Skip to content

Commit

Permalink
Commented out the remediation URL attribute and added copyright to Ap…
Browse files Browse the repository at this point in the history 
…ache license.
  • Loading branch information
@curphey
curphey committed Aug 22, 2021
1 parent cd657b4 commit e80f236
Show file tree
Hide file tree
Showing 64 changed files with 134 additions and 129 deletions.
2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright [yyyy] [name of copyright owner]
Copyright [2021] [Open Raven Inc.]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
3 changes: 1 addition & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
# cspm-kb
Magpie CSPM Policy Knowledge Base
# @GIANT WIP
4 changes: 2 additions & 2 deletions rules/aws_account_security_questions_registered.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ remediation: >
o Follow process for all 3 questions
7. Click Update when complete
8. Place Questions and Answers and place in a secure physical location
remediationDocURLs:
- https://docs.openraven.com/remediations/ensure_AWS_account_security_questions_registered
# remediationDocURLs:
# - https://docs.openraven.com/remediations/ensure_AWS_account_security_questions_registered
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_avoid_use_of_root_account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ enabled: true
remediation: >
Follow the remediation instructions of the Ensure IAM policies are attached only to
groups or roles recommendation
remediationDocURLs:
- https://docs.openraven.com/remediations/avoid_use_of_root_account
# remediationDocURLs:
# - https://docs.openraven.com/remediations/avoid_use_of_root_account
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_cloudtrail_enabled_in_all_regions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,6 @@ remediation: >
aws cloudtrail update-trail --name <trail_name> --is-multi-region-trail
Note: Creating CloudTrail via CLI without providing any overriding options configures
Management Events to set All type of Read/Writes by default.
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_global_trail
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_global_trail
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_cloudtrail_log_file_validation_enabled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,6 @@ remediation: >
Note that periodic validation of logs using these digests can be performed by running the following command:
aws cloudtrail validate-logs --trail-arn <trail_arn> --start-time
<start_time> --end-time <end_time>
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_CloudTrail_log_file_validation
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_CloudTrail_log_file_validation
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_cloudtrail_logs_encrypted_using_kms_cmks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ remediation: >
<cloudtrail_kms_key>
aws kms put-key-policy --key-id <cloudtrail_kms_key> --policy
<cloudtrail_kms_key_policy>
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_KMS_log_encryption
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_KMS_log_encryption
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_config_enabled_in_all_regions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,6 @@ remediation: >
arn:aws:iam::012345678912:role/myConfigRole
3. Run this command to start the configuration recorder:
start-configuration-recorder --configuration-recorder-name <value>
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_AWS_Config_in_all_regions
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_AWS_Config_in_all_regions
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_default_security_groups_restrict_all_traffic.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ remediation: >
Recommended:
IAM groups allow you to edit the "name" field. After remediating default groups rules for all
VPCs in all regions, edit this field to add text similar to "DO NOT USE. DO NOT ADD RULES"
remediationDocURLs:
- https://docs.openraven.com/remediations/default_sec_group_restrict_traffic
# remediationDocURLs:
# - https://docs.openraven.com/remediations/default_sec_group_restrict_traffic
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_disable_unused_credentials_after_90_days.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,6 @@ remediation: >
- Click on Make Inactive for credentials that have not been used in 90 Days
7. As an IAM User
- Click on Make Inactive or Delete for credentials which have not been used in 90
remediationDocURLs:
- https://docs.openraven.com/remediations/unused_credentials
# remediationDocURLs:
# - https://docs.openraven.com/remediations/unused_credentials
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_ec2_ebs_volume_with_no_snapshot.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,5 @@ remediation: >
(Optional) Enter a description for the snapshot.
(Optional) Choose Add Tag to add tags to your snapshot. For each tag, provide a tag key and a tag value.
