_You'll take my life, but I'll take yours too
You'll fire your musket, but I'll run you through
So when you're waiting for the next attack
You'd better stand, there's no turning back_
When I started Prowler almost eight years ago, I thought about calling it The Trooper (`thetrooper` as in the command line sounds good but I thought `prowler` was even better). I can say today, with no doubt that this version 4.0 of Prowler, The Trooper, is by far the software that I always wanted to release. Now, as a company, with a whole team dedicated to Prowler (Open Source and SaaS), this is even more exciting. With standard support for AWS, Azure, GCP and also Kubernetes, with all new features, this is the beginning of a new era where Open Cloud Security makes an step forward and we say: hey WE ARE HERE FOR REAL and _when you're waiting for the next attack, you'd better stand, there's no turning back_
Enjoy Prowler - The Trooooooooper! π€π½π₯ [song](https://www.youtube.com/watch?v=t24ij5kI2cg)!
Breaking Changes
- Allowlist now is called Mutelist
- Deprecate the AWS flag `--sts-endpoint-region` since we use AWS STS regional tokens.
- The `--quiet` option has been deprecated, now use the `--status` flag to select the finding's status you want to get from `PASS`, `FAIL` or `MANUAL`.
- To send only FAILS to AWS Security Hub, now use either `--send-sh-only-fails` or `--security-hub --status FAIL`
- All `INFO` finding's status has changed `MANUAL`.
We have deprecated some of our outputs formats:
- The HTML is replaced for the new Prowler Dashboard (`prowler dashboard`)
- The JSON is replaced for the JSON OCSF v1.1.0
New features to highlight in this version
**Dashboard**
- Prowler has local dashboard to play with gathered data easier. Run `prowler dashboard` and enjoy overview data and compliance.
ποΈ **New Kubernetes provider**
- Prowler has a new Kubernetes provider to improve the security posture of your clusters! Try it now with `prowler kubernetes --kubeconfig-file <kube.yaml>`
- CIS Benchmark 1.8 for K8s is included.
π **Compliance**
- All compliance frameworks are executed by default and stored in a new location: `output/compliance`
**AWS**
- The AWS provider execution by default does not scan unused services, you can enable it with `--scan-unused-services`.
- 2 new checks to detect possible threads, try it now with `prowler aws --category threat-detection` for Enumeration and Privilege Escalation type of activities.
πΊοΈ **Azure**
- All Azure findings includes the location!
- CIS Benchmark for Azure 2.0 and 2.1 is included.
π **Mutelist**
- The renamed mutelist feature is available for all the providers.
- In AWS a default allowlist is included in the execution.
π **Outputs**
- Prowler now the outputs in a common format for all the providers.
- The only JSON output now follows the [OCSF Schema](https://schema.ocsf.io/) v1.1.0
π» **Providers**
- We have unified the way of including new providers for easier development and to add new ones.
π¨ **Fixer**
- We have included a new argument `--fix` to allow you to remediate findings. You can list all the available fixers with `prowler aws --list-fixers`
Features
* feat(mute list): change allowlist to mute list by sergargar in https://github.com/prowler-cloud/prowler/pull/3039
* feat(CloudProvider): introduce global provider Azure&GCP by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3069
* feat(compliance): execute all compliance by default by sergargar in https://github.com/prowler-cloud/prowler/pull/3003
* feat(kubernetes): add Kubernetes provider by sergargar in https://github.com/prowler-cloud/prowler/pull/3226
* feat(status): add --status flag by sergargar in https://github.com/prowler-cloud/prowler/pull/3238
* feat(AwsProvider): include new structure for AWS provider by n4ch04 in https://github.com/prowler-cloud/prowler/pull/3252
* feat(kubernetes): add etcd, controllermanager and rbac services by sergargar in https://github.com/prowler-cloud/prowler/pull/3261
* feat(apiserver): new 9 Kubernetes ApiServer checks by sergargar in https://github.com/prowler-cloud/prowler/pull/3288
* feat(apiserver): new 10 Kubernetes ApiServer checks by sergargar in https://github.com/prowler-cloud/prowler/pull/3289
* feat(apiserver): new 10 Kubernetes ApiServer checks by sergargar in https://github.com/prowler-cloud/prowler/pull/3290
* feat(controllermanager): add checks for Kubernetes Controller Manager by sergargar in https://github.com/prowler-cloud/prowler/pull/3291
* feat(etcd): add checks for Kubernetes etcd by sergargar in https://github.com/prowler-cloud/prowler/pull/3294
* feat(kubelet): add 10 checks of Kubernetes Kubelet service by sergargar in https://github.com/prowler-cloud/prowler/pull/3302
* feat(rbac): add 9 checks of Kubernetes RBAC service by sergargar in https://github.com/prowler-cloud/prowler/pull/3314
* feat(core): add 13 checks of Kubernetes Core service by sergargar in https://github.com/prowler-cloud/prowler/pull/3315
* feat(kubelet): add 6 checks of Kubelet configuration files on the worker nodes by sergargar in https://github.com/prowler-cloud/prowler/pull/3335
* feat(namespace): add `--namespaces` argument and solve bugs by sergargar in https://github.com/prowler-cloud/prowler/pull/3431
* feat(mutelist): add Mute List for all providers by sergargar in https://github.com/prowler-cloud/prowler/pull/3548
* feat(azure): locations added to Azure findings by Hugo966 in https://github.com/prowler-cloud/prowler/pull/3596
* feat(compliance): Add CIS 1.8 framework for Kubernetes by pedrooot in https://github.com/prowler-cloud/prowler/pull/3600
