Skip to content

Commit

Permalink
feat(prowler-check-kreator): ProwlerChecKreator first version (#5099)
Browse files Browse the repository at this point in the history 
Co-authored-by: Sergio <[email protected]>
  • Loading branch information
@puchy22 @MrCloudSec
puchy22 and MrCloudSec authored Nov 12, 2024
1 parent 9d65b49 commit b8b60e6
Show file tree
Hide file tree
Showing 9 changed files with 958 additions and 0 deletions.
36 changes: 36 additions & 0 deletions docs/tutorials/prowler-check-kreator.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@

# Prowler Check Kreator

???+ note
Currently, this tool is only available for creating checks for the AWS provider.

**Prowler Check Kreator** is a utility designed to streamline the creation of new checks for Prowler. This tool generates all necessary files required to add a new check to the Prowler repository. Specifically, it creates:

- A dedicated folder for the check.
- The main check script.
- A metadata file with essential details.
- A folder and file structure for testing the check.

## Usage

To use the tool, execute the main script with the following command:

```bash
python util/prowler_check_kreator/prowler_check_kreator.py <prowler_provider> <check_name>
```
Parameters:

- `<prowler_provider>`: Currently only AWS is supported.
- `<check_name>`: The name you wish to assign to the new check.

## AI integration

This tool optionally integrates AI to assist in generating the check code and metadata file content. When AI assistance is chosen, the tool uses [Gemini](https://gemini.google.com/) to produce preliminary code and metadata.

???+ note
For this feature to work, you must have the library `google-generativeai` installed in your Python environment.

???+ warning
AI-generated code and metadata might contain errors or require adjustments to align with specific Prowler requirements. Carefully review all AI-generated content before committing.

To enable AI assistance, simply confirm when prompted by the tool. Additionally, ensure that the `GEMINI_API_KEY` environment variable is set with a valid Gemini API key. For instructions on obtaining your API key, refer to the [Gemini documentation](https://ai.google.dev/gemini-api/docs/api-key).
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ nav:
- Pentesting: tutorials/pentesting.md
- Parallel Execution: tutorials/parallel-execution.md
- Developer Guide: developer-guide/introduction.md
- Prowler Check Kreator: tutorials/prowler-check-kreator.md
- AWS:
- Authentication: tutorials/aws/authentication.md
- Assume Role: tutorials/aws/role-assumption.md
Expand Down
Empty file added util/__init__.py
View file
Empty file.
Empty file added util/prowler_check_kreator/__init__.py
View file
Empty file.
Empty file added util/prowler_check_kreator/lib/llms/__init__.py
View file
Empty file.
239 changes: 239 additions & 0 deletions util/prowler_check_kreator/lib/llms/gemini.py
View file

Large diffs are not rendered by default.

246 changes: 246 additions & 0 deletions util/prowler_check_kreator/lib/metadata_types.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,246 @@
def get_metadata_valid_check_type(provider: str = "aws") -> list:
"""Get the valid check types for the provider
Args:
provider: The Prowler provider.
Returns:
A list of valid check types for the given provider.
"""
check_types = []

if provider == "aws":
check_types = [
{
"namespace": "Software and Configuration Checks",
"children": [
{
"category": "Vulnerabilities",
"children": [{"classifier": "CVE"}],
},
{
"category": "AWS Security Best Practices",
"children": [
{"classifier": "Network Reachability"},
{"classifier": "Runtime Behavior Analysis"},
],
},
{
"category": "Industry and Regulatory Standards",
"children": [
{"classifier": "AWS Foundational Security Best Practices"},
{"classifier": "CIS Host Hardening Benchmarks"},
{"classifier": "CIS AWS Foundations Benchmark"},
{"classifier": "PCI-DSS"},
{"classifier": "Cloud Security Alliance Controls"},
{"classifier": "ISO 90001 Controls"},
{"classifier": "ISO 27001 Controls"},
{"classifier": "ISO 27017 Controls"},
{"classifier": "ISO 27018 Controls"},
{"classifier": "SOC 1"},
{"classifier": "SOC 2"},
{"classifier": "HIPAA Controls (USA)"},
{"classifier": "NIST 800-53 Controls (USA)"},
{"classifier": "NIST CSF Controls (USA)"},
{"classifier": "IRAP Controls (Australia)"},
{"classifier": "K-ISMS Controls (Korea)"},
{"classifier": "MTCS Controls (Singapore)"},
{"classifier": "FISC Controls (Japan)"},
{"classifier": "My Number Act Controls (Japan)"},
{"classifier": "ENS Controls (Spain)"},
{"classifier": "Cyber Essentials Plus Controls (UK)"},
{"classifier": "G-Cloud Controls (UK)"},
{"classifier": "C5 Controls (Germany)"},
{"classifier": "IT-Grundschutz Controls (Germany)"},
{"classifier": "GDPR Controls (Europe)"},
{"classifier": "TISAX Controls (Europe)"},
],
},
{"category": "Patch Management"},
],
},
{
"namespace": "TTPs",
"children": [
{"category": "Initial Access"},
{"category": "Execution"},
{"category": "Persistence"},
{"category": "Privilege Escalation"},
{"category": "Defense Evasion"},
{"category": "Credential Access"},
{"category": "Discovery"},
{"category": "Lateral Movement"},
{"category": "Collection"},
{"category": "Command and Control"},
],
},
{
"namespace": "Effects",
"children": [
{"category": "Data Exposure"},
{"category": "Data Exfiltration"},
{"category": "Data Destruction"},
{"category": "Denial of Service"},
{"category": "Resource Consumption"},
],
},
{
"namespace": "Unusual Behaviors",
"children": [
{"category": "Application"},
{"category": "Network Flow"},
{"category": "IP address"},
{"category": "User"},
{"category": "VM"},
{"category": "Container"},
{"category": "Serverless"},
{"category": "Process"},
{"category": "Database"},
{"category": "Data"},
],
},
{
"namespace": "Sensitive Data Identifications",
"children": [
{"category": "PII"},
{"category": "Passwords"},
{"category": "Legal"},
{"category": "Financial"},
{"category": "Security"},
{"category": "Business"},
],
},
]

