Prowler 3.13.0 - El Dorado

El Dorado, come and play
El Dorado, step this way
Take a ticket for the ride
El Dorado streets of gold
See my ship is oversold
You got one last chance to try

Iron Maiden's El Dorado song is part of the Final Frontier album, and it won a Grammy Award as the best metal song, not bad uh? This song talks about economic situation back in 2010. In the current situation of companies all over the place laying off people, I wanted to give virtual hugs to all that people from the Prowler Team and remember, Open Source is always rewarding for you to learn and for others!

Prowler 3.13 is probably the latest of the 3 series (v4 looks promising!). As you can see, we are working hard on Azure and many other features.

Enjoy it! 🤘🏽🔥

New features to highlight in this version:

💪🏼 21 New Azure checks

• Prowler is improving its Azure coverage by including 21 new checks that appears in the CIS Benchmark v2.0.0.
  (Thanks @pedrooot and @puchy22 for their contributions and performance!)

See all the new available checks with prowler azure -l

✅ New CIS AWS Foundations Benchmark v3.0.0 Compliance

• On Jan 31st, CIS released the new v3.0.0 for Amazon Web Services Foundations and it is now available on Prowler. You can execute the new CIS version with with prowler aws --compliance cis_3.0_aws

📊 New AWS Account Security Onboarding Compliance

• It is based on the post from Artem Marusov, you can execute this checklist when onboarding new AWS Accounts to existing AWS Organization with prowler aws --compliance aws_account_security_onboarding_aws

🥳 Python 3.12 is now supported!

• Now you can execute Prowler using Python 3.12. Install Prowler with pip install prowler and that's all!

📝 Custom Output File in Quick Inventory

• Support for the already existing options -F (output file) when using the quick inventory feature (-i) on AWS. You can test it with prowler aws -i -F custom-output-file.csv

Features

• feat(azure): Add 4 new checks related to SQLServer and Vulnerability Assessment by @pedrooot in #3372
• feat(azure): Add check defender_auto_provisioning_log_analytics_agent_vms_on by @puchy22 in #3322
• feat(azure): Add check defender_ensure_system_updates_are_applied and defender_auto_provisioning_vulnerabilty_assessments_machines_on by @puchy22 in #3327
• feat(azure): Add new Azure check "iam_custom_role_permits_administering_resource_locks" by @pedrooot in #3317
• feat(azure): Add new check storage_ensure_private_endpoints_in_storage_accounts by @pedrooot in #3326
• feat(azure): Add new check storage_key_rotation_90_days by @pedrooot in #3323
• feat(azure): Defender checks related to defender settings by @puchy22 in #3347
• feat(azure): Defender checks related to security contacts and notifications by @puchy22 in #3344
• feat(azure): Defender check defender_ensure_iot_hub_defender_is_on by @puchy22 in #3367
• feat(azure): New Azure SQLServer related check sqlserver_auditing_retention_90_days by @pedrooot in #3345
• feat(azure): New check related to vulnerability assessment sqlserver_vulnerability_assessment_enabled by @pedrooot in #3349
• feat(azure): New check storage_ensure_soft_delete_is_enabled by @pedrooot in #3334
• feat(azure): SQLServer checks related to TDE encryption by @pedrooot in #3343
• feat(compliance): account security onboarding compliance framework by @pedrooot in #3286
• feat(defender): New Terraform URL for metadata checks by @puchy22 in #3374
• feat(python): support Python 3.12 by @sergargar in #3371
• feat(quick-inventory): custom output file in quick inventory by @Mohsen51 in #3306
• feat(cis): add new CIS AWS v3.0.0 by @sergargar in #3379

Fixes

• fix(acm): adding more details on remaining expiration days by @estemendoza in #3293
• fix(azure): Fix check sqlserver_auditing_retention_90_days by @pedrooot in #3365
• fix(BadRequest): add BadRequest exception to WellArchitected by @sergargar in #3300
• fix(defender): Manage 404 exception for "default" security contacts by @puchy22 in #3373
• fix(GuardDuty): fix class name by @puchy22 in #3337
• fix(NoSuchEntity): add NoSuchEntity exception to IAM by @sergargar in #3299
• fix(organizations): Handle non existent policy by @jfagoagas in #3319
• fix(rds): verify SGs in rds_instance_no_public_access by @sergargar in #3341
• fix(s3): add s3:Get* case to s3_bucket_policy_public_write_access by @sergargar in #3364
• fix(storage) Manage None type manage for key_expiration_period_in_days by @puchy22 in #3351
• fix(azure): Change class names from azure services and fix typing error by @pedrooot in #3350
• fix(allowlist): Handle tags and resources by @jfagoagas in #3376
• fix(cis): update CIS AWS v2.0 Section 2.1 refs by @strawp in #3375
• fix(alias): allow multiple check aliases by @sergargar in #3378

