Prowler 2.6.0 - Phantom
This release name is in honor to Phantom of the Opera, one of my favorite songs and a master piece of 🔥Iron Maiden🔥. It starts by "I've been lookin' so long for you now" like looking for security issues, isn't it? 🤘🏼 Enjoy it here while reading the rest of this note.
Important changes in this version:
- CIS level parameter (ITEM_LEVEL) has been reverted to the csv, json and html outputs (it was removed in 2.5), CIS Scored is not added since it is not relevant in the global Prowler reports. dd398a9
- Security Hub integration has been fixed due to a conflict with duplicated findings in the management account by @xeroxnir
- 12 New checks!! Thanks to @kbgoll05, @qumei, @georgie969, @ShubhamShah11, @jarrettandrulis, @dsensibaugh, @ShubhamShah11, @ManuelUgarte, @tekdj7: Now there are a total of 207. See below for details.
- Known issues, please review https://github.com/toniblyx/prowler/issues?q=is%3Aissue+is%3Aopen+label%3Abug.
- Now there is a Discord server for Prowler available, check it out in README.md.
- There is a maintained Docker Hub repo for Prowler and AWS ECR public repo as well. See badges in README.md for details.
- See below new features for more details of new cool stuff in this version.
New Features:
- 12 New checks for efs, redshift, elb, dynamodb, route53, cloiudformation, elb and apigateway:
7.148 [extra7148] Check if EFS File systems have backup enabled - efs [Medium]
7.149 [extra7149] Check if Redshift Clusters have automated snapshots enabled - redshift [Medium]
7.150 [extra7150] Check if Elastic Load Balancers have deletion protection enabled - elb [Medium]
7.151 [extra7151] Check if DynamoDB tables point-in-time recovery (PITR) is enabled - dynamodb [Medium]
7.152 [extra7152] Enable Privacy Protection for for a Route53 Domain - route53 [Medium]
7.153 [extra7153] Enable Transfer Lock for a Route53 Domain - route53 [Medium]
7.154 [extra7154] Enable termination protection for Cloudformation Stacks - cloudformation [MEDIUM]
7.155 [extra7155] Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode - elb [MEDIUM]
7.156 [extra7156] Checks if API Gateway V2 has Access Logging enabled - apigateway [Medium]
7.157 [extra7157] Check if API Gateway V2 has configured authorizers - apigateway [Medium]
7.158 [extra7158] Check if ELBV2 has listeners underneath - elb [Medium]
7.159 [extra7159] Check if ELB has listeners underneath - elb [Medium]
- New checks group FTR (AWS Foundational Technical Review) by @jfagoagas
- New feature added flags
Zto control if Prowler returns exit code 3 on a failed check by @Kirizan in #865 - New Prowler Terraform Kickstarter by @singergs
- New way to deploy Prowler at Organizational level with serverless by @bella-kwon
- New feature: adding the ability to provide a file for checks
-Cto be ran by @Kirizan in #891
Enhancements:
- Enhanced scoring when only INFO is detected
- Enhanced ignore archived findings in GuardDuty for check extra7139 by @chbiel in https://github.com/toniblyx/prowler
- /pull/851
- Updated prowler-codebuild-role name for CFN StackSets name length limit by @varunirv in #846
- Added feature to allow role ARN while using -R parameter by @mmuller88 in #860
- Updated documentation regarding a confusion with the
-qoption (issue #884) by @w0rmr1d3r in #890
Fixes:
- Fixed extra737 remove false positives due to policies with condition by @rinaudjaws in #849
- Fixed title, remediation and doc link for check extra768 by @w0rmr1d3r in #853
- Fixed typo in risk description for check29 by @kamiryo in #858
- Fixed bug in extra784 by @tayivan-sg in #856
- Fixed support policy arn in check120 by @hersh86 in #862
- Fixed typo and HTTP capitalisation in extra7142 by @acknosyn in #863
- Fixed Security Hub conflict with duplicated findings in the management account #711 by @xeroxnir in #873
- Fixed doc reference link in check23 @FallenAtticus by @FallenAtticus in #864
- Fixed duplicated region in textFail message for extra741 by @pablopagani in #880
- Updated parts from check7152 accidentally left in by @jarrettandrulis in #895
- Fix check extra734 about S3 buckets default encryption with StringNotEquals by @rustic in #896
- Fix Shodan typo in -h usage text by @jfagoagas in #899
- Fixed typo in README.md by @bevel-zgates in #908
New Contributors
- @varunirv made their first contribution in #846
- @rinaudjaws made their first contribution in #849
- @chbiel made their first contribution in #851
- @tayivan-sg made their first contribution in #856
- @bella-kwon made their first contribution in #857
- @mmuller88 made their first contribution in #860
- @hersh86 made their first contribution in #862
- @acknosyn made their first contribution in #863
- @FallenAtticus made their first contribution in #864
- @georgie969 made their first contribution in #866
- @ManuelUgarte made their first contribution in #869
- @jarrettandrulis made their first contribution in #875
- @ShubhamShah11 made their first contribution in #877
- @dsensibaugh made their first contribution in #889
- @rustic made their first contribution in #896
- @zqumei0 made their first contribution in #894
- @bevel-zgates made their first contribution in #908
Full Changelog: 2.5.0...2.6.0
Thank you all for your contributions, Prowler community is awesome! 🥳