ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-11 07:15:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
995 Commits 1 Branch 0 Tags
92e1f17a8049f7d21b8f0d8ff8542c7d2ebf3ab3
Commit Graph

333 Commits

Author SHA1 Message Date
Marc Jay
92e1f17a80 Adds 'json-asff' and 'securityhub' output modes 
json-asff mode outputs JSON, similar to the standard 'json' mode with one check per line, but in AWS Security Finding Format - used by AWS Security Hub
Currently uses a generic Type, Resources and ProductArn value, but sets the Id to a unique value that includes the details of the message, in order to separate out checks that run against multiple resources and output one result per resource per check. This ensures that findings can be updated, should the resource move in or out of compliance

securityhub mode generates the ASFF JSON and then passes it to an 'aws securityhub batch-import-findings' call, once per resource per check. Output to the screen is similar to the standard mode, but prints whether or not the finding was submitted successfully

Fixes #524
 2020-04-07 16:08:07 +01:00
Toni de la Fuente
b5e1c9002a Improved policy handling on extra716 2020-04-03 17:54:55 +02:00
Toni de la Fuente
afb908f190 Improved policy handling on extra716 2020-04-03 17:54:25 +02:00
Toni de la Fuente
e567ccb828 v2.2.1 with new function and Improved extra779 and extra716 2020-04-02 15:31:43 +02:00
Toni de la Fuente
2e2fe96ff5 Improved extra716 filters and auth check 2020-04-01 21:57:20 +02:00
Toni de la Fuente
2e2e9b85af Merge branch 'master' of https://github.com/toniblyx/prowler 2020-04-01 16:53:04 +02:00
Toni de la Fuente
1ae5d5d725 Added custom ports variable to extra779 2020-04-01 16:52:52 +02:00
Huang Yaming
1419d4887a Ignore imported ACM Certificate in check_extra724 2020-03-27 14:49:52 +08:00
Toni de la Fuente
ba75d89911 Added connection test for port 9300 in both linux and macosx on extra779 2020-03-25 18:20:20 +01:00
Toni de la Fuente
8faf1f45c4 Added connection test for port 9300 in both linux and macosx on extra779 2020-03-25 18:19:41 +01:00
Toni de la Fuente
eae4722499 Updated ES check titles and results 2020-03-25 17:25:38 +01:00
Toni de la Fuente
8c18533752 Updated check titles 2020-03-25 17:18:43 +01:00
Toni de la Fuente
ee82424869 Enhanced extra779 with better authentication test and TEST_ES_AUTHENTICATION disabled 2020-03-25 12:44:10 +01:00
Toni de la Fuente
1615478444 Fixed query on extra779 2020-03-25 09:40:03 +01:00
Toni de la Fuente
568bba4c38 Add Elasticsearch checks issue #521 2020-03-24 23:46:11 +01:00
Toni de la Fuente
e082ef05f0 Merge branch 'patch-2' of https://github.com/lanhhuyet510/prowler into lanhhuyet510-patch-2 2020-03-23 15:09:15 +01:00
Toni de la Fuente
db3ac2361c Merge branch 'master' into checks/find_security_groups_with_wide_open_non_RFC1918_IPv4 2020-03-23 14:48:05 +01:00
Toni de la Fuente
30941c355c Added extra777 - Security Groups with too many rules @renuez 2020-03-23 14:39:23 +01:00
Ngọ Anh Đức
0979f421c3 Update check21 2020-03-09 13:00:43 +07:00
Ngọ Anh Đức
89514a1fa8 Update check21 2020-03-09 12:59:47 +07:00
Ngọ Anh Đức
ba13f25c9e Update check21 2020-03-09 12:57:49 +07:00
Ngọ Anh Đức
53ee538e0f add $PROFILE_OPT to the CLI 2020-03-09 12:57:00 +07:00
Ngọ Anh Đức
3116adf86e Update check21 2020-03-09 12:46:16 +07:00
Ngọ Anh Đức
263926a53b Improve check21 
- Add ISLOGGING_STATUS, INCLUDEMANAGEMENTEVENTS_STATUS, READWRITETYPE_STATUS to check
- Remove ` --no-include-shadow-trails ` from CLI
2.1 Ensure CloudTrail is enabled in all regions (Scored):
Via CLI
1. ` aws cloudtrail describe-trails `
Ensure `IsMultiRegionTrail` is set to true
2. `aws cloudtrail get-trail-status --name <trailname shown in describe-trails>`
Ensure `IsLogging` is set to true
3. `aws cloudtrail get-event-selectors --trail-name <trailname shown in describetrails>`
