From ba5e0f145f07087acacae0d13a1151e8f6adf7df Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Wed, 25 Jan 2023 15:03:43 +0100 Subject: [PATCH] fix(severity): update severities for Security Hub, GuardDuty and NACL related checks (#1775) --- .../ec2_networkacl_allow_ingress_any_port.metadata.json | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_22.metadata.json | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json | 2 +- .../guardduty_is_enabled/guardduty_is_enabled.metadata.json | 2 +- .../securityhub_enabled/securityhub_enabled.metadata.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json index 7934331c..301f51a3 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json @@ -10,7 +10,7 @@ "ServiceName": "ec2", "SubServiceName": "networkacl", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "Severity": "high", + "Severity": "medium", "ResourceType": "AwsEc2NetworkAcl", "Description": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port.", "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json index 5d6c7584..60d7849c 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json @@ -8,7 +8,7 @@ "ServiceName": "ec2", "SubServiceName": "networkacl", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "Severity": "high", + "Severity": "medium", "ResourceType": "AwsEc2NetworkAcl", "Description": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", diff --git a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json index bb2e27b8..503b7653 100644 --- a/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json +++ b/prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json @@ -8,7 +8,7 @@ "ServiceName": "ec2", "SubServiceName": "networkacl", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", - "Severity": "high", + "Severity": "medium", "ResourceType": "AwsEc2NetworkAcl", "Description": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", "Risk": "Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.", diff --git a/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json b/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json index e467c27f..ff351757 100644 --- a/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +++ b/prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json @@ -6,7 +6,7 @@ "ServiceName": "guardduty", "SubServiceName": "", "ResourceIdTemplate": "arn:aws:sagemaker:region:account-id", - "Severity": "high", + "Severity": "medium", "ResourceType": "AwsGuardDutyDetector", "Description": "Check if GuardDuty is enabled", "Risk": "Amazon GuardDuty is a continuous security monitoring service that analyzes and processes several datasources.", diff --git a/prowler/providers/aws/services/securityhub/securityhub_enabled/securityhub_enabled.metadata.json b/prowler/providers/aws/services/securityhub/securityhub_enabled/securityhub_enabled.metadata.json index f14d83fb..7b8b69d2 100644 --- a/prowler/providers/aws/services/securityhub/securityhub_enabled/securityhub_enabled.metadata.json +++ b/prowler/providers/aws/services/securityhub/securityhub_enabled/securityhub_enabled.metadata.json @@ -8,7 +8,7 @@ "ServiceName": "securityhub", "SubServiceName": "", "ResourceIdTemplate": "arn:partition:securityhub:region:account-id:hub/hub-id", - "Severity": "high", + "Severity": "medium", "ResourceType": "AwsSecurityHubHub", "Description": "Check if Security Hub is enabled and its standard subscriptions.", "Risk": "AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.",