daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into main

patch-13
aayush2561 2024-10-28 15:11:41 +05:45 committed by GitHub
parent 650e8fda9a 0ad235e4fa
commit a0e748b977
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
24 changed files with 1337 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.new-additions
View File

@ -2,8 +2,30 @@ cloud/aws/dms/dms-multi-az.yaml
cloud/aws/dms/dms-public-access.yaml
cloud/aws/dms/dms-version-upgrade.yaml
cloud/aws/ebs/ebs-encryption-disabled.yaml
cloud/aws/efs/efs-encryption-disabled.yaml
cloud/aws/elasticache/cache-automatic-backups-disabled.yaml
cloud/aws/elasticache/cache-event-notification-disabled.yaml
cloud/aws/elasticache/cache-redis-encryption-disabled.yaml
cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml
cloud/aws/firehose/firehose-server-destination-encryption.yaml
cloud/aws/firehose/firehose-server-side-encryption.yaml
cloud/aws/guardduty/guardduty-findings.yaml
cloud/aws/guardduty/guardduty-not-enabled.yaml
cloud/aws/guardduty/malware-protection-disabled.yaml
cloud/aws/guardduty/s3-protection-disabled.yaml
cloud/aws/inspector2/inspector2-disabled.yaml
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml
cloud/aws/rds/rds-automated-backup-disabled.yaml
cloud/aws/rds/rds-backtrack-disabled.yaml
cloud/aws/rds/rds-cluster-protection-disabled.yaml
cloud/aws/rds/rds-copy-snap.yaml
cloud/aws/rds/rds-insights-disabled.yaml
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml
cloud/aws/rds/rds-log-export-disabled.yaml
cloud/aws/rds/rds-multi-az.yaml
cloud/aws/rds/rds-public-access.yaml
cloud/aws/route53/route53-dns-query-disabled.yaml
cloud/aws/route53/route53-dnssec-signing-disabled.yaml
dast/cves/2024/CVE-2024-2961.yaml
http/cnvd/2024/CNVD-2024-38747.yaml
http/cves/2015/CVE-2015-8562.yaml

60
cloud/aws/efs/efs-encryption-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: efs-encryption-disabled
info:
name: EFS Encryption - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that the data available on your Amazon EFS file systems is encrypted at rest in order to meet security and compliance requirements.
impact: |
Sensitive data transmitted or stored in Redis could be exposed, leading to potential data breaches or unauthorized access.
remediation: |
Enable encryption for AWS EFS by configuring encryption at rest in the EFS settings to protect data from unauthorized access.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/in-transit-and-at-rest-encryption.html
- https://docs.aws.amazon.com/efs/latest/ug/encryption.html
tags: cloud,devops,aws,amazon,efs-encryption-disabled,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let FileSystemId of iterate(template.filesystemids)){
set("filesystemid", FileSystemId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws efs describe-file-systems --region $region --output json --query 'FileSystems[*].FileSystemId'
extractors:
- type: json
name: filesystemids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws efs describe-file-systems --region $region --file-system-id $filesystemid --query 'FileSystems[*].Encrypted' --output json
matchers:
- type: word
words:
- "false"
extractors:
- type: dsl
dsl:
- 'filesystemid + " EFS Encryption is Disabled"'
# digest: 490a0046304402202f3524493875a0119ee2ee6e8fc65a74c5f15c1e355ac921c5835d100f13bc7302200d7986a9d0b33d821a24772e250381523a6c47374b1f84ca39891df988fefc87:922c64590222798bb761d5b6d8e72950

60
cloud/aws/elasticache/cache-automatic-backups-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: cache-automatic-backups-disabled
info:
name: ElastiCache Automatic Backups - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that Amazon ElastiCache is configured to take automatic daily backups for Redis cache clusters.
impact: |
Disabling ElastiCache automatic backups increases the risk of data loss, as you won't have point-in-time recovery options in case of data corruption or accidental deletion.
remediation: |
enable automatic backups in the AWS Management Console for your ElastiCache Redis or Memcached cluster to ensure regular snapshots for data recovery.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/enable-automatic-backups.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-automatic.html
tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationGroupId of iterate(template.replicationgroupids)){
set("replicationgroup", ReplicationGroupId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --output json --query 'ReplicationGroups[*].ReplicationGroupId'
extractors:
- type: json
name: replicationgroupids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --replication-group-id $replicationgroup --query 'ReplicationGroups[*].SnapshotRetentionLimit' --region $region --output json
matchers:
- type: word
words:
- '0'
extractors:
- type: dsl
dsl:
- 'replicationgroup + " ElastiCache Automatic Backups is Disabled"'
# digest: 4a0a0047304502210087c54085d08d635a332b799ec9ec22d6ddfa6740d360649eab91c74f128664ca0220747eef461974f2e267e2356c4f18a67918ca9b085d0e0cf0b81be01288315ebd:922c64590222798bb761d5b6d8e72950