Ensure there is at least one Event Selector for a Trail with `IncludeManagementEvents` set to
`true` and `ReadWriteType` set to `All`
 2020-03-09 12:44:23 +07:00
Philipp Zeuner
cb5858d08a Updated check_extra778 to use PROFILE_OPT and AWSCLI 2020-03-08 09:56:52 +01:00
Philipp Zeuner
1b2b52e6a7 Fixed check_extra778 reference CHECK_ID 2020-03-08 09:22:11 +01:00
Philipp Zeuner
f5d083f781 Updated check_extra778 to exclude 0.0.0.0/0 edge case 2020-03-08 09:21:17 +01:00
Philipp Zeuner
f585ca54d1 Fixed check_extra788 logic bug related to SECURITY_GROUP and improved check_cidr() isolation 2020-03-08 09:20:05 +01:00
Philipp Zeuner
f149fb7535 Refactored check name to check_extra778 2020-03-08 08:15:20 +01:00
jonjozwiak
8173c20941 Improve performance of check_extra742 by limiting to one AWS CLI call 2020-03-04 16:46:28 +02:00
Toni de la Fuente
c0d8258283 [new check] Check if ECR image scan found vulnerabilities in the newest image version 
[new check] Check if ECR image scan found vulnerabilities in the newest image version
 2020-03-03 23:06:44 +01:00
Toni de la Fuente
4646dbcd0b Updated check_extra776 title 2020-03-03 23:04:09 +01:00
Marcel Beck
db260da8b0 feat: New check for ecr image scan findings 
This will check if there is any ecr image with findings.
 2020-03-03 22:53:26 +01:00
Philipp Zeuner
162ff05e42 Updated check_extra777 to fix CHECK_ALTERNATE variable 2020-03-02 22:53:32 +01:00
Philipp Zeuner
6ea863ac3b Initial commit 2020-03-01 20:26:51 +01:00
Marcel Beck
5257ce6c0b docs: Fix typo 2020-02-28 17:58:10 +01:00
Marcel Beck
c9508c28b3 fix: check119 needs to ignore terminated instances 
Terminated does not seem to have an instance profile. And its not
possible to start a terminated instance again.
 2020-02-25 09:23:55 +01:00
Faraz Angabini
2321655503 fixed check numbers for 774,775 2020-02-22 22:16:59 -08:00
Kasprzykowski
40985212ab check_extra775 added | group7_extras and group11_secrets updated 2020-02-21 09:24:13 -05:00
Kasprzykowski
a1d26b44c3 check_extra999 added and group7_extras updated 2020-02-21 09:05:33 -05:00
Christopher Morrow
4a1d4060ec Check Extra 774 - Fixed bug - was checking account creation time instead of last logon date. 2020-02-20 15:11:13 -08:00
Toni de la Fuente
ca34590da0 Merge branch 'bugfix/check_11_check_access_keys_usage' of https://github.com/bridgecrewio/prowler into bridgecrewio-bugfix/check_11_check_access_keys_usage 2020-02-19 18:14:37 +01:00
Toni de la Fuente
44716cfab2 Merge pull request #486 from bridgecrewio/bugfix/mark_only_available_rds_instances_as_violating 
Filter for only available rds instances
 2020-02-19 18:11:43 +01:00
Toni de la Fuente
1f3aaa8c7b Merge pull request #485 from bridgecrewio/bugfix/es_public_domains_filter_condition 
Add conditions check for extra716
 2020-02-19 18:09:37 +01:00
Toni de la Fuente
6213a7418c Merge pull request #484 from bridgecrewio/bugfix/public_bucket_policy_check_for_conditions 
Add conditions check for extra771
 2020-02-19 18:08:02 +01:00
Toni de la Fuente
bf9ffc0485 Merge pull request #483 from bridgecrewio/bugfix/extra748_check_for_all_ports 
Check extra748 should fail in case of all ports (0-65535) open
 2020-02-19 17:58:17 +01:00
Nimrod Kor
e41e77ed78 Remove unnecessary print 
(cherry picked from commit 72bb29f13cabf5bd85af3c5539a46eacd34538ae)
 2020-02-18 11:58:05 +02:00
Nimrod Kor
a6516e4af8 Check 1.1 - check password access and access key usage 
(cherry picked from commit f62cde1bf1a32138419cc1488392b93816958595)
 2020-02-18 11:36:57 +02:00
Nimrod Kor
4fe575030b Filter for only available rds instances 
(cherry picked from commit 5a7356be3cd137e08161b3dc0d7b8f1b2267c304)
 2020-02-18 10:48:58 +02:00
Nimrod Kor
178a34e40d Add conditions check for extra716 
(cherry picked from commit 2ec6696897a272c7d765cc31e37703a453f57289)
 2020-02-18 10:48:25 +02:00