prowler 5.17.1__py3-none-any.whl → 5.18.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/compliance/hipaa_azure.py +25 -0
- dashboard/pages/overview.py +20 -11
- prowler/AGENTS.md +1 -1
- prowler/CHANGELOG.md +43 -0
- prowler/__main__.py +5 -0
- prowler/compliance/azure/hipaa_azure.json +820 -0
- prowler/compliance/m365/cis_4.0_m365.json +6 -2
- prowler/compliance/m365/cis_6.0_m365.json +6 -2
- prowler/compliance/m365/iso27001_2022_m365.json +13 -11
- prowler/compliance/openstack/__init__.py +0 -0
- prowler/config/config.py +2 -1
- prowler/config/config.yaml +4 -1
- prowler/config/openstack_mutelist_example.yaml +60 -0
- prowler/lib/check/check.py +4 -0
- prowler/lib/check/models.py +27 -2
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/finding.py +14 -0
- prowler/lib/outputs/html/html.py +72 -0
- prowler/lib/outputs/jira/jira.py +3 -3
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +7 -0
- prowler/lib/timeline/__init__.py +0 -0
- prowler/lib/timeline/models.py +27 -0
- prowler/lib/timeline/timeline.py +36 -0
- prowler/providers/aws/lib/cloudtrail_timeline/__init__.py +0 -0
- prowler/providers/aws/lib/cloudtrail_timeline/cloudtrail_timeline.py +218 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/__init__.py +0 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.metadata.json +40 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.py +58 -0
- prowler/providers/aws/services/codebuild/codebuild_service.py +45 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.py +2 -0
- prowler/providers/aws/services/iam/lib/policy.py +19 -3
- prowler/providers/aws/services/rds/rds_instance_extended_support/__init__.py +0 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.metadata.json +41 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.py +37 -0
- prowler/providers/aws/services/rds/rds_service.py +4 -0
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.py +5 -1
- prowler/providers/azure/lib/service/service.py +23 -0
- prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.metadata.json +18 -12
- prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.metadata.json +21 -13
- prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.metadata.json +19 -11
- prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.metadata.json +18 -13
- prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.metadata.json +18 -11
- prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.metadata.json +18 -12
- prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.metadata.json +20 -12
- prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.metadata.json +18 -11
- prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.metadata.json +17 -11
- prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.metadata.json +21 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.metadata.json +20 -12
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.metadata.json +19 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.metadata.json +20 -13
- prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.metadata.json +20 -14
- prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.metadata.json +20 -14
- prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.metadata.json +19 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.metadata.json +22 -13
- prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.metadata.json +19 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.metadata.json +17 -9
- prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.metadata.json +21 -13
- prowler/providers/azure/services/entra/entra_service.py +3 -11
- prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py +6 -0
- prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.metadata.json +19 -13
- prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.metadata.json +16 -10
- prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.metadata.json +18 -12
- prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py +10 -11
- prowler/providers/azure/services/keyvault/keyvault_service.py +164 -81
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.metadata.json +19 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.metadata.json +19 -12
- prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.metadata.json +21 -12
- prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.metadata.json +19 -12
- prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.metadata.json +21 -12
- prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.metadata.json +18 -12
- prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json +15 -10
- prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.metadata.json +20 -12
- prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.metadata.json +21 -13
- prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.metadata.json +16 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.metadata.json +20 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +4 -4
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.metadata.json +18 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.metadata.json +20 -12
- prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.metadata.json +23 -13
- prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.metadata.json +19 -13
- prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.metadata.json +20 -13
- prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.metadata.json +17 -10
- prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.metadata.json +15 -10
- prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.metadata.json +14 -10
- prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.metadata.json +13 -9
- prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.metadata.json +15 -11
- prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.metadata.json +19 -13
- prowler/providers/cloudflare/cloudflare_provider.py +95 -12
- prowler/providers/cloudflare/lib/arguments/arguments.py +7 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.py +109 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.py +73 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.py +60 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.py +49 -0
- prowler/providers/cloudflare/services/dns/dns_service.py +52 -6
- prowler/providers/cloudflare/services/firewall/__init__.py +0 -0
- prowler/providers/cloudflare/services/firewall/firewall_client.py +4 -0
- prowler/providers/cloudflare/services/firewall/firewall_service.py +123 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.py +53 -0
- prowler/providers/cloudflare/services/zone/zone_service.py +133 -1
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.py +58 -0
- prowler/providers/common/provider.py +23 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.py +35 -0
- prowler/providers/gcp/services/compute/compute_service.py +2 -0
- prowler/providers/m365/lib/powershell/m365_powershell.py +47 -1
- prowler/providers/m365/services/defender/defender_service.py +52 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/__init__.py +0 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.metadata.json +38 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.py +53 -0
- prowler/providers/m365/services/exchange/exchange_service.py +78 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/__init__.py +0 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.metadata.json +37 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.py +59 -0
- prowler/providers/openstack/__init__.py +0 -0
- prowler/providers/openstack/exceptions/__init__.py +0 -0
- prowler/providers/openstack/exceptions/exceptions.py +166 -0
- prowler/providers/openstack/lib/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/arguments.py +113 -0
- prowler/providers/openstack/lib/mutelist/__init__.py +0 -0
- prowler/providers/openstack/lib/mutelist/mutelist.py +31 -0
- prowler/providers/openstack/lib/service/__init__.py +0 -0
- prowler/providers/openstack/lib/service/service.py +21 -0
- prowler/providers/openstack/models.py +100 -0
- prowler/providers/openstack/openstack_provider.py +515 -0
- prowler/providers/openstack/services/__init__.py +0 -0
- prowler/providers/openstack/services/compute/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_client.py +4 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.metadata.json +40 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.py +35 -0
- prowler/providers/openstack/services/compute/compute_service.py +63 -0
- {prowler-5.17.1.dist-info → prowler-5.18.0.dist-info}/METADATA +11 -9
- {prowler-5.17.1.dist-info → prowler-5.18.0.dist-info}/RECORD +219 -155
- {prowler-5.17.1.dist-info → prowler-5.18.0.dist-info}/LICENSE +0 -0
- {prowler-5.17.1.dist-info → prowler-5.18.0.dist-info}/WHEEL +0 -0
- {prowler-5.17.1.dist-info → prowler-5.18.0.dist-info}/entry_points.txt +0 -0
|
@@ -1,30 +1,37 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_additional_email_configured_with_a_security_contact",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Security contact has additional email addresses configured",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
|
-
"Severity": "
|
|
10
|
-
"ResourceType": "
|
|
9
|
+
"Severity": "low",
|
|
10
|
+
"ResourceType": "microsoft.resources/subscriptions",
|
|
11
11
|
"ResourceGroup": "monitoring",
|
|
12
|
-
"Description": "Microsoft Defender for Cloud
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** security contact settings include **additional email recipients** defined in the `emails` field to receive alert notifications.",
|
|
13
|
+
"Risk": "Relying only on subscription owners for alerts creates a **single point of failure**. Missed or delayed notifications extend attacker dwell time, enabling data exfiltration (**confidentiality**), unauthorized changes (**integrity**), and service disruption (**availability**). Absence or turnover can silently suppress alerts.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/security-contact-email.html",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications",
|
|
18
|
+
