Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix/use ref id old format #846

Merged
merged 2 commits into from
Jun 8, 2021
Merged

Bugfix/use ref id old format #846

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b39c72e
Fix incorrect reference ids - 1
gaurav-gogia Jun 8, 2021
9c3d09b
Fix incorrect reference ids - 2
gaurav-gogia Jun 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...ws/aws_api_gateway_method/AC_AWS_056.json → ..._gateway_method/AWS.APGM.IS.LOW.0056.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "LOW",
"description": "Ensure there is no open access to back-end resources through API",
"reference_id": "AC_AWS_056",
"reference_id": "AWS.APGM.IS.LOW.0056",
"category": "Infrastructure Security",
"version": 1
}
2 changes: 1 addition & 1 deletion ...i_gateway_rest_api_policy/AC_AWS_064.json → ..._api_policy/AWS.APGRAP.IAM.HIGH.0064.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure use of API Gateway endpoint policy, and no action wildcards are being used.",
"reference_id": "AC_AWS_064",
"reference_id": "AWS.APGRAP.IAM.HIGH.0064",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_athena_database/AC_AWS_016.json → ...thena_database/AWS.ADB.DP.MEDIUM.016.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Athena Database is encrypted at rest",
"reference_id": "AC_AWS_016",
"reference_id": "AWS.ADB.DP.MEDIUM.016",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...a/rego/aws/aws_cloudtrail/AC_AWS_067.json → ...dtrail/AWS.CloudTrail.LM.MEDIUM.0087.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure CloudTrail has log file validation enabled.",
"reference_id": "AC_AWS_067",
"reference_id": "AWS.CloudTrail.LM.MEDIUM.0087",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion .../aws_cloudwatch_log_group/AC_AWS_068.json → ...ch_log_group/AWS.ACLG.LM.MEDIUM.0068.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure AWS Cloudwatch log group has retention policy set.",
"reference_id": "AC_AWS_068",
"reference_id": "AWS.ACLG.LM.MEDIUM.0068",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion .../rego/aws/aws_dax_cluster/AC_AWS_021.json → ...s_dax_cluster/AWS.ADC.DP.MEDIUM.0021.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure DAX is encrypted at rest",
"reference_id": "AC_AWS_021",
"reference_id": "AWS.ADC.DP.MEDIUM.0021",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion .../rego/aws/aws_db_instance/AC_AWS_076.json → ...s_db_instance/AWS.ADI.LM.MEDIUM.0076.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure AWS RDS instances have logging enabled.",
"reference_id": "AC_AWS_076",
"reference_id": "AWS.ADI.LM.MEDIUM.0076",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion ...ego/aws/aws_docdb_cluster/AC_AWS_022.json → ...docdb_cluster/AWS.ADC.DP.MEDIUM.0022.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure DocDb is encrypted at rest",
"reference_id": "AC_AWS_022",
"reference_id": "AWS.ADC.DP.MEDIUM.0022",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...ego/aws/aws_docdb_cluster/AC_AWS_069.json → ...docdb_cluster/AWS.ADC.DP.MEDIUM.0069.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure DocDb clusters have log exports enabled.",
"reference_id": "AC_AWS_069",
"reference_id": "AWS.ADC.LM.MEDIUM.0069",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion ...go/aws/aws_dynamodb_table/AC_AWS_025.json → ...ynamodb_table/AWS.ADT.DP.MEDIUM.0025.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure DynamoDb is encrypted at rest",
"reference_id": "AC_AWS_025",
"reference_id": "AWS.ADT.DP.MEDIUM.0025",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...go/aws/aws_ecr_repository/AC_AWS_026.json → ...cr_repository/AWS.AER.DP.MEDIUM.0026.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure ECR repository is encrypted at rest",
"reference_id": "AC_AWS_026",
"reference_id": "AWS.AER.DP.MEDIUM.0026",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...go/aws/aws_ecr_repository/AC_AWS_058.json → ...cr_repository/AWS.AER.DP.MEDIUM.0058.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure ECR repository has policy attached.",
"reference_id": "AC_AWS_058",
"reference_id": "AWS.AER.DP.MEDIUM.0058",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...s/aws_ecs_task_definition/AC_AWS_043.json → ...k_definition/AWS.AETD.IS.MEDIUM.0043.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure EFS volume used for ECS task defination has in transit encryption enabled",
"reference_id": "AC_AWS_043",
"reference_id": "AWS.AETD.IS.MEDIUM.0043",
"category": "Infrastructure Security",