60
cloud/aws/elasticache/cache-event-notification-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: cache-event-notification-disabled
info:
name: ElastiCache Event Notifications - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon ElastiCache clusters are configured to send event notifications via Amazon Simple Notification Service (SNS) in order to monitor your cache clusters for important events and quickly mitigate any issues with your cache system.
impact: |
Disabling ElastiCache event notifications prevents timely alerts about cluster events, such as failovers, maintenance updates, or configuration changes, which can hinder proactive incident response and monitoring.
remediation: |
To remediate the disabled ElastiCache event notifications, enable event notifications in the AWS Management Console by configuring an Amazon SNS topic to receive alerts for important cluster events.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/enable-cluster-event-notifications.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ECEvents.SNS.html
tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let CacheClusterId of iterate(template.cacheclusterids)){
set("cacheclusterid", CacheClusterId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws elasticache describe-cache-clusters --region $region --output json --query 'CacheClusters[*].CacheClusterId'
extractors:
- type: json
name: cacheclusterids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws elasticache describe-cache-clusters --region $region --cache-cluster-id $cacheclusterid --query 'CacheClusters[*].NotificationConfiguration.TopicArn' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'replicationgroup + " ElastiCache Event Notifications is Disabled"'
# digest: 4b0a00483046022100ab045d9b41360da2b45ee3b9c537ba52e19a0755acb19ec581b2ed23f9dc20a5022100ffa958947047b3edf93b57eef8be1044206e78ca23573a7a1afaf60fdf92b531:922c64590222798bb761d5b6d8e72950

61
cloud/aws/elasticache/cache-redis-encryption-disabled.yaml Normal file
View File

@ -0,0 +1,61 @@
id: cache-redis-encryption-disabled
info:
name: ElastiCache Redis In-Transit and At-Rest Encryption - Disabled
author: DhiyaneshDK
severity: high
description: |
Ensure that your Amazon ElastiCache Redis cache clusters are encrypted in order to meet security and compliance requirements.
impact: |
Sensitive data transmitted or stored in Redis could be exposed, leading to potential data breaches or unauthorized access.
remediation: |
Enable in-transit and at-rest encryption in the Redis cluster settings to protect sensitive data.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/in-transit-and-at-rest-encryption.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html
tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationGroupId of iterate(template.replicationgroupids)){
set("replicationgroup", ReplicationGroupId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --output json --query 'ReplicationGroups[*].ReplicationGroupId'
extractors:
- type: json
name: replicationgroupids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --replication-group-id $replicationgroup --query 'ReplicationGroups[*].[AtRestEncryptionEnabled,TransitEncryptionEnabled] | []' --output json
matchers:
- type: word
words:
- "false"
extractors:
- type: dsl
dsl:
- 'replicationgroup + " ElastiCache Redis In-Transit and At-Rest Encryption is Disabled"'
# digest: 4b0a00483046022100c36ec305884cf56077c4292344b9fae8b609e594655832d1904ca65a1aee63d00221009a93c7d9990d13b1b8fafa34671dcfcef0805a7e98d0df94566791411fd0a593:922c64590222798bb761d5b6d8e72950

60
cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: cache-redis-multiaz-disabled
info:
name: ElastiCache Redis Multi-AZ - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon ElastiCache Redis cache clusters are using a Multi-AZ deployment configuration to enhance reliability through automatic failover.
impact: |
Disabling ElastiCache Redis Multi-AZ can lead to data loss and increased downtime in the event of a primary node failure, as failover to a secondary node in a different availability zone will not occur automatically.
remediation: |
Enable Multi-AZ replication in the ElastiCache Redis settings or create a new cluster with Multi-AZ enabled to ensure high availability.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/elasticache-multi-az.html
- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html
tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let ReplicationGroupId of iterate(template.replicationgroupids)){
set("replicationgroup", ReplicationGroupId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --output json --query 'ReplicationGroups[*].ReplicationGroupId'
extractors:
- type: json
name: replicationgroupids
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws elasticache describe-replication-groups --region $region --replication-group-id $replicationgroup --query 'ReplicationGroups[*].MultiAZ'
matchers:
- type: word
words:
- 'disabled'
extractors:
- type: dsl
dsl:
- 'replicationgroup + " ElastiCache Redis Multi-AZ is Disabled"'
# digest: 4a0a0047304502204301e43ac045c6186aedb2a1a074610422c2002d90876cf4ac2d3402436911b6022100b9868d4c62014154ed9d7f27e2aa4282e365d89ee6795b2f192a11c9e74505e8:922c64590222798bb761d5b6d8e72950

