Cloud Misconfiguration Threat Detection and Analysis Using Docker, Prowler, ScoutSuite, and YARA
Keywords:
AWS misconfiguration, CIS benchmark, Cloud security, DevSecOps, Docker containerization, Intrusion detection, Prowler, ScoutSuiteAbstract
Given the presence of cloud computing platforms such as Amazon Web Services (AWS), the interaction of developing and progressive threats, as well as misconfigurations, has become a new standard. That is why realistic and auto-piloted detection and mitigation frameworks are required. In this paper, the author will address and recommend a hybrid multi-model cloud security and threat detection framework using the three most downloaded open-source cloud security tools: Prowler, ScoutSuite and YARA. These will be synchronized and combined with Docker containers, therefore, creating a powerful and scalable cloud security and threat-detecting platform. Windows and Windows Subsystem for Linux (WSL) will be used to implement the offered solution. The proposed solution will address the issues that are present in the field of cloud security and threat detection by offering a possible and scalable framework. The proposed framework will utilize the fact that Prowler will automate compliance auditing using more than 300 controls of the CIS Benchmark and AWS well-architected frameworks. The proposed framework will be created with reference to the functionality of the framework, which probes 15+ services of the AWS attack surface using ScoutSuite. The detection of malware and IoCs will be carried out at the file level and at the log level using YARA.
References
P. Mell and T. Grance, “The NIST definition of cloud computing,” NIST, vol. 800, no. 145, Sep. 2011.
S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, Jan. 2011.
Center for Internet Security. CIS Amazon Web Services Foundations Benchmark, Version 3.0. CIS Benchmarks, 2023.
G. A. A. Prana et al., “Out of sight, out of mind? How vulnerable dependencies affect open-source projects,” Empirical Software Engineering, vol. 26, no. 59, Apr. 2021.
I. Lates and C. Boja, “Automating attack and defense strategies in cybersecurity,” Informatica Economica, vol. 29, no. 1/2025, pp. 5–15, Mar. 2025.
NCC Group, ScoutSuite: Multi-Cloud Security Auditing Tool, GitHub Repository, 2020.
M. Howard and D. LeBlanc, Writing Secure Code, 2nd ed. Redmond, WA, USA: Microsoft Press, 2003.
V. M. Alvarez. YARA: The pattern matching Swiss knife for malware researchers. VirusTotal, 2020.
B. Thuraisingham, “Cloud Governance,” 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), Beijing, China, 2020, pp. 86–90.
A. Singh and K. Chatterjee, “Cloud security issues and challenges: A survey,” Journal of Network and Computer Applications, vol. 79, pp. 88–115, Feb. 2017.
Amazon Web Services, “Security pillar: AWS well-architected framework” AWS Documentation, 2023.
Docker Inc. Docker Documentation: Overview of docker compose. 2023.
A.-R. Sadeghi, “Security and privacy more crucial than ever,” IEEE Security & Privacy, vol. 15, no. 1, pp. 3–4, Jan. 2017.
Verizon business. 2026 Data Breach Investigations Report. Verizon Business. 2026.
M. Almorsy, J. Grundy, and I. Müller, “An analysis of the cloud computing security problem,” arXiv.org, Sep. 05, 2016.