"version": 2
}
2 changes: 1 addition & 1 deletion ...ws_efs_file_system_policy/AC_AWS_059.json → ...ystem_policy/AWS.AEFSP.IAM.HIGH.0059.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure EFS file system does not use insecure wildcard policies.",
"reference_id": "AC_AWS_059",
"reference_id": "AWS.AEFSP.IAM.HIGH.0059",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion .../rego/aws/aws_eks_cluster/AC_AWS_071.json → ...s_eks_cluster/AWS.AEC.LM.MEDIUM.0071.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure EKS clusters have control plane logging enabled.",
"reference_id": "AC_AWS_071",
"reference_id": "AWS.AEC.LM.MEDIUM.0071",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion ...iccache_replication_group/AC_AWS_027.json → ...cation_group/AWS.AERG.DP.MEDIUM.0027.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Elastic Cache Replication Group is encrypted at rest",
"reference_id": "AC_AWS_027",
"reference_id": "AWS.AERG.DP.MEDIUM.0027",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...iccache_replication_group/AC_AWS_044.json → ...cation_group/AWS.AERG.DP.MEDIUM.0044.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Elastic Cache Replication Group is encrypted in transit",
"reference_id": "AC_AWS_044",
"reference_id": "AWS.AERG.DP.MEDIUM.0044",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion .../aws_elasticsearch_domain/AC_AWS_045.json → ...ain/AWS.ElasticSearch.IS.MEDIUM.0045.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Elasticsearch domains being created are set to be encrypted node-to-node",
"reference_id": "AC_AWS_045",
"reference_id": "AWS.ElasticSearch.IS.MEDIUM.0045",
"category": "Infrastructure Security",
"version": 2
}
2 changes: 1 addition & 1 deletion ...asticsearch_domain_policy/AC_AWS_060.json → ...domain_policy/AWS.AEDP.IAM.HIGH.0060.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure Elasticsearch domains do not have wildcard policies.",
"reference_id": "AC_AWS_060",
"reference_id": "AWS.AEDP.IAM.HIGH.0060",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...cies/opa/rego/aws/aws_elb/AC_AWS_072.json → ...o/aws/aws_elb/AWS.ELB.LM.MEDIUM.0072.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure AWS ELB has access logging enabled.",
"reference_id": "AC_AWS_072",
"reference_id": "AWS.ELB.LM.MEDIUM.0072",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion ...alaccelerator_accelerator/AC_AWS_073.json → ...ator_accelerator/AWS.AGA.LM.LOW.0073.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "LOW",
"description": "Ensure Global Accelerator accelerator has flow logs enabled.",
"reference_id": "AC_AWS_073",
"reference_id": "AWS.AGA.LM.LOW.0073",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_iam_role_policy/AC_AWS_051.json → ...m_role_policy/AWS.AIRP.IAM.HIGH.0051.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure IAM roles do not have any policies attached that may cause priviledge escalation.",
"reference_id": "AC_AWS_051",
"reference_id": "AWS.AIRP.IAM.HIGH.0051",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_iam_user_policy/AC_AWS_049.json → ...user_policy/AWS.AIUP.IAM.MEDIUM.0049.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure IAM policies are attached only to groups or roles",
"reference_id": "AC_AWS_049",
"reference_id": "AWS.AIUP.IAM.MEDIUM.0049",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...am_user_policy_attachment/AC_AWS_050.json → ...attachment/AWS.AIUPA.IAM.MEDIUM.0050.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure IAM permissions are not given directly to users",
"reference_id": "AC_AWS_050",
"reference_id": "AWS.AIUPA.IAM.MEDIUM.0050",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...opa/rego/aws/aws_instance/AC_AWS_070.json → ...aws/aws_instance/AWS.AI.LM.HIGH.0070.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure that detailed monitoring is enabled for EC2 instances.",
"reference_id": "AC_AWS_070",
"reference_id": "AWS.AI.LM.HIGH.0070",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion .../opa/rego/aws/aws_kms_key/AC_AWS_012.json → ...aws/aws_kms_key/AWS.AKK.DP.HIGH.0012.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure rotation for customer created CMKs is enabled",
"reference_id": "AC_AWS_012",
"reference_id": "AWS.AKK.DP.HIGH.0012",
"category": "Data Protection",
"version": 2,
"id": "AC_AWS_0160"
Expand Down
2 changes: 1 addition & 1 deletion .../opa/rego/aws/aws_kms_key/AC_AWS_054.json → ...ws/aws_kms_key/AWS.AKK.IAM.HIGH.0012.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure IAM policies do not have 'Principal' element missing from the policy statement.",
