Prowler 3.3.0 - Sun and Steel

Through earth and water, fire and wind
You came at last, nothing was the end...

As this series of Prowler versions, Sun and Steel is a song part of Piece of Mind album of Iron Maiden. In this side of the world (north hemisphere), spring is about to start and this song is about Sun (and Steel) so here you go! 🤘🏽See below the amazing new features we have added to Prowler 3.3.0 🔥Sun and Steel🔥

New features to highlight in this version:

🏷️ Resource Tags everywhere:

• Now all findings outputs like HTML, CSV and JSON for AWS provider contains every resource tags.
  

⚖️ Compliance everywhere:

• Now all findings in outputs like HTML, CSV and JSON contains any security framework related to the finding.
  

🛡️ Security Hub integration with compliance from Prowler:

• All findings sent to Security Hub include their compliance information and all frameworks that they belongs to. This allow user to filter by Compliance Associated Standards ID and others and take advantage of all new supported frameworks in Prowler:
  

📊 New inventory output include regions:

• When running Prowler Quick Inventory (prowler -i) the output is as nice as this one:

✅ 3 new checks:

• s3_bucket_level_public_access_block
• rds_instance_transport_encrypted - this is valid so far only for Postgresql and MS SQL Server
• cloudwatch_log_group_no_secrets_in_logs

What's Changed:

• feat(templates): New versions of issues and fr templates by @n4ch04 in #2072
• feat(tags): add resource tags by @sergargar in #2020
• feat(s3_bucket_level_public_access_block): new check by @sergargar in #1953
• feat(rds_instance_transport_encrypted): add new check by @sergargar in #1963
• feat(quick_inventory): add regions to inventory table by @sergargar in #2026
• feat(new_check): cloudwatch_log_group_no_secrets_in_logs by @Fennerr in #1980
• feat(lambda_cloudtrail check): improved logic and status extended by @n4ch04 in #2092
• feat(inventory): add tags to quick inventory by @sergargar in #2051
• feat(encryption): add new encryption category by @sergargar in #1999
• feat(dispatch): add tag info to dispatch by @n4ch04 in #2002
• feat(compliance): add compliance field to HTML, CSV and JSON outputs including frameworks and reqs by @sergargar in #2060
• feat(SecurityHub): add compliance details to Security Hub findings by @sergargar in #2100

Fixes:

• fix(windows-path): --list-services bad split by @garym-krrv in #2028
• fix(ulimit): handle low ulimit OSError by @sergargar in #2042
• fix(ulimit check): test only when platform is not windows by @n4ch04 in #2094
• fix(quick inventory): add non-tagged s3 buckets to inventory by @sergargar in #2041
• fix(providers): Move provider's logic outside main by @jfagoagas in #2043
• fix(iam): pydantic migration and reformat logic service by @n4ch04 in #2010
• fix(head): Pass head commit to dispatch action by @n4ch04 in #2022
• fix(emr): solve emr_cluster_publicly_accesible error by @sergargar in #2086
• fix(emr): KeyError EmrManagedSlaveSecurityGroup by @jfagoagas in #2000
• fix(ec2_securitygroup_allow_wide_open_public_ipv4): correct check title by @sergargar in #2101
• fix(ec2): avoid terminated instances by @sergargar in #2063
• fix(compliance): add check to 2.1.5 CIS by @sergargar in #2077
• fix(cloudwatch): solve inexistent filterPattern error by @sergargar in #2087
• fix(cloudtrail): list tags only in owned trails by @sergargar in #2025
• fix(check): change cloudformation_outputs_find_secrets name by @sergargar in #2027
• fix(bug_report): typo in bug reporting template by @jfagoagas in #2078
• fix(bug_report): Update wording by @jfagoagas in #2074
• fix(awslambdacloudtrail): include advanced event and all lambdas in check by @n4ch04 in #1994
• fix(actions): fixed dispatch commit message by @n4ch04 in #2023
• fix(actions): Typo push should be true by @jfagoagas in #2019
• fix(actions): Stop using github storage by @jfagoagas in #2016

Documentation and other updates

• chore(docs): update readme with new ECR alias by @toniblyx in #2079
• chore(docs): Corrected spelling mistake in multiacount by @alexnelsone in #2056
• chore(docs): Add brew and github installation to quick start by @toniblyx in #1991
• chore(release): update Prowler Version to 3.2.4 by @sergargar in #1988
• chore(regions_update): Changes in regions for AWS services. by @sergargar in #2095
• chore(poetry): add poetry checks to pre-commit by @sergargar in #2040
• chore(metadata): remove tags from metadata by @sergargar in #1998
• chore(iam): update prowler permissions by @sergargar in #2050
• chore(dependabot): Change to weekly by @jfagoagas in #2057
• chore(brew): bump new version to brew by @sergargar in #1990
• chore(actions): Use GHA cache by @jfagoagas in #2066
• chore(actions): Missing cache in the PR by @jfagoagas in #2067
• build(deps-dev): bump pytest-xdist from 3.2.0 to 3.2.1 by @dependabot in #2084
• build(deps-dev): bump pytest from 7.2.1 to 7.2.2 by @dependabot in #2046
• build(deps-dev): bump pylint from 2.16.4 to 2.17.0 by @dependabot in #2062
• build(deps-dev): bump moto from 4.1.3 to 4.1.4 by @dependabot in #2045
• build(deps-dev): bump freezegun from 1.2.1 to 1.2.2 by @dependabot in #2033
• build(deps-dev): bump flake8 from 5.0.4 to 6.0.0 by @dependabot in #2012
• build(deps-dev): bump docker from 6.0.0 to 6.0.1 by @dependabot in #2030
• build(deps-dev): bump coverage from 7.1.0 to 7.2.1 by @dependabot in #2032
• build(deps-dev): bump black from 22.10.0 to 22.12.0 by @dependabot in #2013
• build(deps-dev): bump bandit from 1.7.4 to 1.7.5 by @dependabot in #2082
• build(deps): bump pydantic from 1.10.5 to 1.10.6 by @dependabot in #2081
• build(deps): bump mkdocs-material from 9.1.1 to 9.1.2 by @dependabot in #2080
• build(deps): bump botocore from 1.29.86 to 1.29.90 by @dependabot in #2083
• build(deps): bump boto3 from 1.26.85 to 1.26.86 by @dependabot in #2061

New Contributors

• @garym-krrv made their first contribution in #2028
• @alexnelsone made their first contribution in #2056

Full Changelog: 3.2.4...3.3.0