Multi Cloud CIS Benchmarks with Prowler

Report on compliance maturity against the CIS Benchmarks across AWS, Azure, GCP, and Kubernetes.

This documentation assumes you already have Prowler CLI, Prowler App, or Prowler SaaS set up. If you don't, please reference the Prowler GitHub or sign up for a free trial of Prowler SaaS.

Getting Started

To get started, grab the free PowerBI template from Securemetrics. A big thank you to the team at Prowler for sponsoring the template so that you can use it 100% free.

The template has the following components:

PowerBI Template File (.pbit) -> This template will ingest and build your report after you've run compliance scans in Prowler

Run your compliance scans in Prowler

Prowler has the ability to run multiple different compliance scans. For this template, run one or more of the following CIS Benchmark scans. Make sure to run the correct version.

Documentation for running a compliance scan in Prowler CLI can be found here. If using Prowler App or Prowler SaaS, you can download the csv output from the compliance page.

Provider

Benchmark

Version

Prowler Name

Amazon Web Services (AWS)

CIS Amazon Web Services Foundations Benchmark

v4.0.1

cis_4.0_aws

Microsoft Azure

CIS Microsoft Azure Foundations Benchmark

v3.0.0

cis_3.0_azure

Google Cloud Platform (GCP)

CIS Google Cloud Platform Foundation Benchmark

v3.0.0

cis_3.0_gcp

Kubernetes

CIS Kubernetes Benchmark

v1.10.0

cis_1.10_kubernetes

Collect your Prowler outputs

Prowler CLI

After running a compliance scan, Prowler will store a csv output in a folder. This is usually found in the file path /output/compliance .

Prowler App & SaaS

After running a scan, you can download the supported CIS compliance outputs from the "Compliance" page.

Prowler Output Folder

You'll need to move all desired compliance outputs into a single folder. All compliance scans in this folder will be ingested into the PowerBI Report.

Setting up the PowerBI Report

Once you have your Prowler compliance outputs (csv files) in a designated folder, you are ready to setup your PowerBI report!

Open the PowerBI template file by clicking on it
After loading, you will be prompted to input the following parameter:

Ensure the filepath entered does not include quotation marks (""). Windows will include them by default if using the "copy as filepath" option. Ensure you are providing the full filepath, and not a relative path.

Parameter

Description

Example

Required

Prowler Output

The full filepath to the Prowler Output folder containing the compliance scan outputs (.csv) from Prowler

C:\Users\User1\ProwlerOutput

Yes

After entering the parameter, PowerBI will load your data and populate the report.

If PowerBI finds that outputs for one or more providers were not included, you will be warned that the data for that provider will be excluded. Click on "continue" to continue ingesting the data.

That's it! You now have the PowerBI report up and running. Click on save to save the report.

Last updated 2 months ago

Multi Cloud CIS Benchmarks with Prowler

Report on compliance maturity against the CIS Benchmarks across AWS, Azure, GCP, and Kubernetes.

This documentation assumes you already have Prowler CLI, Prowler App, or Prowler SaaS set up. If you don't, please reference the Prowler GitHub or sign up for a free trial of Prowler SaaS.

Getting Started

To get started, grab the free PowerBI template from Securemetrics. A big thank you to the team at Prowler for sponsoring the template so that you can use it 100% free.

The template has the following components:

PowerBI Template File (.pbit) -> This template will ingest and build your report after you've run compliance scans in Prowler

Run your compliance scans in Prowler

Prowler has the ability to run multiple different compliance scans. For this template, run one or more of the following CIS Benchmark scans. Make sure to run the correct version.

Documentation for running a compliance scan in Prowler CLI can be found here. If using Prowler App or Prowler SaaS, you can download the csv output from the compliance page.

Provider

Benchmark

Version

Prowler Name

Amazon Web Services (AWS)

CIS Amazon Web Services Foundations Benchmark

v4.0.1

cis_4.0_aws

Microsoft Azure

CIS Microsoft Azure Foundations Benchmark

v3.0.0

cis_3.0_azure

Google Cloud Platform (GCP)

CIS Google Cloud Platform Foundation Benchmark

v3.0.0

cis_3.0_gcp

Kubernetes

CIS Kubernetes Benchmark

v1.10.0

cis_1.10_kubernetes

Collect your Prowler outputs

Prowler CLI

After running a compliance scan, Prowler will store a csv output in a folder. This is usually found in the file path /output/compliance .

Prowler App & SaaS

After running a scan, you can download the supported CIS compliance outputs from the "Compliance" page.

Prowler Output Folder

You'll need to move all desired compliance outputs into a single folder. All compliance scans in this folder will be ingested into the PowerBI Report.

Setting up the PowerBI Report

Once you have your Prowler compliance outputs (csv files) in a designated folder, you are ready to setup your PowerBI report!

Open the PowerBI template file by clicking on it
After loading, you will be prompted to input the following parameter:

Parameter

Description

Example

Required

Prowler Output

The full filepath to the Prowler Output folder containing the compliance scan outputs (.csv) from Prowler

C:\Users\User1\ProwlerOutput

Yes

After entering the parameter, PowerBI will load your data and populate the report.

If PowerBI finds that outputs for one or more providers were not included, you will be warned that the data for that provider will be excluded. Click on "continue" to continue ingesting the data.

That's it! You now have the PowerBI report up and running. Click on save to save the report.

Last updated 2 months ago