diff --git a/config/config.py b/config/config.py index d04c79cd..71623eec 100644 --- a/config/config.py +++ b/config/config.py @@ -12,9 +12,6 @@ prowler_version = "3.0-beta-21Nov2022" orange_color = "\033[38;5;208m" banner_color = "\033[1;92m" -# Groups -groups_file = "groups.json" - # Compliance compliance_specification_dir = "./compliance" diff --git a/groups.json b/groups.json deleted file mode 100644 index 8e4fd4f6..00000000 --- a/groups.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "aws": { - "gdpr": { - "checks": [ - "s3_bucket_server_access_logging_enabled", - "s3_bucket_object_versioning", - "iam_avoid_root_usage", - "iam_user_mfa_enabled_console_access", - "iam_disable_90_days_credentials", - "iam_rotate_access_key_90_days", - "iam_root_mfa_enabled", - "iam_root_hardware_mfa_enabled", - "iam_no_root_access_key", - "iam_administrator_access_with_mfa", - "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389", - "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "ec2_ebs_snapshots_encrypted", - "ec2_ebs_public_snapshot" - ], - "description": "GDPR Readiness" - }, - "pci": { - "checks": [ - "iam_avoid_root_usage", - "iam_user_mfa_enabled_console_access", - "iam_disable_90_days_credentials", - "iam_rotate_access_key_90_days", - "iam_root_mfa_enabled", - "iam_root_hardware_mfa_enabled", - "iam_no_root_access_key", - "ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22", - "ec2_securitygroup_allow_ingress_from_internet_to_any_port", - "ec2_ebs_snapshots_encrypted", - "ec2_ebs_public_snapshot", - "s3_bucket_server_access_logging_enabled" - ], - "description": "PCI-DSS v3.2.1 Readiness" - } - } -} diff --git a/lib/check/check.py b/lib/check/check.py index 76ee2dd8..538a42f1 100644 --- a/lib/check/check.py +++ b/lib/check/check.py @@ -4,12 +4,11 @@ import os import sys from pkgutil import walk_packages from types import ModuleType -from typing import Any from alive_progress import alive_bar from colorama import Fore, Style -from config.config import compliance_specification_dir, groups_file, orange_color +from config.config import compliance_specification_dir, orange_color from lib.check.compliance_models import load_compliance_framework from lib.check.models import Check, Output_From_Options, load_check_metadata from lib.logger import logger @@ -65,20 +64,6 @@ def exclude_checks_to_run(checks_to_execute: set, excluded_checks: list) -> set: return checks_to_execute -# Exclude groups to run -def exclude_groups_to_run( - checks_to_execute: set, excluded_groups: list, provider: str -) -> set: - # Recover checks from the input groups - available_groups = parse_groups_from_file(groups_file) - checks_from_groups = load_checks_to_execute_from_groups( - available_groups, excluded_groups, provider - ) - for check_name in checks_from_groups: - checks_to_execute.discard(check_name) - return checks_to_execute - - # Exclude services to run def exclude_services_to_run( checks_to_execute: set, excluded_services: list, provider: str @@ -110,7 +95,7 @@ def parse_checks_from_file(input_file: str, provider: str) -> set: return checks_to_execute -def list_services(provider: str) -> set: +def list_services(provider: str) -> set(): available_services = set() checks = recover_checks_from_provider(provider) for check_name in checks: @@ -120,6 +105,22 @@ def list_services(provider: str) -> set: return sorted(available_services) +def list_categories(provider: str, bulk_checks_metadata: dict) -> set(): + available_categories = set() + for check in bulk_checks_metadata.values(): + for cat in check.Categories: + available_categories.add(cat) + return available_categories + + +def print_categories(categories: set): + print( + f"There are {Fore.YELLOW}{len(categories)}{Style.RESET_ALL} available categories: \n" + ) + for category in categories: + print(f"- {category}") + + def print_services(service_list: set): print( f"There are {Fore.YELLOW}{len(service_list)}{Style.RESET_ALL} available services: \n" @@ -181,40 +182,6 @@ def print_checks( ) -# List available groups -def list_groups(provider: str): - groups = parse_groups_from_file(groups_file) - print("Available Groups:") - - for group, value in groups[provider].items(): - group_description = value["description"] - print(f"\t - {group_description} -- [{group}] ") - - -# Parse groups from groups.json -def parse_groups_from_file(group_file: str) -> Any: - f = open_file(group_file) - available_groups = parse_json_file(f) - return available_groups - - -# Parse checks from groups to execute -def load_checks_to_execute_from_groups( - available_groups: Any, group_list: list, provider: str -) -> set: - checks_to_execute = set() - - for group in group_list: - if group in available_groups[provider]: - for check_name in available_groups[provider][group]["checks"]: - checks_to_execute.add(check_name) - else: - logger.error( - f"Group '{group}' was not found for the {provider.upper()} provider" - ) - return checks_to_execute - - # Parse checks from compliance frameworks specification def parse_checks_from_compliance_framework( compliance_frameworks: list, bulk_compliance_frameworks: dict diff --git a/lib/check/check_test.py b/lib/check/check_test.py index 97b26dbf..157dedfc 100644 --- a/lib/check/check_test.py +++ b/lib/check/check_test.py @@ -4,45 +4,14 @@ from unittest import mock from lib.check.check import ( bulk_load_compliance_frameworks, exclude_checks_to_run, - exclude_groups_to_run, exclude_services_to_run, - load_checks_to_execute_from_groups, parse_checks_from_compliance_framework, parse_checks_from_file, - parse_groups_from_file, ) from