Prowler currently focuses on cloud services and big vendors, specifically AWS and GCP, but we can improve by including EC2-specific checks, such as identifying open RDP ports. While Prowler supports that, it lacks a suppress feature for false positives reported by users, so this is an area for improvement. The flow of traffic information is vital, as Prowler requires read-only access to resources. Any user can pinpoint using the network and facilitate remediation. There should also be a dashboard for attack vectors to manage incoming traffic and enhance infrastructure security, making these enhancements beneficial for Prowler's future. I give Prowler a score of seven or eight due to its inclusion of multiple security policies and the lack of a feature for adding false positives. Additionally, the network architecture features are incomplete even after recent revisions. Improving AI-sourced security posture features would enhance Prowler's value significantly, as would the option to allow automatic remediation for identified issues. Prowler's AI capabilities are good but just starting, as significant improvements are still needed on that front. I find the AI features reliable and accurate; we rely on the recommendations provided. However, if Prowler could also include remediation capabilities for users, it would significantly reduce manual efforts, showcasing the potential of AI. It currently summarizes data from Security Hub and AWS documentation, and improving this would be beneficial.
