From 11a8873155a3818973b946f87c15ec7396effd4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20De=20la=20Torre=20Vico?= Date: Wed, 18 Mar 2026 19:35:50 +0100 Subject: [PATCH 1/4] feat(ui): add attack path custom query skill for Lighthouse AI (#10323) Co-authored-by: alejandrobailo --- ui/CHANGELOG.md | 3 +- .../definitions/attack-path-custom-query.ts | 311 ++++++++++++++++++ ui/lib/lighthouse/skills/index.ts | 6 + ui/lib/lighthouse/workflow.ts | 1 + 4 files changed, 320 insertions(+), 1 deletion(-) create mode 100644 ui/lib/lighthouse/skills/definitions/attack-path-custom-query.ts diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index f30f068463..4e1a50d510 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -6,7 +6,8 @@ All notable changes to the **Prowler UI** are documented in this file. ### 🚀 Added -- Add skill system to Lighthouse AI [(#10322)](https://github.com/prowler-cloud/prowler/pull/10322) +- Skill system to Lighthouse AI [(#10322)](https://github.com/prowler-cloud/prowler/pull/10322) +- Skill for creating custom queries on Attack Paths [(#10323)](https://github.com/prowler-cloud/prowler/pull/10323) ### 🔄 Changed diff --git a/ui/lib/lighthouse/skills/definitions/attack-path-custom-query.ts b/ui/lib/lighthouse/skills/definitions/attack-path-custom-query.ts new file mode 100644 index 0000000000..7bb2ed08a1 --- /dev/null +++ b/ui/lib/lighthouse/skills/definitions/attack-path-custom-query.ts @@ -0,0 +1,311 @@ +import type { SkillDefinition } from "../types"; + +export const customAttackPathQuerySkill: SkillDefinition = { + metadata: { + id: "attack-path-custom-query", + name: "Attack Paths Custom Query", + description: + "Write an openCypher graph query against Cartography-ingested cloud infrastructure to analyze attack paths, privilege escalation, and network exposure.", + }, + instructions: `# Attack Paths Custom Query Skill + +This skill provides openCypher syntax guidance and Cartography schema knowledge for writing graph queries against Prowler's cloud infrastructure data. + +## Workflow + +Follow these steps when the user asks you to write a custom openCypher query: + +1. **Find a completed scan**: Use \`prowler_app_list_attack_paths_scans\` (filter by \`state=['completed']\`) to find a scan for the user's provider. You need the \`scan_id\` for the next step. + +2. **Fetch the Cartography schema**: Use \`prowler_app_get_attack_paths_cartography_schema\` with the \`scan_id\`. This returns the full schema markdown with all node labels, relationships, and properties for the scan's provider and Cartography version. If this tool fails, use the Cartography Schema Reference section below as a fallback (AWS only). + +3. **Analyze the schema**: From \`schema_content\`, identify the node labels, properties, and relationships relevant to the user's request. Cross-reference with the Common openCypher Patterns section below. + +4. **Write the query**: Compose the openCypher query following all rules in this skill: + - Scope every MATCH to the root account node (see Provider Isolation) + - Use \`$provider_uid\` and \`$provider_id\` parameters (see Query Parameters) + - Include \`ProwlerFinding\` OPTIONAL MATCH (see Include Prowler Findings) + - Use openCypher v9 compatible syntax only (see openCypher Version 9 Compatibility) + +5. **Present the query**: Show the complete query in a \`cypher\` code block with: + - A brief explanation of what the query finds + - The node types and relationships it traverses + - What results to expect + +**Note**: Custom queries cannot be executed through the available tools yet. Present the query to the user for review and manual execution. + +## Query Parameters + +All queries receive these built-in