Prowler

Today we are releasing a new major version of **Prowler** 🎉🥳🎊🍾, the **Version 3** aka _Piece of Mind_.

Take Prowler v3 as our 🎄Christmas gift 🎁 for the Cloud Security Community.

Artwork property of Iron Maiden

_Piece of Mind_ was the fourth studio album of _Iron Maiden_. Its meaning fits perfectly with what we do with Prowler in both senses: being protected and at the same time, this is the software I would have wanted to write when I started Prowler back in 2016 (this is now, more than ever, a piece of my mind). Now this has been possible thanks to [my awesome team at Verica](https://www.verica.io/careers/#block-block_60e6a8194b1e6).

No doubt that 2022 has been a pretty interesting year for us, we launched [ProwlerPro](https://prowler.pro/) and released many minor versions of Prowler. Now enjoy [_Sun and Steel_ ](https://www.youtube.com/watch?v=aOKJIynZlZ0) while you keep reading these release notes.

If you are an _Iron Maiden_ fan as I am, you have noticed the latest minor release of Prowler (2.12) was a song from this very same album, just a clue of what was coming! In _Piece of Mind_ you can find one of the most popular heavy metal songs of all times, The Trooper, which will be a Prowler version to be released during 2023.

Prowler v3 is more than a new version of Prowler, it is a whole new piece of software, we have fully rewritten it in Python and we have made it multi-cloud adding Azure as our second supported Cloud Provider. Prowler v3 is also way faster, being able to scan an entire AWS account across all regions 37 times faster than before, yes! you read it correctly, what before took hours now it takes literally few minutes or even seconds.

[Toni de la Fuente](https://blyx.com/contacto/).

New documentation site:

We are also releasing today our brand new documentation site for Prowler at [https://docs.prowler.cloud](https://docs.prowler.cloud) and it is also stored in the `docs` folder in the repo.

What's Changed:

Here is a list of the most important changes in Prowler v3:
- 🐍 **Python**: we got rid of all bash and it is now all in Python. `pip install prowler` then run `prowler` that’s all.
- 🚀 **Faster**: huge performance improvements.
Scanning the same account takes from 2.5 hours to 4 minutes.
- 💻 **Developers and Community**: we have made it easier to contribute with new checks and new compliance frameworks. We also included unit tests and native logging features. And now the CLI supports long arguments and options.
- ☁️ **Multi-cloud**: in addition to AWS, we have added Azure.
- ✅ **Checks and Groups**: all checks are now more comprehensive and we provide resolution actions in most of them. Their ID is no longer tight to CIS but they are self-explanatory. Groups now are dynamically generated based on checks metadata like services, categories, severity and more).
- ⚖️ **Compliance**: we are including full support for **CIS 1.4**, **CIS 1.5** and the **new Spanish ENS** in this release, more to come soon! Compliance also has its own output file with their own metadata and to create your own is easier than ever before making more comprehensive reports.
- 🧩 **Compatibility with v2**: most of the options are the same in this version in order to support backward compatibility however some options like assume role or AWS Organizations query are now different and easier to use.
- 🔄 **Consolidated output formats**: now both CSV and JSON reports come with the same attributes and compared to v2, they come with more than 40 values per finding. HTML, CSV and JSON are created every time you run `prowler`.
- 📊 **Quick Inventory**: introduced in v2, we have fine tuned the Quick Inventory feature and now you can get a list of all resources in your AWS accounts within seconds.

Prowler new default overview:

Prowler updated HTML report:

Prowler compliance overview:

Prowler list of Azure checks:

What is coming next?
- **More Cloud Providers and more checks**: in addition to keep adding new checks to AWS and Azure, we plan to include GCP and OCI soon, let us know if you want to contribute!
- **XML-JUNIT support**: we didn’t add that to v3, if you miss it, let us know in https://github.com/prowler-cloud/prowler/discussions
- **Compliance**: we will add more compliance frameworks to have as many as in Prowler v2, we appreciate help though!
- **Tags based audit**: you will be able to scan only those resources with specific tags.

New Contributors
In addition to the Prowler rock stars jfagoagas n4ch04 sergargar we have a couple of new contributors in this release:
* StylusFrost made their first contribution in https://github.com/prowler-cloud/prowler/pull/1350
* alexr3y made their first contribution in https://github.com/prowler-cloud/prowler/pull/1502

For more information and a detailed list of changes see below:
**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/2.10.0...3.0.0

Fixes
* fix(extra7195): Update title by Fennerr in https://github.com/prowler-cloud/prowler/pull/1440
* fix(extra71): Modified wrong remediation by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1445
* fix(README): include more details about db connector by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1507
* fix(extra723): corrected some typos for check_extra723 by kagahd in https://github.com/prowler-cloud/prowler/pull/1511
* fix(CloudTrail): Fix CloudTrail trail S3 logging public bucket false positive result when trail bucket doesn't exist by acknosyn in https://github.com/prowler-cloud/prowler/pull/1505

New Contributors
* Fennerr made their first contribution in https://github.com/prowler-cloud/prowler/pull/1440

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/2.12.0...2.12.1

[_It's snowing outside, the rumbling sound
Of engines roar in the night
The mission is near, the confident men
Are waiting to drop from the sky_](
https://www.youtube.com/watch?v=NGqbJiq675s )

_Where Eagles Dare_ is the song that opens the _Piece of Mind_ album of Iron Maiden, released back in 1983, the first one with Nicko McBrain as drummer after Clive Burr left the band, note his first seconds on this piece, it is like Nicko saying "here I go!". This song relates the adventure of a team of soldiers raiding a castle in Germany during the WWII, that is related in the movie with the same name starred by Clint Eastwood and Richard Burton.

