docs: workshop as docs PoC

2026-04-14 00:19:46 +00:00 · 2025-10-28 08:13:44 +01:00
10 changed files with 2951 additions and 0 deletions
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -251,6 +251,25 @@
          }
        ]
      },
      {
        "tab": "Workshop",
        "groups": [
          {
            "group": "Hands-On Labs",
            "pages": [
              "workshop/introduction",
              "workshop/lab-01-getting-started",
              "workshop/lab-02-threat-detection",
              "workshop/lab-03-custom-checks",
              "workshop/lab-04-azure-multicloud",
              "workshop/lab-05-gcp-multicloud",
              "workshop/lab-06-compliance-as-code",
              "workshop/lab-07-integrations",
              "workshop/lab-08-prowler-saas"
            ]
          }
        ]
      },
      {
        "tab": "Developer Guide",
        "groups": [
--- a/docs/workshop/introduction.mdx
+++ b/docs/workshop/introduction.mdx
@@ -0,0 +1,54 @@
 ---
 title: "Workshop Introduction"
 description: "Hands-on labs to master Prowler's cloud security capabilities across AWS, Azure, and GCP"
 ---
 # Prowler Workshop
 Welcome to the Prowler Workshop. This hands-on training provides practical experience with Prowler's cloud security monitoring and compliance automation capabilities across multiple cloud platforms.
 ## Workshop Overview
 This workshop consists of eight progressive labs designed to guide you through Prowler's core features and advanced capabilities:
 * **Lab 1:** Getting Started with Prowler CLI
 * **Lab 2:** Threat Detection with Prowler
 * **Lab 3:** Custom Checks with Prowler
 * **Lab 4:** Multi-Cloud Security with Prowler (Azure)
 * **Lab 5:** Multi-Cloud Security with Prowler (GCP)
 * **Lab 6:** Compliance as Code with Prowler
 * **Lab 7:** Integrations with Prowler (AWS Security Hub)
 * **Lab 8:** Prowler SaaS Platform
 ## Lab Structure
 Each lab is self-contained and includes:
 * **Prerequisites:** Required cloud accounts, tools, and prior lab dependencies
 * **Objectives:** Clear learning goals for the lab
 * **Step-by-step instructions:** Detailed guidance through each task
 * **Expected outcomes:** What you should achieve by completing the lab
 * **Verification steps:** How to confirm successful completion
 ## Prerequisites Approach
 Each lab specifies its own prerequisites, as different labs require different cloud provider accounts, tools, and access levels. Review the prerequisites section at the beginning of each lab before starting.
 ## How to Use This Workshop
 * Labs are designed to be completed sequentially, as later labs may build on concepts from earlier ones
 * Estimated time to complete varies by lab (typically 30-60 minutes each)
 * You can pause between labs and resume later
 * Some labs can be completed independently if you have the necessary prerequisites
 ## Getting Help
 If you encounter issues during the workshop:
 * Refer to the [Troubleshooting](/troubleshooting) guide
 * Join the [Prowler Slack community](https://goto.prowler.com/slack)
 * Visit the [Prowler GitHub repository](https://github.com/prowler-cloud/prowler) for documentation and issues
 ## Ready to Start?
 Begin with [Lab 1: Getting Started with Prowler CLI](/workshop/lab-01-getting-started) to set up your environment and run your first security scan.
--- a/docs/workshop/lab-01-getting-started.mdx
+++ b/docs/workshop/lab-01-getting-started.mdx
@@ -0,0 +1,203 @@
 ---
 title: "Lab 1: Getting Started with Prowler CLI"
 description: "Install Prowler CLI and run your first cloud security assessment on AWS"
 ---
 <Note>
 **Tags:** `workshop` `aws` `getting-started` `beginner` `cli`
 </Note>
 # Lab 1: Getting Started with Prowler CLI
 Learn to install Prowler CLI and perform your first cloud security assessment on AWS.
 ## Prerequisites
 * AWS account with active resources
 * AWS CLI installed and configured
 * IAM credentials with appropriate permissions (see [AWS Authentication](/user-guide/providers/aws/authentication))
 * Python 3.9 or higher
 * Basic command-line experience
 **Estimated Time:** 30 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Install Prowler CLI using pip
 * Configure AWS credentials for Prowler
 * Execute your first security scan
 * Understand Prowler's output formats
 * Review security findings
 ## Step 1: Install Prowler CLI
 Install Prowler using pip:
 ```bash
 pip install prowler
 ```
 Verify the installation:
 ```bash
 prowler -v
 ```
 Expected output:
 ```
 Prowler X.X.X
 ```
 <Tip>
 For alternative installation methods (Docker, from source), see [Prowler CLI Installation](/getting-started/installation/prowler-cli).
 </Tip>
 ## Step 2: Configure AWS Credentials
 Ensure AWS credentials are configured. Prowler uses the same credential chain as AWS CLI.
 Verify credentials:
 ```bash
 aws sts get-caller-identity
 ```
 Expected output:
 ```json
 {
    "UserId": "AIDACKCEVSQ6C2EXAMPLE",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/username"
 }
 ```
 <Note>
 [Note: Screenshot of slide 8 showing AWS credential verification - to be added]
 </Note>
 ## Step 3: Run Your First Scan
 Execute a basic Prowler scan:
 ```bash
 prowler aws
 ```
 This command:
 * Scans all enabled AWS regions
 * Runs all available security checks
 * Generates output in the current directory
 <Note>
 The scan may take 5-15 minutes depending on the number of resources in your AWS account.
 </Note>
 ## Step 4: Understanding the Output
 Prowler generates multiple output formats in the `output` directory:
 * **CSV:** Detailed findings (`prowler-output-*.csv`)
 * **JSON:** Machine-readable format (`prowler-output-*.json`)
 * **HTML:** Human-readable report (`prowler-output-*.html`)
 Review the HTML report:
 ```bash
 open output/prowler-output-*.html
 ```
 <Note>
 [Note: Screenshot of slide 10 showing HTML report - to be added]
 </Note>
 ## Step 5: Analyze Security Findings
 Examine the findings structure in the HTML report:
 * **Status:** PASS, FAIL, or MANUAL
 * **Severity:** critical, high, medium, low, informational
 * **Service:** AWS service affected (e.g., S3, IAM, EC2)
 * **Check ID:** Unique identifier for each check
 * **Region:** AWS region where the resource exists
 * **Resource:** Specific resource ARN or identifier
 Example finding structure:
 ```json
 {
  "Status": "FAIL",
  "Severity": "high",
  "Service": "s3",
  "CheckID": "s3_bucket_public_access",
  "Region": "us-east-1",
  "Resource": "arn:aws:s3:::my-bucket"
 }
 ```
 ## Step 6: Filter Scan by Service
 Run a targeted scan for specific AWS services:
 ```bash
 prowler aws --services s3 iam
 ```
 This scans only S3 and IAM services, reducing execution time.
 ## Step 7: Run Checks by Severity
 Scan for critical and high-severity findings only:
 ```bash
 prowler aws --severity critical high
 ```
 This focuses on the most important security issues.
 <Note>
 [Note: Screenshot of slide 13 showing severity filtering - to be added]
 </Note>
 ## Verification Steps
 Confirm successful lab completion:
 1. Prowler CLI installed and version verified
 2. AWS credentials properly configured
 3. First scan completed successfully
 4. Output files generated in the `output` directory
 5. HTML report reviewed and findings understood
 6. Filtered scans executed by service and severity
 ## Expected Outcomes
 After completing this lab, you should have:
 * Working Prowler CLI installation
 * Understanding of basic Prowler commands
 * Knowledge of output formats
 * Ability to run targeted scans
 * Familiarity with finding severity levels
 ## Troubleshooting
 **Issue:** `prowler: command not found`
 * **Solution:** Ensure Python's bin directory is in your PATH, or use `python3 -m prowler`
 **Issue:** AWS credentials error
 * **Solution:** Run `aws configure` to set up credentials, or use environment variables
 **Issue:** Scan takes too long
 * **Solution:** Use `--services` to scan specific services or `--regions` to limit regions
 ## Next Steps
 Continue to [Lab 2: Threat Detection with Prowler](/workshop/lab-02-threat-detection) to learn about identifying security threats in your AWS environment.
 ## Additional Resources
 * [Prowler CLI Documentation](/getting-started/basic-usage/prowler-cli)
 * [AWS Authentication Methods](/user-guide/providers/aws/authentication)
 * [Output Formats](/user-guide/cli/tutorials/reporting)
--- a/docs/workshop/lab-02-threat-detection.mdx
+++ b/docs/workshop/lab-02-threat-detection.mdx
@@ -0,0 +1,263 @@
 ---
 title: "Lab 2: Threat Detection with Prowler"
 description: "Identify and analyze security threats in AWS environments using Prowler's threat detection capabilities"
 ---
 <Note>
 **Tags:** `workshop` `aws` `threat-detection` `intermediate` `security`
 </Note>
 # Lab 2: Threat Detection with Prowler
 Learn to identify security threats, exposed resources, and potential attack vectors in AWS environments using Prowler's threat detection features.
 ## Prerequisites
 * Completion of [Lab 1: Getting Started with Prowler CLI](/workshop/lab-01-getting-started)
 * AWS account with resources (EC2 instances, S3 buckets, security groups)
 * Prowler CLI installed and configured
 * Basic understanding of AWS security concepts
 **Estimated Time:** 45 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Understand Prowler's threat detection capabilities
 * Identify publicly exposed resources
 * Detect insecure configurations
 * Analyze CloudTrail events for suspicious activity
 * Prioritize security findings by risk
 ## Step 1: Understanding Threat Detection Checks
 Prowler includes checks that identify:
 * Public exposure (S3 buckets, EC2 instances, RDS databases)
 * Insecure network configurations (security groups, NACLs)
 * Weak encryption settings
 * Suspicious IAM permissions
 * CloudTrail anomalies
 List threat detection checks:
 ```bash
 prowler aws --list-checks | grep -i "public\|exposed\|open"
 ```
 ## Step 2: Scan for Publicly Exposed Resources
 Run a scan focusing on public exposure:
 ```bash
 prowler aws --checks s3_bucket_public_access ec2_instance_public_ip rds_instance_publicly_accessible
 ```
 This identifies:
 * S3 buckets with public access
 * EC2 instances with public IPs
 * RDS databases accessible from the internet
 <Note>
 [Note: Screenshot of slide 17 showing public exposure findings - to be added]
 </Note>
 ## Step 3: Analyze Security Group Misconfigurations
 Security groups control network access. Scan for insecure rules:
 ```bash
 prowler aws --services ec2 --checks ec2_securitygroup*
 ```
 Look for findings related to:
 * `0.0.0.0/0` ingress rules (any IP can connect)
 * Open high-risk ports (22, 3389, 3306, 5432)
 * Overly permissive egress rules
 Example vulnerable security group:
 ```
 Port 22 (SSH) open to 0.0.0.0/0
 Port 3389 (RDP) open to 0.0.0.0/0
 ```
 <Warning>
 Security groups with `0.0.0.0/0` on sensitive ports expose resources to the entire internet and should be restricted immediately.
