Anthropic-Cybersecurity-Skills/skills/implementing-cloud-security-posture-management/references/api-reference.md

API Reference: Implementing Cloud Security Posture Management

Libraries

Prowler (Multi-Cloud CSPM)

• Install: pip install prowler
• Docs: https://docs.prowler.com/
• CLI: prowler aws --compliance cis_level1 -M json
• Supported: AWS, Azure, GCP, Kubernetes
• Compliance frameworks: CIS, SOC2, PCI-DSS, HIPAA, NIST 800-53, GDPR

boto3 (AWS Posture Checks)

• Install: pip install boto3
• Key services: S3, IAM, EC2, CloudTrail, Config, SecurityHub

ScoutSuite (Multi-Cloud Auditing)

• Install: pip install scoutsuite
• Docs: https://github.com/nccgroup/ScoutSuite
• CLI: scout aws --report-dir /tmp/scout-report

AWS Posture Check APIs

Service	Method	Check
S3	get_public_access_block()	Public access settings
S3	get_bucket_encryption()	Default encryption
IAM	get_account_summary()	Root MFA status
IAM	list_access_keys()	Key age/rotation
EC2	describe_security_groups()	Open ports (0.0.0.0/0)
CloudTrail	get_trail_status()	Logging active
Config	describe_config_rules()	Compliance rules

Prowler Check Categories

• IAM: Access keys, MFA, password policy, root usage
• Storage: S3 public access, encryption, versioning
• Network: Security groups, VPC flow logs, NACLs
• Logging: CloudTrail, Config, VPC flow logs
• Encryption: EBS, RDS, S3, KMS key rotation

Severity Mapping

• CRITICAL: Root MFA disabled, CloudTrail off, public DB
• HIGH: S3 public access, open SSH/RDP, unencrypted volumes
• MEDIUM: Key rotation >90d, missing tags, flow logs off
• LOW: Informational findings, best practice suggestions

External References

• Prowler Documentation: https://docs.prowler.com/
• ScoutSuite: https://github.com/nccgroup/ScoutSuite
• AWS Security Hub: https://docs.aws.amazon.com/securityhub/
• CIS Benchmarks: https://www.cisecurity.org/benchmark/amazon_web_services