コンテンツにスキップ

Prowler

By enabling the Prowler data source, results analyzed by the open source Prowler will be collected.

What is Prowler?
  • Prowler is an open-source CSPM tool published by Prowler, Inc .
  • For details on what items are detected by Prowler, refer to GitHub .

Format

When importing data into RISKEN, the following metadata will be added:

Item Description
DataSource azure:prowler (fixed)
ResourceName ID of the detected resource
Description Description
Score Refer to Scoring
Tag azure prowler {Azure Service} {Subscription ID} {Plugin Name}

Scoring

  • The analysis results from Prowler do not include data equivalent to score information.

  • Only status information such as PASS (no risk) or FAIL (risk present) can be confirmed for each check item (plugin).

    Prowler Status
    • 0: PASS: No risk
    • 1: FAIL: Risk present
    • 2: MANUAL: Manual verification required to determine PASS/FAIL (not used in Azure scans)

  • It is difficult to determine the level of risk for each check item with this information alone, and attempting to review all of them would require checking a large number of alerts.

  • Therefore, when importing into RISKEN, scoring is performed using the following logic to prioritize issues that should be reviewed first (for details, refer to Score Determination per Plugin).
    • *Of course, it is also acceptable to review all FAIL results.
YES
NO
Critical
High
Medium
Low
Info
Start
Status `PASS`?
Score: 0.0
What is finding severity ?
Score: 0.8
Score: 0.6
Score: 0.4
Score: 0.3
Score: 0.1