mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
docs: add scan scheduling guide (#11729)
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com> Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
This commit is contained in:
@@ -125,6 +125,7 @@
|
||||
"user-guide/tutorials/prowler-app-multi-tenant",
|
||||
"user-guide/tutorials/prowler-app-api-keys",
|
||||
"user-guide/tutorials/prowler-import-findings",
|
||||
"user-guide/tutorials/prowler-scan-scheduling",
|
||||
"user-guide/tutorials/prowler-alerts",
|
||||
"user-guide/tutorials/prowler-app-scan-configuration",
|
||||
{
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 28 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 45 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 123 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 106 KiB |
@@ -10,7 +10,7 @@ import { VersionBadge } from "/snippets/version-badge.mdx"
|
||||
Alerts notify recipients by email when security findings match saved filter conditions. Use Alerts to track high-priority findings, monitor specific providers or services, and keep teams informed about scan results that match defined criteria.
|
||||
|
||||
<Note>
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [paid subscription](https://prowler.com/pricing).
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [subscription](https://prowler.com/pricing).
|
||||
</Note>
|
||||
|
||||
## Prerequisites
|
||||
|
||||
@@ -10,7 +10,7 @@ import { VersionBadge } from "/snippets/version-badge.mdx"
|
||||
Prowler Cloud enables you to onboard all AWS accounts in your Organization through a single guided wizard. Instead of connecting accounts one by one, you can discover every account in your AWS Organization, select the ones you want to monitor, test connectivity, and launch scans — all from the Prowler Cloud UI.
|
||||
|
||||
<Note>
|
||||
This feature is **exclusively available in Prowler Cloud**. For CLI-based multi-account scanning, see [AWS Organizations in Prowler CLI](/user-guide/providers/aws/organizations).
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [subscription](https://prowler.com/pricing). For CLI-based multi-account scanning, see [AWS Organizations in Prowler CLI](/user-guide/providers/aws/organizations).
|
||||
</Note>
|
||||
|
||||
## Overview
|
||||
@@ -22,9 +22,9 @@ This feature is **exclusively available in Prowler Cloud**. For CLI-based multi-
|
||||
| **Individual accounts** | A few AWS accounts | Connect each account one by one with its own IAM role. |
|
||||
| **AWS Organizations** | 10+ accounts, or any org-managed environment | Connect once to your management account, discover all member accounts automatically, and scan them in bulk. |
|
||||
|
||||
### How it works
|
||||
### How It Works
|
||||
|
||||
Before using the AWS Organizations wizard, you need to deploy **two IAM roles** in your AWS environment. The onboarding follows this sequence:
|
||||
Before using the AWS Organizations wizard, you need to deploy **two Identity and Access Management (IAM) roles** in your AWS environment. The onboarding follows this sequence:
|
||||
|
||||
<Frame>
|
||||
<img src="/images/organizations/onboarding-flow.svg" alt="Onboarding flow: 1. Create Management Account Role (Quick Create or Manual), 2. Deploy StackSet, 3. Run the Wizard, 4. Launch Scans" />
|
||||
@@ -32,7 +32,7 @@ Before using the AWS Organizations wizard, you need to deploy **two IAM roles**
|
||||
|
||||
## Key Concepts
|
||||
|
||||
### What is an External ID?
|
||||
### What Is an External ID?
|
||||
|
||||
An **External ID** is a security token that Prowler generates unique to your tenant. When Prowler assumes the IAM role in your AWS account, it presents this External ID to prove its identity.
|
||||
|
||||
@@ -57,7 +57,7 @@ Prowler requires **two separate IAM roles** deployed in different places, each w
|
||||
**Same name, different permissions.** Both roles are named `ProwlerScan` — Prowler expects a consistent role name across all accounts. The management account role has the same scanning permissions as member accounts, plus additional Organizations discovery permissions (see [Step 1](#step-1-create-the-management-account-role) for the full list).