6. Choose Create Snapshot.
remediationDocURLs:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
# remediationDocURLs:
# - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html
4 changes: 2 additions & 2 deletions rules/aws_flow_logging_enabled_in_all_vpcs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,6 @@ remediation: >
the logs to a cheaper storage service rather than simply deleting them. See the following
AWS resource to manage CloudWatch Logs retention periods:
1. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/SettingLogRetention.html
remediationDocURLs:
- https://docs.openraven.com/remediations/ensure_flow_logging_enabled_in_all_VPCs
# remediationDocURLs:
# - https://docs.openraven.com/remediations/ensure_flow_logging_enabled_in_all_VPCs
version: 0.1.3
5 changes: 3 additions & 2 deletions rules/aws_guard_duty_enabled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,6 @@ sql: >
remediation: >
Perform the following steps under the below link to enable GuardDuty:
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
# remediationDocURLs:
# - https://docs.openraven.com/remediations/unused_credentials
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_hardware_mfa_enabled_for_root_account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,6 @@ remediation: >
8. Choose Next Step . The MFA device is now associated with the AWS account. The next
time you use your AWS account credentials to sign in, you must type a code from the
hardware MFA device.
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_hardware_MFA_for_root_account
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_hardware_MFA_for_root_account
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_passwords_rotation_or_expiration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ remediation: >
aws iam update-account-password-policy --max-password-age 90
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_expiration_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_expiration_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_prevents_password_reuse.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ remediation: >
aws iam update-account-password-policy --password-reuse-prevention 24
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_minimum_lenght_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_minimum_lenght_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_require_number.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ remediation: >
aws iam update-account-password-policy --require-numbers
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_number_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_number_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_require_symbol.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ remediation: >
aws iam update-account-password-policy --require-symbols
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_symbol_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_symbol_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_requires_lowercase_letter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ remediation: >
aws iam update-account-password-policy --require-lowercase-characters
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_lowercase_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_lowercase_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_requires_min_length_14.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ remediation: >
aws iam update-account-password-policy --minimum-password-length 14
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_minimum_lenght_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_minimum_lenght_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_password_policy_requires_uppercase_letter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ remediation: >
aws iam update-account-password-policy --require-uppercase-characters
Note: All commands starting with "aws iam update-account-password-policy" have be
combined into a single command in order to all of them to take effect
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_password_uppercase_requirement
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_password_uppercase_requirement
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_policies_attached_only_to_groups_or_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ remediation: >
4. Click Detach Policy for each policy
5. Expand Inline Policies
6. Click Remove Policy for each policy
remediationDocURLs:
- https://docs.openraven.com/remediations/detach_IAM_policies_from_users
# remediationDocURLs:
# - https://docs.openraven.com/remediations/detach_IAM_policies_from_users
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_roles_for_resource_access_from_instances.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,6 @@ remediation: >
on dynamically assigned public IP addresses are a bad practice and, if possible, you may
wish to rebuild the instance with a new elastic IP address and make the investment to
remediate affected systems while assigning the system to a role.
remediationDocURLs:
- https://docs.openraven.com/remediations/ensure_IAM_roles_used_for_resource_access_from_instances
# remediationDocURLs:
# - https://docs.openraven.com/remediations/ensure_IAM_roles_used_for_resource_access_from_instances
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_iam_stale_roles_ap_with_s3_access.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,6 @@ remediation: >
If the task fails, you can choose View details or View Resources from the notifications to learn why the deletion failed.
If the deletion fails because the role is using the service's resources, then the notification includes a list of resources, if the service returns that information.
You can then clean up the resources and submit the deletion again.
remediationDocURLs:
- https://aws.amazon.com/blogs/security/identify-unused-iam-roles-remove-confidently-last-used-timestamp/
# remediationDocURLs:
# - https://aws.amazon.com/blogs/security/identify-unused-iam-roles-remove-confidently-last-used-timestamp/
- https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role
4 changes: 2 additions & 2 deletions rules/aws_iam_stale_roles_ip_with_s3_access.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,6 @@ remediation: >
If the task fails, you can choose View details or View Resources from the notifications to learn why the deletion failed.
If the deletion fails because the role is using the service's resources, then the notification includes a list of resources, if the service returns that information.
You can then clean up the resources and submit the deletion again.
remediationDocURLs:
- https://aws.amazon.com/blogs/security/identify-unused-iam-roles-remove-confidently-last-used-timestamp/
# remediationDocURLs:
# - https://aws.amazon.com/blogs/security/identify-unused-iam-roles-remove-confidently-last-used-timestamp/
- https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role
4 changes: 2 additions & 2 deletions rules/aws_maintain_current_contact_details.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ remediation: >
- To edit your contact information, under Contact Information, choose Edit.
