Skip to content
Kloudle Logo
Academy academy

Using Prowler for AWS assessment against CIS Foundations benchmark - Part 2 Conducting assessment

By Akash Mahajan · · 1 min read · intermediate
#prowler #aws #cloudsecurity #compliance

Introduction

Prowler is a command line tool that helps you with AWS security assessment, auditing, hardening, and incident response.

It follows the guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 190 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others.

Prowler assessment

Scan with Prowler takes time depending upon the number of services enabled in your AWS account. Once the scan is complete the report is stored in the Prowler folder itself in a sub-directory called output. Prowler’s report can be reviewed to prioritize the findings as critical, high, medium, and low.

The Prowler report follows the CIS Benchmark and accordingly the findings are present in the report.

Audit results

Prowler produces results as findings and does not show the resolutions for findings in the report. The findings in the report are categorized as below:

  1. INFO: Informational, no action required. This includes results that are overridden
  2. PASS: It is the recommended value
  3. WARNING: A best practice recommendation
  4. FAIL: A security issue or invalid AWS configuration. A fix is required.

Prowler scan

Akash Mahajan Founder & CEO

Akash Mahajan

Founder & CEO

Akash is the founder of Kloudle, a developer-first cloud security scanner. He’s spent 20+ years in cybersecurity and now builds tools that make securing cloud infra simple, fast, and frustration-free.

See all posts
← All academy posts