Show Prowler version:
Execute Prowler in verbose mode (like in Version 2):
Show only Fails¶
Prowler can only display the failed findings:
Hide Prowler Banner¶
Prowler can run without showing its banner:
Prowler has checks per provider, there are options related with them:
- List the available checks in the provider:
- Execute specific check(s):
- Exclude specific check(s):
- Execute checks that appears in a json file:
Prowler allows you to include your custom checks with the flag:
S3 URIs are also supported as folders for custom checks, e.g. s3://bucket/prefix/checks_folder/. Make sure that the used credentials have s3:GetObject permissions in the S3 path where the custom checks are located.
The custom checks folder must contain one subfolder per check, each subfolder must be named as the check and must contain:
- An empty
__init__.py: to make Python treat this check folder as a package.
check_name.pycontaining the check's logic.
check_name.metadata.jsoncontaining the check's metadata.
The check name must start with the service name followed by an underscore (e.g., ec2_instance_public_ip).
To see more information about how to write checks see the Developer Guide.
If you want to run ONLY your custom check(s), import it with -x (--checks-folder) and then run it with -c (--checks), e.g.:
Each of Prowler's checks has a severity, which can be: - informational - low - medium - high - critical
To execute specific severity(s):
Prowler has services per provider, there are options related with them:
- List the available services in the provider:
- Execute specific service(s):
- Exclude specific service(s):
Prowler groups checks in different categories, there are options related with them:
- List the available categories in the provider:
- Execute specific category(s):