From de96894a4df2864a9daa005f5831c72a57706dcf Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Wed, 3 Aug 2022 17:29:43 +0200 Subject: [PATCH] feat(metadata): Include EC2 subservices (#1311) --- .../ec2_ebs_public_snapshot.metadata.json | 2 +- .../ec2_ebs_snapshots_encrypted.metadata.json | 2 +- .../ec2_instance_public_ip/ec2_instance_public_ip.metadata.json | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_22.metadata.json | 2 +- .../ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json | 2 +- ...ygroup_allow_ingress_from_internet_to_any_port.metadata.json | 2 +- ...oup_allow_ingress_from_internet_to_tcp_port_22.metadata.json | 2 +- ...p_allow_ingress_from_internet_to_tcp_port_3389.metadata.json | 2 +- ...w_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json | 2 +- ...ess_from_internet_to_tcp_port_oracle_1521_2483.metadata.json | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json index d1686692..e5fa8603 100644 --- a/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json +++ b/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure there are no EBS Snapshots set as Public.", "CheckType": "Data Protection", "ServiceName": "ec2", - "SubServiceName": "ebs-snapshots", + "SubServiceName": "snapshot", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "critical", "ResourceType": "AwsEc2Snapshot", diff --git a/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json b/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json index 1b868f94..a62b5ccf 100644 --- a/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json +++ b/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Check if EBS snapshots are encrypted.", "CheckType": "Data Protection", "ServiceName": "ec2", - "SubServiceName": "ebs-snapshots", + "SubServiceName": "snapshot", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "medium", "ResourceType": "AwsEc2Snapshot", diff --git a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json index 88c795a0..9082c502 100644 --- a/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json +++ b/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Check for EC2 Instances with Public IP.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "instances", + "SubServiceName": "instance", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "medium", "ResourceType": "AwsEc2SecurityGroup", diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json index 77c6acf0..461ebef8 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "networkacls", + "SubServiceName": "networkacl", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2NetworkAcl", diff --git a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json index bb228814..710cbcd3 100644 --- a/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "networkacls", + "SubServiceName": "networkacl", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2NetworkAcl", diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json index e1dee8ac..1a04aa9c 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "securitygroups", + "SubServiceName": "securitygroup", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2SecurityGroup", diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json index e14990e9..b1c034a1 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "securitygroups", + "SubServiceName": "securitygroup", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2SecurityGroup", diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json index cf51b4dc..9500b774 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "securitygroups", + "SubServiceName": "securitygroup", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2SecurityGroup", diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json index 9844b0d3..22e9bb50 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json @@ -4,7 +4,7 @@ "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "", + "SubServiceName": "securitygroups", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2SecurityGroup", diff --git a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json index 4b5f1436..bb4d1eb6 100644 --- a/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json +++ b/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json @@ -5,7 +5,7 @@ "CheckTitle": "Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483.", "CheckType": "Infrastructure Security", "ServiceName": "ec2", - "SubServiceName": "", + "SubServiceName": "securitygroup", "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id", "Severity": "high", "ResourceType": "AwsEc2SecurityGroup",