prowler 5.17.0__py3-none-any.whl → 5.18.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/compliance/hipaa_azure.py +25 -0
- dashboard/pages/overview.py +20 -11
- prowler/AGENTS.md +1 -1
- prowler/CHANGELOG.md +43 -0
- prowler/__main__.py +5 -0
- prowler/compliance/azure/hipaa_azure.json +820 -0
- prowler/compliance/m365/cis_4.0_m365.json +6 -2
- prowler/compliance/m365/cis_6.0_m365.json +6 -2
- prowler/compliance/m365/iso27001_2022_m365.json +13 -11
- prowler/compliance/openstack/__init__.py +0 -0
- prowler/config/config.py +2 -1
- prowler/config/config.yaml +4 -1
- prowler/config/openstack_mutelist_example.yaml +60 -0
- prowler/lib/check/check.py +4 -0
- prowler/lib/check/models.py +27 -2
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/finding.py +14 -0
- prowler/lib/outputs/html/html.py +72 -0
- prowler/lib/outputs/jira/jira.py +3 -3
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +7 -0
- prowler/lib/timeline/__init__.py +0 -0
- prowler/lib/timeline/models.py +27 -0
- prowler/lib/timeline/timeline.py +36 -0
- prowler/providers/aws/lib/cloudtrail_timeline/__init__.py +0 -0
- prowler/providers/aws/lib/cloudtrail_timeline/cloudtrail_timeline.py +218 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/__init__.py +0 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.metadata.json +40 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.py +58 -0
- prowler/providers/aws/services/codebuild/codebuild_service.py +45 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.py +2 -0
- prowler/providers/aws/services/iam/lib/policy.py +19 -3
- prowler/providers/aws/services/rds/rds_instance_extended_support/__init__.py +0 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.metadata.json +41 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.py +37 -0
- prowler/providers/aws/services/rds/rds_service.py +4 -0
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.py +5 -1
- prowler/providers/azure/lib/service/service.py +23 -0
- prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.metadata.json +18 -12
- prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.metadata.json +21 -13
- prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.metadata.json +19 -11
- prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.metadata.json +18 -13
- prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.metadata.json +18 -11
- prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.metadata.json +18 -12
- prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.metadata.json +20 -12
- prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.metadata.json +18 -11
- prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.metadata.json +17 -11
- prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.metadata.json +21 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.metadata.json +20 -12
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.metadata.json +19 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.metadata.json +20 -13
- prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.metadata.json +20 -14
- prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.metadata.json +20 -14
- prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.metadata.json +19 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.metadata.json +22 -13
- prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.metadata.json +19 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.metadata.json +17 -9
- prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.metadata.json +21 -13
- prowler/providers/azure/services/entra/entra_service.py +3 -11
- prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py +6 -0
- prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.metadata.json +19 -13
- prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.metadata.json +16 -10
- prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.metadata.json +18 -12
- prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py +10 -11
- prowler/providers/azure/services/keyvault/keyvault_service.py +164 -81
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.metadata.json +19 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.metadata.json +19 -12
- prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.metadata.json +21 -12
- prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.metadata.json +19 -12
- prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.metadata.json +21 -12
- prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.metadata.json +18 -12
- prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json +15 -10
- prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.metadata.json +20 -12
- prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.metadata.json +21 -13
- prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.metadata.json +16 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.metadata.json +20 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +4 -4
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.metadata.json +18 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.metadata.json +20 -12
- prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.metadata.json +23 -13
- prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.metadata.json +19 -13
- prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.metadata.json +20 -13
- prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.metadata.json +17 -10
- prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.metadata.json +15 -10
- prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.metadata.json +14 -10
- prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.metadata.json +13 -9
- prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.metadata.json +15 -11
- prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.metadata.json +19 -13
- prowler/providers/cloudflare/cloudflare_provider.py +95 -12
- prowler/providers/cloudflare/lib/arguments/arguments.py +7 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.py +109 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.py +73 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.py +60 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.py +49 -0
- prowler/providers/cloudflare/services/dns/dns_service.py +52 -6
- prowler/providers/cloudflare/services/firewall/__init__.py +0 -0
- prowler/providers/cloudflare/services/firewall/firewall_client.py +4 -0
- prowler/providers/cloudflare/services/firewall/firewall_service.py +123 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.py +53 -0
- prowler/providers/cloudflare/services/zone/zone_service.py +133 -1
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.py +58 -0
- prowler/providers/common/provider.py +23 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.py +35 -0
- prowler/providers/gcp/services/compute/compute_service.py +2 -0
- prowler/providers/m365/lib/powershell/m365_powershell.py +47 -1
- prowler/providers/m365/services/defender/defender_service.py +52 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/__init__.py +0 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.metadata.json +38 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.py +53 -0
- prowler/providers/m365/services/exchange/exchange_service.py +78 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/__init__.py +0 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.metadata.json +37 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.py +59 -0
- prowler/providers/openstack/__init__.py +0 -0
- prowler/providers/openstack/exceptions/__init__.py +0 -0
- prowler/providers/openstack/exceptions/exceptions.py +166 -0
- prowler/providers/openstack/lib/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/arguments.py +113 -0
- prowler/providers/openstack/lib/mutelist/__init__.py +0 -0
- prowler/providers/openstack/lib/mutelist/mutelist.py +31 -0
- prowler/providers/openstack/lib/service/__init__.py +0 -0
- prowler/providers/openstack/lib/service/service.py +21 -0
- prowler/providers/openstack/models.py +100 -0
- prowler/providers/openstack/openstack_provider.py +515 -0
- prowler/providers/openstack/services/__init__.py +0 -0
- prowler/providers/openstack/services/compute/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_client.py +4 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.metadata.json +40 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.py +35 -0
- prowler/providers/openstack/services/compute/compute_service.py +63 -0
- {prowler-5.17.0.dist-info → prowler-5.18.0.dist-info}/METADATA +11 -9
- {prowler-5.17.0.dist-info → prowler-5.18.0.dist-info}/RECORD +219 -155
- {prowler-5.17.0.dist-info → prowler-5.18.0.dist-info}/LICENSE +0 -0
- {prowler-5.17.0.dist-info → prowler-5.18.0.dist-info}/WHEEL +0 -0
- {prowler-5.17.0.dist-info → prowler-5.18.0.dist-info}/entry_points.txt +0 -0
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_containers_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Containers is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Azure subscriptions** are assessed to determine if the **Defender for Containers** plan is configured with pricing tier `Standard`.",
|
|
13
|
+
"Risk": "Without **Defender for Containers**, images and runtimes lack continuous **threat detection** and **vulnerability assessment**. Adversaries can ship malicious images, run **cryptomining**, exfiltrate secrets, and **move laterally**, degrading **confidentiality** and **availability** of container workloads.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-container.html",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing create --name Containers --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Subscription-level deployment to enable Defender for Containers\ntargetScope = 'subscription'\n\nresource <example_resource_name> 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'Containers'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for Containers plan to ON (Standard)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > choose <subscription>\n3. Open Pricing & settings\n4. Find the Containers plan and set it to On (Standard)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n resource_type = \"Containers\" # Critical: targets Defender for Containers plan\n tier = \"Standard\" # Critical: enables Standard (ON)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable the **Defender for Containers** plan at `Standard` for all relevant subscriptions. Apply **least privilege**, integrate alerts with response workflows, and use **defense in depth**: signed images, private registries, RBAC, network policies, and periodic reviews to maintain consistent coverage.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_containers_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"container-security"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_cosmosdb_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Cosmos DB is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Microsoft Defender for Azure Cosmos DB** is enabled at the subscription using the `Standard` pricing tier for the `CosmosDbs` plan, covering all Cosmos DB accounts",
