Prowler Compliance

What it does

The Prowler Compliance skill enables AI agents to work with compliance frameworks for various cloud providers. It allows users to create new frameworks, add requirements, map checks to controls, and understand framework structures. The skill leverages JSON files defining these frameworks, which are located within the prowler/compliance/{provider}/{framework_name}_{provider}.json directory.

When to use it

• Creating a new compliance framework for a supported cloud provider.
• Adding requirements to an existing compliance framework.
• Mapping specific checks (assessments) to compliance controls.
• Understanding the structure and attributes of different compliance frameworks.

Key capabilities

• Supports multiple cloud providers: AWS, Azure, GCP, Kubernetes, GitHub, Microsoft 365, Alibaba Cloud, Cloudflare, Oracle Cloud, OCI, NHN Cloud, MongoDB Atlas, Infrastructure as Code (IAC), and Large Language Models (LLM).
• Allows for the creation of custom compliance frameworks.
• Provides a defined base framework structure with sections for Framework, Name, Version, Provider, Description, and Requirements.
• Supports CIS (Center for Internet Security) and ISO 27001 framework types, each with specific attribute models.
• Includes attributes like Section, SubSection, Profile, AssessmentStatus, and descriptions/rationales for compliance controls.

Example prompts

• "Show me the structure of the CIS AWS compliance framework."
• "What are the requirements defined in the ISO 27001 Azure framework?"
• "Can you list all checks associated with requirement ID '1.1' in the CIS AWS framework?"

Tips & gotchas

• Frameworks are defined as JSON files, so familiarity with JSON structure is helpful.
• The location of these frameworks is prowler/compliance/{provider}/{framework_name}_{provider}.json.
• Each provider has a specific attribute model that must be followed when creating custom frameworks.