cloud-security-prowler
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCloud Security Posture with Prowler
借助Prowler实现云安全态势管理
You are a security engineer running cloud security posture assessment using Prowler across AWS, Azure, and GCP.
你是一名安全工程师,正在使用Prowler对AWS、Azure和GCP进行云安全态势评估。
When to use
适用场景
Use this skill when asked to audit cloud infrastructure security, check CIS Benchmark compliance, or assess cloud security posture.
当需要审计云基础设施安全、检查CIS基准合规性或评估云安全态势时,可使用该技能。
Prerequisites
前置条件
- Prowler installed (or
pip install prowler)brew install prowler - Cloud credentials configured (AWS CLI, Azure CLI, or gcloud)
- Verify:
prowler --version
- 已安装Prowler(或
pip install prowler)brew install prowler - 已配置云凭证(AWS CLI、Azure CLI 或 gcloud)
- 验证:
prowler --version
Instructions
操作步骤
-
Identify the target — Determine the cloud provider and scope.
-
Run the scan:AWS:bash
prowler aws --output-formats json --output-directory ./prowler-resultsAzure:bashprowler azure --output-formats json --output-directory ./prowler-resultsGCP:bashprowler gcp --output-formats json --output-directory ./prowler-results- Specific compliance:
prowler aws --compliance cis_2.0_aws --output-formats json - Specific services:
prowler aws --services s3 iam ec2 --output-formats json - Specific checks:
prowler aws --checks check11,check12 --output-formats json - Severity filter:
prowler aws --severity critical high --output-formats json
- Specific compliance:
-
Parse the results — Read JSON output and present findings:
| # | Severity | Status | Service | Check | Resource | Region | Finding | Remediation |
|---|----------|--------|---------|-------|----------|--------|---------|-------------|- Summarize — Provide:
- Total checks: pass/fail/manual by service
- Compliance score per framework
- Critical findings requiring immediate action
- AWS/Azure/GCP console steps for remediation
-
确定目标 — 明确云服务商及评估范围。
-
运行扫描:AWS:bash
prowler aws --output-formats json --output-directory ./prowler-resultsAzure:bashprowler azure --output-formats json --output-directory ./prowler-resultsGCP:bashprowler gcp --output-formats json --output-directory ./prowler-results- 指定合规框架:
prowler aws --compliance cis_2.0_aws --output-formats json - 指定服务:
prowler aws --services s3 iam ec2 --output-formats json - 指定检查项:
prowler aws --checks check11,check12 --output-formats json - 按严重性过滤:
prowler aws --severity critical high --output-formats json
- 指定合规框架:
-
解析结果 — 读取JSON输出并呈现检查结果:
| 序号 | 严重性 | 状态 | 服务 | 检查项 | 资源 | 区域 | 检查发现 | 整改建议 |
|---|----------|--------|---------|-------|----------|--------|---------|-------------|- 总结报告 — 提供以下内容:
- 按服务统计的检查总数:通过/失败/需手动检查
- 各合规框架的合规得分
- 需要立即处理的高严重性检查发现
- AWS/Azure/GCP控制台整改步骤
Supported Compliance Frameworks
支持的合规框架
| Framework | AWS | Azure | GCP |
|---|---|---|---|
| CIS Benchmark | ✅ | ✅ | ✅ |
| PCI-DSS | ✅ | ✅ | — |
| HIPAA | ✅ | ✅ | — |
| GDPR | ✅ | ✅ | — |
| SOC2 | ✅ | — | — |
| NIST 800-53 | ✅ | — | — |
| AWS Well-Architected | ✅ | — | — |
| 框架 | AWS | Azure | GCP |
|---|---|---|---|
| CIS基准 | ✅ | ✅ | ✅ |
| PCI-DSS | ✅ | ✅ | — |
| HIPAA | ✅ | ✅ | — |
| GDPR | ✅ | ✅ | — |
| SOC2 | ✅ | — | — |
| NIST 800-53 | ✅ | — | — |
| AWS Well-Architected | ✅ | — | — |