parameters (do NOT hardcode these values): + +| Parameter | Matches property | Used on | Purpose | +|-----------|-----------------|---------|---------| +| \`$provider_uid\` | \`id\` | \`AWSAccount\` | Scopes to a specific cloud account | +| \`$provider_id\` | \`_provider_id\` | Any non-account node | Scopes nodes to the provider context | + +Use \`$provider_uid\` on account root nodes. Use \`$provider_id\` on other nodes that need provider scoping (e.g., \`Internet\`). + +## openCypher Query Guidelines + +### Provider Isolation (CRITICAL) + +Every query MUST chain from the root account node to prevent cross-provider data leakage. +The tenant database contains data from multiple providers. + +\`\`\`cypher +// CORRECT: scoped to the specific account's subgraph +MATCH (aws:AWSAccount {id: $provider_uid})--(role:AWSRole) +WHERE role.name = 'admin' + +// WRONG: matches ALL AWSRoles across all providers +MATCH (role:AWSRole) WHERE role.name = 'admin' +\`\`\` + +Every \`MATCH\` clause must connect to the \`aws\` variable (or another variable already bound to the account's subgraph). An unanchored \`MATCH\` returns nodes from all providers. + +**Exception**: The \`Internet\` sentinel node uses \`OPTIONAL MATCH\` with \`_provider_id\` for scoping instead of chaining from \`aws\`. + +### Include Prowler Findings + +Always include Prowler findings to enrich results with security context: + +\`\`\`cypher +UNWIND nodes(path) as n +OPTIONAL MATCH (n)-[pfr]-(pf:ProwlerFinding {status: 'FAIL', provider_uid: $provider_uid}) + +RETURN path, collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr +\`\`\` + +For network exposure queries, also return the internet node and relationship: + +\`\`\`cypher +RETURN path, collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr, + internet, can_access +\`\`\` + +### openCypher Version 9 Compatibility + +Queries must use openCypher Version 9 (compatible with both Neo4j and Amazon Neptune). + +| Avoid | Reason | Use instead | +|-------|--------|-------------| +| APOC procedures (\`apoc.*\`) | Neo4j-specific plugin | Real nodes and relationships in the graph | +| Neptune extensions | Not available in Neo4j | Standard openCypher | +| \`reduce()\` function | Not in openCypher spec | \`UNWIND\` + \`collect()\` | +| \`FOREACH\` clause | Not in openCypher spec | \`WITH\` + \`UNWIND\` + \`SET\` | +| Regex operator (\`=~\`) | Not supported in Neptune | \`toLower()\` + exact match, or \`CONTAINS\`/\`STARTS WITH\` | +| \`CALL () { UNION }\` | Complex, hard to maintain | Multi-label OR in WHERE (see patterns below) | + +**Supported with limitations:** +- \`CALL\` subqueries require \`WITH\` clause to import variables + +## Cartography Schema Reference (Quick Reference / Fallback) + +### AWS Node Labels + +| Label | Description | +|-------|-------------| +| \`AWSAccount\` | AWS account root node | +| \`AWSPrincipal\` | IAM principal (user, role, service) | +| \`AWSRole\` | IAM role | +| \`AWSUser\` | IAM user | +| \`AWSPolicy\` | IAM policy | +| \`AWSPolicyStatement\` | Policy statement with effect, action, resource | +| \`EC2Instance\` | EC2 instance | +| \`EC2SecurityGroup\` | Security group | +| \`EC2PrivateIp\` | EC2 private IP (has \`public_ip\`) | +| \`IpPermissionInbound\` | Inbound security group rule | +| \`IpRange\` | IP range (e.g., \`0.0.0.0/0\`) | +| \`NetworkInterface\` | ENI (has \`public_ip\`) | +| \`ElasticIPAddress\` | Elastic IP (has \`public_ip\`) | +| \`S3Bucket\` | S3 bucket | +| \`RDSInstance\` | RDS database instance | +| \`LoadBalancer\` | Classic ELB | +| \`LoadBalancerV2\` | ALB/NLB | +| \`ELBListener\` | Classic ELB listener | +| \`ELBV2Listener\` | ALB/NLB listener | +| \`LaunchTemplate\` | EC2 launch template | +| \`AWSTag\` | Resource tag with key/value properties | + +### Prowler-Specific Labels + +| Label | Description | +|-------|-------------| +| \`ProwlerFinding\` | Prowler finding node with \`status\`, \`provider_uid\`, \`severity\` properties | +| \`Internet\` | Internet sentinel node, scoped by \`_provider_id\` (used in network exposure queries) | + +### Common Relationships + +| Relationship | Description | +|-------------|-------------| +| \`TRUSTS_AWS_PRINCIPAL\` | Role trust relationship | +| \`STS_ASSUMEROLE_ALLOW\` | Can assume role (variable-length for chains) | +| \`CAN_ACCESS\` | Internet-to-resource exposure link | +| \`POLICY\` | Has policy attached | +| \`STATEMENT\` | Policy has statement | + +### Key Properties + +- \`AWSAccount\`: \`id\` (account ID used with \`$provider_uid\`) +- \`AWSPolicyStatement\`: \`effect\` ('Allow'/'Deny'), \`action\` (list), \`resource\` (list) +- \`EC2Instance\`: \`exposed_internet\` (boolean), \`publicipaddress\` +- \`EC2PrivateIp\`: \`public_ip\` +- \`NetworkInterface\`: \`public_ip\` +- \`ElasticIPAddress\`: \`public_ip\` +- \`EC2SecurityGroup\`: \`name\`, \`id\` +- \`IpPermissionInbound\`: \`toport\`, \`fromport\`, \`protocol\` +- \`S3Bucket\`: \`name\`, \`anonymous_access\` (boolean) +- \`RDSInstance\`: \`storage_encrypted\` (boolean) +- \`ProwlerFinding\`: \`status\` ('FAIL'/'PASS'/'MANUAL'), \`severity\`, \`provider_uid\` +- \`Internet\`: \`_provider_id\` (provider UUID used with \`$provider_id\`) + +## Common openCypher Patterns + +### Match Account and Principal + +\`\`\`cypher +MATCH path_principal = (aws:AWSAccount {id: $provider_uid})--(principal:AWSPrincipal)--(policy:AWSPolicy)--(stmt:AWSPolicyStatement) +\`\`\` + +### Check IAM Action Permissions + +\`\`\`cypher +WHERE stmt.effect = 'Allow' + AND any(action IN stmt.action WHERE + toLower(action) = 'iam:passrole' + OR toLower(action) = 'iam:*' + OR action = '*' + ) +\`\`\` + +### Find Roles Trusting a Service + +\`\`\`cypher +MATCH path_target = (aws)--(target_role:AWSRole)-[:TRUSTS_AWS_PRINCIPAL]->(:AWSPrincipal {arn: 'ec2.amazonaws.com'}) +\`\`\` + +### Check Resource Scope + +\`\`\`cypher +WHERE any(resource IN stmt.resource WHERE + resource = '*' + OR target_role.arn CONTAINS resource + OR resource CONTAINS target_role.name +) +\`\`\` + +### Match Internet Sentinel Node + +Used in network exposure queries. The Internet node is a real graph node, scoped by \`_provider_id\`: + +\`\`\`cypher +OPTIONAL MATCH (internet:Internet {_provider_id: $provider_id}) +\`\`\` + +### Link Internet to Exposed Resource + +The \`CAN_ACCESS\` relationship links the Internet node to exposed resources: + +\`\`\`cypher +OPTIONAL MATCH (internet)-[can_access:CAN_ACCESS]->(resource) +\`\`\` + +### Multi-label OR (match multiple resource types) + +When a query needs to match different resource types in the same position, use label checks in WHERE: + +\`\`\`cypher +MATCH path = (aws:AWSAccount {id: $provider_uid})-[r]-(x)-[q]-(y) +WHERE (x:EC2PrivateIp AND x.public_ip = $ip) + OR (x:EC2Instance AND x.publicipaddress = $ip) + OR (x:NetworkInterface AND x.public_ip = $ip) + OR (x:ElasticIPAddress AND x.public_ip = $ip) +\`\`\` + +## Example Query Patterns + +### Resource Inventory + +\`\`\`cypher +MATCH path = (aws:AWSAccount {id: $provider_uid})--(rds:RDSInstance) + +UNWIND nodes(path) as n +OPTIONAL MATCH (n)-[pfr]-(pf:ProwlerFinding {status: 'FAIL', provider_uid: $provider_uid}) + +RETURN path, collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr +\`\`\` + +### Network Exposure + +\`\`\`cypher +// Match the Internet sentinel node +OPTIONAL MATCH (internet:Internet {_provider_id: $provider_id}) + +// Match exposed resources (MUST chain from aws) +MATCH