tessl/pypi-prowler
Open source cloud security assessment tool for AWS, Azure, GCP, and Kubernetes with hundreds of compliance checks.
—
Pending
configuration.mddocs/
Configuration and Compliance
Configuration management and compliance framework support with mappings to industry standards including CIS benchmarks, NIST, ISO 27001, PCI-DSS, and custom frameworks. This module provides centralized configuration, version management, and comprehensive compliance framework integration for security assessments.
Capabilities
Core Configuration Constants
Essential configuration constants and settings for Prowler operation.
prowler_version: str = "5.10.2"
"""Current Prowler version string."""
available_compliance_frameworks: List[str]
"""
List of all available compliance frameworks across all providers.
Includes CIS benchmarks, NIST frameworks, ISO standards, and industry-specific regulations.
"""
available_output_formats: List[str] = [
"json", "csv", "html", "asff", "ocsf"
]
"""List of supported output formats for findings and reports."""
default_output_directory: str = "output"
"""Default directory path for generated output files."""
csv_file_suffix: str = "csv"
"""File suffix pattern for CSV output files."""
html_file_suffix: str = "html"
"""File suffix pattern for HTML report files."""
json_asff_file_suffix: str = "asff.json"
"""File suffix pattern for AWS Security Finding Format JSON files."""
json_ocsf_file_suffix: str = "ocsf.json"
"""File suffix pattern for Open Cybersecurity Schema Framework JSON files."""Provider Enumeration
Enumeration of supported cloud providers and platforms.
class Provider(Enum):
"""
Supported provider enumeration.
Defines all cloud providers and platforms supported by Prowler
for security assessments and compliance validation.
"""
aws = "aws" # Amazon Web Services
azure = "azure" # Microsoft Azure
gcp = "gcp" # Google Cloud Platform
kubernetes = "kubernetes" # Kubernetes clusters
github = "github" # GitHub organizations and repositories
m365 = "m365" # Microsoft 365 environments
nhn = "nhn" # NHN Cloud (Korean cloud provider)
iac = "iac" # Infrastructure as Code scanningCompliance Framework Functions
Functions for discovering and managing compliance frameworks.
def get_available_compliance_frameworks(provider=None):
"""
Get available compliance frameworks for a provider.
Returns list of compliance frameworks that can be used for
security assessments, optionally filtered by provider.
Parameters:
- provider: Optional provider name to filter frameworks (aws, azure, gcp, etc.)
Returns:
List of available compliance framework identifiers
Example framework identifiers:
- "cis_1.5_aws" - CIS Amazon Web Services Foundations Benchmark v1.5
- "nist_csf_1.1_azure" - NIST Cybersecurity Framework v1.1 for Azure
- "iso27001_2013_gcp" - ISO 27001:2013 for Google Cloud Platform
"""
def get_default_mute_file_path(provider: str) -> str:
"""
Get default mute file path for a provider.
Returns the default path for provider-specific mute files
that contain patterns for suppressing findings.
Parameters:
- provider: Provider name (aws, azure, gcp, etc.)
Returns:
Default file path for provider mute file
Example:
For AWS: "mutelist/aws_mutelist.yaml"
For Azure: "mutelist/azure_mutelist.yaml"
"""
def check_current_version():
"""
Check for newer Prowler versions.
Connects to the Prowler repository to check if a newer version
is available and provides update information.