 </Warning>
 ## Step 4: Check for Unencrypted Data
 Scan for unencrypted storage and data transmission:
 ```bash
 prowler aws --checks s3_bucket_default_encryption ebs_volume_encryption rds_instance_storage_encrypted
 ```
 Key checks:
 * S3 bucket default encryption disabled
 * EBS volumes without encryption
 * RDS instances with unencrypted storage
 <Note>
 [Note: Screenshot of slide 20 showing encryption findings - to be added]
 </Note>
 ## Step 5: CloudTrail Threat Detection
 Enable CloudTrail event analysis to detect suspicious activity:
 ```bash
 prowler aws --services cloudtrail
 ```
 Prowler checks for:
 * CloudTrail disabled in regions
 * Log file validation disabled
 * S3 bucket not encrypted
 * CloudWatch logging not configured
 <Tip>
 CloudTrail provides audit logs of API calls. Proper configuration is essential for threat detection and incident response.
 </Tip>
 ## Step 6: Analyze IAM Security Risks
 Identify IAM misconfigurations that could lead to privilege escalation:
 ```bash
 prowler aws --services iam --severity critical high
 ```
 Look for:
 * Root account usage
 * IAM users without MFA
 * Overly permissive IAM policies (e.g., `*:*`)
 * Inactive credentials not rotated
 Example critical finding:
 ```
 IAM user with administrative privileges without MFA enabled
 ```
 ## Step 7: Generate a Threat-Focused Report
 Create a filtered report with only security threats:
 ```bash
 prowler aws --severity critical high --status FAIL -o html json
 ```
 This generates reports containing only:
 * Critical and high-severity findings
 * Failed checks (PASS checks excluded)
 Review the HTML report:
 ```bash
 open output/prowler-output-*.html
 ```
 <Note>
 [Note: Screenshot of slide 25 showing threat-focused report - to be added]
 </Note>
 ## Step 8: Prioritize Findings
 Categorize findings by risk level:
 **Critical Priority (Address Immediately):**
 * S3 buckets with public write access
 * Root account without MFA
 * Database instances publicly accessible
 * Security groups open to `0.0.0.0/0` on sensitive ports
 **High Priority (Address Soon):**
 * Unencrypted storage volumes
 * CloudTrail logging disabled
 * IAM users without MFA
 * Overly permissive IAM policies
 **Medium Priority (Address as Resources Allow):**
 * Old access keys not rotated
 * S3 bucket logging disabled
 * VPC flow logs not enabled
 ## Step 9: Export Findings for Remediation
 Export findings to CSV for tracking:
 ```bash
 prowler aws --severity critical high --status FAIL -o csv
 ```
 Share the CSV with your security team for remediation tracking.
 ## Verification Steps
 Confirm successful lab completion:
 1. Identified publicly exposed resources
 2. Detected insecure security group configurations
 3. Found unencrypted data storage
 4. Reviewed CloudTrail security settings
 5. Analyzed IAM security risks
 6. Generated threat-focused reports
 7. Prioritized findings by risk level
 ## Expected Outcomes
 After completing this lab, you should:
 * Understand common AWS security threats
 * Know how to identify exposed resources
 * Be able to prioritize security findings
 * Have generated threat detection reports
 ## Remediation Examples
 **Example 1: Remove public access from S3 bucket**
 ```bash
 aws s3api put-public-access-block \
    --bucket my-bucket \
    --public-access-block-configuration \
    "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
 ```
 **Example 2: Restrict security group rule**
 ```bash
 aws ec2 revoke-security-group-ingress \
    --group-id sg-12345678 \
    --protocol tcp \
    --port 22 \
    --cidr 0.0.0.0/0
 ```
 **Example 3: Enable S3 bucket encryption**
 ```bash
 aws s3api put-bucket-encryption \
    --bucket my-bucket \
    --server-side-encryption-configuration \
    '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'
 ```
 ## Troubleshooting
 **Issue:** Too many findings to review
 * **Solution:** Use `--severity critical high` to focus on the most important issues first
 **Issue:** Don't understand a finding
 * **Solution:** Use `--describe-check <check-id>` to get detailed information
 **Issue:** Need to share findings with team
 * **Solution:** Export to CSV or JSON and use collaboration tools
 ## Next Steps
 Continue to [Lab 3: Custom Checks with Prowler](/workshop/lab-03-custom-checks) to learn how to create organization-specific security checks.
 ## Additional Resources
 * [AWS Threat Detection Guide](/user-guide/providers/aws/threat-detection)
 * [Security Best Practices](/user-guide/providers/aws/getting-started-aws)
 * [Prowler Check Reference](https://hub.prowler.com)
--- a/docs/workshop/lab-03-custom-checks.mdx
+++ b/docs/workshop/lab-03-custom-checks.mdx
@@ -0,0 +1,359 @@
 ---
 title: "Lab 3: Custom Checks with Prowler"
 description: "Create organization-specific security checks and customize Prowler for your security requirements"
 ---
 <Note>
 **Tags:** `workshop` `aws` `custom-checks` `advanced` `development`
 </Note>
 # Lab 3: Custom Checks with Prowler
 Learn to create custom security checks tailored to your organization's specific security policies and compliance requirements.
 ## Prerequisites
 * Completion of [Lab 1: Getting Started with Prowler CLI](/workshop/lab-01-getting-started)
 * Prowler CLI installed from source (for custom check development)
 * Python 3.9 or higher
 * Basic Python programming knowledge
 * Understanding of AWS SDK (boto3)
 * Text editor or IDE (VS Code, PyCharm)
 **Estimated Time:** 60 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Understand Prowler's check structure
 * Create a custom security check
 * Test and validate custom checks
 * Use custom check metadata
 * Integrate custom checks into scans
 ## Step 1: Install Prowler from Source
 To develop custom checks, install Prowler from source:
 ```bash
 git clone https://github.com/prowler-cloud/prowler
 cd prowler
 pip install poetry
 poetry install
 ```
 Activate the virtual environment:
 ```bash
 poetry shell
 ```
 Verify installation:
 ```bash
 prowler -v
 ```
 <Note>
 [Note: Screenshot of slide 29 showing source installation - to be added]
 </Note>
 ## Step 2: Understand Check Structure
 Prowler checks are Python files located in:
 ```
 prowler/providers/<provider>/services/<service>/
 ```
 Example check structure:
 ```
 prowler/providers/aws/services/s3/s3_bucket_custom_check/
 ├── s3_bucket_custom_check.py           # Check logic
 └── s3_bucket_custom_check.metadata.json # Check metadata
 ```
 ## Step 3: Create a Custom Check Directory
 Create a custom check to verify S3 buckets have specific naming conventions:
 ```bash
 mkdir -p prowler/providers/aws/services/s3/s3_bucket_naming_convention
 cd prowler/providers/aws/services/s3/s3_bucket_naming_convention
 ```
 ## Step 4: Write the Check Logic
 Create `s3_bucket_naming_convention.py`:
 ```python
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.s3.s3_client import s3_client
 class s3_bucket_naming_convention(Check):
    def execute(self):
        findings = []
        # Define your organization's naming pattern
        naming_pattern = "company-"
        for bucket in s3_client.buckets:
            report = Check_Report_AWS(self.metadata())
            report.region = bucket.region
            report.resource_id = bucket.name
            report.resource_arn = bucket.arn
            report.resource_tags = bucket.tags
            # Check if bucket name follows naming convention
            if bucket.name.startswith(naming_pattern):
                report.status = "PASS"
                report.status_extended = f"S3 bucket {bucket.name} follows naming convention."
            else:
                report.status = "FAIL"
                report.status_extended = f"S3 bucket {bucket.name} does not follow naming convention (should start with '{naming_pattern}')."
            findings.append(report)
        return findings
 ```
 <Tip>
 Customize the `naming_pattern` variable to match your organization's requirements (e.g., "prod-", "dev-", "projectname-").
 </Tip>
 ## Step 5: Create Check Metadata
 Create `s3_bucket_naming_convention.metadata.json`:
 ```json
 {
  "Provider": "aws",
  "CheckID": "s3_bucket_naming_convention",
  "CheckTitle": "Check if S3 buckets follow naming convention",
  "CheckType": ["Software and Configuration Checks"],
  "ServiceName": "s3",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:aws:s3:::bucket_name",
  "Severity": "low",
  "ResourceType": "AwsS3Bucket",
  "Description": "Ensure S3 buckets follow the organization's naming convention for consistency and management.",
  "Risk": "S3 buckets not following naming conventions may lead to management difficulties and confusion.",
  "RelatedUrl": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html",
  "Remediation": {
    "Code": {
      "CLI": "",
      "NativeIaC": "",
      "Other": "Rename the S3 bucket to follow the organization's naming convention or update bucket policies.",
      "Terraform": ""
    },
    "Recommendation": {
      "Text": "Ensure all S3 buckets follow the defined naming convention for your organization.",
      "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html"
    }
  },
  "Categories": [
    "forensics-ready"
  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": "This is a custom check created for organization-specific requirements."
