Auditor Plugins

Auditor plugins are plugins that do not collect any information from remote API’s, but operate on the information collected by the collectors. Typical auditor actions include;

  • Perform changes on resources directly - The CloudTrail auditor will automatically create and maintain your CloudTrail settings
  • Create issues for operators to handle - The Domain Hijacking Auditor simply raises issues, and operators are responsible for remidiating the issue
  • Both - The Required Tags Auditor will create issues and notify operators and account owners, but will also automatically stop instances that are not compliant (if enabled in configuration)

Official Auditors

Probator provides a set of officially supported Auditors, that can be installed on top of the core framework.

Below you’ll see a table describing each plugin as well as the name of the package to use when installing the plugins with pip3 install $PACKAGE

Auditor Name Description Package Name
CloudTrailAuditor Audits and maintains CloudTrail logging configuration probator_auditor_cloudtrail
DomainHijackAuditor Checks your environment for any references to Cloud Objects that has been deleted, leaving you vulnerable to a domain hijacking probator_auditor_domain_hijacking
EBSAuditor Alerts if you have EBS volumes that are not attached to instances probator_auditor_ebs
EncryptionAuditor Audits your resources to check if the data is encrypted at rest probator_auditor_encryption
IAMAuditor Create and manage IAM roles and Policies. Loads roles and policies from a git repository probator_auditor_iam
RequiredTagsAuditor Ensures that resources have the tags required by the configuration. Resources that are non-compliant can be stopped (if applicable) and terminated by the auditor after the operator configured grace periods probator_auditor_required_tags
VPCFlowLogsAuditor Create and manage VPC Flow Logging setting for all your VPCs, to send flow logs to a configured central destination probator_auditor_vpc_flowlogs