"https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/threat-detection-configure?view=azuresql"
|
|
19
|
+
],
|
|
15
20
|
"Remediation": {
|
|
16
21
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
22
|
+
"CLI": "az rest --method put --url https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Security/securityContacts/default?api-version=2020-01-01-preview --body '{ \"properties\": { \"emails\": \"<EMAIL>\" } }'",
|
|
23
|
+
"NativeIaC": "```bicep\n// Configure a security contact at subscription scope\ntargetScope = 'subscription'\n\nresource <example_resource_name> 'Microsoft.Security/securityContacts@2020-01-01-preview' = {\n name: 'default'\n properties: {\n emails: '<EMAIL>' // Critical: set at least one email to pass the check\n }\n}\n```",
|
|
24
|
+
"Other": "1. Sign in to the Azure portal\n2. Go to Microsoft Defender for Cloud > Environment settings\n3. Select the target subscription\n4. Click Email notifications\n5. In Email addresses, enter at least one email (comma-separated for multiple)\n6. Click Save",
|
|
25
|
+
"Terraform": "```hcl\nresource \"azurerm_security_center_contact\" \"<example_resource_name>\" {\n email = \"<EMAIL>\" # Critical: ensures at least one security contact email is configured\n}\n```"
|
|
21
26
|
},
|
|
22
27
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": "https://
|
|
28
|
+
"Text": "Use a monitored, team-managed distribution list as the **security contact** in `emails`. Include SOC/on-call for 24/7 coverage and enable role-based notifications for redundancy. Tune severities to reduce noise while capturing high-risk events, and integrate alerts with ticketing/SIEM for **defense in depth** and rapid response.",
|
|
29
|
+
"Url": "https://hub.prowler.com/check/defender_additional_email_configured_with_a_security_contact"
|
|
25
30
|
}
|
|
26
31
|
},
|
|
27
|
-
"Categories": [
|
|
32
|
+
"Categories": [
|
|
33
|
+
"forensics-ready"
|
|
34
|
+
],
|
|
28
35
|
"DependsOn": [],
|
|
29
36
|
"RelatedTo": [],
|
|
30
37
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_assessments_vm_endpoint_protection_installed",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "All virtual machines in the subscription have endpoint protection installed",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/assessments/governanceassignments",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Azure virtual machines** are assessed for the presence of an **endpoint protection (antimalware)** solution and its reported health across the subscription",
|
|
13
|
+
"Risk": "Absent or unhealthy **endpoint protection** lets malware execute on VMs, risking:\n- Data exfiltration (confidentiality)\n- Tampering and credential theft (integrity)\n- Ransomware, cryptomining, and outages (availability)\n\nIt also enables persistence and lateral movement to other cloud resources.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/VirtualMachines/install-endpoint-protection.html#",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
21
|
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": ""
|
|
22
|
+
"NativeIaC": "```bicep\n// Install Microsoft Antimalware (endpoint protection) on a VM\nparam vmName string = '<example_resource_name>'\nparam location string = '<LOCATION>'\n\nresource antimalware 'Microsoft.Compute/virtualMachines/extensions@2022-11-01' = {\n name: '${vmName}/IaaSAntimalware'\n location: location\n properties: {\n publisher: 'Microsoft.Azure.Security' // Critical: publisher for Antimalware extension\n type: 'IaaSAntimalware' // Critical: installs endpoint protection\n typeHandlerVersion: '1.5'\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Open Recommendations and search for \"Install endpoint protection solution on virtual machines\"\n3. Select the recommendation, click Fix\n4. Select all affected VMs and click Remediate (or Apply)\n5. Wait for remediation to complete and the recommendation status to turn Healthy",
|
|
24
|
+
"Terraform": "```hcl\n# Install Microsoft Antimalware (endpoint protection) on a VM\nresource \"azurerm_virtual_machine_extension\" \"<example_resource_name>\" {\n name = \"IaaSAntimalware\"\n virtual_machine_id = \"<example_resource_id>\"\n publisher = \"Microsoft.Azure.Security\" # Critical: Antimalware extension publisher\n type = \"IaaSAntimalware\" # Critical: installs endpoint protection\n type_handler_version = \"1.5\"\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enforce an **endpoint protection/EDR** baseline on every VM. Enable real-time protection, automatic updates, and alerting; use tamper protection and keep exclusions minimal. Apply **least privilege**, keep OS and agents patched, and continuously monitor coverage and health via Defender for Cloud.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_assessments_vm_endpoint_protection_installed"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": "Endpoint protection will incur an additional cost to you."