lib.check.models import load_check_metadata class Test_Check: - def test_parse_groups_from_file(self): - test_cases = [ - { - "input": { - "path": f"{os.path.dirname(os.path.realpath(__file__))}/fixtures/groupsA.json", - "provider": "aws", - }, - "expected": { - "aws": { - "gdpr": { - "description": "GDPR Readiness", - "checks": ["check11", "check12"], - }, - "iam": { - "description": "Identity and Access Management", - "checks": [ - "iam_disable_30_days_credentials", - "iam_disable_90_days_credentials", - ], - }, - } - }, - } - ] - for test in test_cases: - check_file = test["input"]["path"] - assert parse_groups_from_file(check_file) == test["expected"] - def test_load_check_metadata(self): test_cases = [ { @@ -80,42 +49,6 @@ class Test_Check: provider = test["input"]["provider"] assert parse_checks_from_file(check_file, provider) == test["expected"] - def test_load_checks_to_execute_from_groups(self): - test_cases = [ - { - "input": { - "groups_json": { - "aws": { - "gdpr": { - "description": "GDPR Readiness", - "checks": ["check11", "check12"], - }, - "iam": { - "description": "Identity and Access Management", - "checks": [ - "iam_disable_30_days_credentials", - "iam_disable_90_days_credentials", - ], - }, - } - }, - "provider": "aws", - "groups": ["gdpr"], - }, - "expected": {"check11", "check12"}, - } - ] - - for test in test_cases: - provider = test["input"]["provider"] - groups = test["input"]["groups"] - group_file = test["input"]["groups_json"] - - assert ( - load_checks_to_execute_from_groups(group_file, groups, provider) - == test["expected"] - ) - def test_exclude_checks_to_run(self): test_cases = [ { @@ -140,44 +73,6 @@ class Test_Check: exclude_checks_to_run(check_list, excluded_checks) == test["expected"] ) - def test_exclude_groups_to_run(self): - test_cases = [ - { - "input": { - "excluded_group_list": {"gdpr"}, - "provider": "aws", - "checks_to_run": { - "iam_disable_30_days_credentials", - "iam_disable_90_days_credentials", - }, - }, - "expected": { - "iam_disable_30_days_credentials", - }, - }, - { - "input": { - "excluded_group_list": {"pci"}, - "provider": "aws", - "checks_to_run": { - "iam_disable_30_days_credentials", - "iam_disable_90_days_credentials", - }, - }, - "expected": { - "iam_disable_30_days_credentials", - }, - }, - ] - for test in test_cases: - excluded_group_list = test["input"]["excluded_group_list"] - checks_to_run = test["input"]["checks_to_run"] - provider = test["input"]["provider"] - assert ( - exclude_groups_to_run(checks_to_run, excluded_group_list, provider) - == test["expected"] - ) - def test_exclude_services_to_run(self): test_cases = [ { diff --git a/lib/check/checks_loader.py b/lib/check/checks_loader.py index b3a5437b..310ec0a2 100644 --- a/lib/check/checks_loader.py +++ b/lib/check/checks_loader.py @@ -1,9 +1,6 @@ -from config.config import groups_file -from lib.check.check import ( # load_checks_to_execute_from_compliance_framework, - load_checks_to_execute_from_groups, +from lib.check.check import ( parse_checks_from_compliance_framework, parse_checks_from_file, - parse_groups_from_file, recover_checks_from_provider, ) from lib.logger import logger @@ -17,9 +14,9 @@ def load_checks_to_execute( checks_file: str, check_list: list, service_list: list, - group_list: list, severities: list, compliance_frameworks: list, + categories: set, provider: str, ) -> set: """Generate the list of checks to execute based on the cloud provider and input arguments specified""" @@ -60,16 +57,6 @@ def load_checks_to_execute( # if service_name in group_list: checks_to_execute.add(check_name) checks_to_execute.add(check_name) - # Handle if there are groups passed using -g/--groups - elif group_list: - try: - available_groups = parse_groups_from_file(groups_file) - checks_to_execute = load_checks_to_execute_from_groups( - available_groups, group_list, provider - ) - except Exception as e: - logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}") - # Handle if there are compliance frameworks passed using --compliance elif compliance_frameworks: try: @@ -79,6 +66,14 @@ def load_checks_to_execute( except Exception as e: logger.error(f"{e.__class__.__name__}[{e.__traceback__.tb_lineno}] -- {e}") + # Handle if there are categories passed using --categories + elif categories: + for cat in categories: + for check in bulk_checks_metadata: + # Check check's categories + if cat in bulk_checks_metadata[check].Categories: + checks_to_execute.add(check) + # If there are no checks passed as argument else: try: diff --git a/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json b/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json index 784b2343..2b7b1cbf 100644 --- a/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json +++ b/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json @@ -33,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.metadata.json b/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.metadata.json index d1809965..6a35e392 100644 --- a/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.metadata.json +++ b/providers/aws/services/apigateway/apigateway_endpoint_public/apigateway_endpoint_public.metadata.json @@ -25,7 +25,9 @@ "Url": "https://d1.awsstatic.com/whitepapers/api-gateway-security.pdf?svrd_sip6" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.metadata.json b/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.metadata.json index d27ec640..9040a47f 100644 --- a/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.metadata.json +++ b/providers/aws/services/apigateway/apigateway_logging_enabled/apigateway_logging_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/apigateway/latest/developerguide/security-monitoring.