|
||||
</Note>
|
||||
|
||||
### What is a CloudFormation StackSet?
|
||||
### What Is a CloudFormation StackSet?
|
||||
|
||||
A [CloudFormation StackSet](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html) lets you deploy the same CloudFormation template across multiple AWS accounts in a single operation. Prowler uses a StackSet to deploy the **ProwlerScan** IAM role into every member account of your organization, so you don't have to create the role manually in each account.
|
||||
|
||||
@@ -437,14 +437,11 @@ If connection tests fail, here's how to fix common issues:
|
||||
|
||||
### Choose Scan Schedule
|
||||
|
||||
| Schedule Option | Description |
|
||||
|-----------------|-------------|
|
||||
| **Scan Daily (every 24 hours)** | Creates a recurring daily scan for all connected accounts (default). |
|
||||
| **Run a single scan (no recurring schedule)** | Launches a one-time scan. |
|
||||
The Organizations wizard uses the same schedule controls described in [Scan Scheduling](/user-guide/tutorials/prowler-scan-scheduling#schedule-options).
|
||||
|
||||
### Launch
|
||||
|
||||
Click **Launch scan**. A toast notification confirms: *"Scan Launched — Daily scan scheduled for X accounts"* with a link to the Scans page. You will be redirected to the **Providers** page.
|
||||
Click **Save**, **Save and launch scan**, or **Launch scan**, depending on the selected schedule option. A toast notification confirms whether the schedule was saved, scans were launched, or both. The toast includes a link to the **Scans** page. Prowler redirects to the **Providers** page.
|
||||
|
||||
Scans are only launched for accounts that are accessible (passed connection testing) and were selected.
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ import { VersionBadge } from "/snippets/version-badge.mdx"
|
||||
Findings Ingestion enables uploading OCSF (Open Cybersecurity Schema Framework) scan results to Prowler Cloud. This feature supports importing findings from Prowler CLI output files that use the [Detection Finding](https://schema.ocsf.io/classes/detection_finding) class.
|
||||
|
||||
<Note>
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [paid subscription](https://prowler.com/pricing).
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [subscription](https://prowler.com/pricing).
|
||||
</Note>
|
||||
|
||||
## OCSF Detection Finding format
|
||||
|
||||
@@ -0,0 +1,107 @@
|
||||
---
|
||||
title: 'Scan Scheduling'
|
||||
description: 'Create, edit, and monitor recurring scans in Prowler Cloud and Enterprise.'
|
||||
---
|
||||
|
||||
import { VersionBadge } from "/snippets/version-badge.mdx"
|
||||
|
||||
<VersionBadge version="5.31.0" />
|
||||
|
||||
Scan Scheduling lets Prowler run recurring scans for connected providers. Use it to keep findings, compliance results, and resource inventory up to date without launching every scan manually.
|
||||
|
||||
<Note>
|
||||
This feature is available exclusively in **Prowler Cloud** and **Prowler Enterprise** with a [subscription](https://prowler.com/pricing).
|
||||
</Note>
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before creating or editing scan schedules, ensure that:
|
||||
|
||||
* At least one provider is connected.
|
||||
* The user role includes the **Manage Scans** permission, configured through Role-Based Access Control (RBAC). See [RBAC Administrative Permissions](/user-guide/tutorials/prowler-app-rbac#rbac-administrative-permissions) for details.
|
||||
|
||||
## Schedule Options
|
||||
|
||||
A Prowler Cloud or Enterprise subscription supports the following custom recurring schedule options. Prowler self-hosted runs a daily scan automatically and does not expose custom cadence controls.
|
||||
|
||||
| Schedule Option | Description | Cloud & Enterprise | Self-Hosted |
|
||||
|-----------------|-------------|--------------------|-------------|
|
||||
| Daily | Runs one scan every day at the selected time. | Yes | Yes |
|
||||
| Every 48 hours | Runs one scan every 48 hours, anchored to the selected time. | Yes | — |
|
||||
| Weekly | Runs one scan every week on the selected day and time. | Yes | — |
|
||||
| Monthly | Runs one scan every month on the selected day, from day 1 to day 28. | Yes | — |
|
||||
|
||||
The scan time is always selected on the hour (for example, 14:00); minutes cannot be set. The schedule time uses the browser timezone when the schedule is saved. Prowler displays the next scheduled scan in that timezone.
