# Prowler Integration

The CyberCyte portal can integrate with Gophish for further analysis and investigations.  To integrate, please follow these steps:

## 1. Triggering the Background Job

Navigate to "MSSP“ -> "SUPERORG Management", it will automaticly trigger the background job.

## 2. Setting Up The Linux Server and Scanner Component

1. Login to the Linux server for deployment of the cloud scanner component. Please use SFTP for uploading the component to the server (CyberCyte will prove the scanner component). Execute these comments below on the Linux server:

* `chmod +x /tmp/CyberCyteCloudExposureScanner-<version>`
* `mv CyberCyteCloudExposureScanner-<version> CyberCyteCloudExposureScanner`
* `/tmp/CyberCyteCloudExposureScanner --setup`

This commands for inital deployment. For the upgrade please execute these commands:

* `chmod +x /tmp/CyberCyteCloudExposureScanner-<version>`
* `mv CyberCyteCloudExposureScanner-<version> CyberCyteCloudExposureScanner`
* `/tmp/CyberCyteCloudExposureScanner --update`

2. After initial setup please configure settings.json with these values below:

`{`\
`"concurrent_orgs": 5, -> How many org that can be handled at the same time,`\
`"endpoint_url": "`[`https://xxx.yyy.com`](https://preprod.cloudcyte.com/)`" -> The portal address`\
`}`

3. Start the service after the configuration with these command below:

* ./CyberCyteCloudExposureScanner --install-service

After the starting the service it should be appear under the “/#/console/cloud\_exposure\_scanner\_settings”.

## 3. Connection Configurations

To create a credential for AWS or Azure Cloud services used in the infrastructure, we need to follow the steps below:

### **Amazon Web Services (AWS):**

Please login to the AWS portal and navigate to “AIM” → “My Security Credentails” (<https://us-east-1.console.aws.amazon.com/iam/home?region=eu-north-1#/security_credentials>). Under the “Access Keys” we need to create an access key and secret key, then take these values to the CyberCyte portal.

<figure><img src="/files/XOPjS9rgfHEh16qG2dzL" alt=""><figcaption></figcaption></figure>

### **Microsoft Azure:**

1. &#x20;Login to the Azure portal and navigate to “App Registrations” and create an app with “Single Tenant” with no URL.
2. &#x20;On the created app, configure API permissions with permiting these values below:

**Directory.Read.All**

**Policy.Read.All**

**UserAuthenticationMethod.Read.All (optional, for MFA checks)**

<figure><img src="/files/LMkZvjLQd2TF9zi0e8PP" alt=""><figcaption></figcaption></figure>

3. &#x20;Save and grant the permissions.
4. &#x20;Navigate “Certificates & Secrets” and click on the “Add Client Secret” inside of the app. This action will create an new secret. The “Value” is client secret and under the “Overview” section there is “Tenant ID” and “Subscription ID”. Save these values, we will use that values in the next steps.

<figure><img src="/files/RzZLb8BfXi37l0YOVosN" alt=""><figcaption></figcaption></figure>

5. Take some of the role form Prowler’s official repository and save it as a json file:

&#x20;[<img src="https://github.com/fluidicon.png" alt="" data-size="line">prowler/permissions/prowler-azure-custom-role.json at master · prowler-cloud/prowler](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-azure-custom-role.json)

6. &#x20;Configure json files values like this:

`"assignableScopes": [`\
`"/subscriptions/<SUBSCRIPTION ID>"`\
`],`

7. &#x20;After configuration, please navigate to Azure portal again, under the “Subscription” → “IAM” click on “+Add” button and save .json file as a custom role. After adding the custom role, click on the “+ Add Role Assignment” and assign this role as a applicaiton member.

<figure><img src="/files/OdsREjqoZthNud5IBLA1" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/NSg3ifCxK5p2hhjA0HoI" alt=""><figcaption></figcaption></figure>

8. &#x20;Back to the CyberCyte portal and create a credential with selecting “Graph API”.

## 4. Creating a Policy For Integration

For creating a policy select "Scenario/Discovery/Integration" -> "Cloud Configuration”. Select the credential, the group assignment is not important.

<figure><img src="/files/mxa9SyE8UgVHpKgO33QZ" alt=""><figcaption></figcaption></figure>

## 5. Checking The Results

We can observe the results under the “Security Assurance”: “/#/security\_assurance/cloud\_configuration\_management/security\_controls\_prowler\_results”

<figure><img src="/files/uLw17CbJG7r7a2Y4UPkS" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/integrations/prowler-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.