 }
 ```
 <Note>
 [Note: Screenshot of slide 33 showing metadata structure - to be added]
 </Note>
 ## Step 6: Test the Custom Check
 Run only your custom check:
 ```bash
 prowler aws --checks s3_bucket_naming_convention
 ```
 Review the output to verify:
 * Check executes without errors
 * Findings are generated for each S3 bucket
 * Status is correct (PASS/FAIL) based on naming convention
 ## Step 7: Create a Custom Check for EC2 Instance Tags
 Create another custom check to enforce EC2 tagging policies:
 ```bash
 mkdir -p prowler/providers/aws/services/ec2/ec2_instance_required_tags
 cd prowler/providers/aws/services/ec2/ec2_instance_required_tags
 ```
 Create `ec2_instance_required_tags.py`:
 ```python
 from prowler.lib.check.models import Check, Check_Report_AWS
 from prowler.providers.aws.services.ec2.ec2_client import ec2_client
 class ec2_instance_required_tags(Check):
    def execute(self):
        findings = []
        # Define required tags
        required_tags = ["Environment", "Owner", "CostCenter"]
        for instance in ec2_client.instances:
            report = Check_Report_AWS(self.metadata())
            report.region = instance.region
            report.resource_id = instance.id
            report.resource_arn = instance.arn
            report.resource_tags = instance.tags
            # Get instance tag keys
            instance_tag_keys = [tag["Key"] for tag in instance.tags] if instance.tags else []
            # Check if all required tags are present
            missing_tags = [tag for tag in required_tags if tag not in instance_tag_keys]
            if not missing_tags:
                report.status = "PASS"
                report.status_extended = f"EC2 instance {instance.id} has all required tags."
            else:
                report.status = "FAIL"
                report.status_extended = f"EC2 instance {instance.id} is missing required tags: {', '.join(missing_tags)}."
            findings.append(report)
        return findings
 ```
 Create `ec2_instance_required_tags.metadata.json`:
 ```json
 {
  "Provider": "aws",
  "CheckID": "ec2_instance_required_tags",
  "CheckTitle": "Check if EC2 instances have required tags",
  "CheckType": ["Software and Configuration Checks"],
  "ServiceName": "ec2",
  "SubServiceName": "",
  "ResourceIdTemplate": "arn:aws:ec2:region:account-id:instance/instance-id",
  "Severity": "medium",
  "ResourceType": "AwsEc2Instance",
  "Description": "Ensure EC2 instances have required tags for proper resource management and cost allocation.",
  "Risk": "EC2 instances without required tags may lead to difficulties in cost tracking, ownership identification, and resource management.",
  "RelatedUrl": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html",
  "Remediation": {
    "Code": {
      "CLI": "aws ec2 create-tags --resources <instance-id> --tags Key=Environment,Value=<value> Key=Owner,Value=<value> Key=CostCenter,Value=<value>",
      "NativeIaC": "",
      "Other": "",
      "Terraform": "resource \"aws_ec2_tag\" \"example\" {\n  resource_id = aws_instance.example.id\n  key         = \"Environment\"\n  value       = \"Production\"\n}"
    },
    "Recommendation": {
      "Text": "Add the required tags (Environment, Owner, CostCenter) to all EC2 instances.",
      "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html"
    }
  },
  "Categories": [
    "tagging"
  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": "Customize the required_tags list in the check code to match your organization's tagging policy."
 }
 ```
 ## Step 8: Test Multiple Custom Checks
 Run both custom checks together:
 ```bash
 prowler aws --checks s3_bucket_naming_convention ec2_instance_required_tags
 ```
 ## Step 9: Create a Custom Checks Group
 Create a file to group your custom checks:
 Create `prowler/config/custom_checks.yaml`:
 ```yaml
 custom-checks:
  - s3_bucket_naming_convention
  - ec2_instance_required_tags
 ```
 Run all custom checks:
 ```bash
 prowler aws --checks-file prowler/config/custom_checks.yaml
 ```
 <Note>
 [Note: Screenshot of slide 38 showing custom checks output - to be added]
 </Note>
 ## Step 10: Validate Check Metadata
 Prowler includes metadata validation. Ensure your metadata follows guidelines:
 ```bash
 python -m prowler.lib.check.check_metadata_validator
 ```
 This validates:
 * Required metadata fields are present
 * Severity values are valid
 * URLs are properly formatted
 * JSON structure is correct
 ## Verification Steps
 Confirm successful lab completion:
 1. Prowler installed from source
 2. Custom S3 naming convention check created
 3. Custom EC2 tagging check created
 4. Both checks execute successfully
 5. Metadata files are properly formatted
 6. Custom checks grouped for easy execution
 ## Expected Outcomes
 After completing this lab, you should:
 * Understand Prowler's check architecture
 * Be able to create custom security checks
 * Know how to write check metadata
 * Be capable of testing and validating checks
 * Have created reusable custom security policies
 ## Best Practices for Custom Checks
 1. **Follow naming conventions:** Use descriptive check IDs (e.g., `service_resource_requirement`)
 2. **Set appropriate severity:** Match severity to the security impact
 3. **Provide clear descriptions:** Help users understand what the check validates
 4. **Include remediation guidance:** Provide actionable steps to fix findings
 5. **Test thoroughly:** Verify checks work across different AWS regions and account configurations
 6. **Document assumptions:** Note any specific requirements or limitations
 ## Troubleshooting
 **Issue:** Check not found when running
 * **Solution:** Ensure the check directory and files follow the correct naming convention and location
 **Issue:** Import errors in check code
 * **Solution:** Verify you're using the Poetry virtual environment (`poetry shell`)
 **Issue:** Metadata validation fails
 * **Solution:** Review the metadata format against Prowler's schema requirements
 **Issue:** Check returns no findings
 * **Solution:** Add print statements or use a debugger to verify the service client has data
 ## Next Steps
 Continue to [Lab 4: Multi-Cloud Security with Prowler (Azure)](/workshop/lab-04-azure-multicloud) to extend security monitoring to Azure environments.
 ## Additional Resources
 * [Custom Checks Development Guide](/developer-guide/checks)
 * [Check Metadata Guidelines](/developer-guide/check-metadata-guidelines)
 * [Prowler Development Documentation](/developer-guide/introduction)
 * [Prowler Check Kreator](/user-guide/cli/tutorials/prowler-check-kreator)
--- a/docs/workshop/lab-04-azure-multicloud.mdx
+++ b/docs/workshop/lab-04-azure-multicloud.mdx
@@ -0,0 +1,346 @@
 ---
 title: "Lab 4: Multi-Cloud Security with Prowler (Azure)"
 description: "Extend security monitoring to Azure environments using Prowler's multi-cloud capabilities"
 ---
 <Note>
 **Tags:** `workshop` `azure` `multi-cloud` `intermediate` `authentication`
 </Note>
 # Lab 4: Multi-Cloud Security with Prowler (Azure)
 Learn to secure Azure environments using Prowler's multi-cloud security assessment capabilities.
 ## Prerequisites
 * Prowler CLI installed ([Lab 1](/workshop/lab-01-getting-started))
 * Active Azure subscription
 * Azure CLI installed
 * Azure account with appropriate permissions (Reader role minimum)
 * Basic understanding of Azure services
 **Estimated Time:** 45 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Configure Azure authentication for Prowler
 * Run security assessments on Azure subscriptions
 * Understand Azure-specific security checks
 * Compare security findings across cloud providers
 * Implement multi-cloud security strategies
 ## Step 1: Install Azure CLI
 Install Azure CLI if not already present:
 **macOS:**
 ```bash
 brew install azure-cli
 ```
 **Linux:**
 ```bash
 curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
 ```
 **Windows:**
 ```powershell
 winget install Microsoft.AzureCLI
 ```
 Verify installation:
 ```bash
 az --version
 ```
 ## Step 2: Authenticate to Azure
 Sign in to Azure:
 ```bash
 az login
 ```
 This opens a browser window for authentication.
 Verify authentication:
 ```bash
 az account show
 ```
 Expected output:
 ```json
 {
  "id": "12345678-1234-1234-1234-123456789012",
  "name": "My Subscription",
  "tenantId": "87654321-4321-4321-4321-210987654321",
  "state": "Enabled"
 }
 ```
 <Note>
 [Note: Screenshot of slide 43 showing Azure authentication - to be added]
 </Note>
 ## Step 3: List Azure Subscriptions
 If you have multiple subscriptions, list them:
 ```bash
 az account list --output table
 ```
 Set the active subscription:
 ```bash
 az account set --subscription "subscription-id"
 ```
 ## Step 4: Configure Azure Service Principal (Optional)
 For automated scans, create a service principal:
 ```bash
 az ad sp create-for-rbac --name "prowler-scanner" --role Reader --scopes /subscriptions/{subscription-id}
 ```
 This returns:
 ```json
 {
  "appId": "app-id",
  "displayName": "prowler-scanner",
  "password": "password",
  "tenant": "tenant-id"
 }
 ```
 <Warning>
 Store service principal credentials securely. These provide programmatic access to your Azure subscription.
 </Warning>
 Export credentials as environment variables:
 ```bash
 export AZURE_CLIENT_ID="app-id"
 export AZURE_CLIENT_SECRET="password"
 export AZURE_TENANT_ID="tenant-id"
 export AZURE_SUBSCRIPTION_ID="subscription-id"
 ```
 ## Step 5: Run Your First Azure Scan
 Execute Prowler against Azure:
 ```bash
 prowler azure
 ```
 This command:
 * Uses Azure CLI credentials (or service principal if configured)
 * Scans the active subscription
 * Runs all Azure security checks
 * Generates output in multiple formats
 <Note>
 Azure scans typically take 5-10 minutes depending on resource count.
