Prowler - AWS Environment Scan

ZeroNorth Experts
,
1

Prowler is a scanning service provided by Amazon Web Services to examine and identify security issues in your AWS environment. The service is designed around the CIS Amazon Web Services Foundations Benchmark and additional checks. For more information, refer to this document:

https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf

ZeroNorth has a built-in integration with the Prowler service, making it easy to set up a Prowler scan. This article describes the procedure.

Overview

The steps for setting up a Prowler scan are:

  • Activate the Prowler Scenario .
  • Add an " AWS Account " Integration.
  • Add a Target for the above Integration, pointing to your AWS account.
  • Put the above together into a Prowler Policy .

The above steps are outlined in more detail in the following sections.

Activate the Prowler Scenario

  1. Go to znADM > Scenarios .
  2. Locate the AWS Prowler Scenario.
  3. Click +Add Scenario .
  4. Enter Name .
  5. Select Product Configuration “prowler”.
  6. Click Save .

Add the AWS Account Integration

  1. Go to znADM > Integrations .
  2. Click +Add Integration .
  3. Enter Name .
  4. Set Initiate Scan From to “ZeroNorth Platform” (default).
  5. Set Type to “AWS Account”.
  6. Click Create Integration .

Add the AWS Account Target

  1. Go to znOPS > Targets .
  2. Click +Add Target .
  3. Enter Name .
  4. Set Target Type to “AWS Account”.
  5. Select the Integration you created above.
  6. Enter your AWS Access Key Id and AWS Secret Access Key (see the next section on how to obtain your AWS Access Key).

Obtaining an AWS Access Key

For the above procedure to add a Target for the Prowler scan, you will need to obtain an AWS Access Key. The access key should come from a user account that belongs to a role that is associated with the “SecurityAudit” policy.

  1. Sign in to your AWS Console.
  2. Click on your user name in the top bar to pull down the menu.
  3. Select My Security Credentials .
  4. In Your Security Credentials screen, expand “Access keys (access key ID and secret access key)”.
  5. Click Create New Access Key .

The new key will be created immediately. You will also have the option to copy the key and to download the key.

Create the Prowler Policy

  1. Go to znOPS > Policies .
  2. Click +Add Policy .
  3. Enter Policy Name .
  4. Set Target Type to “AWS Account”.
  5. Select the Integration from above.
  6. Select the Target from above.
  7. Select the prowler Scenario .
  8. Click Save .

The Prowler Policy is now ready.

Run the new Prowler Policy

From the Policies list widget in znOPS > Policies screen, locate your new policy, click on the 3-dots menu to the right, and then select “Run Now”. Because Prowler only examines your security configuration and not any of the instances in your AWS environment, it is safe to run at any time. The scan run a few minutes.