ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added GovCloud usage information

Browse Source
This commit is contained in:
Toni de la Fuente
2020-10-14 22:29:51 +02:00
parent 19b894c14b
commit a05aba84e1
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -304,6 +304,14 @@ for accountId in $ACCOUNTS_IN_ORGS; do ./prowler -A $accountId -R RemoteRoleToAs
```
Usig the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`
### GovCloud
Prowler runs in GovCloud regions as well. To make sure it points to the right API endpoint use `-r` to either `us-gov-west-1` or `us-gov-east-1`. If not filter region is used it will look for resources in both GovCloud regions by default:
```
./prowler -r us-gov-west-1
```
> For Security Hub integration see below in Security Hub section.
### Custom folder for custom checks
Flag `-x /my/own/checks` will include any check in that particular directory. To see how to write checks see [Add Custom Checks](#add-custom-checks) section.
@@ -335,7 +343,7 @@ Since version v2.3, Prowler supports natively sending findings to [AWS Security
```
or for only one filtered region like eu-west-1:
```sh
./prowler -M json-asff -S -f eu-west-1
./prowler -M json-asff -q -S -f eu-west-1
```
> Note: It is recommended to send only fails to Security Hub and that is possible adding `-q` to the command.
@@ -347,6 +355,14 @@ There are two requirements:
>Note: to have updated findings in Security Hub you have to run Prowler periodically. Once a day or every certain amount of hours.
### Security Hub in GovCloud regions
To use Prowler and Security Hub integration in GovCloud there is an additional requirement, usage of `-r` is needed to point the API queries to the right API endpoint. Here is a sample command that sends only failed findings to Security Hub in region `us-gov-west-1`:
```
./prowler -r us-gov-west-1 -f us-gov-west-1 -S -M csv,json-asff -q
```
## Whitelist or remove FAIL from resources
Sometimes you may find resources that are intentionally configured in a certain way that may be a bad practice but it is all right with it, for example an S3 bucket open to the internet hosting a web site, or a security group with an open port needed in your use case. Now you can use `-w whitelist_sample.txt` and add your resources as `checkID:resourcename` as in this command: