All integrations
InfrastructureCompliance

Prowler integration

Two ways to bring Prowler results in: connect the self-hosted Prowler App over its JSON:API (JWT login) and import the latest scan per cloud provider account, or upload the OCSF JSON / CSV file produced by the Prowler CLI. In both cases only FAIL findings are imported and one asset is created per cloud account.

Scan types imported

  • Cloud misconfiguration checks (AWS, Azure, GCP, Kubernetes)
  • Compliance-mapped failed checks

File import

OCSF JSONCSV

Upload the output of a Prowler CLI run (e.g. prowler aws -M json-ocsf). Findings are grouped by cloud account, and an asset is created automatically for each account.

What Centraleyezer expects in the file

  • Prowler OCSF JSON or CSV output, unmodified.
  • Only findings with status FAIL are imported.
  • Per finding: check ID, title, severity, risk description, recommendation with reference URL, and resource/service/region/account context.

API connection

Point the source at your Prowler App, log in with your Prowler account, click Test to list the connected cloud provider accounts, and select the account to track. Each run imports the account’s latest scan.

Configuration

Hostname
Prowler App host (e.g. prowler.internal).
Port
Prowler App API port — default 8080.
Username / Password
Your Prowler App login email and password (authenticated via JWT).
Remote Identifier
The cloud provider account (and its latest scan) — populated by the Test button.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Use the email/password of a Prowler App user that can see the target cloud provider. The provider accounts themselves are configured inside Prowler.

What gets imported on every run

  • All FAIL findings of the latest scan: check ID and title, severity (critical → informational), risk description and extended status.
  • Remediation text and reference URL per check.
  • Resource, service, region, account and compliance mapping bundled into the finding’s target details.
  • One asset per cloud account, created automatically.

How imported findings are risk-scored

Every Prowler finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Prowler integration live

Book a demo and we’ll connect your Prowler data and walk through risk-based prioritisation on your own findings.

Prowler Integration — Setup & Imported Scan Types