 </Note>
 <Note>
 [Note: Screenshot of slide 47 showing Azure scan execution - to be added]
 </Note>
 ## Step 6: Scan Specific Azure Services
 Run targeted scans for specific services:
 ```bash
 prowler azure --services storage network
 ```
 This focuses on:
 * Azure Storage accounts
 * Virtual networks
 * Network security groups
 ## Step 7: Analyze Azure Security Findings
 Review Azure-specific security checks:
 **Storage Account Security:**
 * Public blob access disabled
 * Secure transfer required (HTTPS)
 * Storage encryption enabled
 * Soft delete enabled
 **Network Security:**
 * Network security groups properly configured
 * No overly permissive rules
 * DDoS protection enabled
 * Network watcher enabled
 **Identity and Access:**
 * Multi-factor authentication enabled
 * Conditional access policies configured
 * Privileged identity management enabled
 Open the HTML report:
 ```bash
 open output/prowler-output-azure-*.html
 ```
 <Note>
 [Note: Screenshot of slide 50 showing Azure findings report - to be added]
 </Note>
 ## Step 8: Compare AWS and Azure Security Posture
 If you completed Lab 1, compare security findings:
 **AWS findings:**
 ```bash
 cat output/prowler-output-aws-*.csv | wc -l
 ```
 **Azure findings:**
 ```bash
 cat output/prowler-output-azure-*.csv | wc -l
 ```
 Key comparison metrics:
 * Total findings by severity
 * Service coverage
 * Compliance status
 * Resource exposure
 ## Step 9: Multi-Cloud Security Dashboard
 Generate a combined security view:
 Create a directory for multi-cloud reports:
 ```bash
 mkdir -p multi-cloud-reports
 cp output/prowler-output-aws-*.json multi-cloud-reports/
 cp output/prowler-output-azure-*.json multi-cloud-reports/
 ```
 <Tip>
 Use Prowler Cloud or custom dashboards to visualize multi-cloud security posture in a unified interface.
 </Tip>
 ## Step 10: Azure-Specific Remediation
 Example remediations for common Azure findings:
 **Enable secure transfer for storage account:**
 ```bash
 az storage account update \
    --name mystorageaccount \
    --resource-group myresourcegroup \
    --https-only true
 ```
 **Enable storage encryption:**
 ```bash
 az storage account update \
    --name mystorageaccount \
    --resource-group myresourcegroup \
    --encryption-services blob
 ```
 **Disable public blob access:**
 ```bash
 az storage account update \
    --name mystorageaccount \
    --resource-group myresourcegroup \
    --allow-blob-public-access false
 ```
 **Update network security group rule:**
 ```bash
 az network nsg rule update \
    --resource-group myresourcegroup \
    --nsg-name mynsg \
    --name mynsgrule \
    --source-address-prefixes 10.0.0.0/16
 ```
 ## Step 11: Scan Multiple Azure Subscriptions
 Scan all subscriptions in your tenant:
 ```bash
 prowler azure --subscription-ids subscription-id-1 subscription-id-2
 ```
 Or scan all accessible subscriptions:
 ```bash
 prowler azure --az-cli-auth
 ```
 <Note>
 [Note: Screenshot of slide 56 showing multi-subscription scan - to be added]
 </Note>
 ## Verification Steps
 Confirm successful lab completion:
 1. Azure CLI installed and authenticated
 2. First Azure scan completed successfully
 3. Azure security findings reviewed
 4. Service-specific scans executed
 5. Multi-cloud comparison performed
 6. Azure-specific remediations understood
 ## Expected Outcomes
 After completing this lab, you should:
 * Be able to authenticate Prowler with Azure
 * Understand Azure security checks
 * Know how to scan multiple subscriptions
 * Have compared security posture across AWS and Azure
 * Be familiar with Azure-specific remediation commands
 ## Common Azure Security Findings
 **Storage Accounts:**
 * Public blob access enabled
 * Secure transfer (HTTPS) not required
 * Storage encryption disabled
 * Logging not configured
 **Virtual Networks:**
 * Network security groups allow 0.0.0.0/0 access
 * DDoS protection not enabled
 * Network watcher not configured
 **Identity:**
 * MFA not enabled for all users
 * Guest users have excessive permissions
 * Password policies are weak
 ## Troubleshooting
 **Issue:** Azure authentication fails
 * **Solution:** Run `az login` and ensure you have the correct subscription selected
 **Issue:** Permission errors during scan
 * **Solution:** Ensure your account or service principal has Reader role at subscription level
 **Issue:** Subscription not found
 * **Solution:** Verify subscription ID with `az account list` and check it's enabled
 **Issue:** Slow scan performance
 * **Solution:** Use `--services` flag to scan specific services instead of all
 ## Next Steps
 Continue to [Lab 5: Multi-Cloud Security with Prowler (GCP)](/workshop/lab-05-gcp-multicloud) to add Google Cloud Platform to your multi-cloud security monitoring.
 ## Additional Resources
 * [Azure Getting Started Guide](/user-guide/providers/azure/getting-started-azure)
 * [Azure Authentication Methods](/user-guide/providers/azure/authentication)
 * [Create Prowler Service Principal](/user-guide/providers/azure/create-prowler-service-principal)
 * [Azure Subscriptions Management](/user-guide/providers/azure/subscriptions)
--- a/docs/workshop/lab-05-gcp-multicloud.mdx
+++ b/docs/workshop/lab-05-gcp-multicloud.mdx
@@ -0,0 +1,377 @@
 ---
 title: "Lab 5: Multi-Cloud Security with Prowler (GCP)"
 description: "Complete your multi-cloud security coverage by adding Google Cloud Platform assessments"
 ---
 <Note>
 **Tags:** `workshop` `gcp` `multi-cloud` `intermediate` `authentication`
 </Note>
 # Lab 5: Multi-Cloud Security with Prowler (GCP)
 Learn to secure Google Cloud Platform environments and achieve comprehensive multi-cloud security coverage with Prowler.
 ## Prerequisites
 * Prowler CLI installed ([Lab 1](/workshop/lab-01-getting-started))
 * Active GCP project
 * Google Cloud SDK (gcloud) installed
 * GCP account with appropriate permissions (Viewer role minimum)
 * Basic understanding of GCP services
 **Estimated Time:** 45 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Configure GCP authentication for Prowler
 * Run security assessments on GCP projects
 * Understand GCP-specific security checks
 * Achieve comprehensive multi-cloud security coverage (AWS, Azure, GCP)
 * Implement unified security policies across cloud providers
 ## Step 1: Install Google Cloud SDK
 Install gcloud CLI if not already present:
 **macOS:**
 ```bash
 brew install google-cloud-sdk
 ```
 **Linux:**
 ```bash
 curl https://sdk.cloud.google.com | bash
 exec -l $SHELL
 ```
 **Windows:**
 Download and install from: https://cloud.google.com/sdk/docs/install
 Verify installation:
 ```bash
 gcloud --version
 ```
 ## Step 2: Authenticate to GCP
 Initialize gcloud and authenticate:
 ```bash
 gcloud init
 ```
 This prompts you to:
 1. Log in to your Google account
 2. Select or create a GCP project
 3. Configure default region/zone (optional)
 Verify authentication:
 ```bash
 gcloud auth list
 ```
 Display active project:
 ```bash
 gcloud config get-value project
 ```
 <Note>
 [Note: Screenshot of slide 60 showing GCP authentication - to be added]
 </Note>
 ## Step 3: Configure Application Default Credentials
 Prowler uses Application Default Credentials (ADC):
 ```bash
 gcloud auth application-default login
 ```
 This creates credentials file at:
 * **Linux/macOS:** `~/.config/gcloud/application_default_credentials.json`
 * **Windows:** `%APPDATA%\gcloud\application_default_credentials.json`
 ## Step 4: Set Up Service Account (Optional)
 For automated scans, create a service account:
 ```bash
 # Create service account
 gcloud iam service-accounts create prowler-scanner \
    --display-name="Prowler Security Scanner"
 # Get project ID
 PROJECT_ID=$(gcloud config get-value project)
 # Grant Viewer role
 gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:prowler-scanner@${PROJECT_ID}.iam.gserviceaccount.com" \
    --role="roles/viewer"
 # Generate key file
 gcloud iam service-accounts keys create ~/prowler-credentials.json \
    --iam-account=prowler-scanner@${PROJECT_ID}.iam.gserviceaccount.com
 ```
 <Warning>
 Store service account key files securely. These provide programmatic access to your GCP project.
 </Warning>
 Use service account credentials:
 ```bash
 export GOOGLE_APPLICATION_CREDENTIALS=~/prowler-credentials.json
 ```
 ## Step 5: Run Your First GCP Scan
 Execute Prowler against GCP:
 ```bash
 prowler gcp
 ```
 This command:
 * Uses Application Default Credentials (or service account)
 * Scans the active project
 * Runs all GCP security checks
 * Generates output in multiple formats
 <Note>
 GCP scans typically take 5-10 minutes depending on resource count.
 </Note>
 <Note>
 [Note: Screenshot of slide 65 showing GCP scan execution - to be added]
 </Note>
 ## Step 6: Scan Specific GCP Projects
 Scan a specific project:
 ```bash
 prowler gcp --project-id my-project-id
 ```
 Scan multiple projects:
 ```bash
 prowler gcp --project-id project-1 project-2 project-3
 ```
 ## Step 7: Scan Specific GCP Services
 Run targeted scans for specific services:
 ```bash
 prowler gcp --services storage compute iam
 ```
 This focuses on:
 * Cloud Storage buckets
 * Compute Engine instances
 * IAM policies and permissions
 ## Step 8: Analyze GCP Security Findings
 Review GCP-specific security checks:
 **Cloud Storage Security:**
 * Buckets not publicly accessible
 * Uniform bucket-level access enabled
 * Encryption at rest enabled
 * Versioning enabled
 **Compute Engine Security:**
 * OS Login enabled
 * Serial port access disabled
 * Shielded VMs enabled
 * IP forwarding disabled
 **IAM Security:**
 * Service accounts with minimal permissions
 * No primitive roles (Owner, Editor, Viewer) assigned to users
 * Service account keys rotated regularly
 * Cloud Identity-Aware Proxy (IAP) enabled
 Open the HTML report:
 ```bash
 open output/prowler-output-gcp-*.html
 ```
 <Note>
 [Note: Screenshot of slide 69 showing GCP findings report - to be added]
 </Note>
 ## Step 9: Multi-Cloud Security Overview
 You now have security coverage across three major cloud providers:
 Create a comprehensive multi-cloud report directory:
 ```bash
 mkdir -p multi-cloud-security-reports
 cp output/prowler-output-aws-*.json multi-cloud-security-reports/
 cp output/prowler-output-azure-*.json multi-cloud-security-reports/
 cp output/prowler-output-gcp-*.json multi-cloud-security-reports/
 ```
 Compare security posture metrics:
 ```bash
 # Count findings by provider
 echo "AWS findings:"
 jq '.findings | length' multi-cloud-security-reports/prowler-output-aws-*.json
 echo "Azure findings:"
 jq '.findings | length' multi-cloud-security-reports/prowler-output-azure-*.json
 echo "GCP findings:"
 jq '.findings | length' multi-cloud-security-reports/prowler-output-gcp-*.json
 ```
 ## Step 10: GCP-Specific Remediation
 Example remediations for common GCP findings:
 **Enable uniform bucket-level access:**
 ```bash
 gsutil uniformbucketlevelaccess set on gs://bucket-name
 ```
 **Disable public access to bucket:**
 ```bash
 gsutil iam ch -d allUsers gs://bucket-name
 gsutil iam ch -d allAuthenticatedUsers gs://bucket-name
 ```
 **Enable OS Login on project:**
 ```bash
 gcloud compute project-info add-metadata \
    --metadata enable-oslogin=TRUE
 ```
 **Disable serial port access:**
 ```bash
 gcloud compute instances add-metadata instance-name \
    --metadata serial-port-enable=FALSE
 ```
 **Remove primitive role binding:**
 ```bash
 gcloud projects remove-iam-policy-binding PROJECT_ID \
    --member='user:email@example.com' \
    --role='roles/editor'
 ```
 ## Step 11: Scan GCP Organization
 If you have organization-level access:
 ```bash
 prowler gcp --organization-id org-id
 ```
 This scans all projects within the organization.
