Custom Checks Metadata¶

In certain organizations, the severity of specific checks might differ from the default values defined in the check's metadata. For instance, while s3_bucket_level_public_access_block could be deemed critical for some organizations, others might assign a different severity level.

The custom metadata option offers a means to override default metadata set by Prowler

You can utilize --custom-checks-metadata-file followed by the path to your custom checks metadata YAML file.

Available Fields¶

The list of supported check's metadata fields that can be override are listed as follows:

Severity

File Syntax¶

This feature is available for all the providers supported in Prowler since the metadata

custom_checks_metadata.yaml

format is common between all the providers. The following is the YAML format for the custom checks metadata file: id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1">CustomChecksMetadata: aws: Checks: s3_bucket_level_public_access_block: Severity: high s3_bucket_no_mfa_delete: Severity: high azure: Checks: storage_infrastructure_encryption_is_enabled: Severity: medium gcp: Checks: compute_instance_public_ip: Severity: critical kubernetes: Checks: apiserver_anonymous_requests: Severity: low

Usage¶

Executing the following command will assess all checks and generate a report while overriding the metadata for those checks:

prowler <provider> --custom-checks-metadata-file <path/to/custom/metadata>

This customization feature enables organizations to tailor the severity of specific checks based on their unique requirements, providing greater flexibility in security assessment and reporting.