path = (aws:AWSAccount {id: $provider_uid})--(resource:EC2Instance) +WHERE resource.exposed_internet = true + +// Link Internet to resource +OPTIONAL MATCH (internet)-[can_access:CAN_ACCESS]->(resource) + +UNWIND nodes(path) as n +OPTIONAL MATCH (n)-[pfr]-(pf:ProwlerFinding {status: 'FAIL', provider_uid: $provider_uid}) + +RETURN path, collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr, + internet, can_access +\`\`\` + +### IAM Permission Check + +\`\`\`cypher +MATCH path_principal = (aws:AWSAccount {id: $provider_uid})--(principal:AWSPrincipal)--(policy:AWSPolicy)--(stmt:AWSPolicyStatement) +WHERE stmt.effect = 'Allow' + AND any(action IN stmt.action WHERE + toLower(action) = 'iam:passrole' + OR toLower(action) = 'iam:*' + OR action = '*' + ) + +UNWIND nodes(path_principal) as n +OPTIONAL MATCH (n)-[pfr]-(pf:ProwlerFinding {status: 'FAIL', provider_uid: $provider_uid}) + +RETURN path_principal, collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr +\`\`\` + +### Privilege Escalation (Role Assumption Chain) + +\`\`\`cypher +// Find principals with iam:PassRole +MATCH path_principal = (aws:AWSAccount {id: $provider_uid})--(principal:AWSPrincipal)--(policy:AWSPolicy)--(stmt:AWSPolicyStatement) +WHERE stmt.effect = 'Allow' + AND any(action IN stmt.action WHERE + toLower(action) = 'iam:passrole' + OR toLower(action) = 'iam:*' + OR action = '*' + ) + +// Find target roles trusting a service +MATCH path_target = (aws)--(target_role:AWSRole)-[:TRUSTS_AWS_PRINCIPAL]->(:AWSPrincipal {arn: 'ec2.amazonaws.com'}) +WHERE any(resource IN stmt.resource WHERE + resource = '*' + OR target_role.arn CONTAINS resource + OR resource CONTAINS target_role.name +) + +UNWIND nodes(path_principal) + nodes(path_target) as n +OPTIONAL MATCH (n)-[pfr]-(pf:ProwlerFinding {status: 'FAIL', provider_uid: $provider_uid}) + +RETURN path_principal, path_target, + collect(DISTINCT pf) as dpf, collect(DISTINCT pfr) as dpfr +\`\`\` + +## Best Practices + +1. **Always scope by provider**: Use \`{id: $provider_uid}\` on \`AWSAccount\` nodes. Use \`{_provider_id: $provider_id}\` on non-account nodes that need provider scoping (e.g., \`Internet\`). +2. **Chain all MATCHes from the root account node**: Every \`MATCH\` must connect to the \`aws\` variable. The \`Internet\` node is the only exception (uses \`OPTIONAL MATCH\` with \`_provider_id\`). +3. **Include Prowler findings**: Always add the \`OPTIONAL MATCH\` for \`ProwlerFinding\` nodes. +4. **Return distinct findings**: Use \`collect(DISTINCT pf)\` to avoid duplicates. +5. **Comment the query purpose**: Add inline comments explaining each \`MATCH\` clause. +6. **Use alternatives for unsupported features**: Replace \`=~\` with \`toLower()\` + exact match or \`CONTAINS\`/\`STARTS WITH\`. Replace \`reduce()\` with \`UNWIND\` + \`collect()\`. +`, +}; diff --git a/ui/lib/lighthouse/skills/index.ts b/ui/lib/lighthouse/skills/index.ts index 2ec8d586d7..b0b3156466 100644 --- a/ui/lib/lighthouse/skills/index.ts +++ b/ui/lib/lighthouse/skills/index.ts @@ -1,3 +1,9 @@ +import { customAttackPathQuerySkill } from "./definitions/attack-path-custom-query"; +import { registerSkill } from "./registry"; + +// Explicit registration — tree-shake-proof +registerSkill(customAttackPathQuerySkill); + // Re-export registry functions and types export { getAllSkillMetadata, diff --git a/ui/lib/lighthouse/workflow.ts b/ui/lib/lighthouse/workflow.ts index c94adaf8db..e5811e976a 100644 --- a/ui/lib/lighthouse/workflow.ts +++ b/ui/lib/lighthouse/workflow.ts @@ -87,6 +87,7 @@ const ALLOWED_TOOLS = new Set([ "prowler_app_list_attack_paths_queries", "prowler_app_list_attack_paths_scans", "prowler_app_run_attack_paths_query", + "prowler_app_get_attack_paths_cartography_schema", ]); /** From 