* feat(cloudtrail): add threat detection checks for AWS (enum and priv escalation) by sergargar in https://github.com/prowler-cloud/prowler/pull/3602
* feat(fixer): add Prowler Fixer feature! by sergargar in https://github.com/prowler-cloud/prowler/pull/3634
* feat(dashboards): add new Prowler dashboards by pedrooot in https://github.com/prowler-cloud/prowler/pull/3575
Documentation
* docs(kubernetes): add Kubernetes documentation by sergargar in https://github.com/prowler-cloud/prowler/pull/3482
* chore(readme): update k8s cis by sergargar in https://github.com/prowler-cloud/prowler/pull/3640
Fixes
* fix(gcp): fix error in generating compliance by sergargar in https://github.com/prowler-cloud/prowler/pull/3201
* fix(kubernetes): improve in-cluster execution by sergargar in https://github.com/prowler-cloud/prowler/pull/3397
* fix(shodan): Make it available for all the providers by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3500
* fix(azure): use subscriptions in get_locations by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3541
* fix(compliance): fix csv output for framework Mitre Attack by pedrooot in https://github.com/prowler-cloud/prowler/pull/3574
* fix(quickinventory): Adapt for the new AWS provider class by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3569
* fix(mapping): handle None attributes in data by sergargar in https://github.com/prowler-cloud/prowler/pull/3588
* fix(securityhub): Add validation and handle errors by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3590
* fix(providers): import modules also from outside of directory by sergargar in https://github.com/prowler-cloud/prowler/pull/3595
Chores
* chore(sts-endpoint): deprecate `--sts-endpoint-region` by sergargar in https://github.com/prowler-cloud/prowler/pull/3046
* chore(manual status): change INFO to MANUAL status by sergargar in https://github.com/prowler-cloud/prowler/pull/3254
* chore(tests): add kubernetes provider tests by sergargar in https://github.com/prowler-cloud/prowler/pull/3265
* chore(aws): Remove old provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3468
* chore(kubernetes): add strong ciphers config vars by sergargar in https://github.com/prowler-cloud/prowler/pull/3470
* chore(kubernetes): enhance checks metadata by sergargar in https://github.com/prowler-cloud/prowler/pull/3469
* chore(azure): working version executing checks by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3472
* chore(gcp): working version executing checks by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3474
* chore(kubernetes): Working provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3475
* chore(aws): Simplify provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3481
* chore(aws): Working outputs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3488
* chore(k8s): Working outputs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3489
* chore(gcp): working outputs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3490
* chore(azure): working outputs by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3491
* chore(providers): Store output options and mutelist by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3497
* chore(kubernetes): add outputs fields by sergargar in https://github.com/prowler-cloud/prowler/pull/3499
* chore(config): Store in provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3498
* chore(html): deprecate output by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3501
* chore(compliance): solve compliance issues by sergargar in https://github.com/prowler-cloud/prowler/pull/3507
* chore(csv): Common output for all the providers by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3513
* chore(json): deprecate native json by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3514
* chore(aws): Replace audit_info for provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3521
* chore(ocsf): add OCSF 1.1 and organize code by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3517
* chore(mutelist): enforce for all providers by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3554
* chore(audit_info): Replace for provider and add tests by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3542
* chore(main): remove getattr for mutelist by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3564
* chore(slack): fix integration with provider by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3565
* chore(unused services): scan unused services by default and add flag by sergargar in https://github.com/prowler-cloud/prowler/pull/3556
* chore(muted): handle new Muted status by sergargar in https://github.com/prowler-cloud/prowler/pull/3570
* chore(report): improve shown report in UI by sergargar in https://github.com/prowler-cloud/prowler/pull/3587
* chore(args): sanitize arguments by sergargar in https://github.com/prowler-cloud/prowler/pull/3611
* chore(ulimit): handle low ulimit value on shell session for POSIX if max open files is below 4096 by sergargar in https://github.com/prowler-cloud/prowler/pull/3601
* chore(categories): Add threat detection checks in the loader by jfagoagas in https://github.com/prowler-cloud/prowler/pull/3622
* chore(slogan): update Prowler slogan by sergargar in https://github.com/prowler-cloud/prowler/pull/3619
* chore(args): add plural severity argument by sergargar in https://github.com/prowler-cloud/prowler/pull/3636
* chore(compliance): only execute all compliances in normal execution by sergargar in https://github.com/prowler-cloud/prowler/pull/3635
**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/3.16.0...4.0.0