58
cloud/aws/guardduty/guardduty-findings.yaml Normal file
View File

@ -0,0 +1,58 @@
id: guardduty-findings
info:
name: Open GuardDuty Findings
author: DhiyaneshDK
severity: medium
description: |
Check for AWS GuardDuty findings and resolve them step by step to ensure that your AWS infrastructure is protected against security threats.
impact: |
GuardDuty findings indicate potential security threats, such as compromised instances, unauthorized access, or malicious activities within your AWS environment, requiring immediate investigation.
remediation: |
Investigate and respond to GuardDuty findings by analyzing the threat details and taking corrective actions, such as blocking malicious IPs, revoking compromised credentials, or isolating affected instances. Use AWS Security Hub or AWS Config for automated remediation where applicable.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/findings.html
- https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html
tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DetectorIds of iterate(template.detectors)){
set("detector", DetectorIds)
code(2)}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws guardduty list-detectors --region $region --query 'DetectorIds' --output json
extractors:
- type: json
name: detectors
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws guardduty list-findings --region $region --detector-id $detector --query 'FindingIds' --output json
matchers:
- type: regex
regex:
- '\"(.*)\"'
extractors:
- type: dsl
dsl:
- '"The AWS account has open GuardDuty Findings"'
# digest: 4a0a00473045022100e3c328614414aef385eb992b48dc665cffd2a483618b008b2b8cc7cff933c87502202c2e1a3ef936449c944508ccfb2460ac96d065c3e72244fb83cb529ed5a3e95e:922c64590222798bb761d5b6d8e72950

39
cloud/aws/guardduty/guardduty-not-enabled.yaml Normal file
View File

@ -0,0 +1,39 @@
id: guardduty-not-enabled
info:
name: GuardDuty Not Enabled
author: DhiyaneshDK
severity: info
description: |
Ensure that Amazon GuardDuty service is currently enabled in all regions in order to protect your AWS environment and infrastructure (AWS accounts and resources, IAM credentials, guest operating systems, applications, etc) against security threats.
impact: |
GuardDuty disabled leaves your AWS environment vulnerable to undetected threats, such as unauthorized access, anomalous activities, and potential security breaches, compromising the overall security posture.
remediation: |
Enable GuardDuty to continuously monitor and detect security threats in your AWS environment.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/guardduty-enabled.html
- https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config
variables:
region: "us-west-2"
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws guardduty list-detectors --region $region --query 'DetectorIds' --output json
matchers:
- type: word
words:
- "[]"
extractors:
- type: dsl
dsl:
- '"GuardDuty Is Not Enabled"'
# digest: 4b0a00483046022100a4b4d58c1c63e777f526ea729b0606c9778e22d31303546c4dd802e07f6adbaf022100b6259e9ecca607e4a4a59f5783407a2624c810904acde7de240c6b371fbf65c0:922c64590222798bb761d5b6d8e72950

59
cloud/aws/guardduty/malware-protection-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: malware-protection-disabled
info:
name: GuardDuty Malware Protection - Disabled
author: DhiyaneshDK
severity: info
description: |
Ensure that the Malware Protection feature is enabled for your Amazon GuardDuty detectors.
impact: |
GuardDuty Malware Protection disabled increases the risk of undetected malware threats on EBS volumes, potentially leading to data compromise or system breaches.
remediation: |
Enable GuardDuty Malware Protection by configuring the feature in the GuardDuty console or using the AWS CLI, to scan EBS volumes for malware and ensure proactive threat detection.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/enable-malware-protection.html
- https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html
tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DetectorIds of iterate(template.detectors)){
set("detector", DetectorIds)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws guardduty list-detectors --region $region --query 'DetectorIds' --output json
extractors:
- type: json
name: detectors
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws guardduty get-detector --region $region --detector-id "$detector" --query 'DataSources.MalwareProtection.ScanEc2InstanceWithFindings.EbsVolumes.Status' --output json
matchers:
- type: word
words:
- "DISABLED"
extractors:
- type: dsl
dsl:
- '"GuardDuty Malware Protection " + detector + " is Disabled"'
# digest: 4b0a00483046022100decfe07108934c7e0cc3a86caa2ebb9e10c7ab08a6eb81fdad419f5ccc0e4924022100b723fe87a025db147a310cb8210fc4ee048e49ca029d8c4d1e74eeab03b91eab:922c64590222798bb761d5b6d8e72950