0f2fdcfb3f27c72b499b75c2e12646efdbf19012 Mon Sep 17 00:00:00 2001 From: rchotacode <32524742+rchotacode@users.noreply.github.com> Date: Thu, 19 Mar 2026 05:41:58 -0400 Subject: [PATCH 2/4] chore(oraclecloud): Add Oracle Defense Cloud Support (#10376) Co-authored-by: Ronan Chota Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: Hugo P.Brito --- .github/workflows/sdk-refresh-oci-regions.yml | 3 ++- prowler/CHANGELOG.md | 1 + prowler/providers/oraclecloud/config.py | 13 ++++++++++++- util/update_oci_regions.py | 4 ++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sdk-refresh-oci-regions.yml b/.github/workflows/sdk-refresh-oci-regions.yml index e9a3665911..c4c2ad1a5a 100644 --- a/.github/workflows/sdk-refresh-oci-regions.yml +++ b/.github/workflows/sdk-refresh-oci-regions.yml @@ -72,12 +72,13 @@ jobs: This PR updates the `OCI_COMMERCIAL_REGIONS` dictionary in `prowler/providers/oraclecloud/config.py` with the latest regions fetched from the OCI Identity API (`list_regions()`). - Government regions (`OCI_GOVERNMENT_REGIONS`) are preserved unchanged + - DOD regions (`OCI_US_DOD_REGIONS`) are preserved unchanged - Region display names are mapped from Oracle's official documentation ### Checklist - [x] This is an automated update from OCI official sources - - [x] Government regions (us-langley-1, us-luke-1) preserved + - [x] Government regions (us-langley-1, us-luke-1) and DOD regions (us-gov-ashburn-1, us-gov-phoenix-1, us-gov-chicago-1) are preserved - [x] No manual review of region data required ### License diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 9f0b773bd5..351fea5b78 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -25,6 +25,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update M365 Teams service metadata to new format [(#9685)](https://github.com/prowler-cloud/prowler/pull/9685) - Update M365 Entra ID service metadata to new format [(#9682)](https://github.com/prowler-cloud/prowler/pull/9682) - Update ResourceType and Categories for Azure Entra ID service metadata [(#10334)](https://github.com/prowler-cloud/prowler/pull/10334) +- Update OCI Regions to include US DoD regions [(#10375)](https://github.com/prowler-cloud/prowler/pull/10376) ### 🔐 Security diff --git a/prowler/providers/oraclecloud/config.py b/prowler/providers/oraclecloud/config.py index 9e428672d5..0c20c44f57 100644 --- a/prowler/providers/oraclecloud/config.py +++ b/prowler/providers/oraclecloud/config.py @@ -65,5 +65,16 @@ OCI_GOVERNMENT_REGIONS = { "us-luke-1": "US Gov East", } +# OCI Defense Regions +OCI_US_DOD_REGIONS = { + "us-gov-ashburn-1": "US DoD East (Ashburn)", + "us-gov-chicago-1": "US DoD North (Chicago)", + "us-gov-phoenix-1": "US DoD West (Phoenix)", +} + # All OCI Regions -OCI_REGIONS = {**OCI_COMMERCIAL_REGIONS, **OCI_GOVERNMENT_REGIONS} +OCI_REGIONS = { + **OCI_COMMERCIAL_REGIONS, + **OCI_GOVERNMENT_REGIONS, + **OCI_US_DOD_REGIONS, +} diff --git a/util/update_oci_regions.py b/util/update_oci_regions.py index 1d778b777a..cb012bec58 100644 --- a/util/update_oci_regions.py +++ b/util/update_oci_regions.py @@ -156,6 +156,10 @@ def update_config_file(regions, config_file_path): raise Exception( "Validation failed: OCI_GOVERNMENT_REGIONS section missing after update. Aborting to prevent data loss." ) + if "OCI_US_DOD_REGIONS" not in updated_content: + raise Exception( + "Validation failed: OCI_US_DOD_REGIONS section missing after update. Aborting to prevent data loss." + ) # Verify the replacement was successful if updated_content == config_content: From 5c4ee0bc484eb41c1ff49f2b13bbab2785dfb949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20De=20la=20Torre=20Vico?