ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-04-15 00:57:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ed97fcd059af7d77a9be6dbe64830dfd1162637e
prowler/docs/getting-started/comparison/microsoftdefender.mdx
Andoni Alonso c08c27e5c6 docs: migrate to Mintlify (#8894)
2025-10-15 16:38:56 +02:00

102 lines
3.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: 'Microsoft Defender for Cloud'
---
**Use open-source scanning to validate and extend Microsoft Defender for Cloud**
---
## **Overview**
If you're using Microsoft Defender for Cloud to monitor your Azure infrastructure, Prowler can complement it with fully transparent, customizable scans across Azure, AWS, GCP, and Kubernetes. Prowler helps you validate policies, automate compliance, and gain deeper visibility—all from the CLI, API or our Prowler UI.
You can run Prowler alongside Defender for Cloud to:
* Double-check security posture with open-source checks.
* Customize rules for your organizations policies.
* Bring your own, or community contributed policies.
* Automate multi-cloud scans in CI/CD or scheduled jobs.
---
## **Why use Prowler with Defender for Cloud**
Microsoft Defender for Cloud offers centralized dashboards, alerting, and some cross-cloud coverage. Prowler provides full transparency and control over whats being checked and how those checks work—no vendor lock-in, no surprises.
Use them together to get:
* More confidence in your security posture
* Checks you can inspect, modify, and version
* CLI-first, portable scanning across clouds
* Open-source tooling that integrates easily into pipelines and audits
---
## **Quickstart**
Heres how to install Prowler and run a scan in your Azure account.
### **1\. Install Prowler**
```
git clone https://github.com/prowler-cloud/prowler
cd prowler
./install.sh
```
### **2\. Authenticate with Azure**
Make sure you're signed in and select your subscription:
```
az login
export AZURE_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
```
### **3\. Run a scan**
```
./prowler -p Azure -f az-aks -f az-general
```
This will run checks focused on Azure Kubernetes Service (AKS) and general Azure best practices.
### **4\. Review results**
```
cat output/prowler-output-*.json
open output/prowler-output-*.html
```
You can export findings in JSON, CSV, JUnit, HTML, or AWS Security Hubcompatible formats.
---
## **Compare capabilities**
| Feature | Microsoft Defender for Cloud | Prowler |
| ----- | ----- | ----- |
| Azure-native posture management | ✅ | ✅ |
| AWS, GCP, and Kubernetes support | ⚠️ (limited) | ✅ |
| Custom policy creation | ❌ | ✅ |
| CLI-first, scriptable | ❌ | ✅ |
| Open source | ❌ | ✅ |
| Compliance mappings (CIS, NIST, etc.) | ✅ (limited control) | ✅ (customizable) |
| Exportable detections | ❌ | ✅ |
---
## **Common use cases**
**✅ Validate policies**
Run Prowler to confirm your Azure policies are configured as expected and compliant with frameworks like CIS or NIST.
**✅ Automate compliance scans**
Schedule regular Prowler scans in your CI/CD pipeline or infrastructure monitoring workflows. Generate reports for auditors or internal reviews.
**✅ Extend detection coverage**
If Defender for Cloud doesnt cover all the services or resources in your environment, Prowlers checks fill in the gaps.
**✅ Build custom checks**
Security is never one-size-fits-all. Prowler lets you write your own checks for organization-specific policies.
Reference in New Issue View Git Blame Copy Permalink