|
|
13
|
+
"Risk": "Without this protection, Cosmos DB activity lacks advanced threat detection and telemetry. Attacks such as **SQL injection**, credential abuse, and **anomalous access patterns** may go unnoticed, enabling data exfiltration and unauthorized changes, degrading **confidentiality** and **integrity**.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/th-th/Azure/defender-for-cloud/defender-for-databases-enable-cosmos-protections?tabs=azure-portal",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/CosmosDB/enable-advanced-threat-protection.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "az security pricing create -n CosmosDbs --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Set Defender for Cosmos DB plan to Standard at subscription scope\ntargetScope = 'subscription'\n\nresource example_resource_name 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'CosmosDbs'\n properties: {\n pricingTier: 'Standard' // Critical: enables Defender for Cosmos DB (ON) at Standard tier\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure portal, go to Microsoft Defender for Cloud > Environment settings\n2. Select the target subscription\n3. Open Defender plans (Pricing)\n4. Find Azure Cosmos DB and set the plan to On (Standard)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Cosmos DB at Standard tier\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n resource_type = \"CosmosDbs\" # Critical: target Cosmos DB plan\n tier = \"Standard\" # Critical: sets plan to ON (Standard)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": "
|
|
27
|
+
"Text": "Enable the `Standard` plan for **Microsoft Defender for Azure Cosmos DB** at the subscription to ensure full coverage. Enforce **least privilege**, route alerts to your SIEM, and tune detections. Use policy to require the plan across environments and regularly review findings to strengthen **defense in depth**.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_cosmosdb_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_databases_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Databases is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Azure subscription** is evaluated for **Defender for Databases** coverage: `Standard` pricing must be enabled for `SqlServers`, `SqlServerVirtualMachines`, `OpenSourceRelationalDatabases`, and `CosmosDbs`.",
|
|
13
|
+
"Risk": "Without this coverage, database workloads lack **advanced threat detection**, **vulnerability assessment**, and **behavior analytics**.\n\nAttacks like credential brute force, SQL injection, privilege abuse, and data exfiltration can go **undetected**, threatening **confidentiality, integrity**, and **availability**.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-databases-plan",
|
|
17
|
+
"https://support.icompaas.com/support/solutions/articles/62000229826-ensure-that-microsoft-defender-for-databases-is-set-to-on-"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "# Enable all Defender for Databases plans (must run each command separately)\naz security pricing create --name SqlServers --tier Standard\naz security pricing create --name SqlServerVirtualMachines --tier Standard\naz security pricing create --name OpenSourceRelationalDatabases --tier Standard\naz security pricing create --name CosmosDbs --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for Databases plans at subscription scope\ntargetScope = 'subscription'\n\nresource sqlServers 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'SqlServers'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for SQL servers to Standard (ON)\n }\n}\n\nresource sqlServerVMs 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'SqlServerVirtualMachines'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for SQL servers on machines to Standard (ON)\n }\n}\n\nresource openSourceDBs 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'OpenSourceRelationalDatabases'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for open-source databases to Standard (ON)\n }\n}\n\nresource cosmosDbs 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'CosmosDbs'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for Cosmos DB to Standard (ON)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > choose your subscription\n3. Open Defender plans\n4. Set these plans to On (Standard):\n - SQL servers\n - SQL servers on machines\n - Open-source relational databases\n - Cosmos DB\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Databases plans\nresource \"azurerm_security_center_subscription_pricing\" \"sqlservers\" {\n resource_type = \"SqlServers\"\n tier = \"Standard\" # Critical: enables Defender (Standard)\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"sql_vm\" {\n resource_type = \"SqlServerVirtualMachines\"\n tier = \"Standard\" # Critical: enables Defender (Standard)\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"oss_db\" {\n resource_type = \"OpenSourceRelationalDatabases\"\n tier = \"Standard\" # Critical: enables Defender (Standard)\n}\n\nresource \"azurerm_security_center_subscription_pricing\" \"cosmos\" {\n resource_type = \"CosmosDbs\"\n tier = \"Standard\" # Critical: enables Defender (Standard)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "Enable