= Date: Thu, 19 Mar 2026 10:47:46 +0100 Subject: [PATCH 3/4] chore(mcp): bump MCP server version to 0.5.0 (#10383) --- mcp_server/CHANGELOG.md | 2 +- mcp_server/prowler_mcp_server/__init__.py | 2 +- mcp_server/pyproject.toml | 2 +- mcp_server/uv.lock | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/mcp_server/CHANGELOG.md b/mcp_server/CHANGELOG.md index 0b2589fb7c..a6e83a7569 100644 --- a/mcp_server/CHANGELOG.md +++ b/mcp_server/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the **Prowler MCP Server** are documented in this file. -## [0.5.0] (Prowler v5.20.0 UNRELEASED) +## [0.5.0] (Prowler v5.20.0) ### 🚀 Added diff --git a/mcp_server/prowler_mcp_server/__init__.py b/mcp_server/prowler_mcp_server/__init__.py index 5fcfa74c55..fe7af2dcea 100644 --- a/mcp_server/prowler_mcp_server/__init__.py +++ b/mcp_server/prowler_mcp_server/__init__.py @@ -5,7 +5,7 @@ This package provides MCP tools for accessing: - Prowler Hub: All security artifacts (detections, remediations and frameworks) supported by Prowler """ -__version__ = "0.4.0" +__version__ = "0.5.0" __author__ = "Prowler Team" __email__ = "engineering@prowler.com" diff --git a/mcp_server/pyproject.toml b/mcp_server/pyproject.toml index 2cfb14e671..4ea4a9859e 100644 --- a/mcp_server/pyproject.toml +++ b/mcp_server/pyproject.toml @@ -11,7 +11,7 @@ description = "MCP server for Prowler ecosystem" name = "prowler-mcp" readme = "README.md" requires-python = ">=3.12" -version = "0.4.0" +version = "0.5.0" [project.scripts] prowler-mcp = "prowler_mcp_server.main:main" diff --git a/mcp_server/uv.lock b/mcp_server/uv.lock index f98c2eaa57..31e4dd84d6 100644 --- a/mcp_server/uv.lock +++ b/mcp_server/uv.lock @@ -717,7 +717,7 @@ wheels = [ [[package]] name = "prowler-mcp" -version = "0.3.0" +version = "0.5.0" source = { editable = "." } dependencies = [ { name = "fastmcp" }, From 8317eff67b0096cefa047e55124719022c17eb06 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Thu, 19 Mar 2026 10:09:51 +0000 Subject: [PATCH 4/4] chore(changelog): prepare for v5.21.0 (#10380) --- api/CHANGELOG.md | 4 ++-- mcp_server/CHANGELOG.md | 2 +- prowler/CHANGELOG.md | 12 ++++++------ ui/CHANGELOG.md | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 15702e342d..7cd4fce52f 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -2,16 +2,16 @@ All notable changes to the **Prowler API** are documented in this file. -## [1.22.0] (Prowler UNRELEASED) +## [1.22.0] (Prowler v5.21.0) ### 🚀 Added - `CORS_ALLOWED_ORIGINS` configurable via environment variable [(#10355)](https://github.com/prowler-cloud/prowler/pull/10355) +- Attack Paths: Tenant and provider related labels to the nodes so they can be easily filtered on custom queries [(#10308)](https://github.com/prowler-cloud/prowler/pull/10308) ### 🔄 Changed - Attack Paths: Complete migration to private graph labels and properties, removing deprecated dual-write support [(#10268)](https://github.com/prowler-cloud/prowler/pull/10268) -- Attack Paths: Added tenant and provider related labels to the nodes so they can be easily filtered on custom queries [(#10308)](https://github.com/prowler-cloud/prowler/pull/10308) - Attack Paths: Reduce sync and findings memory usage with smaller batches, cursor iteration, and sequential sessions [(#10359)](https://github.com/prowler-cloud/prowler/pull/10359) ### 🐞 Fixed diff --git a/mcp_server/CHANGELOG.md b/mcp_server/CHANGELOG.md index a6e83a7569..0a91ce06a7 100644 --- a/mcp_server/CHANGELOG.md +++ b/mcp_server/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the **Prowler MCP Server** are documented in this file. -## [0.5.0] (Prowler v5.20.0) +## [0.5.0] (Prowler v5.21.0) ### 🚀 Added diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 351fea5b78..9c57c2bece 