59
cloud/aws/guardduty/s3-protection-disabled.yaml Normal file
View File

@ -0,0 +1,59 @@
id: s3-protection-disabled
info:
name: GuardDuty S3 Protection - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that the S3 Protection feature is enabled for your Amazon GuardDuty detectors.
impact: |
GuardDuty S3 Protection disabled increases the risk of undetected malicious activities, such as unauthorized access or data exfiltration, within S3 buckets.
remediation: |
Enable GuardDuty S3 Protection by configuring it in the GuardDuty console or via AWS CLI to monitor S3 buckets for unauthorized access and malicious activities.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/enable-s3-protection.html
- https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html
tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DetectorIds of iterate(template.detectors)){
set("detector", DetectorIds)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws guardduty list-detectors --region $region --query 'DetectorIds' --output json
extractors:
- type: json
name: detectors
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws guardduty get-detector --region $region --detector-id "$detector" --query 'DataSources.S3Logs.Status' --output json
matchers:
- type: word
words:
- "DISABLED"
extractors:
- type: dsl
dsl:
- '"GuardDuty S3 Protection " + detector + " is Disabled"'
# digest: 4a0a0047304502201cb765569f71fef3078bc3e696e2e2cdde022763c3263167499c6cb873421a6b0221009484f07bc61583c6e21c8d07156bc75367a977e71a4db9c3828257b14022fa00:922c64590222798bb761d5b6d8e72950

40
cloud/aws/inspector2/inspector2-disabled.yaml Normal file
View File

@ -0,0 +1,40 @@
id: inspector2-disabled
info:
name: Amazon Inspector 2 - Disabled
author: DhiyaneshDK
severity: info
description: |
Ensure that the new version of Amazon Inspector is enabled in order to help you improve the security and compliance of your AWS cloud environment.
impact: |
Amazon Inspector 2 disabled increases the risk of unaddressed vulnerabilities in your EC2 instances, Lambda functions, and container images, leaving your environment exposed to potential security threats.
remediation: |
Enable Amazon Inspector 2 to automatically scan for vulnerabilities in EC2 instances, Lambda functions, and container images by using the AWS Management Console or using the AWS CLI.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Inspector2/enable-amazon-inspector2.html
- https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-inspector-continual-vulnerability-management/
tags: cloud,devops,aws,amazon,inspector2,aws-cloud-config
variables:
region: "us-west-2"
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws inspector2 batch-get-account-status --region $region --query 'accounts[*].[accountId,state.status]' --output json
matchers:
- type: word
words:
- '"DISABLED"'
extractors:
- type: dsl
dsl:
- '"Amazon Inspector 2 " + region + " is Disabled"'
# digest: 4a0a0047304502204c395c8b6be9e20ec59536a0e23e6563659d5b7bd5e33d711610bff4c9f04d67022100ba18cd98feeefa78561f5b09c4771df6f68c6f4f03784dc57d8b2073a61129d2:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-auto-minor-upgrade-disabled
info:
name: RDS Auto Minor Version Upgrade - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window.
impact: |
The RDS instance may miss critical security patches and minor feature updates, increasing vulnerability to security risks and bugs.
remediation: |
Enable auto minor version upgrades for the RDS instance through the AWS Management Console, CLI, or API to ensure timely application of security patches and updates.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-auto-minor-version-upgrade.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].AutoMinorVersionUpgrade' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Auto Minor Version Upgrade is Disabled"'
# digest: 4a0a00473045022100af0e66ac1bdc81235715fe6e81e67ad54d83705aac3969f70fff9512321aa2780220554e2a16c4bd3cd676145fd521e0b598f5537fca46eeb51dc70109a32b6ed317:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-automated-backup-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-automated-backup-disabled
info:
name: RDS Automated Backups - Disabled
author: DhiyaneshDK
severity: high
description: |
Ensure that your Amazon RDS database instances have automated backups enabled for point-in-time recovery.
impact: |
Data loss risk increases, as the RDS instance cannot be automatically restored to a previous state in case of failure or accidental deletion.
remediation: |
Enable automated backups for the RDS instance in the AWS Management Console, CLI, or API to ensure regular, automatic backups are created and retained.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-automated-backups-enabled.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --query 'DBInstances[*].DBInstanceIdentifier' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].BackupRetentionPeriod' --output json
matchers:
- type: word
words:
- '0'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Automated Backups is Disabled"'
# digest: 4a0a00473045022100e960fd3daad878cd4faf86f582d1342e6a36a537f38399cb0042886a3d251d8002204f10fa5ad530a97e5707b0d68d908ad39d633bb4fe198d1dc2d7eb4ecb8bfcd5:922c64590222798bb761d5b6d8e72950

61
cloud/aws/rds/rds-backtrack-disabled.yaml Normal file
View File

@ -0,0 +1,61 @@
id: rds-backtrack-disabled
info:
name: AWS RDS Backtrack - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that the Backtrack feature is enabled for your Amazon Aurora (with MySQL compatibility) database clusters in order to backtrack your clusters to a specific time, without using backups.
impact: |
Unable to quickly revert the database to a previous state, leading to longer recovery times in case of accidental changes or data corruption.
remediation: |
Enable Backtrack for the RDS instance through the AWS Management Console, CLI, or API, and configure the desired backtrack window to allow quick recovery.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/backtrack.html
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --output json --query 'DBClusters[?Engine==`aurora-mysql`].DBClusterIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --db-cluster-identifier $dbcluster --query 'DBClusters[*].BacktrackWindow' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " AWS RDS Backtrack is Disabled"'
# digest: 4a0a00473045022035344c17e663db3af068393d598b55b6ad0d1c6d92d873911e71afd646ff73ef022100b50edc465f5800f3a1e82f0f3444532ede7c449e0fff9e47712bbdc88ef6ef0b:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-cluster-protection-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-cluster-protection-disabled
info:
name: RDS Cluster Deletion Protection - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that all your provisioned Amazon Aurora database clusters are protected from accidental deletion by having the Deletion Protection feature enabled at the Aurora cluster level.
impact: |
The RDS cluster can be accidentally deleted, leading to potential data loss and service disruption.
remediation: |
Enable deletion protection for the RDS cluster via the AWS Management Console, CLI, or API to prevent accidental deletion.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/cluster-deletion-protection.html
- https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --output json --query 'DBClusters[?Engine==`aurora-mysql`].DBClusterIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-clusters --region $region --db-cluster-identifier $dbcluster --query 'DBClusters[*].DeletionProtection' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Cluster Deletion Protection is Disabled"'
# digest: 490a0046304402200739860f75125c05a20a0938ad2c851bf23e4a3ec2fc60607ebb2029aec85cc20220553d51f85cb4ffe450af721605d778bf0e121cf14e589cddabdcd07263038a01:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-copy-snap.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-copy-snap
info:
name: RDS Copy Tags to Snapshots - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS database instances make use of the Copy Tags to Snapshots feature in order to allow tags set on your database instances to be automatically copied to any automated or manual database snapshots that are created from these RDS instances.
impact: |
Tags are not copied to snapshots, making it harder to track, manage, and identify snapshots for cost allocation, compliance, or organization.
remediation: |
Enable the "Copy Tags to Snapshots" option for the RDS instance in the AWS Management Console, CLI, or API to ensure that tags are automatically applied to any created snapshots.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/copy-tags-to-snapshot.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].CopyTagsToSnapshot'
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- '"Copy Tags To Snapshot is not enable for instance " + dbcluster'
# digest: 490a00463044022051022f479a0afd2afcaf9d9d367a89ea9ec98a164addc7348dfef195b6c5fbcd02205b2c561640b25055cd8ef27cb924f349dac20be3c13b32840c35835adcf6b48f:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-insights-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-insights-disabled
info:
name: RDS Performance Insights - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS MySQL and PostgreSQL database instances have the Performance Insights feature enabled in order to allow you to obtain a better overview of your databases performance as well as help you to identify potential performance issues.
impact: |
Inability to monitor and analyze database performance metrics, making it harder to identify and resolve performance bottlenecks.
remediation: |
Enable Performance Insights for the RDS instance in the AWS Management Console or via CLI/API to monitor and analyze database performance metrics.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/performance-insights.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Enabling.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`aurora-mysql` || Engine==`aurora-postgresql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].PerformanceInsightsEnabled' --output json
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Performance Insights is Disabled"'
# digest: 490a00463044022076ed2cd39be2faa1af19918d6b51b7ebdc501bde23706e79e0b16ce01d9e91a5022047cf1a639be81999d86f0b95ee5d5abb9137cd19704e07fe687ac3ebe762c4ff:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-instance-autoscaling-disabled
info:
name: RDS Instance Storage AutoScaling - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that the Storage AutoScaling feature is enabled for your Amazon RDS database instances in order to provide dynamic scaling support for the database's storage based on your RDS application needs.
impact: |
The RDS instance may run out of storage, leading to potential application downtime or performance degradation due to lack of disk space.
remediation: |
Enable storage autoscaling for the RDS instance in the AWS Management Console or via CLI/API to automatically adjust storage capacity as needed.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/enable-rds-storage-autoscaling.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[?Engine==`mysql` || Engine==`postgres`].DBInstanceIdentifier | []'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].MaxAllocatedStorage' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Instance Storage AutoScaling is Disabled"'
# digest: 4a0a00473045022052cfa85782ba576ca83865f40047d55c219215742a8804975e05f2528f4ab6ff022100d0bd782a640c68eea072b5b0e95703bf0a7c6d85db7f3290592eac60a5ec440d:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-log-export-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-log-export-disabled
info:
name: RDS Log Exports - Disabled
author: DhiyaneshDK
severity: low
description: |
Ensure that your Amazon RDS database instances have the Log Exports feature enabled in order to publish database log events directly to CloudWatch Logs.
impact: |
Critical database logs are not exported, limiting visibility into performance issues, security events, and troubleshooting capabilities.
remediation: |
Enable RDS log exports in the AWS Management Console or via CLI/API by configuring the desired logs (e.g., slow query, general, error logs) for export to CloudWatch.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/log-exports.html
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output table --query 'DBInstances[?Engine==`mysql` || Engine==`aurora-mysql` || Engine==`mariadb`].DBInstanceIdentifier | []' --output json
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].EnabledCloudwatchLogsExports' --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Log Exports is Disabled"'
# digest: 4b0a00483046022100b17bbb6881382beebcea1014f405102e2771bca097a08fc3702371e015c77fa102210086c211a7532e3e876f8f57aaed3fcea6a679b4d228fe1e9064c8e63c5828f48b:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-multi-az.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-multi-az
info:
name: RDS Multi-AZ - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that your Amazon RDS instances are using the Multi-AZ deployment configuration for high availability and automatic failover support, fully managed by AWS.
impact: |
The RDS instance lacks high availability and failover support, increasing the risk of downtime during instance failures or maintenance events.
remediation: |
Enable Multi-AZ deployment for the RDS instance in the AWS Management Console, CLI, or API to enhance availability and automatic failover.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-multi-az.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[*].DBInstanceIdentifier'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].MultiAZ'
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Multi-AZ is Disabled"'
# digest: 490a004630440220429586da4f2e5d006e1a229969d4cecc4a3fcf3fe2af1e0611eb3fb11cf5b48e022056a5ab00af314086136ac8d8ac43055203a436f53f05a1f36abd2b8c8d9aabe7:922c64590222798bb761d5b6d8e72950