 <Tip>
 Organization-level scanning requires `resourcemanager.organizations.get` permission at the organization level.
 </Tip>
 <Note>
 [Note: Screenshot of slide 74 showing organization scan - to be added]
 </Note>
 ## Step 12: Multi-Cloud Security Strategy
 Establish consistent security controls across clouds:
 **Identity and Access:**
 * Enforce MFA across all providers
 * Implement least privilege access
 * Regular access reviews
 * Centralized identity management
 **Data Protection:**
 * Encryption at rest and in transit
 * Regular backups
 * Data retention policies
 * Access logging enabled
 **Network Security:**
 * Zero-trust network architecture
 * Network segmentation
 * DDoS protection
 * Traffic inspection
 **Monitoring and Compliance:**
 * Centralized logging
 * Security information and event management (SIEM)
 * Regular compliance scans
 * Automated remediation where possible
 ## Verification Steps
 Confirm successful lab completion:
 1. Google Cloud SDK installed and authenticated
 2. First GCP scan completed successfully
 3. GCP security findings reviewed
 4. Service-specific scans executed
 5. Multi-cloud reports collected (AWS, Azure, GCP)
 6. GCP-specific remediations understood
 ## Expected Outcomes
 After completing this lab, you should:
 * Be able to authenticate Prowler with GCP
 * Understand GCP security checks
 * Know how to scan multiple projects and organizations
 * Have achieved multi-cloud security coverage
 * Be familiar with GCP-specific remediation commands
 ## Common GCP Security Findings
 **Cloud Storage:**
 * Buckets with public access
 * Uniform bucket-level access not enabled
 * Versioning disabled
 * Logging not configured
 **Compute Engine:**
 * OS Login not enabled
 * Legacy metadata endpoints enabled
 * Serial port access enabled
 * IP forwarding enabled on instances
 **IAM:**
 * Primitive roles assigned to users
 * Service account keys not rotated
 * Over-permissive service accounts
 * No organization policies enforced
 ## Troubleshooting
 **Issue:** GCP authentication fails
 * **Solution:** Run `gcloud auth application-default login` and ensure project is set
 **Issue:** Permission errors during scan
 * **Solution:** Ensure account has Viewer role at project or organization level
 **Issue:** Project not found
 * **Solution:** Verify project ID with `gcloud projects list` and check it's active
 **Issue:** API not enabled errors
 * **Solution:** Enable required APIs: `gcloud services enable cloudresourcemanager.googleapis.com`
 ## Next Steps
 Continue to [Lab 6: Compliance as Code with Prowler](/workshop/lab-06-compliance-as-code) to learn how to automate compliance reporting across all cloud providers.
 ## Additional Resources
 * [GCP Getting Started Guide](/user-guide/providers/gcp/getting-started-gcp)
 * [GCP Authentication Methods](/user-guide/providers/gcp/authentication)
 * [GCP Projects Management](/user-guide/providers/gcp/projects)
 * [GCP Organization Scanning](/user-guide/providers/gcp/organization)
--- a/docs/workshop/lab-06-compliance-as-code.mdx
+++ b/docs/workshop/lab-06-compliance-as-code.mdx
@@ -0,0 +1,465 @@
 ---
 title: "Lab 6: Compliance as Code with Prowler"
 description: "Automate compliance reporting and validation against industry standards and regulatory frameworks"
 ---
 <Note>
 **Tags:** `workshop` `aws` `compliance` `intermediate` `automation` `frameworks`
 </Note>
 # Lab 6: Compliance as Code with Prowler
 Learn to automate compliance validation and reporting against industry standards such as CIS, PCI-DSS, HIPAA, and custom compliance frameworks.
 ## Prerequisites
 * Completion of [Lab 1: Getting Started with Prowler CLI](/workshop/lab-01-getting-started)
 * AWS account with resources
 * Prowler CLI installed and configured
 * Understanding of compliance frameworks (CIS, PCI-DSS, HIPAA)
 **Estimated Time:** 50 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Understand compliance frameworks in Prowler
 * Generate compliance reports for industry standards
 * Validate compliance status programmatically
 * Create custom compliance frameworks
 * Automate compliance reporting in CI/CD pipelines
 ## Step 1: List Available Compliance Frameworks
 View all supported compliance frameworks:
 ```bash
 prowler aws --list-compliance
 ```
 This displays frameworks such as:
 * CIS AWS Foundations Benchmark (multiple versions)
 * PCI-DSS v4.0
 * HIPAA
 * SOC2
 * GDPR
 * ISO 27001
 * NIST 800-53
 * AWS Foundational Security Best Practices
 * Custom frameworks
 <Note>
 [Note: Screenshot of slide 78 showing compliance frameworks list - to be added]
 </Note>
 ## Step 2: Run CIS Benchmark Compliance Scan
 Execute a CIS AWS Foundations Benchmark scan:
 ```bash
 prowler aws --compliance cis_2.0_aws
 ```
 This command:
 * Runs only checks mapped to CIS Benchmark v2.0
 * Generates a compliance report
 * Shows compliance percentage
 * Identifies non-compliant controls
 Review compliance summary:
 ```bash
 open output/compliance/prowler-compliance-cis_2.0_aws-*.html
 ```
 <Note>
 [Note: Screenshot of slide 80 showing CIS compliance report - to be added]
 </Note>
 ## Step 3: Analyze Compliance Requirements
 Understanding compliance report structure:
 **Requirement ID:** Control identifier (e.g., 1.1, 1.2)
 **Requirement Description:** What the control validates
 **Status:** PASS or FAIL
 **Related Checks:** Prowler checks that map to this requirement
 **Resources Affected:** Specific resources that failed
 Example CIS requirement:
 ```
 ID: 1.4
 Description: Ensure no root account access key exists
 Status: FAIL
 Checks: iam_root_user_no_access_keys
 Resources: Root account has 1 active access key
 ```
 ## Step 4: Generate Multiple Compliance Reports
 Run scans for multiple frameworks:
 ```bash
 prowler aws --compliance cis_2.0_aws pci_dss_v4.0_aws hipaa_aws
 ```
 This generates three separate compliance reports:
 * `prowler-compliance-cis_2.0_aws-*.html`
 * `prowler-compliance-pci_dss_v4.0_aws-*.html`
 * `prowler-compliance-hipaa_aws-*.html`
 Compare compliance posture across frameworks:
 ```bash
 grep "Compliance Status" output/compliance/*.html
 ```
 ## Step 5: Export Compliance Data
 Export compliance results to JSON for automation:
 ```bash
 prowler aws --compliance cis_2.0_aws -o json-ocsf
 ```
 The JSON output includes:
 * Compliance score (percentage)
 * Passed requirements
 * Failed requirements
 * Resource-level details
 * Remediation guidance
 Query compliance status programmatically:
 ```bash
 jq '.compliance.cis_2.0_aws.score' output/prowler-output-*.json-ocsf
 ```
 <Note>
 [Note: Screenshot of slide 84 showing JSON compliance output - to be added]
 </Note>
 ## Step 6: Create a Custom Compliance Framework
 Create a custom framework for organization-specific requirements:
 Create `custom_compliance.json`:
 ```json
 {
  "Framework": "custom_security_baseline",
  "Version": "1.0",
  "Provider": "aws",
  "Description": "Organization Security Baseline Requirements",
  "Requirements": [
    {
      "Id": "1.1",
      "Description": "S3 buckets must have encryption enabled",
      "Attributes": [
        {
          "Section": "Data Protection",
          "SubSection": "Encryption at Rest",
          "Type": "automated",
          "Service": "s3"
        }
      ],
      "Checks": [
        "s3_bucket_default_encryption",
        "s3_bucket_secure_transport_policy"
      ]
    },
    {
      "Id": "1.2",
      "Description": "CloudTrail must be enabled in all regions",
      "Attributes": [
        {
          "Section": "Logging and Monitoring",
          "SubSection": "Audit Logging",
          "Type": "automated",
          "Service": "cloudtrail"
        }
      ],
      "Checks": [
        "cloudtrail_multi_region_enabled",
        "cloudtrail_log_file_validation_enabled"
      ]
    },
    {
      "Id": "2.1",
      "Description": "IAM users must have MFA enabled",
      "Attributes": [
        {
          "Section": "Identity and Access Management",
          "SubSection": "Multi-Factor Authentication",
          "Type": "automated",
          "Service": "iam"
        }
      ],
      "Checks": [
        "iam_user_mfa_enabled_console_access",
        "iam_root_mfa_enabled"
      ]
    },
    {
      "Id": "3.1",
      "Description": "Security groups must not allow unrestricted access",
      "Attributes": [
        {
          "Section": "Network Security",
          "SubSection": "Firewall Rules",
          "Type": "automated",
          "Service": "ec2"
        }