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable **Defender for Databases** at the `Standard` tier for all supported database types across subscriptions. Integrate alerts with monitoring, automate response, and enforce **least privilege** and **network segmentation** for defense in depth. Use policy to maintain continuous coverage for new resources.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_databases_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_dns_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for DNS is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Microsoft Defender for DNS** is configured at the `Standard` tier for the subscription's Defender pricing",
|
|
13
|
+
"Risk": "Absent **Defender for DNS**, query telemetry isn't inspected, allowing **C2 callbacks**, **DNS tunneling**, and **malicious domains** to bypass detection. This increases risks to **confidentiality** (exfiltration), **integrity** (malware/DGA), and **availability** (poisoned or hijacked resolution).",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction",
|
|
17
|
+
"https://support.icompaas.com/support/solutions/articles/62000234089-ensure-that-microsoft-defender-for-dns-is-set-to-on-automated-"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "az security pricing create --name Dns --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for DNS at subscription scope\ntargetScope = 'subscription'\n\nresource example_resource_name 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'Dns'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for DNS to ON (Standard tier)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud\n2. Select Environment settings and choose your subscription\n3. Open Defender plans\n4. Find DNS and set the plan to Standard (On)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n resource_type = \"Dns\"\n tier = \"Standard\" # Critical: enables Defender for DNS\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable **Defender for DNS** at the `Standard` tier across applicable subscriptions. Apply **defense in depth**: restrict outbound DNS, use private DNS where feasible, and log/monitor query activity. Route alerts to centralized monitoring. Enforce **least privilege** on security settings and review exclusions regularly.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_dns_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"forensics-ready"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_keyvault_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Key Vaults is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Azure subscriptions** are evaluated for the **Defender for Key Vaults** plan configured at the `Standard` tier. It identifies where Key Vault protection uses this tier versus where the Defender pricing for `KeyVaults` is not set accordingly.",
|
|
13
|
+
"Risk": "Without **Defender for Key Vaults**, anomalous access and mass secret retrievals can go undetected, enabling:\n- Secret exfiltration (confidentiality)\n- Key/secret tampering (integrity)\n- Destructive actions like purge/delete (availability)\n\nLack of signals delays response and facilitates lateral movement.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-key-vault.html",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-key-vault-introduction"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing update --name KeyVaults --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for Key Vaults (Standard tier) at subscription scope\nresource example_pricing 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'KeyVaults'\n properties: {\n pricingTier: 'Standard' // Critical: sets the KeyVaults plan to Standard (ON)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Select Environment settings, then choose your subscription\n3. Open Defender plans\n4. Find Key Vaults and set the plan to On/Standard\n5. Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Key Vaults (Standard)\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n resource_type = \"KeyVaults\"\n tier = \"Standard\" # Critical: sets the plan to Standard (ON)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable **Defender for Key Vaults** at the `Standard` tier across all subscriptions. Integrate alerts with monitoring and tune noise. Apply **least privilege** with **RBAC**, enforce purge protection and logging, and use **defense in depth** (private access and network restrictions) to prevent abuse and accelerate detection.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_keyvault_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"secrets"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_os_relational_databases_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Open-Source Relational Databases is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** plan for **Open-Source Relational Databases** is evaluated for the `Standard` pricing tier at the subscription level.",
|
|
13
|
+