|
||||
|
||||
## Create a Schedule From Scans
|
||||
|
||||
To create a schedule from the **Scans** page:
|
||||
|
||||
1. Navigate to **Scans**.
|
||||
2. Click **Launch Scan**.
|
||||
3. Select a connected provider.
|
||||
4. Select **On a schedule**.
|
||||
5. Choose the **Scan Time** and **Repeats** values.
|
||||
6. Optional: select **Launch an initial scan now for immediate findings** to run a scan immediately after saving the recurring schedule.
|
||||
7. Click **Save Schedule**.
|
||||
|
||||
<Frame>
|
||||
<img src="/images/prowler-app/scan-scheduling/launch-scan-schedule.png" alt="Launch A Scan modal showing On a schedule mode, weekly schedule controls, and Save Schedule button" />
|
||||
</Frame>
|
||||
|
||||
After the schedule is saved, Prowler shows a confirmation toast with a link to the **Scheduled** tab.
|
||||
|
||||
## Edit Schedules From Providers
|
||||
|
||||
The **Providers** page shows each provider's current schedule in the **Scan Schedule** column. Providers without a recurring schedule show **None**.
|
||||
|
||||
<Frame>
|
||||
<img src="/images/prowler-app/scan-scheduling/providers-scan-schedule.png" alt="Providers table showing the Scan Schedule column with Daily and None schedule states" />
|
||||
</Frame>
|
||||
|
||||
To edit a provider schedule:
|
||||
|
||||
1. Navigate to **Providers**.
|
||||
2. Open the provider row actions menu.
|
||||
3. Click **Edit Scan Schedule**.
|
||||
4. Update the schedule fields.
|
||||
5. Click **Save**.
|
||||
|
||||
<Frame>
|
||||
<img src="/images/prowler-app/scan-scheduling/edit-scan-schedule.png" alt="Edit Scan Schedule modal showing a weekly provider schedule and Remove Scan Schedule action" />
|
||||
</Frame>
|
||||
|
||||
To stop automatic scans for a provider, click **Remove Scan Schedule** in the edit modal. Removing a schedule stops future automatic scans; existing completed scan results remain available.
|
||||
|
||||
## Bulk Edit Schedules
|
||||
|
||||
Use bulk schedule editing when several providers need the same recurring cadence.
|
||||
|
||||
To bulk edit provider schedules:
|
||||
|
||||
1. Navigate to **Providers**.
|
||||
2. Select the provider rows that should receive the same schedule.
|
||||
3. Open the selected-row actions menu.
|
||||
4. Click **Edit Scan Schedule (N)**, where **N** is the number of selected providers.
|
||||
5. Save the schedule.
|
||||
|
||||
For AWS Organizations and Organizational Unit rows, **Edit Scan Schedule** applies the schedule to the connected child providers in that group.
|
||||
|
||||
<Warning>
|
||||
Bulk schedule edits apply one schedule to every selected provider. If the wrong providers are selected, Prowler applies the same cadence to unintended providers. To recover, reopen bulk edit with the correct selection or update affected provider schedules individually.
|
||||
</Warning>
|
||||
|
||||
## Review Scheduled Scans
|
||||
|
||||
To review upcoming scheduled scans:
|
||||
|
||||
1. Navigate to **Scans**.
|
||||
2. Click the **Scheduled** tab.
|
||||
|
||||
The **Scheduled** tab shows configured schedules, next scan time, and last scan time. Pending rows represent configured schedules that have not started their next scan yet.
|
||||
|
||||
<Frame>
|
||||
<img src="/images/prowler-app/scan-scheduling/scheduled-scans-tab.png" alt="Scans Scheduled tab showing pending scheduled scans, schedule cadence, next scan, and last scan columns" />
|
||||
</Frame>
|
||||
|
||||
To edit a schedule from this tab, open the row actions menu and click **Edit Scan Schedule**.
|
||||
Reference in New Issue
Block a user