ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(audit_config): How to use it (#2739)

Browse Source
This commit is contained in:
Pepe Fagoaga
2023-08-17 11:36:32 +02:00
committed by GitHub
parent bc5a7a961b
commit 1677654dea
2 changed files with 54 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs/tutorials/configuration_file.md
View File

@@ -9,36 +9,35 @@ Also you can input a custom configuration file using the `--config-file` argumen
## AWS
### Configurable Checks
The following list includes all the checks with configurable variables that can be changed in the mentioned configuration yaml file:
The following list includes all the AWS checks with configurable variables that can be changed in the configuration yaml file:
1. aws.ec2_elastic_ip_shodan
- shodan_api_key (String)
- aws.ec2_securitygroup_with_many_ingress_egress_rules
- max_security_group_rules (Integer)
- aws.ec2_instance_older_than_specific_days
- max_ec2_instance_age_in_days (Integer)
- aws.vpc_endpoint_connections_trust_boundaries
- trusted_account_ids (List of Strings)
- aws.vpc_endpoint_services_allowed_principals_trust_boundaries
- trusted_account_ids (List of Strings)
- aws.cloudwatch_log_group_retention_policy_specific_days_enabled
- log_group_retention_days (Integer)
- aws.appstream_fleet_session_idle_disconnect_timeout
- max_idle_disconnect_timeout_in_seconds (Integer)
- aws.appstream_fleet_session_disconnect_timeout
- max_disconnect_timeout_in_seconds (Integer)
- aws.appstream_fleet_maximum_session_duration
- max_session_duration_seconds (Integer)
- aws.awslambda_function_using_supported_runtimes
- obsolete_lambda_runtimes (List of Strings)
| Check Name | Value | Type |
|---|---|---|
| `ec2_elastic_ip_shodan` | `shodan_api_key` | String |
| `ec2_securitygroup_with_many_ingress_egress_rules` | `max_security_group_rules` | Integer |
| `ec2_instance_older_than_specific_days` | `max_ec2_instance_age_in_days` | Integer |
| `vpc_endpoint_connections_trust_boundaries` | `trusted_account_ids` | List of Strings |
| `vpc_endpoint_services_allowed_principals_trust_boundaries` | `trusted_account_ids` | List of Strings |
| `cloudwatch_log_group_retention_policy_specific_days_enabled` | `log_group_retention_days` | Integer |
| `appstream_fleet_session_idle_disconnect_timeout` | `max_idle_disconnect_timeout_in_seconds` | Integer |
| `appstream_fleet_session_disconnect_timeout` | `max_disconnect_timeout_in_seconds` | Integer |
| `appstream_fleet_maximum_session_duration` | `max_session_duration_seconds` | Integer |
| `awslambda_function_using_supported_runtimes` | `obsolete_lambda_runtimes` | Integer |
| `organizations_scp_check_deny_regions` | `organizations_enabled_regions` | List of Strings |
| `organizations_delegated_administrators` | `organizations_trusted_delegated_administrators` | List of Strings |
## Azure
### Configurable Checks
## GCP
### Configurable Checks
## Config YAML File Structure
> This is the new Prowler configuration file format. The old one without provider keys is still compatible just for the AWS provider.
```yaml
```yaml title="config.yaml"
# AWS Configuration
aws:
# AWS EC2 Configuration