"Risk": "Absent the `Standard` plan, open-source databases lack **threat detection** and **behavior analytics**, reducing **confidentiality** and **integrity**. SQL injection, brute-force logins, and data exfiltration may go unnoticed, delaying response and enabling **lateral movement**.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-databases-introduction",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-relational-database.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "az security pricing create --name OpenSourceRelationalDatabases --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Deploy at subscription scope to set Defender pricing\ntargetScope = 'subscription'\n\nresource pricingOpenSource \"Microsoft.Security/pricings@2023-01-01\" = {\n name: 'OpenSourceRelationalDatabases'\n properties: {\n pricingTier: 'Standard' // Critical: sets the plan to Standard (ON)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > your subscription\n3. Open Defender plans\n4. Find \"Open-source relational databases\" and set it to Standard/On\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n resource_type = \"OpenSourceRelationalDatabases\"\n tier = \"Standard\" # Critical: enables Defender (Standard tier)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable the plan at the `Standard` tier across relevant subscriptions. Apply **defense in depth**: enforce **least privilege**, isolate databases on private networks, require strong authentication, and route alerts to centralized monitoring for rapid triage. *Review coverage regularly*.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_os_relational_databases_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,38 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_server_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Servers is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Microsoft Defender for Servers** subscription plan (`VirtualMachines`) is configured to the `Standard` tier. The evaluation checks whether the Servers plan is enabled at this level for all server workloads in the subscription.",
|
|
13
|
+
"Risk": "Without **Defender for Servers**, endpoints lack unified EDR, hardening, and threat analytics. This enables silent malware, credential theft, and lateral movement, driving data exfiltration (C), ransomware/tampering (I), and outages or cryptomining abuse (A).",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/faq-defender-for-servers",
|
|
18
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/microsoft-defender-vm-server.html",
|
|
19
|
+
"https://learn.microsoft.com/en-us/answers/questions/1131575/defender-for-servers-policy-definitions.html"
|
|
20
|
+
],
|
|
15
21
|
"Remediation": {
|
|
16
22
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
23
|
+
"CLI": "az security pricing create --name VirtualMachines --tier Standard",
|
|
24
|
+
"NativeIaC": "```bicep\n// Enable Defender for Servers (Standard) at subscription scope\n@description('Enable Microsoft Defender for Servers (Standard)')\ntargetScope = 'subscription'\n\nresource <example_resource_name> 'Microsoft.Security/pricings@2024-01-01' = {\n name: 'VirtualMachines'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for Servers to ON (Standard)\n }\n}\n```",
|
|
25
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Select Environment settings, then your <subscription>\n3. On Defender plans, set Servers to On (Standard)\n4. Click Save",
|
|
26
|
+
"Terraform": "```hcl\n# Enable Defender for Servers (Standard) on the subscription\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n resource_type = \"VirtualMachines\"\n tier = \"Standard\" # Critical: sets Defender for Servers to ON (Standard)\n}\n```"
|
|
21
27
|
},
|
|
22
28
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
29
|
+
"Text": "Enable the **Defender for Servers** plan at the **subscription** scope with tier `Standard`, choosing P1 or P2 per asset risk. Ensure all Azure VMs and Arc-enabled servers are covered for EDR integration. Apply **defense in depth** and **least privilege**, and continuously monitor and tune alerts.",
|
|
30
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_server_is_on"
|
|
25
31
|
}
|
|
26
32
|
},
|
|
27
|
-
"Categories": [
|
|
33
|
+
"Categories": [
|
|
34
|
+
"vulnerabilities"
|
|
35
|
+
],
|
|
28
36
|
"DependsOn": [],
|
|
29
37
|
"RelatedTo": [],
|
|
30
38
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_sql_servers_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for SQL servers on machines is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Subscription pricing** for **Defender for SQL Server on Machines** is configured to the `Standard` plan, covering SQL Server instances running on virtual machines.",
|
|
13
|
+
"Risk": "Without **Defender for SQL Server on Machines**, attacks on SQL Server VMs can go **undetected**-including SQL injection, brute-force logons, and privilege abuse.\n\nThis risks data exfiltration (C), schema or record tampering (I), and outages or ransomware impact (A), while reducing visibility and delaying response.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-sql-introduction",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-sql-server-virtual-machines.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing create -n SqlServerVirtualMachines --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for SQL servers on machines at subscription scope\ntargetScope = 'subscription'\n\nresource pricing 'Microsoft.Security/pricings@2022-03-01' = {\n name: 'SqlServerVirtualMachines'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender plan to Standard (ON) for SQL Server VMs\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure Portal, go to Microsoft Defender for Cloud\n2. Click Environment settings and select the target subscription\n3. Open Defender plans (Plans)\n4. Find SQL servers on machines and set it to Standard (On)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n resource_type = \"SqlServerVirtualMachines\" # Critical: target the SQL Server VMs Defender plan\n tier = \"Standard\" # Critical: enable Standard (ON)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable the **Defender for SQL Server on Machines** plan at the `Standard` tier for subscriptions hosting SQL Server VMs.\n\nApply defense-in-depth: enforce least privilege and strong authentication, segment networks, keep SQL patched, enable auditing, and route alerts to a SIEM for rapid containment.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_sql_servers_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_storage_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Storage is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "Azure subscription's **Defender for Storage** plan is set to `Standard` for Storage Accounts.",
