- Home
- Skills
- Prowler Cloud
- Prowler
- Prowler Compliance
prowler-compliance_skill
- Python
12.8k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill prowler-cloud/prowler --skill prowler-compliance- SKILL.md14.3 KB
Overview
This skill creates and manages Prowler compliance frameworks for multiple cloud and platform providers. It helps define framework metadata, requirements, attributes, and mappings to automated checks so teams can run consistent compliance scans. The skill supports standards like CIS, NIST, PCI-DSS, ISO27001, MITRE ATT&CK, ENS and custom scoring such as Prowler ThreatScore.
How this skill works
The skill edits or generates JSON framework files following Prowler's base structure: Framework, Name, Version, Provider, Description and a Requirements array. It enforces framework-specific attribute models (CIS, ISO27001, MITRE, NIST, ENS, etc.) and maps Prowler checks to each requirement. Generated frameworks are validated against Pydantic models to ensure compatibility with Prowler's compliance processing and outputs.
When to use it
- Creating a new compliance framework for AWS, Azure, GCP, Kubernetes, GitHub, M365 or other supported providers
- Adding or updating requirements, attributes, or check mappings for an existing framework
- Mapping automated Prowler checks to controls for auditability and reporting
- Preparing frameworks for scans, reports, or multi-framework comparisons
- Defining custom scoring like Prowler ThreatScore for prioritized remediation
Best practices
- Use the exact requirement IDs and numbering from the original standard (e.g., 1.1, A.5.1, T1190, ac_2_1)
- Prefer mapping to existing automated checks; leave Checks empty for manual-only controls
- Include every requirement, even if it lacks automation, to preserve completeness
- Embed framework version and provider in Name and Version fields for traceability
- Follow file naming conventions {framework}_{version}_{provider}.json and validate JSON before use
Example use cases
- Build a CIS 5.0 framework for AWS and map available Prowler checks to CIS controls
- Add ISO 27001:2022 requirements for Azure with objective IDs and check summaries
- Create a MITRE ATT&CK mapping for GCP listing tactics, platforms and detection checks
- Draft a custom Prowler ThreatScore framework to weight IAM, logging, attack surface and encryption
- Extend ENS RD2022 controls with Spanish language attributes and execution mode
FAQ
Framework JSON files reside under prowler/compliance/{provider}/{framework_name}_{provider}.json.
What if a requirement has no automated checks?
Include the requirement with an empty Checks array to keep the control in reports and mark it manual in Attributes.