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_attack_path_notifications_properly_configured",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Security contact has attack path email notifications enabled at or above the configured minimum risk level",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
|
-
"Severity": "
|
|
10
|
-
"ResourceType": "
|
|
9
|
+
"Severity": "high",
|
|
10
|
+
"ResourceType": "microsoft.resources/subscriptions",
|
|
11
11
|
"ResourceGroup": "monitoring",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** attack path email notifications are configured per subscription with a defined **minimal risk level**, and the setting is present and meets the required threshold.",
|
|
13
|
+
"Risk": "Without alerts on **exploitable attack paths**, security teams lose visibility, enabling **lateral movement**, **privilege escalation**, and **data exfiltration** before containment, degrading confidentiality, integrity, and availability.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/enable-attack-path-notifications.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "az rest --method put --uri https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Security/securityContacts/default?api-version=2020-01-01-preview --body '{\"properties\":{\"emails\":\"admin@example.com\",\"attackPathNotifications\":{\"state\":\"On\",\"minimalRiskLevel\":\"Low\"}}}'",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable attack path email notifications at minimal risk level\nresource securityContact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {\n name: 'default'\n properties: {\n emails: 'admin@example.com'\n attackPathNotifications: {\n state: 'On' // CRITICAL: enables attack path email notifications\n minimalRiskLevel: 'Low' // CRITICAL: sets minimal risk level to pass the check\n }\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud > Environment settings\n2. Select the target subscription\n3. Open Email notifications\n4. Enable \"Notify about attack paths with the following risk level (or higher)\"\n5. Set Risk level to Low (or your configured minimum)\n6. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable attack path email notifications at minimal risk level\nresource \"azapi_resource\" \"<example_resource_name>\" {\n type = \"Microsoft.Security/securityContacts@2020-01-01-preview\"\n name = \"default\"\n body = jsonencode({\n properties = {\n emails = \"admin@example.com\"\n attackPathNotifications = {\n state = \"On\" # CRITICAL: enables attack path email notifications\n minimalRiskLevel = \"Low\" # CRITICAL: sets minimal risk level to pass the check\n }\n }\n })\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "Enable attack path
|
|
24
|
-
"Url": "https://
|
|
27
|
+
"Text": "Enable and maintain **attack path notifications** with a minimal risk level at or above your tolerance (e.g., `High`). Send to monitored, role-based recipients. Apply **defense in depth** by integrating alerts with central monitoring and automation for prompt triage.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_attack_path_notifications_properly_configured"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"logging"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,37 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_auto_provisioning_log_analytics_agent_vms_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender auto-provisioning of Log Analytics agent for Azure VMs is enabled",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
|
-
"Severity": "
|
|
10
|
-
"ResourceType": "
|
|
9
|
+
"Severity": "high",
|
|
10
|
+
"ResourceType": "microsoft.resources/subscriptions",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** auto-provisioning of the **Log Analytics agent** to Azure VMs is configured to `On` at the subscription level",
|
|
13
|
+
"Risk": "Without automatic agent deployment, some VMs lack security telemetry, creating **blind spots** for vulnerabilities, missing patches, and threats.\n\nAttackers can persist or move laterally unnoticed, undermining **confidentiality** and **integrity**, while delayed detection hampers effective response.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/data-security",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/azure/SecurityCenter/automatic-provisioning-of-monitoring-agent.html",
|
|
18
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components"
|
|
19
|
+
],
|
|
15
20
|
"Remediation": {
|
|
16
21
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": ""
|
|
22
|
+
"CLI": "az security auto-provisioning-setting update --name default --auto-provision On",
|
|
23
|
+
"NativeIaC": "```bicep\n// Enable Defender auto-provisioning of Log Analytics agent at subscription scope\ntargetScope = 'subscription'\n\nresource autoProv 'Microsoft.Security/autoProvisioningSettings@2017-08-01-preview' = {\n name: 'default'\n properties: {\n autoProvision: 'On' // Critical: turns auto-provisioning ON for the subscription\n }\n}\n```",
|
|
24
|
+