|
|
13
|
+
"Risk": "Without **Defender for Storage**, suspicious access to blobs, files, and queues may go undetected. Compromised keys or `SAS` tokens can enable data exfiltration (**confidentiality**), object tampering (**integrity**), and mass deletion or ransomware-like encryption (**availability**).",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-storage.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing create -n StorageAccounts --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for Storage at subscription level\nresource example_resource_name 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'StorageAccounts'\n properties: {\n pricingTier: 'Standard' // CRITICAL: sets the plan to Standard (ON) for Storage\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure portal, open Microsoft Defender for Cloud\n2. Go to Environment settings > select <subscription>\n3. Open Defender plans\n4. Set Storage to On (Standard)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Storage at subscription level\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n resource_type = \"StorageAccounts\"\n tier = \"Standard\" # CRITICAL: sets Storage plan to Standard (ON)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable **Defender for Storage** at the `Standard` tier for subscriptions with storage workloads. Apply **defense in depth**: restrict network exposure, enforce **least privilege** on keys and `SAS`, use short-lived tokens and rotation, and route alerts to centralized monitoring for rapid response.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_storage_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"forensics-ready"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_iot_hub_defender_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for IoT Hub is set to On",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/iotsecuritysolutions",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "Microsoft Defender for IoT
|
|
13
|
-
"Risk": "IoT
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Microsoft Defender for IoT security solution** exists in the subscription and reports status `Enabled` for monitored **IoT Hub** resources.",
|
|
13
|
+
"Risk": "Without **Defender for IoT**, device activity lacks telemetry and alerting, degrading CIA:\n- Compromised devices join botnets and exfiltrate data\n- Abused device identities alter cloud twins and commands\n- Lateral movement from IoT networks to Azure workloads\nThis blind spot increases dwell time and blast radius.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-iot/device-builders/quickstart-onboard-iot-hub",
|
|
17
|
+
"https://support.icompaas.com/support/solutions/articles/62000229850-ensure-that-microsoft-defender-for-iot-hub-is-set-to-on-"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
21
|
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Defender for IoT by creating an IoT Security Solution\nresource iotDefender 'Microsoft.Security/iotSecuritySolutions@2019-08-01' = {\n name: '<example_resource_name>'\n location: '<LOCATION>'\n properties: {\n displayName: '<example_resource_name>'\n iotHubs: ['<IOT_HUB_RESOURCE_ID>'] // CRITICAL: links the IoT Hub; creating this solution enables Defender for IoT\n status: 'Enabled' // CRITICAL: ensures the solution is enabled\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure portal, go to IoT hubs and open your hub\n2. Select Defender for IoT > Overview\n3. Click Secure your IoT solution and complete onboarding (select the hub if prompted)\n4. If you see a toggle, set Enable Microsoft Defender for IoT to On and Save\n5. Verify the IoT Security Solution shows as Enabled under Defender for IoT",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Defender for IoT by creating an IoT Security Solution\nresource \"azurerm_iot_security_solution\" \"<example_resource_name>\" {\n name = \"<example_resource_name>\"\n resource_group_name = \"<example_resource_name>\"\n location = \"<LOCATION>\"\n display_name = \"<example_resource_name>\"\n iothub_ids = [\"<IOT_HUB_RESOURCE_ID>\"] # CRITICAL: links the IoT Hub; creating this solution enables Defender\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": "https://
|
|
27
|
+
"Text": "Enable **Defender for IoT** on all IoT Hubs and keep it `Enabled`. Route security data to a central workspace and your SIEM. Apply **least privilege** to IoT identities, enforce **network segmentation** and private access, and use **defense in depth** with continuous monitoring, alert tuning, and periodic coverage reviews.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_iot_hub_defender_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": "Enabling Microsoft Defender for IoT will incur additional charges dependent on the level of usage."
|