60
cloud/aws/rds/rds-public-access.yaml Normal file
View File

@ -0,0 +1,60 @@
id: rds-public-access
info:
name: RDS Publicly Accessible - Enabled
author: DhiyaneshDK
severity: high
description: |
Check for any public-facing Amazon RDS database instances provisioned within your AWS cloud account and restrict unauthorized access in order to minimize security risks.
impact: |
The RDS instance is exposed to the internet, increasing the risk of unauthorized access, attacks, and data breaches.
remediation: |
To restrict access to a publicly accessible database instance, you must disable the PubliclyAccessible configuration flag, and update the security group associated with the database instance.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-publicly-accessible.html
- http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DBClusterIdentifier of iterate(template.dbclusters)){
set("dbcluster", DBClusterIdentifier)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --output json --query 'DBInstances[*].DBInstanceIdentifier'
extractors:
- type: json
name: dbclusters
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws rds describe-db-instances --region $region --db-instance-identifier $dbcluster --query 'DBInstances[*].PubliclyAccessible' --output json
matchers:
- type: word
words:
- 'true'
extractors:
- type: dsl
dsl:
- 'dbcluster + " RDS Publicly Accessible Enabled"'
# digest: 4b0a00483046022100d9e7638aebedfb54a1eda95f6d2d9baff969579b003a9471167303bac6816bc8022100e79a1be5210dfce91a16923d8aa5d154e592c9c50c9b3ea10317445c9a936006:922c64590222798bb761d5b6d8e72950

73
cloud/aws/route53/route53-dns-query-disabled.yaml Normal file
View File

@ -0,0 +1,73 @@
id: route53-dns-query-disabled
info:
name: DNS Query Logging for Route 53 Hosted Zones - Disabled
author: DhiyaneshDK
severity: medium
description: |
Domain Name System Security Extensions (DNSSEC) represents a set of protocols that adds a layer of security to the Domain Name System (DNS) lookup and exchange processes by enabling DNS responses to be validated.
impact: |
Disabling DNS query logging for Route 53 hosted zones prevents visibility into DNS queries, making it difficult to detect suspicious activity, troubleshoot issues, or analyze traffic patterns.
remediation: |
Enable DNS query logging in the Route 53 console for the hosted zone to capture and store DNS queries, allowing for better monitoring and analysis of DNS traffic.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html
tags: cloud,devops,aws,amazon,route53,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let HostedZones of iterate(template.hostedzones)){
set("hostedzone", HostedZones)
code(2) && code(3)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws route53 list-hosted-zones --region $region --query "HostedZones[*].Id" --output json
extractors:
- type: json
name: hostedzones
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws route53 get-hosted-zone --id $hostedzone --query "HostedZone.Config.PrivateZone" --region $region --output json
matchers:
- type: word
words:
- 'false'
internal: true
- engine:
- sh
- bash
source: |
aws route53 list-query-logging-configs --hosted-zone-id "$hostedzone" --query "QueryLoggingConfigs" --region $region --output json
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'hostedzone + " DNSSEC Signing for Route 53 Hosted Zones is Disabled"'
# digest: 490a004630440220018711c266d5989a927422b1f3ca48fc29633a1f997a417b68649c02d392537202206fa24b0f17b1b4b89e9e338369a021aafdb5191ada52d1e94b45ca50b2a0513f:922c64590222798bb761d5b6d8e72950