"Other": "1. In the Azure portal, open Microsoft Defender for Cloud\n2. Select Environment settings, then choose your subscription\n3. Open Auto provisioning\n4. Set Auto-provisioning of Log Analytics agent to On\n5. Click Save",
|
|
25
|
+
"Terraform": "```hcl\n# Enable Defender auto-provisioning of Log Analytics agent\nresource \"azurerm_security_center_auto_provisioning\" \"<example_resource_name>\" {\n auto_provision = \"On\" # Critical: turns auto-provisioning ON\n}\n```"
|
|
21
26
|
},
|
|
22
27
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": "https://
|
|
28
|
+
"Text": "Set **Defender for Cloud auto-provisioning** to `On` so all VMs receive the monitoring agent consistently.\n\nApply **defense in depth** by enforcing coverage for new and existing machines, standardizing workspaces, and auditing enrollment. Use **least privilege** for data access and integrate with endpoint protection and vulnerability assessment.",
|
|
29
|
+
"Url": "https://hub.prowler.com/check/defender_auto_provisioning_log_analytics_agent_vms_on"
|
|
25
30
|
}
|
|
26
31
|
},
|
|
27
|
-
"Categories": [
|
|
32
|
+
"Categories": [
|
|
33
|
+
"logging"
|
|
34
|
+
],
|
|
28
35
|
"DependsOn": [],
|
|
29
36
|
"RelatedTo": [],
|
|
30
37
|
"Notes": ""
|
|
@@ -1,30 +1,37 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_auto_provisioning_vulnerabilty_assessments_machines_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "All virtual machines in the subscription have a vulnerability assessment solution installed",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/assessmentssample",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** evaluates whether **Azure VMs** and **Arc-enabled machines** have a **vulnerability assessment solution** deployed and reporting healthy coverage across the subscription.",
|
|
13
|
+
"Risk": "Without continuous **vulnerability assessment**, unpatched flaws persist, enabling:\n- **Remote code execution** and privilege escalation\n- **Ransomware** disrupting availability\n- **Data exfiltration** via lateral movement\n\nConfidentiality, integrity, and availability are reduced across affected machines.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/automatic-provisioning-vulnerability-assessment-machines.html",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management",
|
|
18
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/monitoring-components?tabs=autoprovision-va"
|
|
19
|
+
],
|
|
15
20
|
"Remediation": {
|
|
16
21
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": ""
|
|
22
|
+
"CLI": "az rest --method put --url https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Security/serverVulnerabilityAssessmentsSettings/AzureServersSetting?api-version=2022-01-01-preview --body '{\"properties\":{\"selectedProvider\":\"MdeTvm\"},\"kind\":\"AzureServersSetting\"}'",
|
|
23
|
+
"NativeIaC": "```bicep\n// Enable vulnerability assessment for all machines using Microsoft Defender Vulnerability Management\n// Critical: sets the VA provider so the recommendation becomes Healthy\n@description('Deploy at subscription scope')\ntargetScope = 'subscription'\n\nresource <example_resource_name> 'Microsoft.Security/serverVulnerabilityAssessmentsSettings@2022-01-01-preview' = {\n name: 'AzureServersSetting'\n kind: 'AzureServersSetting'\n properties: {\n selectedProvider: 'MdeTvm' // Critical: enables Defender VA provider for machines\n }\n}\n```",
|
|
24
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud\n2. Open Environment settings and select your <subscription>\n3. Go to Settings & monitoring (Auto-provisioning)\n4. Find Vulnerability assessment for machines, set to On, and select Microsoft Defender Vulnerability Management\n5. Click Save",
|
|
25
|
+
"Terraform": "```hcl\n# Enable vulnerability assessment for all machines using Microsoft Defender Vulnerability Management\nresource \"azapi_resource\" \"<example_resource_name>\" {\n type = \"Microsoft.Security/serverVulnerabilityAssessmentsSettings@2022-01-01-preview\"\n name = \"AzureServersSetting\"\n parent_id = \"/subscriptions/<example_subscription_id>\"\n\n body = jsonencode({\n properties = {\n selectedProvider = \"MdeTvm\" # Critical: sets VA provider so all VMs get vulnerability assessment\n }\n kind = \"AzureServersSetting\"\n })\n}\n```"
|
|
21
26
|
},
|
|
22
27
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
28
|
+
"Text": "Enable subscription-wide **auto-provisioning** of a **vulnerability assessment** for all Azure and Arc machines and enforce it with **policy** for existing and new hosts.\n\nApply **least privilege** to deployment identities, integrate with **patch management**, and monitor findings for timely remediation.",
|
|
29
|
+
"Url": "https://hub.prowler.com/check/defender_auto_provisioning_vulnerabilty_assessments_machines_on"
|
|
25
30
|
}
|
|
26
31
|
},
|
|
27
|
-
"Categories": [
|
|
32
|
+
"Categories": [
|
|
33
|
+
"vulnerabilities"
|
|
34
|
+
],
|
|
28
35
|
"DependsOn": [],
|
|
29
36
|
"RelatedTo": [],
|
|
30
37
|
"Notes": "Additional licensing is required and configuration of Azure Arc introduces complexity beyond this recommendation."
