0
# Configuration and Compliance
1
2
Configuration management and compliance framework support with mappings to industry standards including CIS benchmarks, NIST, ISO 27001, PCI-DSS, and custom frameworks. This module provides centralized configuration, version management, and comprehensive compliance framework integration for security assessments.
3
4
## Capabilities
5
6
### Core Configuration Constants
7
8
Essential configuration constants and settings for Prowler operation.
9
10
```python { .api }
11
prowler_version: str = "5.10.2"
12
"""Current Prowler version string."""
13
14
available_compliance_frameworks: List[str]
15
"""
16
List of all available compliance frameworks across all providers.
17
Includes CIS benchmarks, NIST frameworks, ISO standards, and industry-specific regulations.
18
"""
19
20
available_output_formats: List[str] = [
21
"json", "csv", "html", "asff", "ocsf"
22
]
23
"""List of supported output formats for findings and reports."""
24
25
default_output_directory: str = "output"
26
"""Default directory path for generated output files."""
27
28
csv_file_suffix: str = "csv"
29
"""File suffix pattern for CSV output files."""
30
31
html_file_suffix: str = "html"
32
"""File suffix pattern for HTML report files."""
33
34
json_asff_file_suffix: str = "asff.json"
35
"""File suffix pattern for AWS Security Finding Format JSON files."""
36
37
json_ocsf_file_suffix: str = "ocsf.json"
38
"""File suffix pattern for Open Cybersecurity Schema Framework JSON files."""
39
```
40
41
### Provider Enumeration
42
43
Enumeration of supported cloud providers and platforms.
44
45
```python { .api }
46
class Provider(Enum):
47
"""
48
Supported provider enumeration.
49
50
Defines all cloud providers and platforms supported by Prowler
51
for security assessments and compliance validation.
52
"""
53
54
aws = "aws" # Amazon Web Services
55
azure = "azure" # Microsoft Azure
56
gcp = "gcp" # Google Cloud Platform
57
kubernetes = "kubernetes" # Kubernetes clusters
58
github = "github" # GitHub organizations and repositories
59
m365 = "m365" # Microsoft 365 environments
60
nhn = "nhn" # NHN Cloud (Korean cloud provider)
61
iac = "iac" # Infrastructure as Code scanning
62
```
63
64
### Compliance Framework Functions
65
66
Functions for discovering and managing compliance frameworks.
67
68
```python { .api }
69
def get_available_compliance_frameworks(provider=None):
70
"""
71
Get available compliance frameworks for a provider.
72
73
Returns list of compliance frameworks that can be used for
74
security assessments, optionally filtered by provider.
75
76
Parameters:
77
- provider: Optional provider name to filter frameworks (aws, azure, gcp, etc.)
78
79
Returns:
80
List of available compliance framework identifiers
81
82
Example framework identifiers:
83
- "cis_1.5_aws" - CIS Amazon Web Services Foundations Benchmark v1.5
84
- "nist_csf_1.1_azure" - NIST Cybersecurity Framework v1.1 for Azure
85
- "iso27001_2013_gcp" - ISO 27001:2013 for Google Cloud Platform
86
"""
87
88
def get_default_mute_file_path(provider: str) -> str:
89
"""
90
Get default mute file path for a provider.
91
92
Returns the default path for provider-specific mute files
93
that contain patterns for suppressing findings.
94
95
Parameters:
96
- provider: Provider name (aws, azure, gcp, etc.)
97
98
Returns:
99
Default file path for provider mute file
100
101
Example:
102
For AWS: "mutelist/aws_mutelist.yaml"
103
For Azure: "mutelist/azure_mutelist.yaml"
104
"""
105
106
def check_current_version():
107
"""
108
Check for newer Prowler versions.
109
110
Connects to the Prowler repository to check if a newer version
111
is available and provides update information.