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json b/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json index 92665d64..c8ff4484 100644 --- a/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json +++ b/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json b/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json index 3089069b..2f0e9ea5 100644 --- a/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json +++ b/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json b/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json index 2905481b..517bc909 100644 --- a/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json +++ b/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json b/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json index f8bdbb39..05e9cc09 100644 --- a/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json +++ b/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json b/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json index f22cc625..3e94a460 100644 --- a/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json +++ b/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.metadata.json b/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.metadata.json index 04bf9d91..261eb7b5 100644 --- a/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.metadata.json +++ b/providers/aws/services/cloudformation/cloudformation_outputs_find_secrets/cloudformation_outputs_find_secrets.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json b/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json index 3ab8db1a..8d5db7db 100644 --- a/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json +++ b/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json b/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json index 8313b488..6c6c555a 100644 --- a/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json +++ b/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "Logging and Monitoring" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json index 081cf558..fe89859f 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json index f6e5344a..e9ea3f90 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json index 6ed6f775..a0b5390c 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json @@ -27,7 +27,9 @@ "Url": "http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-filevalidation-enabling.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json index 419b8874..ec84dc98 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json index 5670d2f5..9a5808fc 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json index f83f0807..3b692ecf 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json b/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json index 02c3ec87..656c68e9 100644 --- a/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json +++ b/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json b/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json index 707a11f9..1895b53e 100644 --- a/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +++ b/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json b/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json index 8c412b24..8d18c966 100644 --- a/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json +++ b/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingsharedamis-finding.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json index 8d893d20..318934bb 100644 --- a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json +++ b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.metadata.json b/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.metadata.json index 688f69c8..e898ca10 100644 --- a/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.metadata.json +++ b/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.metadata.json @@ -25,7 +25,9 @@ "Url": "https://www.shodan.io/" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile.metadata.json b/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile.metadata.json index 07217ce1..f2427cea 100644 --- a/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile.metadata.json +++ b/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile.metadata.json @@ -25,7 +25,9 @@ "Url": "https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json index 7b6fc446..af1c4d2a 100644 --- a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json +++ b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json @@ -25,7 +25,9 @@ "Url": "https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.metadata.json b/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.metadata.json index e3257a2c..bbe0f59c 100644 --- a/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.metadata.json +++ b/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_basic.