mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
New folder structure phase 2
This commit is contained in:
Toni de la Fuente
@@ -27,7 +27,7 @@ CHECK_CIS_LEVEL_extra7164="EXTRA"
|
||||
CHECK_SEVERITY_extra7164="Medium"
|
||||
CHECK_ASFF_RESOURCE_TYPE_extra7164="Logs"
|
||||
CHECK_ALTERNATE_extra7164="extra7164"
|
||||
CHECK_SERVICENAME_extra7164="logs"
|
||||
CHECK_SERVICENAME_extra7164="cloudwatch"
|
||||
CHECK_RISK_extra7164="Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data"
|
||||
CHECK_REMEDIATION_extra7164="Associate KMS Key with Cloudwatch log group."
|
||||
CHECK_DOC_extra7164="https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html"
|
||||
@@ -19,7 +19,7 @@ CHECK_SEVERITY_check25="Medium"
|
||||
CHECK_ASFF_TYPE_check25="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
|
||||
CHECK_ALTERNATE_check205="check25"
|
||||
CHECK_ASFF_COMPLIANCE_TYPE_check25="ens-op.exp.1.aws.cfg.1"
|
||||
CHECK_SERVICENAME_check25="configservice"
|
||||
CHECK_SERVICENAME_check25="config"
|
||||
CHECK_RISK_check25='The AWS configuration item history captured by AWS Config enables security analysis; resource change tracking; and compliance auditing.'
|
||||
CHECK_REMEDIATION_check25='It is recommended to enable AWS Config be enabled in all regions.'
|
||||
CHECK_DOC_check25='https://aws.amazon.com/blogs/mt/aws-config-best-practices/'
|
||||
@@ -44,7 +44,7 @@ CHECK_SEVERITY_check39="Medium"
|
||||
CHECK_ASFF_TYPE_check39="Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
|
||||
CHECK_ASFF_RESOURCE_TYPE_check39="AwsCloudTrailTrail"
|
||||
CHECK_ALTERNATE_check309="check39"
|
||||
CHECK_SERVICENAME_check39="configservice"
|
||||
CHECK_SERVICENAME_check39="config"
|
||||
CHECK_RISK_check39='If not enabled important changes to accounts could go unnoticed or difficult to find.'
|
||||
CHECK_REMEDIATION_check39='Use this service as a complement to implement detective controls that cannot be prevented. (e.g. a Security Group is modified to open to internet without restrictions or route changed to avoid going thru the network firewall). Ensure AWS Config is enabled in all regions in order to detect any not intended action. On the other hand if sufficient preventive controls to make changes in critical services are in place; the rating on this finding can be lowered or discarded depending on residual risk.'
|
||||
CHECK_DOC_check39='https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html'
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user