Closed jenztales closed 1 year ago
jfagoagas
commented
1 year ago Hi @jenztales we need more information to triage your issue, also could you run it again but using the latest Prowler release which is v3.3.4? Also include the following flags: --verbose --log-level ERROR.
Thanks for using Prowler.
jenztales
commented
1 year ago Thank you for your prompt response.
Is the repository updated? I removed the directory and cloned the repository again but I'm still getting the same version. Also, I added the additional flags and received the following output:
Check ID: defender_ensure_defender_for_app_services_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_arm_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_azure_sql_databases_is_on - defender [hig h]
INFO There are no resources
Check ID: defender_ensure_defender_for_containers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_cosmosdb_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_dns_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_keyvault_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_os_relational_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_server_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_sql_servers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_storage_is_on - defender [high]
INFO There are no resources
Check ID: iam_subscription_roles_owner_custom_not_created - iam [high]
INFO There are no resources
Check ID: storage_blob_public_access_level_is_disabled - storage [medium]
INFO There are no resources
Check ID: storage_default_network_access_rule_is_denied - storage [medium]
INFO There are no resources
Check ID: storage_ensure_azure_services_are_trusted_to_access_is_enabled - stora ge [medium]
INFO There are no resources
Check ID: storage_ensure_encryption_with_customer_managed_keys - storage [high]
INFO There are no resources
Check ID: storage_ensure_minimum_tls_version_12 - storage [medium]
INFO There are no resources
Check ID: storage_infrastructure_encryption_is_enabled - storage [low]
INFO There are no resources
Check ID: storage_secure_transfer_required_is_enabled - storage [medium]
INFO There are no resourcesThank you for your prompt response.
Is the repository updated? I removed the directory and cloned the repository again but I'm still getting the same version. Also, I added the additional flags and received the following output:
Yes, the repository is updated, so if you run either
git pull origin masteror a newgit cloneyou should get the latest changes forv3.3.4.
That is strange since Prowler is raising that you don't have any resources in your subscription. Are you seeing any error when you input the --log-level ERROR?
jenztales
commented
1 year ago 
Still the same, am I cloning the wrong repository?
Very bizarre, when I run it with the the --log-level ERROR flags, I get the same output I originally sent, There are no findings in Tenant ID/s
jfagoagas
commented
1 year ago
Still the same, am I cloning the wrong repository?
Very bizarre, when I run it with the the --log-level ERROR flags, I get the same output I originally sent, There are no findings in Tenant ID/s
Regarding your image I'm starting to think that maybe you have Prowler installed both using pip and git clone, because you are cloning Prowler repository but executing prowler -v (instead of ./prowler.py -v, note the ./) which is only available when you installed the project using pip.
Since yesterday we released Prowler v3.4.0 could you please follow this documentation to install/update Prowler? https://docs.prowler.cloud/en/latest/#installation
If you clone directly from Github you should run, having Python >= 3.9:
git clone https://github.com/prowler-cloud/prowler
cd prowler
poetry shell
poetry install
python prowler.py -vWith that you should see that your Prowler version is the 3.4.0. Also, if you are using pip run pip install prowler --upgrade to update it to the latest version.
Once there, please run again this command and paste the logs here using the --log-level ERROR flag.
Thank you!
jenztales
commented
1 year ago Okay I've updated prowler to the most recent version
and reran the scan and it looks like I'm having a permission issue, but I've added the appropriate API and role base permissions.
Scan output:
Date: 2023-04-21 13:59:42
This report is being generated using the identity below:
Azure Tenant IDs: [tenant ID] Azure Tenant Domain: [Unknown tenant domain (missing AAD permissions)]
Azure Subscriptions: []
Azure Identity Type: [Service Principal] Azure Identity ID: [subscription ID]
Executing 20 checks, please wait...
-> Scan completed! |▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉| 20/20 [10
There are no findings in Tenant ID/s <tenant ID>
n4ch04
commented
1 year ago Hi @jenztales,
The issue you are seen in the identity banner is related with AAD permissions that are not mandatory (right now they are only used to get metadata).
If you have added those permissions and it is still retrieving that maybe Azure needs time to sync everything (it can be really tricky).
Despite that the reason behind the There are no findings in Tenant ID/s should be other.
Please, can you share all the log traces that Prowler generates when is launched with the --log-level ERROR flag ?
Without that we can't help you to solve the issue.
