Findings

Collects security findings from Prowler scans, including misconfigurations and compliance violations across cloud environments.

Sync Type: Incremental

Requirements

Before configuring this input, you need to:

Generate a Prowler API Key:
- Log in to your Prowler account
- Navigate to Settings > API Keys
- Click Create API Key
- Copy and securely store the generated key (you will only see it once)
API Access:
- Ensure your Prowler account has API access enabled
- Confirm you have permissions to view findings

Details

Monad tracks the state of the input using timestamps. On the first run, it fetches findings according to the current date filter[inserted_at]. On subsequent runs, it uses the filter[updated_at__gte] parameter to fetch only findings that have been created or updated since the last successful sync. Monad stores the timestamp of the last successful run to support incremental syncing.

The connector:

Uses the Prowler API /api/v1/findings endpoint
Supports pagination with page-based navigation (max 100 findings per page)
Filters by cloud provider type and/or severity level (optional)
Respects Prowler's rate limits (5 requests per second)

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Provider Type	array	No	Filter findings by cloud provider type. Valid values: alibabacloud, aws, azure, cloudflare, gcp, github, googleworkspace, iac, image, kubernetes, m365, mongodbatlas, openstack, oraclecloud. Leave empty to fetch all providers.
Severity	array	No	Filter findings by severity level. Valid values: critical, high, medium, low, informational. Leave empty to fetch all severities.

Secrets

Secret	Type	Required	Description
API Key	string	Yes	Prowler API key for authentication. Generate one in the Prowler UI under Settings > API Keys. Use the key value directly (the connector will prepend "Api-Key " automatically).

Rate Limits

Scope	Limit	Window	Notes
API Requests	5	per second	Conservative limit based on API best practices. Prowler does not publish explicit rate limits.

Headers: Authorization (Api-Key format) Source: Prowler API documentation

Limitations

Maximum 100 findings per API response page
Incremental syncs use timestamp-based filtering
Filters (provider_type, severity) are applied at query time

Troubleshooting

Authentication Errors

Verify the API key is correct and hasn't expired
Ensure the API key has been properly copied from the Prowler UI
Confirm you have API access enabled in your Prowler account

No Findings Returned

Check that your Prowler account has findings from Prowler scans
Verify that the selected filters (provider_type, severity) match your findings
Ensure at least one cloud provider has been scanned in Prowler

Rate Limit Errors

The connector automatically handles rate limiting with exponential backoff
If errors persist, reduce the frequency of syncs or increase time between runs

Sample Record

{
  "type": "findings",
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "attributes": {
    "uid": "prowler-aws-s3_bucket_public_access_block-a1b2c3d4-e5f6-7890-abcd",
    "delta": "new",
    "status": "FAIL",
    "status_extended": "S3 bucket does not have PublicAccessBlock enabled",
    "severity": "high",
    "check_id": "s3_bucket_public_access_block",
    "check_metadata": {
      "Provider": "aws",
      "CheckID": "s3_bucket_public_access_block",
      "CheckTitle": "Ensure S3 bucket has PublicAccessBlock enabled",
      "CheckType": [],
      "ServiceName": "s3",
      "SubServiceName": "",
      "ResourceIdTemplate": "arn:aws:s3:::my-bucket",
      "Severity": "high",
      "ResourceType": "AWS::S3::Bucket",
      "Description": "S3 bucket does not have PublicAccessBlock configuration to prevent public access",
      "Risk": "Public access to S3 buckets can lead to data exposure and compliance violations",
      "RelatedUrl": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-overview.html",
      "Remediation": {
        "Code": {
          "CLI": "aws s3api put-public-access-block --bucket my-bucket --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true",
          "NativeIaC": "",
          "Other": "",
          "Terraform": ""
        },
        "Recommendation": {
          "Text": "Enable PublicAccessBlock on all S3 buckets to prevent accidental public exposure",
          "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-overview.html"
        }
      },
      "Categories": ["security"],
      "DependsOn": [],
      "RelatedTo": [],
      "Notes": ""
    },
    "categories": ["security", "s3"],
    "resource_groups": null,
    "raw_result": {
      "result": "FAIL",
      "resource_arn": "arn:aws:s3:::my-bucket"
    },
    "inserted_at": "2025-03-19T10:30:00Z",
    "updated_at": "2025-03-19T10:30:00Z",
    "first_seen_at": "2025-03-19T10:30:00Z",
    "muted": false,
    "muted_reason": null
  },
  "relationships": {
    "scan": {
      "data": {
        "id": "scan-123456",
        "type": "scans"
      }
    },
    "resources": {
      "data": [
        {
          "id": "resource-789",
          "type": "resources"
        }
      ]
    }
  }
}

Requirements​

Details​

Configuration​

Settings​

Secrets​

Rate Limits​

Limitations​

Troubleshooting​

Authentication Errors​

No Findings Returned​

Rate Limit Errors​

Related Articles​

Sample Record​