Returns:
String containing version comparison result
Raises:
ProwlerException: On network errors or version check failures
"""Available Compliance Frameworks
Comprehensive list of supported compliance frameworks organized by provider:
# AWS Compliance Frameworks
AWS_COMPLIANCE_FRAMEWORKS = [
"cis_1.4_aws", # CIS Amazon Web Services Foundations Benchmark v1.4
"cis_1.5_aws", # CIS Amazon Web Services Foundations Benchmark v1.5
"cis_2.0_aws", # CIS Amazon Web Services Foundations Benchmark v2.0
"cis_3.0_aws", # CIS Amazon Web Services Foundations Benchmark v3.0
"ens_rd2022_aws", # Spanish National Security Scheme (ENS) RD 2022
"fedramp_low_aws", # FedRAMP Low Impact Level
"fedramp_moderate_aws", # FedRAMP Moderate Impact Level
"gdpr_aws", # General Data Protection Regulation (GDPR)
"hipaa_aws", # Health Insurance Portability and Accountability Act
"iso27001_2013_aws", # ISO/IEC 27001:2013
"mitre_attack_aws", # MITRE ATT&CK Framework
"nist_800_53_rev4_aws", # NIST Special Publication 800-53 Revision 4
"nist_800_53_rev5_aws", # NIST Special Publication 800-53 Revision 5
"nist_csf_1.1_aws", # NIST Cybersecurity Framework v1.1
"pci_3.2.1_aws", # Payment Card Industry Data Security Standard v3.2.1
"rbi_cyber_security_aws", # Reserve Bank of India Cyber Security Framework
"soc2_aws", # Service Organization Control 2 (SOC 2)
"aws_well_architected_framework_security_pillar", # AWS Well-Architected Security Pillar
"aws_foundational_technical_review" # AWS Foundational Technical Review (FTR)
]
# Azure Compliance Frameworks
AZURE_COMPLIANCE_FRAMEWORKS = [
"cis_1.4_azure", # CIS Microsoft Azure Foundations Benchmark v1.4
"cis_1.5_azure", # CIS Microsoft Azure Foundations Benchmark v1.5
"cis_2.0_azure", # CIS Microsoft Azure Foundations Benchmark v2.0
"ens_rd2022_azure", # Spanish National Security Scheme (ENS) RD 2022
"iso27001_2013_azure", # ISO/IEC 27001:2013
"mitre_attack_azure", # MITRE ATT&CK Framework
"nist_800_53_rev5_azure", # NIST Special Publication 800-53 Revision 5
"nist_csf_1.1_azure" # NIST Cybersecurity Framework v1.1
]
# GCP Compliance Frameworks
GCP_COMPLIANCE_FRAMEWORKS = [
"cis_1.2_gcp", # CIS Google Cloud Platform Foundation Benchmark v1.2
"cis_1.3_gcp", # CIS Google Cloud Platform Foundation Benchmark v1.3
"ens_rd2022_gcp", # Spanish National Security Scheme (ENS) RD 2022
"iso27001_2013_gcp", # ISO/IEC 27001:2013
"mitre_attack_gcp", # MITRE ATT&CK Framework
"nist_800_53_rev5_gcp", # NIST Special Publication 800-53 Revision 5
"nist_csf_1.1_gcp" # NIST Cybersecurity Framework v1.1
]
# Kubernetes Compliance Frameworks
KUBERNETES_COMPLIANCE_FRAMEWORKS = [
"cis_1.23_k8s", # CIS Kubernetes Benchmark v1.23
"ens_rd2022_k8s", # Spanish National Security Scheme (ENS) RD 2022
"mitre_attack_k8s", # MITRE ATT&CK Framework for Containers
"nist_800_53_rev5_k8s", # NIST Special Publication 800-53 Revision 5
"nist_csf_1.1_k8s" # NIST Cybersecurity Framework v1.1
]
# GitHub Compliance Frameworks
GITHUB_COMPLIANCE_FRAMEWORKS = [
"github_security_best_practices" # GitHub Security Best Practices
]
# Microsoft 365 Compliance Frameworks
M365_COMPLIANCE_FRAMEWORKS = [
"cis_m365_foundations" # CIS Microsoft 365 Foundations Benchmark
]Usage Examples
Basic Configuration Access
from prowler.config.config import (
prowler_version,
available_compliance_frameworks,
available_output_formats,
get_available_compliance_frameworks
)
# Get current version
print(f"Prowler version: {prowler_version}")
# Get all available frameworks
all_frameworks = get_available_compliance_frameworks()
print(f"Available frameworks: {len(all_frameworks)}")
# Get AWS-specific frameworks
aws_frameworks = get_available_compliance_frameworks("aws")
print(f"AWS frameworks: {aws_frameworks}")
# Get supported output formats
print(f"Output formats: {available_output_formats}")Version Management
from prowler.config.config import check_current_version
# Check for updates
version_info = check_current_version()
if version_info["update_available"]:
print(f"Update available!")
