Prowler-cloud

_The Ides of March_ is an instrumental song that opens the second studio album of Iron Maiden called Killers. This song is great as an opening, March is the month when spring starts in my side of the world, is always time for optimism. Ides of March also means 15 of March in the Roman calendar (and the day of the [assassination of Julius Caesar](https://en.wikipedia.org/wiki/Assassination_of_Julius_Caesar)). Enjoy the song [here](https://www.youtube.com/watch?v=D33DxLn4XII).

We have put our best to make this release and with important help of the Prowler community of cloud security engineers around the world, thank you all! Special thanks to the Prowler full time engineers jfagoagas, n4ch04 and sergargar! (and Bruce, my dog) ❤️


Important changes in this version (read this!):

Now, if you have AWS Organizations and are scanning multiple accounts using the assume role functionality, Prowler can get your account details like Account Name, Email, ARN, Organization ID and Tags and add them to CSV and JSON output formats. More information and usage [here](https://github.com/prowler-cloud/prowler#get-aws-account-details-from-your-aws-organization).

New Features

* 1 New check for S3 buckets have ACLs enabled by jeffmaley in https://github.com/prowler-cloud/prowler/pull/1023 :

This release name is in honor of [Brave New World](https://www.youtube.com/watch?v=6Inyg70V-QI), a great song of 🔥Iron Maiden🔥 from their Brave New World album. Dedicated to all of you looking forward to having the world we had before COVID... We hope is not hitting you bad. Enjoy!

Important changes in this version (read this!):
- As you can see, Prowler is now in a new organization called [https://github.com/prowler-cloud/](https://github.com/prowler-cloud/).
- When Prowler doesn't have permissions to check a resources or service it gives an **INFO** instead of **FAIL**. We have improved all checks error handling in those use cases when the CLI responds with a **AccessDenied**, **UnauthorizedOperation** or **AuthorizationError**.
- From this version, `master` branch will be the latest available code and we will keep the stable code as each release, if you are installing or deploying Prowler using `git clone` to master take that into account and use the latest release instead, i.e.: `git clone --branch 2.7 https://github.com/prowler-cloud/prowler` or `curl https://github.com/toniblyx/prowler/archive/refs/tags/2.7.0.tar.gz -o prowler-2.7.0.tar.gz`
- For known issues please see https://github.com/prowler-cloud/prowler/issues the ones open with `bug` as a red tag.
- Discussions is now open in the Prowler repo https://github.com/prowler-cloud/prowler/discussions, feel free to use it if that works for you better than the current [Discord server](https://discord.gg/UjSMCVnxSB).
- 11 new checks!! Thanks to michael-dickinson-sainsburys, jonloza, rustic, Obiakara, Daniel-Peladeau, maisenhe, 7thseraph and tekdj7. Now there have a total of 218 checks. See below for details.
- An issue with Security Hub integration when resolving closed findings are either a lot of new findings, or a lot of resolved findings is now working as expected thanks to Kirizan
- When credential are in environment variable it failed to review, that was fixed by lazize
- See below new features and more details for this version.

New Features

- 11 New checks for Redshift, EFS, CloudWatch, Secrets Manager, DynamoDB and Shield Advanced:

What's Changed

* e4edb5e - Enhancement IAM assumed role session duration error handling by jfagoagas
* 3e78f01 - Fix Terraform Kickstarter path in README by z0ph
* cee6437 - Fix issue 926 resource id and remediation typo
* b251f31 - Fix issue 925 replace sensible by sensitive in multiple checks
* 50de9f2 - Fix output for checks check3x when no CW group is in place
* a6ba580 - Fix severity case variable

New Contributors
* z0ph made their first contribution in https://github.com/toniblyx/prowler/pull/927
* Thanks fredski-github for reporting bugs.

**Full Changelog**: https://github.com/toniblyx/prowler/compare/2.6.0...2.6.1

Prowler 2.6.0 - Phantom

This release name is in honor to [Phantom of the Opera](https://www.youtube.com/watch?v=3tEkx8wl5Yk), one of my favorite songs and a master piece of 🔥Iron Maiden🔥. It starts by _"I've been lookin' so long for you now"_ like looking for security issues, isn't it? 🤘🏼 [Enjoy it here while reading the rest of this note](https://www.youtube.com/watch?v=MjAQSlTVcYI).

Important changes in this version:
- CIS level parameter (ITEM_LEVEL) has been reverted to the csv, json and html outputs (it was removed in 2.5), CIS Scored is not added since it is not relevant in the global Prowler reports. dd398a9
- Security Hub integration has been fixed due to a conflict with duplicated findings in the management account by xeroxnir
- 12 New checks!! Thanks to kbgoll05, qumei, georgie969, ShubhamShah11, jarrettandrulis, dsensibaugh, ShubhamShah11, ManuelUgarte, tekdj7: Now there are a total of 207. See below for details.
- Known issues, please review https://github.com/toniblyx/prowler/issues?q=is%3Aissue+is%3Aopen+label%3Abug.
- Now there is a Discord server for Prowler available, check it out in README.md.
- There is a maintained Docker Hub repo for Prowler and AWS ECR public repo as well. See badges in README.md for details.
- See below new features for more details of new cool stuff in this version.

New Features:
- 12 New checks for efs, redshift, elb, dynamodb, route53, cloiudformation, elb and apigateway:

Prowler 2.5.0 - Senjutsu


This new version was planned to celebrate [AWS re:Inforce that would have taken place on August 24th and 25th but has been cancelled](https://reinforce.awsevents.com/) and the new studio album of [Iron Maiden (Senjutsu)](https://en.wikipedia.org/wiki/Senjutsu_(album)) to be released on September 3rd 2021. In any case, enjoy this new version. More cool stuff coming soon!

Prowler would have been present in the re:Inforce 2021 conference with a pretty expected workshop called **"Building Prowler into a QuickSight powered AWS security dashboard"**. Templates and workshop link to be public soon. For updates follow me on Twitter: https://twitter.com/ToniBlyx.


As Prowler keeps growing in user base and downloads (averages 1400 clones/day), there are more contributions and I want to thank you all for your feedback and code. Please keep contributing to make the Internet more secure.

New Features:

**Please read carefully this new features and changes (for CSV output and also to improve the data in json ASFF for Security Hub integration) if you have integrations using CSV, it may affect you.**

- New CSV headers, added PROWLER_START_TIME:
`PROFILE{SEP}ACCOUNT_NUM,REGION,TITLE_ID,CHECK_RESULT,ITEM_SCORED,ITEM_LEVEL,TITLE_TEXT,CHECK_RESULT_EXTENDED,CHECK_ASFF_COMPLIANCE_TYPE,CHECK_SEVERITY,CHECK_SERVICENAME,CHECK_ASFF_RESOURCE_TYPE,CHECK_ASFF_TYPE,CHECK_RISK,CHECK_REMEDIATION,CHECK_DOC,CHECK_CAF_EPIC,CHECK_RESOURCE_ID,PROWLER_START_TIME`.
- 14 New checks (jfagoagas, nayabpatel, Outrun207 and pablopagani):

Fixes
Fixed Security Hub integration error resource type is always empty 776
Fixed credential renewal broke on Alpine Linux 775
Fixed check extra747 grammar 774