Thanks !!
jenztales
commented
1 year ago Hello,
Yes I mentioned I get the same output as before which was the following:
Check ID: defender_ensure_defender_for_app_services_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_arm_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_azure_sql_databases_is_on - defender [hig h]
INFO There are no resources
Check ID: defender_ensure_defender_for_containers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_cosmosdb_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_dns_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_keyvault_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_os_relational_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_server_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_sql_servers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_storage_is_on - defender [high]
INFO There are no resources
Check ID: iam_subscription_roles_owner_custom_not_created - iam [high]
INFO There are no resources
Check ID: storage_blob_public_access_level_is_disabled - storage [medium]
INFO There are no resources
Check ID: storage_default_network_access_rule_is_denied - storage [medium]
INFO There are no resources
Check ID: storage_ensure_azure_services_are_trusted_to_access_is_enabled - stora ge [medium]
INFO There are no resources
Check ID: storage_ensure_encryption_with_customer_managed_keys - storage [high]
INFO There are no resources
Check ID: storage_ensure_minimum_tls_version_12 - storage [medium]
INFO There are no resources
Check ID: storage_infrastructure_encryption_is_enabled - storage [low]
INFO There are no resources
Check ID: storage_secure_transfer_required_is_enabled - storage [medium]
INFO There are no resourcesHi @jenztales It is weird, can you join our slack (https://join.slack.com/t/prowler-workspace/shared_invite/zt-1tpbutlg7-PikVOs1b0kiA3wizdhOrnA ) to follow up on this ?
jenztales
commented
1 year ago Hi,
Yes, I just joined. Should I drop my question in the 'ask-a-question' channel?
n4ch04
commented
1 year ago You can write directly to me (Nacho Rivera)
jenztales
commented
1 year ago Sounds good, I direct messaged you. Thank you for your help!
jenztales
commented
1 year ago Adding the Azure role subscriptions worked, thank you.
balramrexwal
commented
1 year ago Hi @jenztales , I followed the link https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal But still i am getting no finding scan results. can you help me with that.
jenztales
commented
1 year ago Hi @balramrexwal
Did you also add the API permissions to the enterprise application?
balramrexwal
commented
1 year ago after giving these permissions, still no findings
prowler azure --sp-env-auth --verbose --log-level ERROR
_
_ __ _ __ _____ _| | ___ _ __
| '_ \| '__/ _ \ \ /\ / / |/ _ \ '__|
| |_) | | | (_) \ V V /| | __/ |
| .__/|_| \___/ \_/\_/ |_|\___|_|v3.4.1
|_| the handy cloud security tool
Date: 2023-05-04 00:23:48
Color code for results:
- INFO (Information)
- PASS (Recommended value)
- WARNING (Ignored by allowlist)
- FAIL (Fix required)
This report is being generated using the identity below:
Azure Tenant IDs: [11111111111111111] Azure Tenant Domain: [ABC172.onmicrosoft.com]
Azure Subscriptions: []
Azure Identity Type: [Service Principal] Azure Identity ID: [11111111111111111111]
Executing 20 checks, please wait...
Check ID: defender_ensure_defender_for_app_services_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_arm_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_azure_sql_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_containers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_cosmosdb_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_dns_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_keyvault_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_os_relational_databases_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_server_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_sql_servers_is_on - defender [high]
INFO There are no resources
Check ID: defender_ensure_defender_for_storage_is_on - defender [high]
INFO There are no resources
Check ID: iam_subscription_roles_owner_custom_not_created - iam [high]
INFO There are no resources
Check ID: storage_blob_public_access_level_is_disabled - storage [medium]
INFO There are no resources
Check ID: storage_default_network_access_rule_is_denied - storage [medium]
INFO There are no resources
Check ID: storage_ensure_azure_services_are_trusted_to_access_is_enabled - storage [medium]
INFO There are no resources
Check ID: storage_ensure_encryption_with_customer_managed_keys - storage [high]
INFO There are no resources
Check ID: storage_ensure_minimum_tls_version_12 - storage [medium]
INFO There are no resources
Check ID: storage_infrastructure_encryption_is_enabled - storage [low]
INFO There are no resources
Check ID: storage_secure_transfer_required_is_enabled - storage [medium]
INFO There are no resources
-> Scan completed! |▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉| 20/20 [100%] in 0.1s
There are no findings in Tenant Domain ABC172.onmicrosoft.com
Sorry for the delay, I'm not sure what the issue is then. When I ran the additional flags, --log-level ERROR, I was prompted with an 'missing AAD permissions' error which corrected my issue. Have you tried running just these flags without the --verbose added?
Steps to Reproduce
When I run prowler for Azure, I get the following output:
"There are no findings in Tenant ID/s"
I have provided the following API permissions added: Directory.Read.All and Policy.Read.All I have the following RBAC roles added: Security Reader and Reader
Not sure why no data is coming back, I assumed it was a permissions issue, but I'm not sure. Can you assist?
Expected behavior
prowler report for Azure
Actual Result with Screenshots or Logs
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
Linux server
OS used
Ubuntu
Prowler version
prowler 3.3.0
Pip version
pip 23.0.1
Context
No response