prowler-compliance_skill

This skill helps you create and manage Prowler compliance frameworks across providers, mapping checks and attributes to controls for effective governance.
  • Python

12.8k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill prowler-cloud/prowler --skill prowler-compliance

  • SKILL.md14.3 KB

Overview

This skill creates and manages Prowler compliance frameworks for multiple cloud and platform providers. It helps define framework metadata, requirements, attributes, and mappings to automated checks so teams can run consistent compliance scans. The skill supports standards like CIS, NIST, PCI-DSS, ISO27001, MITRE ATT&CK, ENS and custom scoring such as Prowler ThreatScore.

How this skill works

The skill edits or generates JSON framework files following Prowler's base structure: Framework, Name, Version, Provider, Description and a Requirements array. It enforces framework-specific attribute models (CIS, ISO27001, MITRE, NIST, ENS, etc.) and maps Prowler checks to each requirement. Generated frameworks are validated against Pydantic models to ensure compatibility with Prowler's compliance processing and outputs.

When to use it

  • Creating a new compliance framework for AWS, Azure, GCP, Kubernetes, GitHub, M365 or other supported providers
  • Adding or updating requirements, attributes, or check mappings for an existing framework
  • Mapping automated Prowler checks to controls for auditability and reporting
  • Preparing frameworks for scans, reports, or multi-framework comparisons
  • Defining custom scoring like Prowler ThreatScore for prioritized remediation

Best practices

  • Use the exact requirement IDs and numbering from the original standard (e.g., 1.1, A.5.1, T1190, ac_2_1)
  • Prefer mapping to existing automated checks; leave Checks empty for manual-only controls
  • Include every requirement, even if it lacks automation, to preserve completeness
  • Embed framework version and provider in Name and Version fields for traceability
  • Follow file naming conventions {framework}_{version}_{provider}.json and validate JSON before use

Example use cases

  • Build a CIS 5.0 framework for AWS and map available Prowler checks to CIS controls
  • Add ISO 27001:2022 requirements for Azure with objective IDs and check summaries
  • Create a MITRE ATT&CK mapping for GCP listing tactics, platforms and detection checks
  • Draft a custom Prowler ThreatScore framework to weight IAM, logging, attack surface and encryption
  • Extend ENS RD2022 controls with Spanish language attributes and execution mode

FAQ

Framework JSON files reside under prowler/compliance/{provider}/{framework_name}_{provider}.json.

What if a requirement has no automated checks?

Include the requirement with an empty Checks array to keep the control in reports and mark it manual in Attributes.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
prowler-compliance skill by prowler-cloud/prowler | VeilStrat