How to setup a Cloud scan using Prowler?

Background

Prowler is a tool which carries out more than 200 checks covering security best practices according to the CIS Amazon Web Services Foundations benchmarks for several groups. Prowler has been integrated with strobes and support for several groups has been provided. One or a few or all of these groups can be selected. The scan will be performed accordingly and the results will get populated within the strobes platform for convenient access. The groups supported are as follows:

1. API Gateway security checks
2. CIS Level 1 - CIS only
3. CIS Level 2 - CIS only
4. Elasticsearch related security checks
5. Extras - all non CIS specific checks
6. Find cross-account trust boundaries
7. Forensic readiness
8. GDPR readiness
9. HIPPA Compliance
10. Identity and Access Management - CIS only
11. Logging - CIS only
12. Look for keys secrets or passwords around resources
13. Monitoring - CIS only
14. Networking - CIS only

Once the scan is done and the issues have been populated within strobes for the asset which you have selected, they can then be directly exported as a report which can be used for compliance (like HIPPA).

Strobes also allows scans to be done for specific checks which you want to perform.

As will all other connectors, Strobes provides the functionality to scheduled a prowler scan to be run on a Daily, Weekly or Monthly frequency. It is also possible to run scans on demand.

Strobes does not provide the option to scan for all the regions at the same time. You can only select one region per configured scan. 

Usage Flow Instructions

• In order to run a Prowler scan using Strobes, you need to add your AWS credentials under the Credential manager. More on how to use the Credential Manager here.
  
  
• Once you have added your AWS credentials, navigate to 'Connectors' and select 'Cloud Scanners'. Under that choose 'Prowler AWS Configuration Review'.
  
  
  
  
• Enter a 'Configuration Name', select your 'Baseline' and click on Next.
  
  
• In Step 2 there are four mandatory fields which you have to enter which are as follows: 
  • The AWS credentials. Once you have added your AWS credentials to the Strobes Credential manager, this field will give you a drop down of list of AWS credentials from which you will have to choose one.
  • Under Assets, you will be provided a drop down of all the Assets which you have added to your organization. You will have to choose one asset against which the results of the scan will get populated (This asset type has to be a cloud asset or else the configuration will not be successful).
  • Agents.
  • The AWS Region.
    
    
    
    
• Apart from the above mentioned fields, you can also choose the checks or the groups for which you want the scans to be done, which have been explained in the Background.
  
  
• Now you can schedule the frequency at which you want to run the configured scan.
  
  
• In Step 3, you have the option to send the vulnerabilities identified to various Tracking & Notification tools, which you can configure for your organization.
  
  
  
  
• Click on 'Submit' and the configuration will be created for you.
• If you want to initiate the scan independent from the schedule which you have configured, you can click on 'New Scan' and the scan will get initiated.
  
  
• Once the scan is done the identified vulnerabilities will get populated in the Vulnerability Management Page.