diff --git a/docs/about.md b/docs/about.md
index 5a24f1be..69cac351 100644
--- a/docs/about.md
+++ b/docs/about.md
@@ -5,9 +5,9 @@ hide:
# About
## Author
-Prowler was created by **Toni de la Fuente** in 2016.
+Prowler was created by **Toni de la Fuente** in 2016.
-| 
[](https://twitter.com/toniblyx)|
+| 
[](https://twitter.com/toniblyx) [](https://twitter.com/prowlercloud)|
|:--:|
| Toni de la Fuente |
@@ -18,9 +18,7 @@ Prowler is maintained by the Engineers of the **Prowler Team** :
|:--:|:--:|:--:
| Nacho Rivera| Sergio Garcia| Pepe Fagoaga|
-
-
## License
Prowler is licensed as **Apache License 2.0** as specified in each file. You may obtain a copy of the License at
-
+
\ No newline at end of file
diff --git a/docs/img/ProwlerPro-3Dashboards-1-1024x1024.png b/docs/img/ProwlerPro-3Dashboards-1-1024x1024.png
new file mode 100644
index 00000000..54bc22be
Binary files /dev/null and b/docs/img/ProwlerPro-3Dashboards-1-1024x1024.png differ
diff --git a/docs/img/compliance-cis-sample.png b/docs/img/compliance-cis-sample.png
new file mode 100644
index 00000000..a9d910c6
Binary files /dev/null and b/docs/img/compliance-cis-sample.png differ
diff --git a/docs/img/prowlerpro-2-pages.png b/docs/img/prowlerpro-2-pages.png
new file mode 100644
index 00000000..33d61796
Binary files /dev/null and b/docs/img/prowlerpro-2-pages.png differ
diff --git a/docs/index.md b/docs/index.md
index 0c7689a0..90db3241 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -5,8 +5,9 @@
# Prowler Documentation
-Welcome to [Prowler Open Source v3](https://github.com/prowler-cloud/prowler/) Documentation! 📄
-> For **Prowler v2**, you can access [here](https://github.com/prowler-cloud/prowler/tree/2.12.0) to the branch and README.
+**Welcome to [Prowler Open Source v3](https://github.com/prowler-cloud/prowler/) Documentation!** 📄
+
+Please for **Prowler v2 Documentation**, please go [here](https://github.com/prowler-cloud/prowler/tree/2.12.0) to the branch and its README.md.
- You are currently in the **Getting Started** section where you can find general information and requirements to help you start with the tool.
- In the [Tutorials](tutorials/overview) section you will see how to take advantage of all the features in Prowler.
@@ -19,8 +20,15 @@ Welcome to [Prowler Open Source v3](https://github.com/prowler-cloud/prowler/) D
It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
-## Quick Start
+[](https://twitter.com/prowlercloud)
+## About ProwlerPro
+
+
**ProwlerPro** gives you the benefits of Prowler Open Source plus continuous monitoring, faster execution, personalized support, visualization of your data with dashboards, alerts and much more.
+Visit prowler.pro for more info.
+
+
+## Quick Start
### Installation
Prowler is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip:
@@ -45,7 +53,7 @@ The container images are available here:
## High level architecture
-You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell and Cloud9.
+You can run Prowler from your workstation, an EC2 instance, Fargate or any other container, Codebuild, CloudShell, Cloud9 and many more.
## Basic Usage
@@ -58,7 +66,9 @@ prowler
> Running the `prowler` command without options will use your environment variable credentials, see [Requirements](getting-started/requirements/) section to review the credentials settings.
-By default, prowler will generate a CSV and a JSON report, however you could generate an HTML or an JSON-ASFF report with `-M` or `--output-modes`:
+If you miss the former output you can use `--verbose` but Prowler v3 is smoking fast so you won't see much ;)
+
+By default, Prowler will generate a CSV, JSON and HTML reports, however you can generate a JSON-ASFF (used by AWS Security Hub) report with `-M` or `--output-modes`:
```console
prowler -M csv json json-asff html
diff --git a/docs/tutorials/compliance.md b/docs/tutorials/compliance.md
index 0aab357b..1d6819ca 100644
--- a/docs/tutorials/compliance.md
+++ b/docs/tutorials/compliance.md
@@ -1,25 +1,97 @@
# Compliance
-Prowler allows you to execute checks based on different compliance frameworks.
+Prowler allows you to execute checks based on requirements defined in compliance frameworks.
## List Available Compliance Frameworks
In order to see which compliance frameworks are cover by Prowler, you can use option `--list-compliance`:
```sh
-prowler --list-compliance
+prowler --list-compliance
```
Currently, the available frameworks are:
-- cis_1.4_aws
-- cis_1.5_aws
-- ens_rd2022_aws
+- `cis_1.4_aws`
+- `cis_1.5_aws`
+- `ens_rd2022_aws`
## List Requirements of Compliance Frameworks
For each compliance framework, you can use option `--list-compliance-requirements` to list its requirements:
```sh
-prowler --list-compliance-requirements
+prowler --list-compliance-requirements
+```
+
+Example for the first requirements of CIS 1.5 for AWS:
+
+```
+Listing CIS 1.5 AWS Compliance Requirements:
+
+Requirement Id: 1.1
+ - Description: Maintain current contact details
+ - Checks:
+ account_maintain_current_contact_details
+
+Requirement Id: 1.2
+ - Description: Ensure security contact information is registered
+ - Checks:
+ account_security_contact_information_is_registered
+
+Requirement Id: 1.3
+ - Description: Ensure security questions are registered in the AWS account
+ - Checks:
+ account_security_questions_are_registered_in_the_aws_account
+
+Requirement Id: 1.4
+ - Description: Ensure no 'root' user account access key exists
+ - Checks:
+ iam_no_root_access_key
+
+Requirement Id: 1.5
+ - Description: Ensure MFA is enabled for the 'root' user account
+ - Checks:
+ iam_root_mfa_enabled
+
+[redacted]
+
```
## Execute Prowler based on Compliance Frameworks
As we mentioned, Prowler can be execute to analyse you environment based on a specific compliance framework, to do it, you can use option `--compliance`:
```sh
-prowler --compliance
+prowler --compliance
```
+Standard results will be shown and additionally the framework information as the sample below for CIS AWS 1.5. For details a CSV file has been generated as well.