"reference_id": "AC_AWS_054",
"reference_id": "AWS.AKK.IAM.HIGH.0012",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion .../opa/rego/aws/aws_kms_key/AC_AWS_062.json → ...ws/aws_kms_key/AWS.AKK.IAM.HIGH.0082.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure KMS key policy does not have wildcard policies attached.",
"reference_id": "AC_AWS_062",
"reference_id": "AWS.AKK.IAM.HIGH.0082",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_lambda_function/AC_AWS_063.json → ...on/AWS.LambdaFunction.LM.MEIDUM.0063.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure AWS Lambda function has policy attached.",
"reference_id": "AC_AWS_063",
"reference_id": "AWS.LambdaFunction.LM.MEIDUM.0063",
"category": "Logging and Monitoring",
"version": 2
}
2 changes: 1 addition & 1 deletion .../rego/aws/aws_lb_listener/AC_AWS_046.json → ...s_lb_listener/AWS.ALL.IS.MEDIUM.0046.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure there is a one listener configured on HTTPs or with a port 443",
"reference_id": "AC_AWS_046",
"reference_id": "AWS.ALL.IS.MEDIUM.0046",
"category": "Infrastructure Security",
"version": 2
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_lb_target_group/AC_AWS_042.json → ...target_group/AWS.ALTG.IS.MEDIUM.0042.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Target Group use HTTPs to ensure end to end encryption",
"reference_id": "AC_AWS_042",
"reference_id": "AWS.ALTG.IS.MEDIUM.0042",
"category": "Infrastructure Security",
"version": 2
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_neptune_cluster/AC_AWS_030.json → ...ptune_cluster/AWS.ANC.DP.MEDIUM.0030.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Neptune Cluster is Encrypted",
"reference_id": "AC_AWS_030",
"reference_id": "AWS.ANC.DP.MEDIUM.0030",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...o/aws/aws_neptune_cluster/AC_AWS_075.json → ...ptune_cluster/AWS.ANC.LM.MEDIUM.0075.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure AWS Neptune clusters have logging enabled.",
"reference_id": "AC_AWS_075",
"reference_id": "AWS.ANC.LM.MEDIUM.0075",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion .../rego/aws/aws_rds_cluster/AC_AWS_013.json → ...s_rds_cluster/AWS.RDS.RE.MEDIUM.0013.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure backup retention period is set for rds cluster",
"reference_id": "AC_AWS_013",
"reference_id": "AWS.RDS.RE.MEDIUM.0013",
"category": "Resilience",
"version": 2
}
2 changes: 1 addition & 1 deletion ...pa/rego/aws/aws_s3_bucket/AC_AWS_065.json → ...s3_bucket/AWS.S3Bucket.IAM.HIGH.0065.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure S3 buckets do not have, a both public ACL on the bucket and a public access block.",
"reference_id": "AC_AWS_065",
"reference_id": "AWS.S3Bucket.IAM.HIGH.0065",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...pa/rego/aws/aws_s3_bucket/AC_AWS_078.json → ...3_bucket/AWS.S3Bucket.LM.MEDIUM.0078.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure S3 buckets have access logging enabled.",
"reference_id": "AC_AWS_078",
"reference_id": "AWS.S3Bucket.LM.MEDIUM.0078",
"category": "Logging and Monitoring",
"version": 1
}
2 changes: 1 addition & 1 deletion .../aws/aws_s3_bucket_object/AC_AWS_034.json → ...ucket_object/AWS.ASBO.DP.MEDIUM.0034.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure S3 object is Encrypted",
"reference_id": "AC_AWS_034",
"reference_id": "AWS.ASBO.DP.MEDIUM.0034",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...gemaker_notebook_instance/AC_AWS_035.json → ...ook_instance/AWS.ASNI.DP.MEDIUM.0035.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure SageMaker Instance is Encrypted",
"reference_id": "AC_AWS_035",
"reference_id": "AWS.ASNI.DP.MEDIUM.0035",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...aws_secretsmanager_secret/AC_AWS_036.json → ....SecretsManagerSecret.DP.MEDIUM.0036.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure SecretsManager Secrets are Encrypted using KMS key",
"reference_id": "AC_AWS_036",
"reference_id": "AWS.SecretsManagerSecret.DP.MEDIUM.0036",
"category": "Data Protection",
"version": 2
}
2 changes: 1 addition & 1 deletion ...retsmanager_secret_policy/AC_AWS_066.json → ...secret_policy/AWS.ASSP.IAM.HIGH.0066.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Ensure secrets manager do not wildcard policies attached",
"reference_id": "AC_AWS_066",
"reference_id": "AWS.ASSP.IAM.HIGH.0066",
"category": "Identity and Access Management",
"version": 1
}
Loading