Chores

• chore(actions): Add AWS tag to the update regions bot by @jfagoagas in #3321
• chore(azure): Remove all unnecessary init methods in @DataClass by @pedrooot in #3324
• chore(compliance): make SocType attribute general by @sergargar in #3287
• chore(dependabot): Run for GHA by @jfagoagas in #3274
• chore(docs): update CODE_OF_CONDUCT.md by @toniblyx in #3352
• chore(docs): update documentation by @sergargar in #3297
• chore(docs): Update README.md by @toniblyx in #3353
• chore(inspector): refactor inspector2_findings_exist check into two by @sergargar in #3338
• chore(pre-commit): remove pytest from pre-commit by @sergargar in #3363
• chore(README): update syntax of supported Python versions by @sergargar in #3271
• chore(readme): Update readme with new numbers for Prowler checks by @pedrooot in #3354
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #3273, #3298, #3303, #3316, #3318, #3320, #3325, #3333, #3339, #3342, #3348, #3377
• docs(README): Update Kubernetes development status and Python supported versions by @toniblyx in #3270
• docs(security-hub): Add integration steps and images by @jfagoagas in #3304
• docs(security-hub): improve documentation and clarify steps by @jfagoagas in #3301

Dependencies

• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #3284
• build(deps): bump actions/setup-python from 2 to 5 by @dependabot in #3277
• build(deps): bump aiohttp from 3.9.1 to 3.9.2 by @dependabot in #3366
• build(deps): bump aws-actions/configure-aws-credentials from 1 to 4 by @dependabot in #3278
• build(deps): bump azure-mgmt-security from 5.0.0 to 6.0.0 by @dependabot in #3312
• build(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in #3360
• build(deps): bump cryptography from 41.0.6 to 42.0.0 by @dependabot in #3362
• build(deps): bump docker/build-push-action from 2 to 5 by @dependabot in #3281
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #3282
• build(deps): bump docker/setup-buildx-action from 2 to 3 by @dependabot in #3276
• build(deps): bump github/codeql-action from 2 to 3 by @dependabot in #3279
• build(deps): bump google-api-python-client from 2.113.0 to 2.116.0 by @dependabot in #3355
• build(deps): bump jsonschema from 4.20.0 to 4.21.1 by @dependabot in #3310
• build(deps): bump mkdocs-material from 9.5.4 to 9.5.6 by @dependabot in #3330
• build(deps): bump msgraph-core from 0.2.2 to 1.0.0 by @dependabot in #3309
• build(deps): bump peter-evans/create-pull-request from 5 to 6 by @dependabot in #3359
• build(deps): bump pydantic from 1.10.13 to 1.10.14 by @dependabot in #3311
• build(deps): bump slack-sdk from 3.26.1 to 3.26.2 by @dependabot in #3280
• build(deps): bump tj-actions/changed-files from 41 to 42 by @dependabot in #3308
• build(deps): bump trufflesecurity/trufflehog from 3.66.1 to 3.67.2 by @dependabot in #3361
• build(deps-dev): bump black from 22.12.0 to 24.1.1 by @dependabot in #3356
• build(deps-dev): bump coverage from 7.4.0 to 7.4.1 by @dependabot in #3357
• build(deps-dev): bump moto from 5.0.0 to 5.0.1 by @dependabot in #3358
• build(deps-dev): bump pytest from 7.4.4 to 8.0.0 by @dependabot in #3331
• build(deps-dev): bump safety from 2.3.5 to 3.0.1 by @dependabot in #3313
• build(deps-dev): bump vulture from 2.10 to 2.11 by @dependabot in #3328

New Contributors

• @estemendoza made their first contribution in #3293
• @Mohsen51 made their first contribution in #3306
• @puchy22 made their first contribution in #3322
• @strawp made their first contribution in #3375

Full Changelog: 3.12.1...3.13.0