Skip to content

Add Prowler detection coverage to 64 attack paths#10

Merged
sethsec merged 2 commits intoDataDog:mainfrom
andoniaf:add-prowler-detection-coverage
Feb 13, 2026
Merged

Add Prowler detection coverage to 64 attack paths#10
sethsec merged 2 commits intoDataDog:mainfrom
andoniaf:add-prowler-detection-coverage

Conversation

@andoniaf
Copy link
Contributor

@andoniaf andoniaf commented Feb 13, 2026

What type of PR is this? (check all applicable)

  • New Path
  • Add / Update / Fix info within an existing path
  • New Feature / Major Change / Refactor / Optimization
  • Non path based documentation Update (Readme, etc)

Description

Adds Prowler detection tool links to 64 attack paths following the merge of prowler-cloud/prowler#9922 (commit eabe488), which added 50+ privilege escalation patterns from pathfinding.cloud to Prowler's detection engine.

64 files changed across 3 categories:

  • 23 paths — Updated existing prowler: URLs to reference the new merged commit hash + correct line numbers
  • 14 paths — Added prowler: entry to existing detectionTools sections
  • 27 paths — Added new detectionTools sections with prowler: URLs

Skipped (not covered by Prowler):

  • ecs-006 (ecs:ExecuteCommand) — Not in Prowler
  • sts-001 (sts:AssumeRole) — Commented out in Prowler, needs resource/condition validation first

How to reproduce and testing

See the Adding a New Privilege Escalation Path section of our Contributing Guide to see how to test your changes locally.

# Validate all files
python scripts/validate-schema.py data/paths/

# All 66 files pass validation

@andoniaf
feat: add Prowler detection coverage to 64 attack paths
d500768 
Add Prowler privilege escalation detection links following the merge
of prowler-cloud/prowler#9922 (commit eabe488), which added 50+
patterns from pathfinding.cloud to Prowler's detection engine.

Changes:
- Added new prowler URLs to 41 paths (14 with existing detectionTools,
  27 with new detectionTools sections)
- Updated prowler URLs on 23 paths to reference the merged commit
- Skipped ecs-006 (not in Prowler) and sts-001 (commented out in Prowler)
@andoniaf
Copy link
Contributor Author

andoniaf commented Feb 13, 2026

And I'm already working on adding the missing ecs-006 one 😉

sethsec
sethsec previously approved these changes Feb 13, 2026
View reviewed changes
@sethsec
Copy link
Collaborator

sethsec commented Feb 13, 2026

I'm so happy to see these new paths added to Prowler @andoniaf, that is so cool! Thank you so much for this PR as well!

@sethsec sethsec merged commit 7c4014e into DataDog:main Feb 13, 2026
1 of 2 checks passed
@andoniaf andoniaf mentioned this pull request Feb 13, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sethsec sethsec sethsec approved these changes

@christophetd christophetd Awaiting requested review from christophetd christophetd is a code owner

@raesene raesene Awaiting requested review from raesene raesene is a code owner

@andrewkrug andrewkrug Awaiting requested review from andrewkrug andrewkrug is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andoniaf @sethsec