|
|
@@ -1,30 +1,38 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_container_images_resolved_vulnerabilities",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "All Azure running container images in the subscription have no unresolved vulnerabilities",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
|
-
"Severity": "
|
|
10
|
-
"ResourceType": "
|
|
9
|
+
"Severity": "critical",
|
|
10
|
+
"ResourceType": "microsoft.security/assessmentssample",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Running container images** are evaluated for unresolved **vulnerability findings** (`CVEs`) reported by Microsoft Defender for Cloud. The check reviews images currently in use across Kubernetes workloads and identifies where vulnerabilities remain unremediated.",
|
|
13
|
+
"Risk": "Unremediated `CVEs` in active images enable:\n- **RCE**, container escape, and node takeover affecting **integrity/availability**\n- **Data exfiltration** and secret theft compromising **confidentiality**\nAdversaries can use public exploits to pivot across clusters and pipelines, tamper images, and disrupt services.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health",
|
|
18
|
+
"https://learn.microsoft.com/en-MY/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure"
|
|
19
|
+
],
|
|
15
20
|
"Remediation": {
|
|
16
21
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
22
|
+
"CLI": "kubectl set image deployment/<DEPLOYMENT_NAME> <CONTAINER_NAME>=<PATCHED_IMAGE:TAG> -n <NAMESPACE>",
|
|
18
23
|
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
24
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud > Recommendations\n2. Open \"Azure running container images should have vulnerabilities resolved\"\n3. Under Affected resources, select a running workload and view its vulnerable image findings\n4. Rebuild the image with patched packages or a newer base image and push it to your registry\n5. Go to your AKS cluster > Workloads > Deployments, edit the deployment, and update the container image to the patched tag; Save\n6. Wait for pods to roll out and Defender to rescan; the recommendation should turn Healthy after the next scan",
|
|
25
|
+
"Terraform": "```hcl\nresource \"kubernetes_deployment\" \"<example_resource_name>\" {\n metadata {\n name = \"<example_resource_name>\"\n }\n spec {\n selector {\n match_labels = { app = \"<example_resource_name>\" }\n }\n template {\n metadata { labels = { app = \"<example_resource_name>\" } }\n spec {\n container {\n name = \"<example_resource_name>\"\n image = \"<patched_image:tag>\" # Critical: use a patched image version to remove known vulnerabilities\n }\n }\n }\n }\n}\n```"
|
|
21
26
|
},
|
|
22
27
|
"Recommendation": {
|
|
23
|
-
"Text": "",
|
|
24
|
-
"Url": "https://
|
|
28
|
+
"Text": "Adopt **risk-based patching** and **least privilege**:\n- Rebuild from updated bases; pin versions, avoid `latest`\n- Sign images; enforce **admission control** to block high-severity CVEs\n- Drop root, restrict capabilities, isolate networks\n- Continuously scan in CI/CD and at runtime; retire vulnerable images",
|
|
29
|
+
"Url": "https://hub.prowler.com/check/defender_container_images_resolved_vulnerabilities"
|
|
25
30
|
}
|
|
26
31
|
},
|
|
27
|
-
"Categories": [
|
|
32
|
+
"Categories": [
|
|
33
|
+
"vulnerabilities",
|
|
34
|
+
"container-security"
|
|
35
|
+
],
|
|
28
36
|
"DependsOn": [],
|
|
29
37
|
"RelatedTo": [],
|
|
30
38
|
"Notes": ""
|
|
@@ -1,30 +1,39 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_container_images_scan_enabled",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Subscription has container image vulnerability scanning enabled",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
|
-
"Severity": "
|
|
10
|
-
"ResourceType": "
|
|
9
|
+
"Severity": "high",
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
14
|
-
"RelatedUrl": "
|
|
12
|
+
"Description": "**Azure subscriptions** have **container image vulnerability assessment** enabled for **Azure Container Registry** via Microsoft Defender for Cloud (`ContainerRegistriesVulnerabilityAssessments`). Images in registries are evaluated for known package vulnerabilities in their packages and dependencies.",
|
|
13
|
+
"Risk": "Without registry scanning, **known CVEs** in images can reach runtime, enabling **RCE**, privilege escalation, and lateral movement. This undermines data confidentiality and integrity and can reduce availability through cryptomining or service disruption.",
|
|
14
|
+
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/container-registry/scan-images-defender",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health",
|
|
18
|
+
"https://learn.microsoft.com/en-us/troubleshoot/azure/azure-container-registry/image-vulnerability-assessment",
|
|
19
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/AKS/enable-image-vulnerability-scanning.html"
|
|
20
|
+
],
|
|
15
21
|
"Remediation": {
|
|
16
22
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
23
|
+