return check_types


def get_metadata_valid_resource_type(provider: str = "aws") -> set:
"""Get the valid resource types for the provider
Args:
provider: The Prowler provider.
Returns:
A set of valid resource types for the given provider.
"""
valid_resource_types = set()

if provider == "aws":
valid_resource_types = {
"AwsIamAccessKey",
"AwsElbLoadBalancer",
"AwsRedshiftCluster",
"AwsEventsEndpoint",
"AwsElbv2LoadBalancer",
"AwsAutoScalingLaunchConfiguration",
"AwsWafv2RuleGroup",
"AwsWafRegionalRule",
"AwsCloudFrontDistribution",
"AwsWafRegionalWebAcl",
"AwsWafRateBasedRule",
"AwsCertificateManagerCertificate",
"AwsKmsKey",
"AwsDmsEndpoint",
"AwsLambdaLayerVersion",
"AwsIamRole",
"AwsElasticBeanstalkEnvironment",
"AwsBackupBackupPlan",
"AwsEc2ClientVpnEndpoint",
"AwsEcrContainerImage",
"AwsSqsQueue",
"AwsIamGroup",
"AwsOpenSearchServiceDomain",
"AwsApiGatewayV2Api",
"AwsCloudTrailTrail",
"AwsWafWebAcl",
"AwsEc2Subnet",
"AwsEc2VpcPeeringConnection",
"AwsEc2VpcEndpointService",
"AwsCodeBuildProject",
"AwsLambdaFunction",
"AwsNetworkFirewallRuleGroup",
"AwsDmsReplicationInstance",
"AwsRdsEventSubscription",
"AwsCloudWatchAlarm",
"AwsS3AccountPublicAccessBlock",
"AwsWafRegionalRateBasedRule",
"AwsRdsDbInstance",
"AwsEksCluster",
"AwsXrayEncryptionConfig",
"AwsWafv2WebAcl",
"AwsWafRuleGroup",
"AwsBackupBackupVault",
"AwsKinesisStream",
"AwsNetworkFirewallFirewallPolicy",
"AwsEc2NetworkInterface",
"AwsEcsTaskDefinition",
"AwsMskCluster",
"AwsApiGatewayRestApi",
"AwsS3Object",
"AwsRdsDbSnapshot",
"AwsBackupRecoveryPoint",
"AwsWafRule",
"AwsS3AccessPoint",
"AwsApiGatewayV2Stage",
"AwsGuardDutyDetector",
"AwsEfsAccessPoint",
"AwsEcsContainer",
"AwsEcsTask",
"AwsS3Bucket",
"AwsSageMakerNotebookInstance",
"AwsNetworkFirewallFirewall",
"AwsStepFunctionStateMachine",
"AwsIamUser",
"AwsAppSyncGraphQLApi",
"AwsApiGatewayStage",
"AwsEcrRepository",
"AwsEcsService",
"AwsEc2Vpc",
"AwsAmazonMQBroker",
"AwsWafRegionalRuleGroup",
"AwsEventSchemasRegistry",
"AwsRoute53HostedZone",
"AwsEventsEventbus",
"AwsDmsReplicationTask",
"AwsEc2Instance",
"AwsEcsCluster",
"AwsRdsDbSecurityGroup",
"AwsCloudFormationStack",
"AwsSnsTopic",
"AwsDynamoDbTable",
"AwsRdsDbCluster",
"AwsEc2Eip",
"AwsEc2RouteTable",
"AwsEc2TransitGateway",
"AwsElasticSearchDomain",
"AwsEc2LaunchTemplate",
"AwsEc2Volume",
"AwsAthenaWorkGroup",
"AwsSecretsManagerSecret",
"AwsEc2SecurityGroup",
"AwsIamPolicy",
"AwsSsmPatchCompliance",
"AwsAutoScalingAutoScalingGroup",
"AwsEc2NetworkAcl",
"AwsRdsDbClusterSnapshot",
}

return valid_resource_types


def get_metadata_placeholder_resource_type(provider: str = "aws") -> str:
"""Get the placeholder for the resource type for the provider
Args:
provider: The Prowler provider.
Returns:
A placeholder for the resource type for the given provider.
"""
placeholder = ""

if provider == "aws":
placeholder = "Other"

return placeholder
Loading

0 comments on commit b8b60e6

Please sign in to comment.