60
cloud/aws/route53/route53-dnssec-signing-disabled.yaml Normal file
View File

@ -0,0 +1,60 @@
id: route53-dnssec-signing-disabled
info:
name: DNSSEC Signing for Route 53 Hosted Zones - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure that Domain Name System Security Extensions (DNSSEC) signing is enabled for your Amazon Route 53 public hosted zones in order to protect your domains against spoofing and cache poisoning attacks. By default, DNSSEC signing is not enabled for Route 53 hosted zones.
impact: |
Attackers can hijack the process of domain/IP lookup and redirect users to malicious web content through DNS hijacking and Man-In-The-Middle (MITM) attacks. DNSSEC security feature helps mitigate the risk of such attacks by encrypting signing DNS records.
remediation: |
Enable DNSSEC signing in the Route 53 console for the hosted zone, sign the zone with a strong key algorithm, and ensure all DNS records are published correctly.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html
tags: cloud,devops,aws,amazon,route53,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let HostedZones of iterate(template.hostedzones)){
set("hostedzone", HostedZones)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws route53 list-hosted-zones --region $region --query "HostedZones[*].Id" --output json
extractors:
- type: json
name: hostedzones
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws route53 get-dnssec --region $region --hosted-zone-id "$hostedzone" --query "Status.ServeSignature" --output json
matchers:
- type: word
words:
- 'NOT_SIGNING'
extractors:
- type: dsl
dsl:
- 'hostedzone + " DNSSEC Signing for Route 53 Hosted Zones is Disabled"'
# digest: 4a0a004730450221009251d99374c677d15210c7aa3cbce5efc72564a59038b848eaf6bdb7130a3fd902200796026b32fc568c2b407a4c1ceb2b332b2ad8c77d2d71eee4d1f2917918e1f9:922c64590222798bb761d5b6d8e72950