      ],
      "Checks": [
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22",
        "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389"
      ]
    }
  ]
 }
 ```
 Save to `prowler/compliance/aws/`:
 ```bash
 cp custom_compliance.json ~/.prowler/compliance/aws/
 ```
 ## Step 7: Run Custom Compliance Framework
 Execute scan against custom framework:
 ```bash
 prowler aws --compliance-framework custom_compliance.json
 ```
 Or if placed in Prowler's compliance directory:
 ```bash
 prowler aws --compliance custom_security_baseline
 ```
 Review custom compliance report:
 ```bash
 open output/compliance/prowler-compliance-custom_security_baseline-*.html
 ```
 <Note>
 [Note: Screenshot of slide 88 showing custom compliance report - to be added]
 </Note>
 ## Step 8: Compliance Reporting for Audits
 Generate audit-ready compliance reports:
 ```bash
 prowler aws \
    --compliance cis_2.0_aws \
    -o html csv json \
    --output-directory ./audit-reports-$(date +%Y%m%d)
 ```
 This creates:
 * HTML report for human review
 * CSV for spreadsheet analysis
 * JSON for programmatic processing
 Package for auditors:
 ```bash
 tar -czf compliance-audit-$(date +%Y%m%d).tar.gz audit-reports-*
 ```
 ## Step 9: Automate Compliance Validation
 Create a compliance validation script:
 Create `compliance-check.sh`:
 ```bash
 #!/bin/bash
 # Configuration
 COMPLIANCE_FRAMEWORK="cis_2.0_aws"
 REQUIRED_SCORE=85
 OUTPUT_DIR="./compliance-reports"
 # Run Prowler
 prowler aws \
    --compliance $COMPLIANCE_FRAMEWORK \
    -o json \
    --output-directory $OUTPUT_DIR
 # Extract compliance score
 SCORE=$(jq -r ".compliance.${COMPLIANCE_FRAMEWORK}.score" \
    $OUTPUT_DIR/prowler-output-*.json | head -1)
 echo "Compliance Score: ${SCORE}%"
 # Validate compliance threshold
 if (( $(echo "$SCORE >= $REQUIRED_SCORE" | bc -l) )); then
    echo "✓ Compliance check PASSED (score: ${SCORE}% >= ${REQUIRED_SCORE}%)"
    exit 0
 else
    echo "✗ Compliance check FAILED (score: ${SCORE}% < ${REQUIRED_SCORE}%)"
    exit 1
 fi
 ```
 Make executable:
 ```bash
 chmod +x compliance-check.sh
 ```
 Run validation:
 ```bash
 ./compliance-check.sh
 ```
 ## Step 10: Integrate with CI/CD Pipeline
 Example GitHub Actions workflow:
 Create `.github/workflows/compliance-check.yml`:
 ```yaml
 name: Compliance Validation
 on:
  schedule:
    - cron: '0 0 * * *'  # Daily at midnight
  workflow_dispatch:
 jobs:
  prowler-compliance:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      - name: Install Prowler
        run: pip install prowler
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      - name: Run compliance scan
        run: |
          prowler aws \
            --compliance cis_2.0_aws \
            -o html json \
            --output-directory ./reports
      - name: Upload compliance reports
        uses: actions/upload-artifact@v3
        with:
          name: compliance-reports
          path: ./reports/
      - name: Check compliance threshold
        run: |
          SCORE=$(jq -r '.compliance.cis_2.0_aws.score' reports/prowler-output-*.json)
          if (( $(echo "$SCORE < 85" | bc -l) )); then
            echo "Compliance score ${SCORE}% is below threshold"
            exit 1
          fi
 ```
 <Note>
 [Note: Screenshot of slide 92 showing CI/CD integration - to be added]
 </Note>
 ## Step 11: Continuous Compliance Monitoring
 Implement continuous compliance monitoring:
 **Daily Scans:**
 * Schedule automated scans
 * Track compliance trends over time
 * Alert on compliance score drops
 **Drift Detection:**
 * Compare current state vs. baseline
 * Identify new non-compliant resources
 * Generate remediation tickets automatically
 **Compliance Dashboard:**
 * Visualize compliance status
 * Track remediation progress
 * Generate executive reports
 ## Verification Steps
 Confirm successful lab completion:
 1. Listed available compliance frameworks
 2. Generated CIS compliance report
 3. Created multiple framework reports
 4. Built custom compliance framework
 5. Automated compliance validation
 6. Integrated compliance checks in CI/CD
 ## Expected Outcomes
 After completing this lab, you should:
 * Understand Prowler compliance capabilities
 * Be able to generate compliance reports
 * Know how to create custom frameworks
 * Have automated compliance validation
 * Be ready for audit processes
 ## Compliance Framework Mapping
 Common frameworks supported:
 **AWS:**
 * CIS AWS Foundations Benchmark v1.4, v1.5, v2.0, v3.0
 * AWS Foundational Security Best Practices
 * PCI-DSS v4.0
 * HIPAA
 * SOC2
 * GDPR
 * ISO 27001
 * NIST 800-53
 * FedRAMP
 * ENS (Spanish National Security Scheme)
 **Azure:**
 * CIS Microsoft Azure Foundations Benchmark
 * Azure Security Benchmark
 **GCP:**
 * CIS Google Cloud Platform Foundation Benchmark
 ## Troubleshooting
 **Issue:** Compliance framework not found
 * **Solution:** Use `--list-compliance` to see exact framework names
 **Issue:** Low compliance score
 * **Solution:** Review failed checks and prioritize remediation by severity
 **Issue:** Missing compliance report
 * **Solution:** Check `output/compliance/` directory for framework-specific reports
 **Issue:** Custom framework not loading
 * **Solution:** Validate JSON syntax and ensure file is in correct directory
 ## Next Steps
 Continue to [Lab 7: Integrations with Prowler](/workshop/lab-07-integrations) to learn how to integrate Prowler with AWS Security Hub and other security tools.
 ## Additional Resources
 * [Compliance Reporting Guide](/user-guide/cli/tutorials/compliance)
 * [Compliance Frameworks Documentation](/user-guide/cli/tutorials/compliance)
 * [Custom Compliance Framework Guide](/developer-guide/security-compliance-framework)
 * [Prowler Hub Compliance Frameworks](https://hub.prowler.com/compliance)
--- a/docs/workshop/lab-07-integrations.mdx
+++ b/docs/workshop/lab-07-integrations.mdx
@@ -0,0 +1,425 @@
 ---
 title: "Lab 7: Integrations with Prowler"
 description: "Integrate Prowler findings with AWS Security Hub and other security tools for centralized security management"
 ---
 <Note>
 **Tags:** `workshop` `aws` `integrations` `intermediate` `security-hub` `automation`
 </Note>
 # Lab 7: Integrations with Prowler
 Learn to integrate Prowler with AWS Security Hub and other security tools to centralize security findings and automate remediation workflows.
 ## Prerequisites
 * Completion of [Lab 1: Getting Started with Prowler CLI](/workshop/lab-01-getting-started)
 * AWS account with Security Hub enabled
 * IAM permissions for Security Hub operations
 * Prowler CLI installed and configured
 * Basic understanding of AWS Security Hub
 **Estimated Time:** 45 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Enable AWS Security Hub integration
 * Send Prowler findings to Security Hub
 * Understand finding formats and mapping
 * Configure automated finding synchronization
 * Integrate with third-party security tools
 * Implement centralized security dashboards
 ## Step 1: Enable AWS Security Hub
 Enable Security Hub in your AWS account:
 **Via AWS Console:**
 1. Navigate to AWS Security Hub
 2. Click "Go to Security Hub"
 3. Click "Enable Security Hub"
 **Via AWS CLI:**
 ```bash
 aws securityhub enable-security-hub
 ```
 Verify Security Hub is enabled:
 ```bash
 aws securityhub get-enabled-standards
 ```
 <Note>
 [Note: Screenshot of slide 96 showing Security Hub enablement - to be added]
 </Note>
 ## Step 2: Configure IAM Permissions
 Ensure your IAM role/user has Security Hub permissions:
 Required permissions:
 ```json
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "securityhub:BatchImportFindings",
        "securityhub:GetFindings"
      ],
      "Resource": "*"
    }
  ]
 }
 ```
 Create and attach policy:
 ```bash
 aws iam create-policy \
    --policy-name ProwlerSecurityHubIntegration \
    --policy-document file://securityhub-policy.json
 aws iam attach-user-policy \
    --user-name prowler-user \
    --policy-arn arn:aws:iam::ACCOUNT_ID:policy/ProwlerSecurityHubIntegration
 ```
 ## Step 3: Run Prowler with Security Hub Integration
 Execute Prowler and send findings to Security Hub:
 ```bash
 prowler aws --security-hub
 ```
 This command:
 * Runs all security checks
 * Transforms findings to AWS Security Finding Format (ASFF)
 * Sends findings to Security Hub via `BatchImportFindings` API
 * Generates local reports
 <Warning>
 Security Hub has API rate limits. For large environments, findings are sent in batches automatically.
