Using this feature you can run CIS benchmark tests (v1.2.0) and PCI, HIPAA, GDPR audit for your AWS cloud subscription. This includes CIS level 1 and level 2 checks for AWS as specified here:


Prowler is an open source tool that allows you to run CIS benchmarks for AWS. This tool is free and can be downloaded from Install any dependencies required by prowler tool. The cloud ready images for twigs (for Docker, AWS) have these tools and dependencies pre-installed on them.

Steps involved

  • Open a new shell / terminal.
  • Make sure you have Prowler downloaded
  • Note the location of prowler executable which is available in the downloaded copy of prowler. You can set environment variable “PROWLER_HOME” which points to Prowler download directory, instead of specifying “–prowler_home” argument on command-line.
  • You can run the command below:

twigs aws_cis  --aws_access_key AWS_ACCESS_KEY --aws_secret_key AWS_SECRET_KEY --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET --prowler_home HOME_DIRECTORY_FOR_PROWLER

  • Asset id is not optional. Use a unique identifier for your AWS cloud instance as an asset e.g. AWS subscription id.
  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered AWS instance as an asset as well as results of the CIS benchmark tests.
  • You can run the AWS audit checks similarly:
    • twigs aws_audit --aws_access_key AWS_ACCESS_KEY --aws_secret_key AWS_SECRET_KEY --assetid UNIQUE_ASSET_ID --assetname NAME_LABEL_FOR_ASSET --prowler_home HOME_DIRECTORY_FOR_PROWLER
  • Twigs will automatically mark/resolve any fixed issues that were discovered as part of a previous run.