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json index 7cfb1dd4..e90d0b8c 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "Infrastructure Security" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json index 0ef674fc..51d6ce56 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json index 62bc2eb1..c79390e7 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json index dacae077..86078787 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.metadata.json index 13ce9542..18a70182 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.metadata.json index 4f1c6740..3b70ba80 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json index cd0cfb7a..30513df7 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json index 67d25422..88369cd0 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.metadata.json index c28ab1f2..23e4f760 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.metadata.json index 85489996..cff99193 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.metadata.json index a39025aa..22a88445 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.metadata.json index 272a8d59..118e9f2a 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json index 2e5aa220..d7bba222 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json index 92d10303..8feafe49 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.metadata.json index 67c751cf..abed1cea 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.metadata.json index 16df25c7..78ce0daa 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.metadata.json index 5d5afc27..40d38db4 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.metadata.json index 632fa52c..43437b49 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json index bdfefb95..18dccfec 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ec2/ec2_securitygroup_in_use_without_ingress_filtering/ec2_securitygroup_in_use_without_ingress_filtering.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_in_use_without_ingress_filtering/ec2_securitygroup_in_use_without_ingress_filtering.metadata.json index e9af21b4..28984c17 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_in_use_without_ingress_filtering/ec2_securitygroup_in_use_without_ingress_filtering.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_in_use_without_ingress_filtering/ec2_securitygroup_in_use_without_ingress_filtering.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json b/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json index 48a8edeb..d1affd26 100644 --- a/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json +++ b/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json @@ -26,7 +26,9 @@ "Url": "https://docs.aws.amazon.com/AmazonECR/latest/public/security_iam_service-with-iam.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -34,4 +36,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json b/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json index 30e26524..28f8147b 100644 --- a/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json +++ b/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/eks/eks_control_plane_endpoint_access_restricted/eks_control_plane_endpoint_access_restricted.metadata.json b/providers/aws/services/eks/eks_control_plane_endpoint_access_restricted/eks_control_plane_endpoint_access_restricted.metadata.json index 19b6d1ac..501da151 100644 --- a/providers/aws/services/eks/eks_control_plane_endpoint_access_restricted/eks_control_plane_endpoint_access_restricted.metadata.json +++ b/providers/aws/services/eks/eks_control_plane_endpoint_access_restricted/eks_control_plane_endpoint_access_restricted.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json b/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json index 8323bfcd..9d7b211a 100644 --- a/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json +++ b/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/eks/latest/userguide/logging-monitoring.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.metadata.json b/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.metadata.json index f5071470..0ccef92e 100644 --- a/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.metadata.json +++ b/providers/aws/services/eks/eks_endpoints_not_publicly_accessible/eks_endpoints_not_publicly_accessible.metadata.json @@ -27,7 +27,9 @@ "Url": "https://docs.aws.amazon.com/eks/latest/userguide/infrastructure-security.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -35,4 +37,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json b/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json index f5836c33..26f3aec0 100644 --- a/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json +++ b/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json b/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json index 67792640..592957cc 100644 --- a/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json +++ b/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-aws-resource.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json b/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json index 4aa262be..4e066951 100644 --- a/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +++ b/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json b/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json index ace7caf4..a7748a3e 100644 --- a/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json +++ b/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json b/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json index 65d7d8bd..e50956bd 100644 --- a/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json +++ b/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://aws.amazon.com/macie/getting-started/" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/opensearch/opensearch_service_domains_audit_logging_enabled/opensearch_service_domains_audit_logging_enabled.metadata.json b/providers/aws/services/opensearch/opensearch_service_domains_audit_logging_enabled/opensearch_service_domains_audit_logging_enabled.metadata.json index 48f9f6cb..be9ca033 100644 --- a/providers/aws/services/opensearch/opensearch_service_domains_audit_logging_enabled/opensearch_service_domains_audit_logging_enabled.metadata.json +++ b/providers/aws/services/opensearch/opensearch_service_domains_audit_logging_enabled/opensearch_service_domains_audit_logging_enabled.metadata.json @@ -26,7 +26,9 @@ "Url": "https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/audit-logs.