mirror of
https://github.com/ivuorinen/cheatsheet-tldr.git
synced 2026-01-26 11:33:59 +00:00
43 lines
1.3 KiB
Plaintext
43 lines
1.3 KiB
Plaintext
---
|
|
syntax: markdown
|
|
tags: [tldr, common]
|
|
source: https://github.com/tldr-pages/tldr.git
|
|
---
|
|
# prowler azure
|
|
|
|
> Assess Azure security best practices, perform audits, compliance checks, and generate reports.
|
|
> See also: `prowler`, `prowler-aws`, `prowler-gcp`, `prowler-kubernetes`, `prowler-m365`, `prowler-github`.
|
|
> More information: <https://docs.prowler.com/user-guide/cli/tutorials/misc>.
|
|
|
|
- Run the default set of checks on the current Azure account using Azure CLI authentication:
|
|
|
|
`prowler azure --az-cli-auth`
|
|
|
|
- Run checks for specific Azure subscriptions:
|
|
|
|
`prowler azure --az-cli-auth --subscription-ids {{subscription_id1 subscription_id2 ...}}`
|
|
|
|
- Authenticate using a service principal via environment variables:
|
|
|
|
`prowler azure --sp-env-auth`
|
|
|
|
- Authenticate using browser login and specify a tenant ID:
|
|
|
|
`prowler azure --browser-auth --tenant-id "{{XXXXXXXX}}"`
|
|
|
|
- Authenticate using a managed identity (e.g. for Azure VM):
|
|
|
|
`prowler azure --managed-identity-auth`
|
|
|
|
- Run checks for selected Azure services:
|
|
|
|
`prowler azure {{[-s|--services]}} {{defender|iam|...}}`
|
|
|
|
- Run a specific Azure check:
|
|
|
|
`prowler azure {{[-c|--checks]}} {{storage_blob_public_access_level_is_disabled}}`
|
|
|
|
- Exclude specific checks or services:
|
|
|
|
`prowler azure {{[-e|--excluded-checks]}} {{storage_blob_public_access_level_is_disabled}} --exclude-services {{defender|iam|...}}`
|