28
templates-checksum.txt
View File

@ -58,8 +58,17 @@ cloud/aws/ec2/ec2-unrestricted-ssh.yaml:92a1200da475f085c33d0f86edd3077ba19eea33
cloud/aws/ec2/ec2-unrestricted-telnet.yaml:d7f80cec0723d2723300c078552824ec1a8b641a
cloud/aws/ec2/publicly-shared-ami.yaml:49e3f4939b9991f5ac9db99fbb7f7caba021227d
cloud/aws/ec2/unencrypted-aws-ami.yaml:35fc4a61e70120df3aafba92b4153ffa5b8c92b6
cloud/aws/firehose/firehose-server-destination-encryption.yaml:8d734f21761ffb41988d3d216b7e9f7aa7bd5f48
cloud/aws/firehose/firehose-server-side-encryption.yaml:5e78f1b9a1d2eeb44b87f9af6d9699a493b4e80a
cloud/aws/efs/efs-encryption-disabled.yaml:a06753f3438ae2c8d33f22e1897809a40ebd4f58
cloud/aws/elasticache/cache-automatic-backups-disabled.yaml:a56a30751815c84caf6a12ed97611398841ae1bf
cloud/aws/elasticache/cache-event-notification-disabled.yaml:447687c2c87aff99cc56b53bf64ec732c315fb6a
cloud/aws/elasticache/cache-redis-encryption-disabled.yaml:cff952504f5572689ce445ef04df6701be811c88
cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml:edefd293dc8cfa469ddf33157eb4d2c4e4c6751f
cloud/aws/firehose/firehose-server-destination-encryption.yaml:cc2ce3e4a4f4173fdbae1efba8565a0617750bbd
cloud/aws/firehose/firehose-server-side-encryption.yaml:bbcbf8014a6f4a4278b89fde4f89a6416e0e0b59
cloud/aws/guardduty/guardduty-findings.yaml:ab7105cc4d1c7f27fc076d2eec8180857f72bfbd
cloud/aws/guardduty/guardduty-not-enabled.yaml:87d785038ee4ee7e2357aa46b99c4cd81fe20f36
cloud/aws/guardduty/malware-protection-disabled.yaml:6fccd83c3391b6cb318753a0956a6ff26a7e7be3
cloud/aws/guardduty/s3-protection-disabled.yaml:2b3e7a645bd050d55d652564f0fa9703ea44dfba
cloud/aws/iam/iam-access-analyzer.yaml:f50b212fc028372e3aeba52e43c0417c845a01a9
cloud/aws/iam/iam-expired-ssl.yaml:a2ec4618352430440ddb4d7704058a4c7507d3f8
cloud/aws/iam/iam-full-admin-privileges.yaml:ab5d0948a725aa5a9a1059d6b7c0ae9f5d846d06
@ -71,20 +80,33 @@ cloud/aws/iam/iam-ssh-keys-rotation.yaml:d3bb01e0e9eba3375cee6bf5bbde2c2b629b5cd
cloud/aws/iam/iam-unapproved-policy.yaml:883cdcaea84c6970f6f99cc3289ffc2ed85bbac1
cloud/aws/iam/iam-user-password-change.yaml:af7fc040fa28a4621255bcb6f7f3ccfb6e1825df
cloud/aws/iam/ssl-cert-renewal.yaml:40622e59896e04627695c6d286e0015aaed13010
cloud/aws/inspector2/inspector2-disabled.yaml:e2be1022666c9efa9fe7e311bd4eb60c5c5cbbda
cloud/aws/rds/aurora-copy-tags-snap.yaml:9d0f7c95a0e76e441aa771fc7ee6c85a0f510736
cloud/aws/rds/aurora-delete-protect.yaml:4ff1aef5f611e5bdec4248c135e99db23c8c599e
cloud/aws/rds/iam-db-auth.yaml:8b12e2e629800d449708351652b27657e5854081
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml:b4f1f559369656933487bd873047a33b301a2a1f
cloud/aws/rds/rds-automated-backup-disabled.yaml:5d64d546257d3c79598c6ebe449771205114e883
cloud/aws/rds/rds-backtrack-disabled.yaml:1d29816bf3dad0d49b8325fd32042a1917129469
cloud/aws/rds/rds-backup-enable.yaml:cf8045353bdd93d67f9daf86df24ad7d94004cab
cloud/aws/rds/rds-cluster-protection-disabled.yaml:bcc5219c0fe499d4cb7a518fc516d9414f38f70f
cloud/aws/rds/rds-copy-snap.yaml:234202c75b7095c084565278063a118ef3a3d453
cloud/aws/rds/rds-deletion-protection.yaml:7b330b03c3a6066324dfe33af351de0b85cb4cd0
cloud/aws/rds/rds-encryption-check.yaml:c35b52675cf1ae565d3edd5a8864e1601a1fb498
cloud/aws/rds/rds-event-notify.yaml:03998790659d38696b70b1f3e6c64c6dffccc7a2
cloud/aws/rds/rds-event-sub-enable.yaml:10469f43441c8414c199458f88524419275a187b
cloud/aws/rds/rds-event-sub.yaml:f83dba6f60062de8a3accc50ed6ef2e83aca9e67
cloud/aws/rds/rds-gp-ssd-usage.yaml:bf522b4246d3285ca43b326e0565b532ad7315ac
cloud/aws/rds/rds-insights-disabled.yaml:4f0b2afa6397dd19bc392256e7b0756e6a17141a
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml:01b1e18a345246fd34c65d967d88b9f2e84469a6
cloud/aws/rds/rds-log-export-disabled.yaml:740b200a5ac1b93b867b6a6145891e2ac2ea0d84
cloud/aws/rds/rds-multi-az.yaml:ab64db92c3fbb7b1c4abc4ac0c48db79358f392d
cloud/aws/rds/rds-public-access.yaml:9f5789c6eed7cf4fac280ae37186f2cf1e1e6b06
cloud/aws/rds/rds-public-snapshot.yaml:c5d64997130a6c496154d96b3373904bd1fbebfd
cloud/aws/rds/rds-public-subnet.yaml:d2b63d178d24faa83223568a3bb5bb7ac2a53f46
cloud/aws/rds/rds-ri-payment-fail.yaml:905953edc8139ecfb370d3ee288b65e77eef65b0
cloud/aws/rds/rds-snapshot-encryption.yaml:fb8b45fa0dff44a66911abf6a70e32530de776f1
cloud/aws/route53/route53-dns-query-disabled.yaml:7c09b95c96bf5f0cdef37bc6e9e084024dfe0137
cloud/aws/route53/route53-dnssec-signing-disabled.yaml:8db84df5d34c7f1cbc88ad2730776c7cc6439a3d
cloud/aws/s3/s3-access-logging.yaml:60f0011f6da935cef7d76840d5755de49e06730e
cloud/aws/s3/s3-auth-fullcontrol.yaml:b7bbb1b9edac9baef27465651bb5afcf41ff51e3
cloud/aws/s3/s3-bucket-key.yaml:0fe1d8b9f1b99dc0231d0c22ea3a68b2fdf2a7b6
@ -9552,7 +9574,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:b3593609a5c788fe4bf0ad23ac7b9030d7031bb4
templates-checksum.txt:88fe40c990c6bcaaab282123da7bb0ad91d1dcb1
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4