feat(docs): Add compliance and inventory docs (#1534)

2026-02-10 14:55:00 +00:00 · 2022-12-12 17:20:45 +01:00
parent fbb39a364e
commit 0cd13b90f4
8 changed files with 53 additions and 12 deletions
--- a/docs/tutorials/aws/role-assumption.md
+++ b/docs/tutorials/aws/role-assumption.md
@@ -16,7 +16,7 @@ prowler aws -R arn:aws:iam::<account_id>:role/<role_name>
 prowler aws -T/--session-duration <seconds> -I/--external-id <external_id> -R arn:aws:iam::<account_id>:role/<role_name>
 ```

->To create a role to assume in multiple accounts easier either as CFN Stack or StackSet, look at [this CloudFormation template](iam/create_role_to_assume_cfn.yaml) and adapt it.
+>To create a role to assume in multiple accounts easier either as CFN Stack or StackSet, look at [this CloudFormation template](https://github.com/prowler-cloud/prowler/blob/master/permissions/create_role_to_assume_cfn.yaml) and adapt it.


 > _NOTE 1 about Session Duration_: Depending on the mount of checks you run and the size of your infrastructure, Prowler may require more than 1 hour to finish. Use option `-T <seconds>` to allow up to 12h (43200 seconds). To allow more than 1h you need to modify _"Maximum CLI/API session duration"_ for that particular role, read more [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session).
--- a/docs/tutorials/aws/securityhub.md
+++ b/docs/tutorials/aws/securityhub.md
@@ -13,7 +13,7 @@ Before sending findings to Prowler, you will need to perform next steps:
    - Using the AWS Management Console:
     ![Screenshot 2020-10-29 at 10 26 02 PM](https://user-images.githubusercontent.com/3985464/97634660-5ade3400-1a36-11eb-9a92-4a45cc98c158.png)
 3. Allow Prowler to import its findings to AWS Security Hub by adding the policy below to the role or user running Prowler:
-    - [iam/prowler-security-hub.json](iam/prowler-security-hub.json)
+    - [prowler-security-hub.json](https://github.com/prowler-cloud/prowler/blob/master/iam/prowler-security-hub.json)

 Once it is enabled, it is as simple as running the command below (for all regions):

--- a/docs/tutorials/azure/authentication.md
+++ b/docs/tutorials/azure/authentication.md
@@ -1,12 +1,12 @@
 # Azure authentication

-By default prowler uses Azure Python SDK identity package authentication methods using the classes `DefaultAzureCredential` and `InteractiveBrowserCredential`.  
+By default Prowler uses Azure Python SDK identity package authentication methods using the classes `DefaultAzureCredential` and `InteractiveBrowserCredential`.
 This allows Prowler to authenticate against azure using the following methods:

- Service principal authentication by environment variables (Enterprise Application)  
- Current az cli credentials stored  
- Interactive browser authentication  
- Managed identity authentication  
+- Service principal authentication by environment variables (Enterprise Application)
+- Current AZ CLI credentials stored
+- Interactive browser authentication
+- Managed identity authentication

 To launch the tool it is required to specify which method is used through the following flags:

@@ -24,4 +24,4 @@ prowler azure --browser-auth
 prowler azure --managed-identity-auth
 ```

-To use Prowler you need to set up also the permissions required to access your resources in your Azure account, to more details refer to [Requirements](getting-started/requirements.md)  
+To use Prowler you need to set up also the permissions required to access your resources in your Azure account, to more details refer to [Requirements](/getting-started/requirements)
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -1,3 +1,25 @@
-  --list-compliance     List compliance frameworks
-  --list-compliance-requirements [{ens_rd2022_aws}]
--compliance {ens_rd2022_aws} [{ens_rd2022_aws} ...]
+# Compliance
+Prowler allows you to execute checks based on different compliance frameworks.
+
+## List Available Compliance Frameworks
+In order to see which compliance frameworks are cover by Prowler, you can use option `--list-compliance`:
+```sh
+prowler --list-compliance
+```
+Currently, the available frameworks are:
+
+- cis_1.4_aws
+- cis_1.5_aws
+- ens_rd2022_aws
+
+## List Requirements of Compliance Frameworks
+For each compliance framework, you can use option `--list-compliance-requirements` to list its requirements:
+```sh
+prowler --list-compliance-requirements <compliance_framework(s)>
+```
+
+## Execute Prowler based on Compliance Frameworks
+As we mentioned, Prowler can be execute to analyse you environment based on a specific compliance framework, to do it, you can use option `--compliance`:
+```sh
+prowler --compliance <compliance_framework>
+```
--- a/docs/tutorials/quick-inventory.md
+++ b/docs/tutorials/quick-inventory.md
@@ -0,0 +1,17 @@
+# Quick Inventory
+
+Prowler allows you to execute a quick inventory to extract the number of resources in your provider.
+> Currently, it is only available for AWS provider.
+
+
+- You can use option `-i`/`--quick-inventory` to execute it:
+```sh
+prowler <provider> -i
+```
+> By default, it extracts resources from all the regions, you could use `-f`/`--filter-region` to specify the regions to execute the analysis.
+
+- This feature specify both the number of resources for each service and for each resource type.
+
+- Also, it creates by default a CSV and JSON to see detailed information about the resources extracted.
+
+![Quick Inventory Example](/img/quick-inventory.png)