112
113
Returns:
114
String containing version comparison result
115
116
Raises:
117
ProwlerException: On network errors or version check failures
118
"""
119
```
120
121
### Available Compliance Frameworks
122
123
Comprehensive list of supported compliance frameworks organized by provider:
124
125
```python { .api }
126
# AWS Compliance Frameworks
127
AWS_COMPLIANCE_FRAMEWORKS = [
128
"cis_1.4_aws", # CIS Amazon Web Services Foundations Benchmark v1.4
129
"cis_1.5_aws", # CIS Amazon Web Services Foundations Benchmark v1.5
130
"cis_2.0_aws", # CIS Amazon Web Services Foundations Benchmark v2.0
131
"cis_3.0_aws", # CIS Amazon Web Services Foundations Benchmark v3.0
132
"ens_rd2022_aws", # Spanish National Security Scheme (ENS) RD 2022
133
"fedramp_low_aws", # FedRAMP Low Impact Level
134
"fedramp_moderate_aws", # FedRAMP Moderate Impact Level
135
"gdpr_aws", # General Data Protection Regulation (GDPR)
136
"hipaa_aws", # Health Insurance Portability and Accountability Act
137
"iso27001_2013_aws", # ISO/IEC 27001:2013
138
"mitre_attack_aws", # MITRE ATT&CK Framework
139
"nist_800_53_rev4_aws", # NIST Special Publication 800-53 Revision 4
140
"nist_800_53_rev5_aws", # NIST Special Publication 800-53 Revision 5
141
"nist_csf_1.1_aws", # NIST Cybersecurity Framework v1.1
142
"pci_3.2.1_aws", # Payment Card Industry Data Security Standard v3.2.1
143
"rbi_cyber_security_aws", # Reserve Bank of India Cyber Security Framework
144
"soc2_aws", # Service Organization Control 2 (SOC 2)
145
"aws_well_architected_framework_security_pillar", # AWS Well-Architected Security Pillar
146
"aws_foundational_technical_review" # AWS Foundational Technical Review (FTR)
147
]
148
149
# Azure Compliance Frameworks
150
AZURE_COMPLIANCE_FRAMEWORKS = [
151
"cis_1.4_azure", # CIS Microsoft Azure Foundations Benchmark v1.4
152
"cis_1.5_azure", # CIS Microsoft Azure Foundations Benchmark v1.5
153
"cis_2.0_azure", # CIS Microsoft Azure Foundations Benchmark v2.0
154
"ens_rd2022_azure", # Spanish National Security Scheme (ENS) RD 2022
155
"iso27001_2013_azure", # ISO/IEC 27001:2013
156
"mitre_attack_azure", # MITRE ATT&CK Framework
157
"nist_800_53_rev5_azure", # NIST Special Publication 800-53 Revision 5
158
"nist_csf_1.1_azure" # NIST Cybersecurity Framework v1.1
159
]
160
161
# GCP Compliance Frameworks
162
GCP_COMPLIANCE_FRAMEWORKS = [
163
"cis_1.2_gcp", # CIS Google Cloud Platform Foundation Benchmark v1.2
164
"cis_1.3_gcp", # CIS Google Cloud Platform Foundation Benchmark v1.3
165
"ens_rd2022_gcp", # Spanish National Security Scheme (ENS) RD 2022
166
"iso27001_2013_gcp", # ISO/IEC 27001:2013
167
"mitre_attack_gcp", # MITRE ATT&CK Framework
168
"nist_800_53_rev5_gcp", # NIST Special Publication 800-53 Revision 5
169
"nist_csf_1.1_gcp" # NIST Cybersecurity Framework v1.1
170
]
171
172
# Kubernetes Compliance Frameworks
173
KUBERNETES_COMPLIANCE_FRAMEWORKS = [
174
"cis_1.23_k8s", # CIS Kubernetes Benchmark v1.23
175
"ens_rd2022_k8s", # Spanish National Security Scheme (ENS) RD 2022
176
"mitre_attack_k8s", # MITRE ATT&CK Framework for Containers
177
"nist_800_53_rev5_k8s", # NIST Special Publication 800-53 Revision 5
178
"nist_csf_1.1_k8s" # NIST Cybersecurity Framework v1.1
179
]
180
181
# GitHub Compliance Frameworks
182
GITHUB_COMPLIANCE_FRAMEWORKS = [
183
"github_security_best_practices" # GitHub Security Best Practices
184
]
185
186
# Microsoft 365 Compliance Frameworks
187
M365_COMPLIANCE_FRAMEWORKS = [
188
"cis_m365_foundations" # CIS Microsoft 365 Foundations Benchmark
189
]
190
```
191
192
## Usage Examples
193
194
### Basic Configuration Access
195
196
```python
197
from prowler.config.config import (
198
prowler_version,
199
available_compliance_frameworks,
200
available_output_formats,
201
get_available_compliance_frameworks
202
)
203
204
# Get current version
205
print(f"Prowler version: {prowler_version}")
206
207
# Get all available frameworks
208
all_frameworks = get_available_compliance_frameworks()
209
print(f"Available frameworks: {len(all_frameworks)}")
210
211
# Get AWS-specific frameworks
212
aws_frameworks = get_available_compliance_frameworks("aws")
213
print(f"AWS frameworks: {aws_frameworks}")
214
215
# Get supported output formats
216
print(f"Output formats: {available_output_formats}")
217
```
218
219
### Version Management
220
221
```python
222
from prowler.config.config import check_current_version
223
224
# Check for updates
225
version_info = check_current_version()
226
227
if version_info["update_available"]:
228
print(f"Update available!")
