implementing-cloud-vulnerability-posture-management | asi | ClaudePluginHub

Skill

implementing-cloud-vulnerability-posture-management

Implements multi-cloud Cloud Security Posture Management (CSPM) using AWS Security Hub, Azure Defender for Cloud, Prowler, and ScoutSuite to detect misconfigurations, compliance issues, and vulnerabilities.

$

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance violations, and security risks. Unlike traditional vulnerability scanning, CSPM focuses on cloud-native risks: IAM over-permissions, exposed storage buckets, unencrypted data, missing network controls, and service misconfigurations. This skill covers multi-cloud CSPM using AWS S...

SKILL.md

Similar Skills

implementing-cloud-vulnerability-posture-management

5.9k

Implements multi-cloud CSPM using AWS Security Hub, Azure Defender for Cloud, Prowler, and ScoutSuite to detect misconfigurations, compliance issues, and vulnerabilities.

7 files

cybersecurity-skills

implementing-cloud-vulnerability-posture-management

10

Implements multi-cloud CSPM for vulnerability and misconfiguration detection using AWS Security Hub, Azure Defender for Cloud, Prowler, and ScoutSuite.

7 files

cybersecurity-skills-zh

implementing-cloud-security-posture-management

16

Implements Cloud Security Posture Management (CSPM) to monitor AWS, Azure, GCP for misconfigurations, compliance violations, and risks using Prowler, ScoutSuite, Security Hub, Defender, and Security Command Center.

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

aws-security-hub

Help us improve

Share bugs, ideas, or general feedback.

Implementing Cloud Vulnerability Posture Management

Overview

Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance violations, and security risks. Unlike traditional vulnerability scanning, CSPM focuses on cloud-native risks: IAM over-permissions, exposed storage buckets, unencrypted data, missing network controls, and service misconfigurations. This skill covers multi-cloud CSPM using AWS Security Hub, Azure Defender for Cloud, and open-source tools like Prowler and ScoutSuite.

When to Use

When deploying or configuring implementing cloud vulnerability posture management capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

AWS CLI configured with SecurityAudit IAM policy
Azure CLI with Security Reader role
Python 3.9+ with boto3, azure-identity, azure-mgmt-security
Prowler (https://github.com/prowler-cloud/prowler)
ScoutSuite (https://github.com/nccgroup/ScoutSuite)

AWS Security Hub

Enable Security Hub

# Enable AWS Security Hub with default standards
aws securityhub enable-security-hub \
  --enable-default-standards \
  --region us-east-1

# Enable specific standards
aws securityhub batch-enable-standards \
  --standards-subscription-requests \
    '{"StandardsArn":"arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0"}' \
    '{"StandardsArn":"arn:aws:securityhub:us-east-1::standards/cis-aws-foundations-benchmark/v/1.4.0"}'

# Get findings summary
aws securityhub get-findings \
  --filters '{"SeverityLabel":[{"Value":"CRITICAL","Comparison":"EQUALS"}],"RecordState":[{"Value":"ACTIVE","Comparison":"EQUALS"}]}' \
  --max-items 10

Security Hub Standards

Standard	Description
AWS Foundational Security Best Practices	AWS-recommended baseline controls
CIS AWS Foundations Benchmark 1.4	CIS hardening requirements
PCI DSS v3.2.1	Payment card industry controls
NIST SP 800-53 Rev 5	Federal security controls

Azure Defender for Cloud

Enable Defender CSPM

# Enable Defender for Cloud free tier
az security pricing create \
  --name CloudPosture \
  --tier standard

# Check secure score
az security secure-score list \
  --query "[].{Name:displayName,Score:current,Max:max}" \
  --output table

# Get security recommendations
az security assessment list \
  --query "[?status.code=='Unhealthy'].{Name:displayName,Severity:metadata.severity,Resource:resourceDetails.id}" \
  --output table

# Get alerts
az security alert list \
  --query "[?status=='Active'].{Name:alertDisplayName,Severity:severity,Time:timeGeneratedUtc}" \
  --output table

Open-Source: Prowler

Installation and Execution

# Install Prowler
pip install prowler

# Run full AWS scan
prowler aws --output-formats json-ocsf,csv,html

# Run specific checks
prowler aws --checks s3_bucket_public_access iam_root_mfa_enabled ec2_sg_open_to_internet

# Run against specific AWS profile and region
prowler aws --profile production --region us-east-1 --output-formats json-ocsf

# Run CIS Benchmark compliance check
prowler aws --compliance cis_1.5_aws

# Run PCI DSS compliance
prowler aws --compliance pci_3.2.1_aws

# Scan Azure environment
prowler azure --subscription-ids "sub-id-here"

# Scan GCP environment
prowler gcp --project-ids "project-id-here"

Prowler Check Categories

Category	Examples
IAM	Root MFA, password policy, access key rotation
S3	Public access, encryption, versioning
EC2	Security groups, EBS encryption, metadata service
RDS	Public access, encryption, backup retention
CloudTrail	Enabled, encrypted, log validation
VPC	Flow logs, default SG restrictions
Lambda	Public access, runtime versions
EKS	Public endpoint, secrets encryption

Open-Source: ScoutSuite

# Install ScoutSuite
pip install scoutsuite

# Run AWS assessment
scout aws --profile production

# Run Azure assessment
scout azure --cli

# Run GCP assessment
scout gcp --project-id my-project

# Results available as interactive HTML report
# Open scout-report/report.html in browser

Multi-Cloud Aggregation

import json
import subprocess
from datetime import datetime, timezone

def run_prowler_scan(provider, output_dir, compliance=None):
    """Run Prowler scan for a cloud provider."""
    cmd = ["prowler", provider, "--output-formats", "json-ocsf",
           "--output-directory", output_dir]
    if compliance:
        cmd.extend(["--compliance", compliance])
    result = subprocess.run(cmd, capture_output=True, text=True, timeout=3600)
    return result.returncode == 0

def aggregate_findings(prowler_dirs):
    """Aggregate findings from multiple Prowler scans."""
    all_findings = []
    for scan_dir in prowler_dirs:
        json_files = list(Path(scan_dir).glob("*.json"))
        for jf in json_files:
            with open(jf, "r") as f:
                for line in f:
                    try:
                        finding = json.loads(line.strip())
                        all_findings.append(finding)
                    except json.JSONDecodeError:
                        continue
    # Sort by severity
    severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3, "informational": 4}
    all_findings.sort(key=lambda f: severity_order.get(
        f.get("severity", "informational").lower(), 5
    ))
    return all_findings

def generate_posture_report(findings, output_path):
    """Generate cloud security posture report."""
    report = {
        "generated_at": datetime.now(timezone.utc).isoformat(),
        "total_findings": len(findings),
        "by_severity": {},
        "by_provider": {},
        "by_service": {},
    }
    for f in findings:
        sev = f.get("severity", "unknown")
        provider = f.get("cloud_provider", "unknown")
        service = f.get("service_name", "unknown")
        report["by_severity"][sev] = report["by_severity"].get(sev, 0) + 1
        report["by_provider"][provider] = report["by_provider"].get(provider, 0) + 1
        report["by_service"][service] = report["by_service"].get(service, 0) + 1

    with open(output_path, "w") as f:
        json.dump(report, f, indent=2)
    return report

References