AWS Prowler V3

File Types

DefectDojo parser accepts a .json file. Please note: earlier versions of AWS Prowler create output data in a different format. See our other documentation if you are using an earlier version of AWS Prowler: https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler/

JSON reports can be created from the AWS Prowler V3 CLI using the following command: prowler <provider> -M json

Acceptable JSON Format

Parser expects an array of assessments. All properties are strings and are required by the parser.


[
        {
            "AssessmentStartTime": "example_timestamp",
            "FindingUniqueId": "example_uniqueIdFromTool",
            "Provider": "example_provider",
            "CheckID": "acm_certificates_expiration_check",
            "CheckTitle": "Check if ACM Certificates are about to expire in specific days or less",
            "CheckType": [
                "Example ASFF-Compliant Finding Type"
            ],
            "ServiceName": "example_awsServiceName",
            "SubServiceName": "",
            "Status": "FAIL",
            "StatusExtended": "Example status description",
            "Severity": "example_severity",
            "ResourceType": "AwsCertificateManagerCertificate",
            "ResourceDetails": "",
            "Description": "Example general test description.",
            "Risk": "Example test impact description.",
            "RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html",
            "Remediation": {
                "Code": {
                    "NativeIaC": "",
                    "Terraform": "",
                    "CLI": "",
                    "Other": ""
                },
                "Recommendation": {
                    "Text": "Example recommendation.",
                    "Url": "https://docs.aws.amazon.com/config/latest/developerguide/example_related_documentation.html"
                }
            },
            "Compliance": {
                    "GDPR": [
                        "article_32"
                    ],
                ...
            },
            "Categories": [],
            "DependsOn": [],
            "RelatedTo": [],
            "Notes": "",
            "Profile": null,
            "AccountId": "example_accountId",
            "OrganizationsInfo": null,
            "Region": "example_region",
            "ResourceId": "example.resource.id.com",
            "ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000",
            "ResourceTags": {}
        }
    ...
]

Sample Scan Data

Unit tests of AWS Prowler V3 JSON can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3.

Last modified May 1, 2024: Create link_knowledge-base.md (#10075) (b3f13f2)