229
print(f"Current: {version_info['current_version']}")
230
print(f"Latest: {version_info['latest_version']}")
231
print(f"Release notes: {version_info['release_notes_url']}")
232
else:
233
print("Prowler is up to date!")
234
```
235
236
### Compliance Framework Discovery
237
238
```python
239
from prowler.config.config import get_available_compliance_frameworks
240
241
def list_frameworks_by_provider():
242
"""List all available frameworks organized by provider."""
243
providers = ["aws", "azure", "gcp", "kubernetes", "github", "m365"]
244
245
for provider in providers:
246
frameworks = get_available_compliance_frameworks(provider)
247
print(f"\n{provider.upper()} Compliance Frameworks ({len(frameworks)}):")
248
for framework in sorted(frameworks):
249
print(f" - {framework}")
250
251
list_frameworks_by_provider()
252
```
253
254
### Custom Configuration Management
255
256
```python
257
from prowler.config.config import (
258
default_output_directory,
259
get_default_mute_file_path
260
)
261
import os
262
263
# Setup custom output directory
264
custom_output_dir = "/tmp/prowler-results"
265
if not os.path.exists(custom_output_dir):
266
os.makedirs(custom_output_dir)
267
268
# Get provider-specific mute files
269
aws_mute_file = get_default_mute_file_path("aws")
270
azure_mute_file = get_default_mute_file_path("azure")
271
272
print(f"Default output: {default_output_directory}")
273
print(f"Custom output: {custom_output_dir}")
274
print(f"AWS mute file: {aws_mute_file}")
275
print(f"Azure mute file: {azure_mute_file}")
276
```
277
278
### Framework-Specific Configuration
279
280
```python
281
from prowler.config.config import get_available_compliance_frameworks
282
283
def get_framework_info(framework_id):
284
"""Get information about a specific compliance framework."""
285
framework_mapping = {
286
"cis_1.5_aws": {
287
"name": "CIS Amazon Web Services Foundations Benchmark",
288
"version": "1.5.0",
289
"description": "Security configuration baseline for AWS",
290
"url": "https://www.cisecurity.org/benchmark/amazon_web_services"
291
},
292
"nist_csf_1.1_aws": {
293
"name": "NIST Cybersecurity Framework",
294
"version": "1.1",
295
"description": "Framework for managing cybersecurity risk",
296
"url": "https://www.nist.gov/cyberframework"
297
},
298
"gdpr_aws": {
299
"name": "General Data Protection Regulation",
300
"version": "2018",
301
"description": "EU data protection and privacy regulation",
302
"url": "https://gdpr.eu/"
303
}
304
}
305
306
return framework_mapping.get(framework_id, {
307
"name": framework_id,
308
"description": "Custom or unknown framework"
309
})
310
311
# Get framework information
312
cis_info = get_framework_info("cis_1.5_aws")
313
print(f"Framework: {cis_info['name']}")
314
print(f"Version: {cis_info['version']}")
315
print(f"Description: {cis_info['description']}")
316
```
317
318
### Output Format Configuration
319
320
```python
321
from prowler.config.config import (
322
available_output_formats,
323
csv_file_suffix,
324
html_file_suffix,
325
json_asff_file_suffix,
326
json_ocsf_file_suffix
327
)
328
329
def get_output_filename(base_name, output_format):
330
"""Generate output filename based on format."""
331
suffix_mapping = {
332
"csv": csv_file_suffix,
333
"html": html_file_suffix,
334
"asff": json_asff_file_suffix,
335
"ocsf": json_ocsf_file_suffix,
336
"json": "json"
337
}
338
339
suffix = suffix_mapping.get(output_format, output_format)
340
return f"{base_name}.{suffix}"
341
342
# Generate filenames for different formats
343
base_name = "prowler-findings-20240101"
344
for fmt in available_output_formats:
345
filename = get_output_filename(base_name, fmt)
346
print(f"{fmt}: {filename}")
347
```
348
349
### Environment-Specific Configuration
350
351
```python
352
import os
353
from prowler.config.config import prowler_version, Provider
354
355
def get_environment_config():
356
"""Get environment-specific configuration."""
357
config = {
358
"prowler_version": prowler_version,
359
"supported_providers": [p.value for p in Provider],
360
"environment": {
361
"aws_region": os.getenv("AWS_DEFAULT_REGION", "us-east-1"),
362
"azure_subscription": os.getenv("AZURE_SUBSCRIPTION_ID"),
363
"gcp_project": os.getenv("GOOGLE_CLOUD_PROJECT"),
364
"log_level": os.getenv("PROWLER_LOG_LEVEL", "INFO"),
365
"output_dir": os.getenv("PROWLER_OUTPUT_DIR", "output")
366
}
367
}
368
return config
369
370
env_config = get_environment_config()
371
print(f"Environment configuration: {env_config}")
372
```