+
+
+
+## Create and contribute adding other Security Frameworks
+
+If you want to create or contribute with your own security frameworks or add public ones to Prowler you need to make sure the checks are available if not you have to create your own. Then create a compliance file per provider like in `prowler/compliance/aws/` and name it as `__.json` then follow the following format to create yours.
+
+Each file version of a framework will have the following structure at high level with the case that each framework needs to be generally identified), one requirement can be also called one control but one requirement can be linked to multiple prowler checks.:
+
+- `Framework`: string. Indistiguish name of the framework, like CIS
+- `Provider`: string. Provider where the framework applies, such as AWS, Azure, OCI,...
+- `Version`: string. Version of the framework itself, like 1.4 for CIS.
+- `Requirements`: array of objects. Include all requirements or controls with the mapping to Prowler.
+- `Requirements_Id`: string. Unique identifier per each requirement in the specific framework
+- `Requirements_Description`: string. Description as in the framework.
+- `Requirements_Attributes`: array of objects. Includes all needed attributes per each requirement, like levels, sections, etc. Whatever helps to create a dedicated report with the result of the findings. Attributes would be taken as closely as possible from the framework's own terminology directly.
+- `Requirements_Checks`: array. Prowler checks that are needed to prove this requirement. It can be one or multiple checks. In case of no automation possible this can be empty.
+
+```
+{
+ "Framework": "-",
+ "Version": "",
+ "Requirements": [
+ {
+ "Id": "",
+ "Description": "Requiemente full description",
+ "Checks": [
+ "Here is the prowler check or checks that is going to be executed"
+ ],
+ "Attributes": [
+ {
+
+ }
+ ]
+ }
+```
+Finally, to have a proper output file for your reports, your framwrork data model has to be created in `prowler/lib/outputs/models.py` and also the CLI table output in `prowler/lib/outputs/compliance.py`.
diff --git a/docs/tutorials/reporting.md b/docs/tutorials/reporting.md
index 3b814344..dce795b4 100644
--- a/docs/tutorials/reporting.md
+++ b/docs/tutorials/reporting.md
@@ -1,6 +1,6 @@
# Reporting
-By default, Prowler will generate a CSV and a JSON report, however you could generate an HTML or an JSON-ASFF report with `-M` or `--output-modes`:
+By default, Prowler will generate a CSV, JSON and a HTML report, however you could generate a JSON-ASFF (used by AWS Security Hub) report with `-M` or `--output-modes`:
```console
prowler -M csv json json-asff html
@@ -73,10 +73,6 @@ Hereunder is the structure for each of the supported report formats by Prowler:
"ResourceArn": "",
"ResourceType": "AwsRdsDbInstance",
"ResourceDetails": "",
- "Tags": {
- "Tag1Key": "value",
- "Tag2Key": "value"
- },
"Description": "Ensure RDS instances have minor version upgrade enabled.",
"Risk": "Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.",
"RelatedUrl": "https://aws.amazon.com/blogs/database/best-practices-for-upgrading-amazon-rds-to-major-and-minor-versions-of-postgresql/",
@@ -93,8 +89,6 @@ Hereunder is the structure for each of the supported report formats by Prowler:
}
},
"Categories": [],
- "DependsOn": [],
- "RelatedTo": [],
"Notes": ""
},{
"AssessmentStartTime": "2022-12-01T14:16:57.354413",
@@ -116,10 +110,6 @@ Hereunder is the structure for each of the supported report formats by Prowler:
"ResourceArn": "",
"ResourceType": "AwsRdsDbInstance",
"ResourceDetails": "",
- "Tags": {
- "Tag1Key": "value",
- "Tag2Key": "value"
- },
"Description": "Ensure RDS instances have minor version upgrade enabled.",
"Risk": "Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.",
"RelatedUrl": "https://aws.amazon.com/blogs/database/best-practices-for-upgrading-amazon-rds-to-major-and-minor-versions-of-postgresql/",
@@ -136,8 +126,6 @@ Hereunder is the structure for each of the supported report formats by Prowler:
}
},
"Categories": [],
- "DependsOn": [],
- "RelatedTo": [],
"Notes": ""
}]
```
diff --git a/mkdocs.yml b/mkdocs.yml
index 7596065c..c1dec1d1 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -47,6 +47,7 @@ nav:
- Contact Us: contact.md
- FAQ: faq.md
- About: about.md
+ - ProwlerPro: https://prowler.pro
# Customization
extra:
consent:
@@ -66,6 +67,8 @@ extra:
link: https://hub.docker.com/r/toniblyx
- icon: fontawesome/brands/twitter
link: https://twitter.com/toniblyx
+ - icon: fontawesome/brands/twitter
+ link: https://twitter.com/prowlercloud
# Copyright
-copyright: Copyright © 2022 Toni de la Fuente, Maintained by the Prowler Team.
+copyright: Copyright © 2022 Toni de la Fuente, Maintained by the Prowler Team at Verica, Inc..