print(f"Current: {version_info['current_version']}")
print(f"Latest: {version_info['latest_version']}")
print(f"Release notes: {version_info['release_notes_url']}")
else:
print("Prowler is up to date!")Compliance Framework Discovery
from prowler.config.config import get_available_compliance_frameworks
def list_frameworks_by_provider():
"""List all available frameworks organized by provider."""
providers = ["aws", "azure", "gcp", "kubernetes", "github", "m365"]
for provider in providers:
frameworks = get_available_compliance_frameworks(provider)
print(f"\n{provider.upper()} Compliance Frameworks ({len(frameworks)}):")
for framework in sorted(frameworks):
print(f" - {framework}")
list_frameworks_by_provider()Custom Configuration Management
from prowler.config.config import (
default_output_directory,
get_default_mute_file_path
)
import os
# Setup custom output directory
custom_output_dir = "/tmp/prowler-results"
if not os.path.exists(custom_output_dir):
os.makedirs(custom_output_dir)
# Get provider-specific mute files
aws_mute_file = get_default_mute_file_path("aws")
azure_mute_file = get_default_mute_file_path("azure")
print(f"Default output: {default_output_directory}")
print(f"Custom output: {custom_output_dir}")
print(f"AWS mute file: {aws_mute_file}")
print(f"Azure mute file: {azure_mute_file}")Framework-Specific Configuration
from prowler.config.config import get_available_compliance_frameworks
def get_framework_info(framework_id):
"""Get information about a specific compliance framework."""
framework_mapping = {
"cis_1.5_aws": {
"name": "CIS Amazon Web Services Foundations Benchmark",
"version": "1.5.0",
"description": "Security configuration baseline for AWS",
"url": "https://www.cisecurity.org/benchmark/amazon_web_services"
},
"nist_csf_1.1_aws": {
"name": "NIST Cybersecurity Framework",
"version": "1.1",
"description": "Framework for managing cybersecurity risk",
"url": "https://www.nist.gov/cyberframework"
},
"gdpr_aws": {
"name": "General Data Protection Regulation",
"version": "2018",
"description": "EU data protection and privacy regulation",
"url": "https://gdpr.eu/"
}
}
return framework_mapping.get(framework_id, {
"name": framework_id,
"description": "Custom or unknown framework"
})
# Get framework information
cis_info = get_framework_info("cis_1.5_aws")
print(f"Framework: {cis_info['name']}")
print(f"Version: {cis_info['version']}")
print(f"Description: {cis_info['description']}")Output Format Configuration
from prowler.config.config import (
available_output_formats,
csv_file_suffix,
html_file_suffix,
json_asff_file_suffix,
json_ocsf_file_suffix
)
def get_output_filename(base_name, output_format):
"""Generate output filename based on format."""
suffix_mapping = {
"csv": csv_file_suffix,
"html": html_file_suffix,
"asff": json_asff_file_suffix,
"ocsf": json_ocsf_file_suffix,
"json": "json"
}
suffix = suffix_mapping.get(output_format, output_format)
return f"{base_name}.{suffix}"
# Generate filenames for different formats
base_name = "prowler-findings-20240101"
for fmt in available_output_formats:
filename = get_output_filename(base_name, fmt)
print(f"{fmt}: {filename}")Environment-Specific Configuration
import os
from prowler.config.config import prowler_version, Provider
def get_environment_config():
"""Get environment-specific configuration."""
config = {
"prowler_version": prowler_version,
"supported_providers": [p.value for p in Provider],
"environment": {
"aws_region": os.getenv("AWS_DEFAULT_REGION", "us-east-1"),
"azure_subscription": os.getenv("AZURE_SUBSCRIPTION_ID"),
"gcp_project": os.getenv("GOOGLE_CLOUD_PROJECT"),
"log_level": os.getenv("PROWLER_LOG_LEVEL", "INFO"),
"output_dir": os.getenv("PROWLER_OUTPUT_DIR", "output")
}
}
return config
env_config = get_environment_config()
print(f"Environment configuration: {env_config}")Install with Tessl CLI
npx tessl i tessl/pypi-prowler