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -34,4 +36,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json b/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json index 626e3035..a75b3d0c 100644 --- a/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json +++ b/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json @@ -26,7 +26,9 @@ "Url": "https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createdomain-configure-slow-logs.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -34,4 +36,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/opensearch/opensearch_service_domains_not_publicly_accessible/opensearch_service_domains_not_publicly_accessible.metadata.json b/providers/aws/services/opensearch/opensearch_service_domains_not_publicly_accessible/opensearch_service_domains_not_publicly_accessible.metadata.json index b4566e55..e7c1b46c 100644 --- a/providers/aws/services/opensearch/opensearch_service_domains_not_publicly_accessible/opensearch_service_domains_not_publicly_accessible.metadata.json +++ b/providers/aws/services/opensearch/opensearch_service_domains_not_publicly_accessible/opensearch_service_domains_not_publicly_accessible.metadata.json @@ -26,7 +26,9 @@ "Url": "https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -34,4 +36,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access.metadata.json b/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access.metadata.json index 221e02c3..7b9ef1ab 100644 --- a/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access.metadata.json +++ b/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.amazonaws.cn/en_us/config/latest/developerguide/rds-instance-public-access-check.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access.metadata.json b/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access.metadata.json index 44803ffb..ff607670 100644 --- a/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access.metadata.json +++ b/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshots-public-prohibited.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json b/providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json index 6d8df8fb..127b4dfc 100644 --- a/providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json +++ b/providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/route53/route53_public_hosted_zones_cloudwatch_logging_enabled/route53_public_hosted_zones_cloudwatch_logging_enabled.metadata.json b/providers/aws/services/route53/route53_public_hosted_zones_cloudwatch_logging_enabled/route53_public_hosted_zones_cloudwatch_logging_enabled.metadata.json index ae33da49..e73e7364 100644 --- a/providers/aws/services/route53/route53_public_hosted_zones_cloudwatch_logging_enabled/route53_public_hosted_zones_cloudwatch_logging_enabled.metadata.json +++ b/providers/aws/services/route53/route53_public_hosted_zones_cloudwatch_logging_enabled/route53_public_hosted_zones_cloudwatch_logging_enabled.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-hosted-zones-with-cloudwatch.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.metadata.json b/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.metadata.json index 01366b19..f0b95edc 100644 --- a/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.metadata.json +++ b/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_rw-bucket.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.metadata.json b/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.metadata.json index c387634f..fbb2b6af 100644 --- a/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.metadata.json +++ b/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json b/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json index 6304555a..1972995e 100644 --- a/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json +++ b/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/sagemaker/sagemaker_notebook_instance_without_direct_internet_access_configured/sagemaker_notebook_instance_without_direct_internet_access_configured.metadata.json b/providers/aws/services/sagemaker/sagemaker_notebook_instance_without_direct_internet_access_configured/sagemaker_notebook_instance_without_direct_internet_access_configured.metadata.json index f62f6516..54b76232 100644 --- a/providers/aws/services/sagemaker/sagemaker_notebook_instance_without_direct_internet_access_configured/sagemaker_notebook_instance_without_direct_internet_access_configured.metadata.json +++ b/providers/aws/services/sagemaker/sagemaker_notebook_instance_without_direct_internet_access_configured/sagemaker_notebook_instance_without_direct_internet_access_configured.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/sagemaker/latest/dg/interface-vpc-endpoint.