For all of you that have contributed to this version (see list below), thank you ❤️!!! And reach out to me on Twitter (toniblyx - DMs are open) if you want some laptop stickers.

🔥Important changes in this version (read this!)🔥:

New checks:

[_And if you're taking a walk through the garden of life
What do you think you'd expect you would see?
Just like a mirror reflecting the moves of your life
And in the river reflections of me_](
https://www.youtube.com/watch?v=7KV56kwxiHg )

Steve Harris, founder and bass guitar of Iron Maiden 🤘🏽 wrote this song when he lost his father, lyrics and music is beautiful. This release is for those that always look forward and only look back to be thankful and learn. Also this song and version is to thanks my Prowler brothers jfagoagas, n4ch04, sergargar and drewkerrigan, they are working as beasts every day to make this piece of software better and building something awesome with Prowler underneath called Prowler Pro.

For all of you that have contributed to this version (see list below), thank you ❤️!!! And reach out to me on Twitter (toniblyx - DMs are open) if you want some laptop stickers.

🔥Important changes in this version (read this!):

- 14 New checks covering Directory Service, IAM, S3, Workspaces, AppStream and ECR:

_Fly on your way, like an eagle
Fly as high as the sun
On your way, like an eagle
Fly, touch the sun_

_Flight of Icarus_ is a song of Iron Maiden released in 1983 as part of their Piece of Mind album. There are some amazing guitar solos in this song and it is so good, watch the video and enjoy it like this new version here:
https://www.youtube.com/watch?v=p4w2BZXL6Ss:

> Image copyright by Iron Maiden

Important changes in this version (read this!):

* Now you can manage the Allow list feature using DynamoDB instead of just a text plain file.
* 7 new checks available for CodeBuild, EMR and Lambda:

In 1982, Iron Maiden released _The Number of the Beast_, their third studio album and the first with Bruce Dickinson as their lead vocalist. The song _Run to the Hills_ gives me very good memories, as the time we are living will do the same in the future. That song is one of the greatest metal songs in music history. Enjoy it as we do while releasing this new version of Prowler!
https://www.youtube.com/watch?v=86URGgqONvA

> Image copyright by Iron Maiden


Important changes in this version (read this!):
Now, if you want to use your allowlist or custom checks you can retrieve it from a S3 Bucket using `-w` option along with a S3 URI like `s3://bucket/prefix/allowlist_sample.txt`

Also, we have enriched some IAM checks to provide more information about resources when the check status is PASS.

New Features
* New Extra Check - Detect SGs created by the EC2 Launch Wizard by sectoramen in https://github.com/prowler-cloud/prowler/pull/1081
* Support S3 URIs for custom checks paths by sergargar in https://github.com/prowler-cloud/prowler/pull/1090
* Support S3 URIs for allowlist file by sergargar in https://github.com/prowler-cloud/prowler/pull/1090

Enhancements
* Update example code for terraform-quickstart by spazm in https://github.com/prowler-cloud/prowler/pull/1086
* Replace comma from csv input info to prevent breaking `csv` format by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1102
* IAM check116 and check122 now logs more detailed information with PASS results by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1107

Fixes
* Fix(secrets_library): Verify if detect-secrets library is missing by sergargar in https://github.com/prowler-cloud/prowler/pull/1080
* Fix(extra729,extra740): Typo by mourackb in https://github.com/prowler-cloud/prowler/pull/1083
* Fix(extra736): Missing $PROFILE_OPT by soffensive in https://github.com/prowler-cloud/prowler/pull/1084
* Fix(extra792): TLS1.3 policies added as secure and TLS1.1/1.0 as insecure by sergargar in https://github.com/prowler-cloud/prowler/pull/1091
* Fix(extra7172): IllegalLocationConstraintException properly handled by sergargar in https://github.com/prowler-cloud/prowler/pull/1093
* Fix(extra764): NoSuchBucket error properly handled by sergargar in https://github.com/prowler-cloud/prowler/pull/1094
* Fix(extra764): Deleted temporary file references by n4ch04 in https://github.com/prowler-cloud/prowler/pull/1089
* Fix(extra7147): Handle unsupported AWS regions for Glacier by jfagoagas in https://github.com/prowler-cloud/prowler/pull/1101
* Fix(extra79): Typo publiccly -> publicly by carterjones in https://github.com/prowler-cloud/prowler/pull/1106
* Fix(extra75): Empty array check in SECURITYGROUPS object by nealalan in https://github.com/prowler-cloud/prowler/pull/1099

New Contributors
* mourackb made their first contribution in https://github.com/prowler-cloud/prowler/pull/1083
* spazm made their first contribution in https://github.com/prowler-cloud/prowler/pull/1086
* nealalan made their first contribution in https://github.com/prowler-cloud/prowler/pull/1099
* carterjones made their first contribution in https://github.com/prowler-cloud/prowler/pull/1106

**Full Changelog**: https://github.com/prowler-cloud/prowler/compare/2.8.1...2.9.0