- For the fields that you want to change, type your updated information, and then
choose Update.
remediationDocURLs:
- https://docs.openraven.com/remediations/maintain_current_contact_details
# remediationDocURLs:
# - https://docs.openraven.com/remediations/maintain_current_contact_details
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_aws_config_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,6 @@ remediation: >
aws cloudwatch put-metric-alarm --alarm-name `<aws_config_changes_alarm>` -
-metric-name `<aws_config_changes_metric>` --statistic Sum --period 300 --
threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluationperiods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_AWS_Config_config_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_AWS_Config_config_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_aws_mc_auth_failures.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,6 @@ remediation: >
`<console_signin_failure_metric>` --statistic Sum --period 300 --threshold 1
--comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --
namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_AWS_MC_auth_failures
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_AWS_MC_auth_failures
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_cloudtrail_config_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,6 @@ remediation: >
`<cloudtrail_cfg_changes_metric>` --statistic Sum --period 300 --threshold 1
--comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --
namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_CloudTrail_config_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_CloudTrail_config_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_console_sign_in_without_mfa.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,6 @@ remediation: >
--threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --
evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions
<sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_Management_Console_sign_in_without_MFA
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_Management_Console_sign_in_without_MFA
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_disabling_deletion_cmks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,6 @@ remediation: >
`<disable_or_delete_cmk_changes_alarm>` --metric-name
`<disable_or_delete_cmk_changes_metric>` --statistic Sum --period 300 --
threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluationperiods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_disabling_deletion_CMKs
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_disabling_deletion_CMKs
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_gateways_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,6 @@ remediation: >
aws cloudwatch put-metric-alarm --alarm-name `<network_gw_changes_alarm>` -
-metric-name `<network_gw_changes_metric>` --statistic Sum --period 300 --
threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluationperiods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_network_gateways_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_network_gateways_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_iam_policy_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,6 @@ remediation: >
metric-name `<iam_changes_metric>` --statistic Sum --period 300 --threshold
1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1
--namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_IAM_policy_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_IAM_policy_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_nacl_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,6 @@ remediation: >
aws cloudwatch put-metric-alarm --alarm-name `<nacl_changes_alarm>` --
metric-name `<nacl_changes_metric>` --statistic Sum --period 300 --
threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluationperiods 1 --namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_NACL_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_NACL_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_root_account_usage.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,6 @@ remediation: >
aws cloudwatch put-metric-alarm --alarm-name `<root_usage_alarm>` --metricname `<root_usage_metric>` --statistic Sum --period 300 --threshold 1 --
comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --
namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_root_account_usage
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_root_account_usage
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_route_table_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,6 @@ remediation: >
-threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --
evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions
<sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_route_table_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_route_table_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_s3_buckets_policy_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,6 @@ remediation: >
`<s3_bucket_policy_changes_metric>` --statistic Sum --period 300 --threshold
1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1
--namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_S3_buckets_policy_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_S3_buckets_policy_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_security_group_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,6 @@ remediation: >
`<security_group_changes_metric>` --statistic Sum --period 300 --threshold 1
--comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --
namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_security_group_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_security_group_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_unauthorized_api_calls.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,6 @@ remediation: >
`<unauthorized_api_calls_metric>` --statistic Sum --period 300 --threshold 1
--comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --
namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_unauthorized_API_calls
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_unauthorized_API_calls
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_metric_filter_and_alarm_vpc_changes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,6 @@ remediation: >
metric-name `<vpc_changes_metric>` --statistic Sum --period 300 --threshold
1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1
--namespace 'CISBenchmark' --alarm-actions <sns_topic_arn>
remediationDocURLs:
- https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_VPC_changes
# remediationDocURLs:
# - https://docs.openraven.com/remediations/log_metric_filter_and_alarm_for_VPC_changes
version: 0.1.3
4 changes: 2 additions & 2 deletions rules/aws_mfa_enabled_for_root_account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ remediation: >
1. In the Manage MFA Device wizard, in the Authentication Code 1 box, type the onetime password that currently appears in the virtual MFA device. Wait up to 30
seconds for the device to generate a new one-time password. Then type the second
one-time password into the Authentication Code 2 box. Choose Active Virtual MFA.
remediationDocURLs:
- https://docs.openraven.com/remediations/enable_MFA_for_root_account
# remediationDocURLs:
# - https://docs.openraven.com/remediations/enable_MFA_for_root_account
version: 0.1.3
Loading

0 comments on commit e80f236

Please sign in to comment.