github prowler-cloud/prowler 5.11.0
Prowler 5.11.0
on GitHub

5 days ago

New features to highlight in this version

🔒 AWS Security Hub Integration: Centralized Management of Prowler Findings

We are pleased to announce the integration of Prowler with AWS Security Hub, enabling you to seamlessly send your security findings directly to Security Hub for centralized administration and enhanced visibility.

aws_sh
  • Effortless integration: Automatically forward Prowler findings to AWS Security Hub, simplifying the process of consolidating and managing security alerts.
  • Flexible authentication: Choose between authenticating with your provider credentials or supplying custom credentials, ensuring compatibility with diverse operational requirements.
  • Purpose-built for AWS: This integration is designed specifically for AWS providers, supporting robust security management within your AWS environment.

Take advantage of the new AWS Security Hub integration to streamline your security operations and improve the efficiency of your cloud security posture management.

💡 Lighthouse AI now supports OpenAI GPT-5

We've added support for OpenAI GPT-5 in Lighthouse AI — unlocking enhanced AI-driven analysis, faster results, and broader compatibility for your automated workflows.

lighthouse_gpt5

⛓️‍💥 Better AWS IAM Privilege Escalation Coverage

Following the latest research, we updated our privilege escalation checks to cover newly discovered patterns and reduce false positives.

✅ New Checks

We’ve introduced 4 new security checks to enhance your Cloud posture.

AWS

  • eks_cluster_deletion_protection_enabled - Detect EKS clusters without deletion protection enabled.

Azure

  • apim_threat_detection_llm_jacking - Monitors 25+ LLM API endpoints across major AI providers.
  • vm_sufficient_daily_backup_retention_period - Ensures that all VMs have a daily backup policy with a retention period meeting or exceeding the configured minimum.
  • vm_jit_access_enabled - Ensures that all VMs are configured to use Just-in-Time (JIT) access, reducing the attack surface for management ports.

UI

🚀 Added

  • Security Hub integration (#8552)
  • Cloud Provider type filter to providers page (#8473)
  • New menu item under Configuration section for quick access to the Mutelist (#8444)
  • Resource agent to Lighthouse for querying resource information (#8509)
  • Lighthouse support for OpenAI GPT-5 (#8527)
  • Link to the configured S3 bucket and folder in each integration (#8554)

🔄 Changed

  • Disable See Compliance button until scan completes (#8487)
  • Provider connection filter now shows "Connected/Disconnected" instead of "true/false" for better UX (#8520)
  • Provider Uid filter on scan page to list all UIDs regardless of connection status [(#8375)] (#8375)

🐞 Fixed

  • Default value inside credentials form in AWS Provider add workflow properly set (#8553)
  • Auth callback route checking working as expected (#8556)
  • DataTable column headers set to single-line (#8480)

API

Added

  • Lighthouse support for OpenAI GPT-5 (#8527)
  • Integration with Amazon Security Hub, enabling sending findings to Security Hub (#8365)
  • Generate ASFF output for AWS providers with SecurityHub integration enabled (#8569)

Fixed

  • GitHub provider always scans user instead of organization when using provider UID (#8587)

SDK

Added

  • Certificate authentication for M365 provider (#8404)
  • vm_sufficient_daily_backup_retention_period check for Azure provider (#8200)
  • vm_jit_access_enabled check for Azure provider (#8202)
  • Bedrock AgentCore privilege escalation combination for AWS provider (#8526)
  • Add User Email and APP name/installations information in GitHub provider (#8501)
  • Remove standalone iam:PassRole from privesc detection and add missing patterns (#8530)
  • Support session/profile/role/static credentials in Security Hub integration (#8539)
  • eks_cluster_deletion_protection_enabled check for AWS provider (#8536)
  • ECS privilege escalation patterns (StartTask and RunTask) for AWS provider (#8541)
  • Resource Explorer enumeration v2 API actions in cloudtrail_threat_detection_enumeration check (#8557)
  • apim_threat_detection_llm_jacking check for Azure provider (#8571)
  • GCP --skip-api-check command line flag (#8575)

Changed

  • Refine kisa isms-p compliance mapping (#8479)
  • Improve AWS Security Hub region check using multiple threads (#8365)

Fixed

  • Resource metadata error in s3_bucket_shadow_resource_vulnerability check (#8572)
  • GitHub App authentication through API fails with auth_method validation error (#8587)
  • AWS resource-arn filtering (#8533)
  • GitHub App authentication for GitHub provider (#8529)
  • List all accessible organizations in GitHub provider (#8535)
  • Only evaluate enabled accounts in entra_users_mfa_capable check (#8544)
  • GitHub Personal Access Token authentication fails without user:email scope (#8580)
Check out latest releases or
releases around prowler-cloud/prowler 5.11.0

Don't miss a new prowler release

NewReleases is sending notifications on new releases.

Get notifications