"CLI": "az rest --method put --url https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Security/pricings/Containers?api-version=2023-01-01 --body '{\"properties\":{\"pricingTier\":\"Standard\",\"extensions\":[{\"name\":\"ContainerRegistriesVulnerabilityAssessments\",\"isEnabled\":true}]}}'",
|
|
24
|
+
"NativeIaC": "```bicep\n// Enable Defender for Containers image vulnerability scanning at subscription scope\ntargetScope = 'subscription'\n\nresource containersPricing 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'Containers'\n properties: {\n pricingTier: 'Standard'\n extensions: [\n {\n name: 'ContainerRegistriesVulnerabilityAssessments' // CRITICAL: enables ACR image vulnerability scanning\n isEnabled: true // CRITICAL: turns the extension ON\n }\n ]\n }\n}\n```",
|
|
25
|
+
"Other": "1. In Azure Portal, open Microsoft Defender for Cloud\n2. Go to Environment settings and select your subscription\n3. Open Settings (or Defender plans)\n4. Find Containers and set Plan to On/Standard\n5. Enable Container registries vulnerability assessments\n6. Click Save",
|
|
26
|
+
"Terraform": "```hcl\n# Enable Defender for Containers with container registry vulnerability scanning\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n tier = \"Standard\"\n resource_type = \"Containers\"\n \n extension {\n name = \"ContainerRegistriesVulnerabilityAssessments\" # CRITICAL: enables ACR image vulnerability scanning\n }\n}\n```"
|
|
21
27
|
},
|
|
22
28
|
"Recommendation": {
|
|
23
|
-
"Text": "",
|
|
24
|
-
"Url": "https://
|
|
29
|
+
"Text": "Enable **Defender for Cloud** image assessment for registries and adopt **shift-left scanning**.\n- Block deployment of images with high-severity findings\n- Rebuild from patched base images regularly\n- Enforce **least privilege** on registry access\n- Use image signing and admission controls",
|
|
30
|
+
"Url": "https://hub.prowler.com/check/defender_container_images_scan_enabled"
|
|
25
31
|
}
|
|
26
32
|
},
|
|
27
|
-
"Categories": [
|
|
33
|
+
"Categories": [
|
|
34
|
+
"vulnerabilities",
|
|
35
|
+
"container-security"
|
|
36
|
+
],
|
|
28
37
|
"DependsOn": [],
|
|
29
38
|
"RelatedTo": [],
|
|
30
39
|
"Notes": "When using an Azure container registry, you might occasionally encounter problems. For example, you might not be able to pull a container image because of an issue with Docker in your local environment. Or, a network issue might prevent you from connecting to the registry."
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_app_services_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for App Services is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Azure subscriptions** are evaluated for **Defender for App Service** coverage by inspecting the `AppServices` pricing configuration. The finding indicates whether the plan is set to `Standard`, which applies protection to App Service resources at the subscription scope.",
|
|
13
|
+
"Risk": "Without this coverage, malicious traffic and runtime anomalies may go unseen, enabling:\n- Confidentiality loss via data exfiltration\n- Integrity compromise through web shells or code tampering\n- Availability impact from takeover and resource abuse",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-app-service-plan",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-app-service.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing create -n AppServices --tier standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Defender for App Services at subscription scope\ntargetScope = 'subscription'\n\nresource example_resource_name 'Microsoft.Security/pricings@2024-01-01' = {\n name: 'AppServices'\n properties: {\n pricingTier: 'Standard' // Critical: sets the plan to Standard (ON) for App Services\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > your subscription\n3. On Defender plans, toggle App Service to On\n4. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Defender for App Services at subscription level\nresource \"azurerm_security_center_subscription_pricing\" \"example_resource_name\" {\n tier = \"Standard\" # Critical: sets the plan to Standard (ON)\n resource_type = \"AppServices\" # Applies the setting to App Services\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable **Defender for App Service** at subscription scope with tier `Standard`. Integrate alerts with SOC tooling, tune rules to reduce noise, and review findings regularly. Apply **defense in depth** and **least privilege**, and automate responses to contain threats quickly.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_app_services_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_arm_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Azure Resource Manager is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "**Microsoft Defender for Cloud** plan for **Azure Resource Manager** is configured at the `Standard` tier for the subscription",
|
|
13
|
+
"Risk": "Without this protection, malicious or misconfigured ARM deployments can go unnoticed. Adversaries could create high-privilege roles, disable logging, or deploy exfiltration paths and crypto workloads, degrading **integrity**, **confidentiality**, and **availability** of Azure resources.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/switch-to-the-new-defender-for-resource-manager-pricing-plan/4001636",