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the **Prowler SDK** are documented in this file. -## [5.21.0] (Prowler UNRELEASED) +## [5.21.0] (Prowler v5.21.0) ### 🚀 Added @@ -10,7 +10,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - `entra_conditional_access_policy_device_code_flow_blocked` check for M365 provider [(#10218)](https://github.com/prowler-cloud/prowler/pull/10218) - RBI compliance for the Azure provider [(#10339)](https://github.com/prowler-cloud/prowler/pull/10339) -`entra_conditional_access_policy_require_mfa_for_admin_portals` check for Azure provider and update CIS compliance [(#10330)](https://github.com/prowler-cloud/prowler/pull/10330) -- CheckMetadata Pydantic validators [(#8584)](https://github.com/prowler-cloud/prowler/pull/8583) +- CheckMetadata Pydantic validators [(#8583)](https://github.com/prowler-cloud/prowler/pull/8583) - `organization_repository_deletion_limited` check for GitHub provider [(#10185)](https://github.com/prowler-cloud/prowler/pull/10185) - SecNumCloud 3.2 for the GCP provider [(#10364)](https://github.com/prowler-cloud/prowler/pull/10364) - SecNumCloud 3.2 for the Azure provider [(#10358)](https://github.com/prowler-cloud/prowler/pull/10358) @@ -27,16 +27,16 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update ResourceType and Categories for Azure Entra ID service metadata [(#10334)](https://github.com/prowler-cloud/prowler/pull/10334) - Update OCI Regions to include US DoD regions [(#10375)](https://github.com/prowler-cloud/prowler/pull/10376) -### 🔐 Security - -- Bump `multipart` to 1.3.1 to fix [GHSA-p2m9-wcp5-6qw3](https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3) [(#10331)](https://github.com/prowler-cloud/prowler/pull/10331) - ### 🐞 Fixed - Route53 dangling IP check false positive when using `--region` flag [(#9952)](https://github.com/prowler-cloud/prowler/pull/9952) - RBI compliance framework support on Prowler Dashboard for the Azure provider [(#10360)](https://github.com/prowler-cloud/prowler/pull/10360) - CheckMetadata strict validators rejecting valid external tool provider data (image, iac, llm) [(#10363)](https://github.com/prowler-cloud/prowler/pull/10363) +### 🔐 Security + +- Bump `multipart` to 1.3.1 to fix [GHSA-p2m9-wcp5-6qw3](https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3) [(#10331)](https://github.com/prowler-cloud/prowler/pull/10331) + --- ## [5.20.0] (Prowler v5.20.0) diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index 4e1a50d510..2c17bcc5d6 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to the **Prowler UI** are documented in this file. -## [1.21.0] (Prowler v5.21.0 UNRELEASED) +## [1.21.0] (Prowler v5.21.0) ### 🚀 Added @@ -13,8 +13,8 @@ All notable changes to the **Prowler UI** are documented in this file. - Google Workspace provider support [(#10333)](https://github.com/prowler-cloud/prowler/pull/10333) - Image (Container Registry) provider support in UI: badge icon, credentials form, and provider-type filtering [(#10167)](https://github.com/prowler-cloud/prowler/pull/10167) -- Organization and organizational unit row actions (Edit Name, Update Credentials, Test Connections, Delete) in providers table dropdown [(#10317)](https://github.com/prowler-cloud/prowler/pull/10317) - Events tab in Findings and Resource detail cards showing an AWS CloudTrail timeline with expandable event rows, actor info, request/response JSON payloads, and error details [(#10320)](https://github.com/prowler-cloud/prowler/pull/10320) +- AWS Organization and organizational unit row actions (Edit Name, Update Credentials, Test Connections, Delete) in providers table dropdown [(#10317)](https://github.com/prowler-cloud/prowler/pull/10317) ---