 </Warning>
 <Note>
 [Note: Screenshot of slide 99 showing Prowler sending findings to Security Hub - to be added]
 </Note>
 ## Step 4: View Findings in Security Hub
 Navigate to AWS Security Hub console and review Prowler findings:
 **Filter by Product:**
 1. Go to "Findings" in Security Hub
 2. Add filter: `Product name is Prowler`
 3. Review findings by severity
 **View Finding Details:**
 * Severity (CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL)
 * Affected resource
 * Compliance framework mapping
 * Remediation guidance
 * Workflow status
 <Note>
 [Note: Screenshot of slide 101 showing Security Hub findings view - to be added]
 </Note>
 ## Step 5: Understanding ASFF Mapping
 Prowler findings are mapped to AWS Security Finding Format:
 **Prowler Status → Security Hub Compliance Status:**
 * PASS → PASSED
 * FAIL → FAILED
 * MANUAL → NOT_AVAILABLE
 **Prowler Severity → Security Hub Severity:**
 * critical → CRITICAL (90-100)
 * high → HIGH (70-89)
 * medium → MEDIUM (40-69)
 * low → LOW (1-39)
 * informational → INFORMATIONAL (0)
 Example ASFF finding structure:
 ```json
 {
  "SchemaVersion": "2018-10-08",
  "Id": "prowler-aws/account/region/check/resource",
  "ProductArn": "arn:aws:securityhub:region::product/prowler/prowler",
  "GeneratorId": "prowler-check-id",
  "AwsAccountId": "123456789012",
  "Types": ["Software and Configuration Checks"],
  "CreatedAt": "2024-01-01T00:00:00.000Z",
  "UpdatedAt": "2024-01-01T00:00:00.000Z",
  "Severity": {
    "Label": "HIGH"
  },
  "Title": "Check title",
  "Description": "Check description",
  "Resources": [
    {
      "Type": "AwsS3Bucket",
      "Id": "arn:aws:s3:::bucket-name"
    }
  ],
  "Compliance": {
    "Status": "FAILED"
  }
 }
 ```
 ## Step 6: Update Existing Findings
 Run subsequent scans to update Security Hub findings:
 ```bash
 prowler aws --security-hub
 ```
 Prowler automatically:
 * Updates existing findings (same resource, same check)
 * Marks remediated issues as PASSED
 * Creates new findings for new resources
 * Archives findings for deleted resources
 ## Step 7: Regional Security Hub Integration
 Send findings to Security Hub in specific regions:
 ```bash
 prowler aws --security-hub --region us-east-1 us-west-2
 ```
 Or enable aggregation in a single region:
 ```bash
 # Configure finding aggregator in Security Hub
 aws securityhub create-finding-aggregator \
    --region-linking-mode ALL_REGIONS
 ```
 <Tip>
 Use Security Hub finding aggregation to centralize findings from multiple regions in a single dashboard.
 </Tip>
 ## Step 8: Filter Findings Sent to Security Hub
 Send only critical and high-severity findings:
 ```bash
 prowler aws --security-hub --severity critical high
 ```
 Send findings for specific compliance frameworks:
 ```bash
 prowler aws --security-hub --compliance cis_2.0_aws
 ```
 ## Step 9: Integrate with S3 for Long-Term Storage
 Store Prowler reports in S3 alongside Security Hub integration:
 ```bash
 prowler aws \
    --security-hub \
    -o html json csv \
    --output-bucket-no-assume s3://my-security-reports-bucket
 ```
 This enables:
 * Long-term retention of historical reports
 * Compliance audit trails
 * Trend analysis over time
 * Cost-effective storage
 Configure S3 bucket lifecycle policies:
 ```bash
 aws s3api put-bucket-lifecycle-configuration \
    --bucket my-security-reports-bucket \
    --lifecycle-configuration file://lifecycle.json
 ```
 `lifecycle.json`:
 ```json
 {
  "Rules": [
    {
      "Id": "ArchiveOldReports",
      "Status": "Enabled",
      "Transitions": [
        {
          "Days": 90,
          "StorageClass": "GLACIER"
        }
      ],
      "Expiration": {
        "Days": 365
      },
      "Filter": {
        "Prefix": "prowler-reports/"
      }
    }
  ]
 }
 ```
 <Note>
 [Note: Screenshot of slide 107 showing S3 integration - to be added]
 </Note>
 ## Step 10: Integrate with Third-Party Tools
 **Send to Slack:**
 ```bash
 prowler aws --security-hub | \
    jq -r '.findings[] | select(.status=="FAIL" and .severity=="critical")' | \
    curl -X POST -H 'Content-type: application/json' \
    --data @- https://hooks.slack.com/services/YOUR/WEBHOOK/URL
 ```
 **Send to Jira:**
 Create Jira tickets for critical findings using Jira API:
 ```bash
 #!/bin/bash
 JIRA_URL="https://your-domain.atlassian.net"
 JIRA_API_TOKEN="your-api-token"
 JIRA_PROJECT="SEC"
 # Extract critical findings
 FINDINGS=$(prowler aws -o json-ocsf | \
    jq '.findings[] | select(.status=="FAIL" and .severity=="critical")')
 # Create Jira tickets
 echo "$FINDINGS" | jq -c '.' | while read finding; do
    TITLE=$(echo $finding | jq -r '.check_title')
    DESCRIPTION=$(echo $finding | jq -r '.status_extended')
    curl -X POST "$JIRA_URL/rest/api/2/issue" \
        -H "Authorization: Bearer $JIRA_API_TOKEN" \
        -H "Content-Type: application/json" \
        -d "{
            \"fields\": {
                \"project\": {\"key\": \"$JIRA_PROJECT\"},
                \"summary\": \"$TITLE\",
                \"description\": \"$DESCRIPTION\",
                \"issuetype\": {\"name\": \"Task\"}
            }
        }"
 done
 ```
 **Send to Splunk:**
 ```bash
 prowler aws -o json-ocsf | \
    curl -k https://splunk-server:8088/services/collector/event \
    -H "Authorization: Splunk YOUR-HEC-TOKEN" \
    -d @-
 ```
 ## Step 11: Automate Security Hub Updates
 Create a Lambda function to run Prowler periodically:
 **Lambda Function (Python):**
 ```python
 import subprocess
 import boto3
 def lambda_handler(event, context):
    # Run Prowler with Security Hub integration
    result = subprocess.run(
        ['prowler', 'aws', '--security-hub'],
        capture_output=True,
        text=True
    )
    return {
        'statusCode': 200,
        'body': f'Prowler scan completed. Output: {result.stdout}'
    }
 ```
 **Schedule with EventBridge:**
 ```bash
 aws events put-rule \
    --name DailyProwlerScan \
    --schedule-expression "cron(0 2 * * ? *)"
 aws events put-targets \
    --rule DailyProwlerScan \
    --targets "Id"="1","Arn"="arn:aws:lambda:region:account:function:ProwlerScanFunction"
 ```
 <Note>
 [Note: Screenshot of slide 111 showing automated integration - to be added]
 </Note>
 ## Verification Steps
 Confirm successful lab completion:
 1. AWS Security Hub enabled
 2. Prowler findings sent to Security Hub
 3. Findings visible in Security Hub console
 4. Subsequent scans update existing findings
 5. S3 integration configured for report storage
 6. Third-party integration examples tested
 ## Expected Outcomes
 After completing this lab, you should:
 * Understand Security Hub integration
 * Know how to send findings to Security Hub
 * Be able to configure automated synchronization
 * Have integrated with S3 for storage
 * Be familiar with third-party tool integrations
 ## Security Hub Benefits
 **Centralized Security:**
 * Aggregate findings from multiple tools
 * Unified view across AWS accounts and regions
 * Compliance dashboard
 **Automated Workflows:**
 * Trigger remediation workflows
 * Create incidents automatically
 * Integrate with SIEM tools
 **Prioritization:**
 * Filter by severity and compliance status
 * Track remediation progress
 * Generate executive reports
 ## Troubleshooting
 **Issue:** Security Hub not enabled
 * **Solution:** Run `aws securityhub enable-security-hub` to enable
 **Issue:** Permission denied sending findings
 * **Solution:** Ensure IAM role has `securityhub:BatchImportFindings` permission
 **Issue:** Findings not appearing in Security Hub
 * **Solution:** Check Prowler output for errors, verify region configuration
 **Issue:** Rate limit errors
 * **Solution:** Prowler batches findings automatically; retry if transient failures occur
 ## Next Steps
 Continue to [Lab 8: Prowler SaaS Platform](/workshop/lab-08-prowler-saas) to explore the managed Prowler Cloud platform with advanced features.
 ## Additional Resources
 * [Security Hub Integration Guide](/user-guide/providers/aws/securityhub)
 * [S3 Integration Guide](/user-guide/providers/aws/s3)
 * [Integrations Documentation](/user-guide/cli/tutorials/integrations)
 * [AWS Security Hub Documentation](https://docs.aws.amazon.com/securityhub/)
--- a/docs/workshop/lab-08-prowler-saas.mdx
+++ b/docs/workshop/lab-08-prowler-saas.mdx
@@ -0,0 +1,440 @@
 ---
 title: "Lab 8: Prowler SaaS Platform"
 description: "Explore Prowler Cloud's managed platform with advanced features, team collaboration, and continuous monitoring"
 ---
 <Note>
 **Tags:** `workshop` `prowler-cloud` `saas` `intermediate` `platform` `collaboration`
 </Note>
 # Lab 8: Prowler SaaS Platform
 Learn to use Prowler Cloud, the managed SaaS platform that provides advanced security monitoring, team collaboration, compliance dashboards, and AI-powered security insights.
 ## Prerequisites
 * Completion of previous labs (recommended but not required)
 * Prowler Cloud account (free trial available)
 * Cloud provider accounts (AWS, Azure, or GCP)
 * Basic understanding of Prowler concepts
 **Estimated Time:** 60 minutes
 ## Lab Objectives
 By completing this lab, you will:
 * Set up Prowler Cloud account
 * Connect cloud providers to Prowler Cloud
 * Navigate the Prowler Cloud interface
 * Use team collaboration features
 * Leverage AI-powered security insights
 * Configure continuous monitoring and alerts
 * Generate executive compliance reports
 ## Step 1: Create Prowler Cloud Account
 Sign up for Prowler Cloud:
 1. Visit [https://cloud.prowler.com](https://cloud.prowler.com)
 2. Click "Start Free Trial"
 3. Choose authentication method:
   * Email/password
   * Google authentication
   * GitHub authentication
   * SSO (for enterprise plans)
 4. Verify email address
 5. Complete onboarding wizard
 <Note>
 [Note: Screenshot of slide 115 showing Prowler Cloud signup - to be added]
 </Note>
 ## Step 2: Connect Your First Cloud Provider
 **Connect AWS Account:**
 1. Navigate to "Providers" in Prowler Cloud
 2. Click "Add Provider"
 3. Select "AWS"
 4. Choose connection method:
   * **CloudFormation Stack** (recommended)
   * **Manual IAM Role**
 5. Deploy CloudFormation template
 6. Copy Role ARN and External ID
 7. Test connection
 8. Click "Save"
 **CloudFormation Stack Deployment:**
 ```bash
 aws cloudformation create-stack \
    --stack-name prowler-integration \
    --template-url https://prowler-public.s3.amazonaws.com/prowler-role.yaml \
    --parameters ParameterKey=ExternalId,ParameterValue=<your-external-id> \
    --capabilities CAPABILITY_NAMED_IAM
 ```
 <Note>
 [Note: Screenshot of slide 118 showing provider connection - to be added]
 </Note>
 <Tip>
 The CloudFormation template creates a read-only IAM role with the minimum permissions required for Prowler scans.