|
|
17
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/pricing-tier.html"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "",
|
|
20
|
-
"Terraform": ""
|
|
21
|
+
"CLI": "az security pricing create --name Arm --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for Azure Resource Manager at Standard tier\nresource example_pricing 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'Arm'\n properties: {\n pricingTier: 'Standard' // Critical: sets Defender for ARM plan to Standard (ON)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In Azure Portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > your subscription\n3. Open Defender plans\n4. Set \"Defender for Azure Resource Manager\" to On/Standard\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Azure Resource Manager at Standard tier\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n tier = \"Standard\" # Critical: enables Standard pricing (ON)\n resource_type = \"Arm\" # Critical: targets Defender for Azure Resource Manager\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "Enable
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable Microsoft Defender for **Azure Resource Manager** at the `Standard` tier across all subscriptions. Apply least privilege to deployment principals, enforce the plan via policy for new subscriptions, and route alerts to centralized monitoring to support defense-in-depth and rapid response.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_arm_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"identity-access"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|
|
@@ -1,30 +1,36 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "azure",
|
|
3
3
|
"CheckID": "defender_ensure_defender_for_azure_sql_databases_is_on",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "Defender for Azure SQL databases is set to On (Standard pricing tier)",
|
|
5
5
|
"CheckType": [],
|
|
6
6
|
"ServiceName": "defender",
|
|
7
7
|
"SubServiceName": "",
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
|
-
"ResourceType": "
|
|
10
|
+
"ResourceType": "microsoft.security/pricings",
|
|
11
11
|
"ResourceGroup": "security",
|
|
12
|
-
"Description": "
|
|
13
|
-
"Risk": "
|
|
12
|
+
"Description": "Microsoft Defender for Cloud plan for **Azure SQL Database Servers** is evaluated at subscription scope, expecting the `pricing_tier` set to `Standard` for `SqlServers`. Non-standard tiers indicate the plan isn't enabled.",
|
|
13
|
+
"Risk": "Without **Defender for SQL**, attacks like **SQL injection**, brute-force logins, and anomalous queries may go **undetected**, enabling data exfiltration and tampering. Limited telemetry delays **incident response**, risking loss of confidentiality and integrity and aiding lateral movement.",
|
|
14
14
|
"RelatedUrl": "",
|
|
15
|
+
"AdditionalURLs": [
|
|
16
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/SecurityCenter/defender-azure-sql.html",
|
|
17
|
+
"https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql"
|
|
18
|
+
],
|
|
15
19
|
"Remediation": {
|
|
16
20
|
"Code": {
|
|
17
|
-
"CLI": "",
|
|
18
|
-
"NativeIaC": "",
|
|
19
|
-
"Other": "
|
|
20
|
-
"Terraform": "
|
|
21
|
+
"CLI": "az security pricing create --name SqlServers --tier Standard",
|
|
22
|
+
"NativeIaC": "```bicep\n// Enable Microsoft Defender for Azure SQL Databases at subscription scope\ntargetScope = 'subscription'\n\nresource sqlPricing 'Microsoft.Security/pricings@2023-01-01' = {\n name: 'SqlServers'\n properties: {\n pricingTier: 'Standard' // CRITICAL: Sets Defender plan for Azure SQL DB to ON (Standard)\n }\n}\n```",
|
|
23
|
+
"Other": "1. In the Azure portal, go to Microsoft Defender for Cloud\n2. Select Environment settings > your subscription\n3. Open Defender plans\n4. Turn ON the plan for Azure SQL Databases (set to Standard)\n5. Click Save",
|
|
24
|
+
"Terraform": "```hcl\n# Enable Microsoft Defender for Azure SQL Databases\nresource \"azurerm_security_center_subscription_pricing\" \"<example_resource_name>\" {\n resource_type = \"SqlServers\" # CRITICAL: Targets Azure SQL Databases plan\n tier = \"Standard\" # CRITICAL: Enables Defender (Standard)\n}\n```"
|
|
21
25
|
},
|
|
22
26
|
"Recommendation": {
|
|
23
|
-
"Text": "
|
|
24
|
-
"Url": ""
|
|
27
|
+
"Text": "Enable the **Microsoft Defender** plan for Azure SQL databases with `pricing_tier: Standard` across applicable subscriptions. Integrate alerts with SIEM, enforce **least privilege** and **separation of duties**, and apply **defense in depth** (network controls, MFA) to prevent and promptly detect misuse.",
|
|
28
|
+
"Url": "https://hub.prowler.com/check/defender_ensure_defender_for_azure_sql_databases_is_on"
|
|
25
29
|
}
|
|
26
30
|
},
|
|
27
|
-
"Categories": [
|
|
31
|
+
"Categories": [
|
|
32
|
+
"vulnerabilities"
|
|
33
|
+
],
|
|
28
34
|
"DependsOn": [],
|
|
29
35
|
"RelatedTo": [],
|
|
30
36
|
"Notes": ""
|