Extras, make sure you attach also the custom policy prowler-additions-policy.json to the role you are using. If you want Prowler to send findings to AWS Security Hub, make sure you also attach the custom policy prowler-security-hub.json.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page