 </Tip>
 ## Step 3: Run Your First Cloud Scan
 Initiate a security scan:
 1. Go to "Scans" page
 2. Click "New Scan"
 3. Select provider(s) to scan
 4. Choose scan type:
   * **Quick Scan:** Essential security checks
   * **Full Scan:** Comprehensive assessment
   * **Compliance Scan:** Framework-specific validation
 5. Click "Start Scan"
 Monitor scan progress:
 * Real-time progress indicator
 * Checks completed
 * Resources discovered
 * Findings identified
 <Note>
 [Note: Screenshot of slide 121 showing scan execution - to be added]
 </Note>
 ## Step 4: Explore the Findings Dashboard
 Navigate findings dashboard:
 **Overview Statistics:**
 * Total findings by severity
 * Compliance score
 * Trend over time
 * Top affected services
 **Filtering Options:**
 * Severity (Critical, High, Medium, Low)
 * Status (Open, In Progress, Resolved)
 * Cloud provider
 * Service
 * Compliance framework
 * Resource tags
 **Finding Details:**
 * Detailed description
 * Affected resources
 * Risk assessment
 * Remediation steps
 * Related compliance requirements
 <Note>
 [Note: Screenshot of slide 124 showing findings dashboard - to be added]
 </Note>
 ## Step 5: Use AI-Powered Security Insights
 Leverage Prowler Lighthouse AI features:
 **AI Security Assistant:**
 1. Click "Lighthouse" in navigation
 2. Ask questions about your security posture:
   * "What are my critical security risks?"
   * "Show me publicly exposed resources"
   * "How can I improve my compliance score?"
   * "What encryption issues exist?"
 **AI Remediation Guidance:**
 * Select any finding
 * Click "AI Remediation"
 * Review generated remediation steps
 * Get customized code/CLI commands
 * Apply fixes with confidence
 **AI Threat Analysis:**
 * Identifies attack patterns
 * Correlates related findings
 * Suggests priority order for remediation
 * Explains security impact
 <Note>
 [Note: Screenshot of slide 127 showing Lighthouse AI - to be added]
 </Note>
 ## Step 6: Configure Team Collaboration
 Set up team access and workflows:
 **Invite Team Members:**
 1. Go to "Settings" → "Team"
 2. Click "Invite Member"
 3. Enter email address
 4. Assign role:
   * **Admin:** Full access
   * **Editor:** Scan and remediate
   * **Viewer:** Read-only access
 5. Send invitation
 **Assign Findings:**
 1. Select findings
 2. Click "Assign"
 3. Choose team member
 4. Add due date
 5. Add comments/notes
 **Workflow States:**
 * Open → New finding
 * In Progress → Being investigated/fixed
 * Resolved → Remediated
 * False Positive → Not applicable
 * Risk Accepted → Acknowledged but not fixed
 <Note>
 [Note: Screenshot of slide 130 showing team collaboration - to be added]
 </Note>
 ## Step 7: Configure Continuous Monitoring
 Set up automated scanning:
 **Scheduled Scans:**
 1. Go to "Scans" → "Schedules"
 2. Click "Create Schedule"
 3. Configure:
   * Name: "Daily Security Scan"
   * Frequency: Daily, Weekly, or Custom cron
   * Time: 2:00 AM UTC
   * Providers: Select all
   * Notification preferences
 4. Save schedule
 **Real-Time Monitoring:**
 * Enable CloudTrail integration
 * Receive alerts for security events
 * Detect configuration drift
 * Identify new resources
 <Tip>
 Schedule scans during off-peak hours to minimize performance impact on your cloud APIs.
 </Tip>
 ## Step 8: Configure Alerts and Notifications
 Set up security alerts:
 **Alert Rules:**
 1. Navigate to "Alerts"
 2. Click "Create Alert Rule"
 3. Define conditions:
   * Finding severity ≥ High
   * Compliance score drops below 80%
   * New critical findings discovered
   * Public exposure detected
 4. Choose notification channels:
   * Email
   * Slack
   * Microsoft Teams
   * PagerDuty
   * Webhooks
 5. Save rule
 **Slack Integration:**
 1. Go to "Integrations" → "Slack"
 2. Click "Connect to Slack"
 3. Authorize Prowler app
 4. Select channel for notifications
 5. Configure alert preferences
 <Note>
 [Note: Screenshot of slide 134 showing alert configuration - to be added]
 </Note>
 ## Step 9: Generate Compliance Reports
 Create compliance reports for auditors:
 **Compliance Dashboard:**
 1. Navigate to "Compliance"
 2. View compliance scores by framework:
   * CIS Benchmarks
   * PCI-DSS
   * HIPAA
   * SOC2
   * ISO 27001
 3. Drill down into requirements
 4. View evidence for each control
 **Export Reports:**
 1. Select compliance framework
 2. Click "Generate Report"
 3. Choose format:
   * PDF (executive summary)
   * Excel (detailed findings)
   * CSV (raw data)
 4. Schedule recurring reports:
   * Weekly status updates
   * Monthly compliance reports
   * Quarterly audit packages
 **Report Customization:**
 * Add company logo
 * Include executive summary
 * Filter by business unit
 * Show remediation progress
 * Include trend analysis
 <Note>
 [Note: Screenshot of slide 137 showing compliance reports - to be added]
 </Note>
 ## Step 10: Multi-Account and Multi-Cloud Management
 Manage multiple cloud environments:
 **Add Multiple Providers:**
 1. Connect AWS accounts (dev, staging, production)
 2. Connect Azure subscriptions
 3. Connect GCP projects
 4. Organize with tags/labels
 **Provider Groups:**
 1. Create provider groups:
   * Production environments
   * Development environments
   * By business unit
   * By geographic region
 2. Run group-wide scans
 3. Generate consolidated reports
 **Cross-Cloud Insights:**
 * Compare security posture across providers
 * Identify configuration inconsistencies
 * Standardize security policies
 * Track multi-cloud compliance
 <Note>
 [Note: Screenshot of slide 140 showing multi-cloud management - to be added]
 </Note>
 ## Step 11: Advanced Features
 Explore advanced Prowler Cloud capabilities:
 **Custom Checks:**
 * Create organization-specific security policies
 * Define custom compliance requirements
 * Share with team
 **API Access:**
 * Programmatic access to findings
 * Integrate with internal tools
 * Automate workflows
 **RBAC (Role-Based Access Control):**
 * Fine-grained permissions
 * Provider-level access control
 * Audit logging
 **Security Integrations:**
 * AWS Security Hub
 * Jira
 * ServiceNow
 * Splunk
 * Custom webhooks
 ## Verification Steps
 Confirm successful lab completion:
 1. Prowler Cloud account created
 2. Cloud provider(s) connected
 3. Security scan completed
 4. Findings dashboard explored
 5. AI insights leveraged
 6. Team collaboration configured
 7. Continuous monitoring set up
 8. Compliance reports generated
 ## Expected Outcomes
 After completing this lab, you should:
 * Understand Prowler Cloud platform capabilities
 * Be able to connect and scan cloud providers
 * Know how to use AI-powered insights
 * Have configured team collaboration
 * Be able to generate compliance reports
 * Have set up continuous monitoring
 ## Prowler Cloud vs. Prowler CLI
 **Prowler Cloud Advantages:**
 * Managed infrastructure (no installation)
 * Web-based interface
 * Team collaboration features
 * AI-powered insights (Lighthouse)
 * Continuous monitoring
 * Historical trend analysis
 * Executive dashboards
 * Built-in integrations
 * Scheduled scans
 * Role-based access control
 **Prowler CLI Advantages:**
 * Self-hosted (on-premises)
 * No data leaves your environment
 * Scriptable and automatable
 * Free and open source
 * Custom integrations
 * Offline scanning
 <Tip>
 Many organizations use both: Prowler CLI for automated CI/CD pipelines and Prowler Cloud for centralized visibility and team collaboration.
 </Tip>
 ## Troubleshooting
 **Issue:** Cannot connect cloud provider
 * **Solution:** Verify IAM role permissions and trust relationship, check External ID
 **Issue:** Scan fails or times out
 * **Solution:** Check provider credentials are valid, ensure APIs are not rate-limited
 **Issue:** No findings appearing
 * **Solution:** Verify scan completed successfully, check filtering settings
 **Issue:** Alert notifications not received
 * **Solution:** Verify integration configuration, check notification channel settings
 ## Workshop Completion
 Congratulations on completing the Prowler Workshop! You have learned:
 * Prowler CLI installation and basic usage
 * Threat detection techniques
 * Custom check development
 * Multi-cloud security (AWS, Azure, GCP)
 * Compliance automation
 * Security tool integrations
 * Prowler Cloud platform capabilities
 ## Next Steps
 Continue your Prowler journey:
 * Join the [Prowler Community](https://goto.prowler.com/slack)
 * Contribute to [Prowler Open Source](https://github.com/prowler-cloud/prowler)
 * Explore [Prowler Hub](https://hub.prowler.com) for checks and frameworks
 * Read the [Prowler Documentation](https://docs.prowler.com)
 * Follow [Prowler on Twitter](https://twitter.com/prowlercloud)
 * Subscribe to [Prowler YouTube](https://www.youtube.com/@prowlercloud)
 ## Additional Resources
 * [Prowler Cloud Documentation](/getting-started/products/prowler-cloud)
 * [Prowler Cloud Pricing](/getting-started/products/prowler-cloud-pricing)
 * [AWS Marketplace Listing](/getting-started/products/prowler-cloud-aws-marketplace)
 * [Prowler API Reference](/getting-started/goto/prowler-api-reference)
 * [Prowler Lighthouse AI](/user-guide/tutorials/prowler-app-lighthouse)