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.metadata.json b/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.metadata.json index 954e412e..f6a06492 100644 --- a/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.metadata.json +++ b/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible.metadata.json b/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible.metadata.json index 30c5d46b..79e61ce4 100644 --- a/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible.metadata.json +++ b/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html" } }, - "Categories": [], + "Categories": [ + "internet-exposed" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -31,4 +33,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets.metadata.json b/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets.metadata.json index 8f6d66e6..ef7817b1 100644 --- a/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets.metadata.json +++ b/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets.metadata.json @@ -23,7 +23,9 @@ "Url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html" } }, - "Categories": [], + "Categories": [ + "secrets" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" diff --git a/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.metadata.json b/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.metadata.json index fa2c6a53..70e755e0 100644 --- a/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.metadata.json +++ b/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" } }, - "Categories": [], + "Categories": [ + "trustboundaries" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries.metadata.json b/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries.metadata.json index c2009bd4..c6fbd049 100644 --- a/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries.metadata.json +++ b/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries.metadata.json @@ -25,7 +25,9 @@ "Url": "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html" } }, - "Categories": [], + "Categories": [ + "trustboundaries" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json b/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json index b34a944f..92d85218 100644 --- a/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +++ b/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json @@ -25,7 +25,9 @@ "Url": "http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html" } }, - "Categories": [], + "Categories": [ + "forensics-ready" + ], "Tags": { "Tag1Key": "value", "Tag2Key": "value" @@ -33,4 +35,4 @@ "DependsOn": [], "RelatedTo": [], "Notes": "" -} +} \ No newline at end of file diff --git a/prowler b/prowler index 35102f33..1b32a651 100755 --- a/prowler +++ b/prowler @@ -16,11 +16,11 @@ from lib.check.check import ( bulk_load_checks_metadata, bulk_load_compliance_frameworks, exclude_checks_to_run, - exclude_groups_to_run, exclude_services_to_run, execute_checks, - list_groups, + list_categories, list_services, + print_categories, print_checks, print_compliance_frameworks, print_compliance_requirements, @@ -60,7 +60,6 @@ if __name__ == "__main__": group.add_argument("-c", "--checks", nargs="+", help="List of checks") group.add_argument("-C", "--checks-file", nargs="?", help="List of checks") group.add_argument("-s", "--services", nargs="+", help="List of services") - group.add_argument("-g", "--groups", nargs="+", help="List of groups") group.add_argument( "--severity", nargs="+", @@ -73,9 +72,10 @@ if __name__ == "__main__": help="Compliance Framework to check against for. The format should be the following: framework_version_provider (e.g.: ens_rd2022_aws)", choices=["ens_rd2022_aws"], ) + group.add_argument("--categories", nargs="+", help="List of categories", default=[]) + # Exclude checks options parser.add_argument("-e", "--excluded-checks", nargs="+", help="Checks to exclude") - parser.add_argument("-E", "--excluded-groups", nargs="+", help="Groups to exclude") parser.add_argument("--excluded-services", nargs="+", help="Services to exclude") # List checks options list_group = parser.add_mutually_exclusive_group() @@ -97,6 +97,12 @@ if __name__ == "__main__": help="List compliance requirements for a given requirement", choices=["ens_rd2022_aws"], ) + list_group.add_argument( + "--list-categories", + action="store_true", + help="List the available check's categories", + ) + parser.add_argument( "-b", "--no-banner", action="store_false", help="Hide Prowler banner" ) @@ -229,10 +235,9 @@ if __name__ == "__main__": provider = args.provider checks = args.checks excluded_checks = args.excluded_checks - excluded_groups = args.excluded_groups excluded_services = args.excluded_services services = args.services - groups = args.groups + categories = args.categories checks_file = args.checks_file output_directory = args.output_directory output_filename = args.output_filename @@ -262,10 +267,6 @@ if __name__ == "__main__": if args.no_banner: print_banner(args) - if args.list_groups: - list_groups(provider) - sys.exit() - if args.list_services: print_services(list_services(provider)) sys.exit() @@ -276,6 +277,11 @@ if __name__ == "__main__": # Load checks metadata logger.debug("Loading checks metadata from .metadata.json files") bulk_checks_metadata = bulk_load_checks_metadata(provider) + + if args.list_categories: + print_categories(list_categories(provider, bulk_checks_metadata)) + sys.exit() + bulk_compliance_frameworks = {} # Load compliance frameworks logger.debug("Loading compliance frameworks from .json files") @@ -308,9 +314,9 @@ if __name__ == "__main__": checks_file, checks, services, - groups, severities, compliance_framework, + categories, provider, ) @@ -318,12 +324,6 @@ if __name__ == "__main__": if excluded_checks: checks_to_execute = exclude_checks_to_run(checks_to_execute, excluded_checks) - # Exclude groups if -g/--excluded-groups - if excluded_groups: - checks_to_execute = exclude_groups_to_run( - checks_to_execute, excluded_groups, provider - ) - # Exclude services if -s/--excluded-services if excluded_services: checks_to_execute = exclude_services_to_run(