Docs · Tools
Cloud Config Checker
Find the cloud misconfigurations attackers look for first — public buckets, wide-open security groups, root without MFA. Powered by Prowler across AWS, GCP and Azure, with results that flow straight into the SecOps Cloud (CSPM) pillar.
- Category
- Cloud & Container
- Powered by
prowler- Edition
- Pro
- Where
- Desktop → Cloud Checker tab
What it does
Cloud Config Checker runs Prowler against a cloud account you own and reports findings mapped to CIS and provider best-practice benchmarks. It is read-only — it inspects configuration, it never changes your infrastructure.
- Identity — root MFA, over-broad IAM policies, unused credentials.
- Storage — public buckets, missing encryption, no logging.
- Network — security groups open to
0.0.0.0/0, exposed admin ports. - Data & logging — public databases, disabled audit trails (CloudTrail).
How to use it
1
Authenticate to your account
Provide read credentials/profile for the cloud account you are authorized to audit.
2
Run the audit
Select the provider and run; Prowler evaluates dozens of checks.
text
Provider: aws
Account: 123456789012 (read-only audit role)3
Review failed checks
Sort by severity; each failed check includes the resource and a remediation hint.
4
Feed it into CSPM
Import the Prowler output into the SecOps
Cloud (CSPM) pillar so cloud risk sits next to your endpoint telemetry and gets a posture score.Modes & options
- Providers — AWS, GCP, Azure.
- Read-only — configuration audit only; no changes are made.
- CSPM hand-off — findings can be ingested by the SecOps Cloud pillar (
cloud_scan).
What you get
A list of passed/failed checks with severity, the affected resource, the compliance reference (CIS), and remediation guidance — the raw material for a cloud hardening plan.
Tips
- Use a dedicated read-only audit role; never an admin key.
- Re-run after fixes and watch the SecOps cloud posture score climb.
- The desktop checker is point-in-time; the CSPM pillar tracks posture over time.
Read-only & authorized. Audit only cloud accounts you own or are authorized to assess, with least-privilege read credentials. The check inspects configuration and changes nothing.