forked from Checkmarx/kics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update metadata.json across all files to include platform Checkmarx#1799
- Loading branch information
1 parent
5295feb
commit e333ff8
Showing
789 changed files
with
5,517 additions
and
4,729 deletions.
There are no files selected for viewing
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_Password_Without_Uppercase_letter/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "83957b81-39c1-4191-8e12-671d2ce14354", | ||
| "queryName": "IAM Password Without Uppercase Letter", | ||
| "severity": "MEDIUM", | ||
| "category": "IAM", | ||
| "descriptionText": "Check if IAM account password has at least one uppercase letter", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html" | ||
| "id": "83957b81-39c1-4191-8e12-671d2ce14354", | ||
| "queryName": "IAM Password Without Uppercase Letter", | ||
| "severity": "MEDIUM", | ||
| "category": "IAM", | ||
| "descriptionText": "Check if IAM account password has at least one uppercase letter", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_password_policy_expiration/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "3f2cf811-88fa-4eda-be45-7a191a18aba9", | ||
| "queryName": "Incorrect password policy expiration", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "No password expiration policy", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html" | ||
| "id": "3f2cf811-88fa-4eda-be45-7a191a18aba9", | ||
| "queryName": "Incorrect password policy expiration", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "No password expiration policy", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
14 changes: 7 additions & 7 deletions
14
assets/queries/ansible/aws/IAM_password_without_lowercase_letter/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,9 @@ | ||
| { | ||
| "id": "8e3063f4-b511-45c3-b030-f3b0c9131951", | ||
| "queryName": "IAM Password Without Lowercase Letter", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Check if IAM account password has at least one lowercase letter", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html" | ||
| "id": "8e3063f4-b511-45c3-b030-f3b0c9131951", | ||
| "queryName": "IAM Password Without Lowercase Letter", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Check if IAM account password has at least one lowercase letter", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html", | ||
| "platform": "Ansible" | ||
| } | ||
|
|
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_password_without_numbers/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "9cf25d62-0b96-42c8-b66d-998cd6ee5bb8", | ||
| "queryName": "IAM Password Without Numbers", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Check if IAM account password has at least one number", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html" | ||
| "id": "9cf25d62-0b96-42c8-b66d-998cd6ee5bb8", | ||
| "queryName": "IAM Password Without Numbers", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Check if IAM account password has at least one number", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_policies_attached_to_user/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "eafe4bc3-1042-4f88-b988-1939e64bf060", | ||
| "queryName": "IAM policies attached to user", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM policies should be attached only to groups or roles", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_policy_module.html" | ||
| "id": "eafe4bc3-1042-4f88-b988-1939e64bf060", | ||
| "queryName": "IAM policies attached to user", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM policies should be attached only to groups or roles", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_policies_with_full_privileges/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "e401d614-8026-4f4b-9af9-75d1197461ba", | ||
| "queryName": "IAM Policies With Full Privileges", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM policies that allow full administrative privileges (for all resources)", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html" | ||
| "id": "e401d614-8026-4f4b-9af9-75d1197461ba", | ||
| "queryName": "IAM Policies With Full Privileges", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM policies that allow full administrative privileges (for all resources)", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_role_allows_all_principals_to_assume/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "babdedcf-d859-43da-9a7b-6d72e661a8fd", | ||
| "queryName": "IAM role allows all principals to assume", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM role allows all services or principals to assume it", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html" | ||
| "id": "babdedcf-d859-43da-9a7b-6d72e661a8fd", | ||
| "queryName": "IAM role allows all principals to assume", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM role allows all services or principals to assume it", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/IAM_role_allows_public_assume/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "12a7a7ce-39d6-49dd-923d-aeb4564eb66c", | ||
| "queryName": "IAM role allows public assume", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM role allows All services or principals to assume it", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html" | ||
| "id": "12a7a7ce-39d6-49dd-923d-aeb4564eb66c", | ||
| "queryName": "IAM role allows public assume", | ||
| "severity": "LOW", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "IAM role allows All services or principals to assume it", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_managed_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/SQS_policy_allows_ALL_actions/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "ed9b3beb-92cf-44d9-a9d2-171eeba569d4", | ||
| "queryName": "SQS policy allows ALL (*) actions", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "SQS policy allows ALL (*) actions", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/sqs_queue_module.html" | ||
| "id": "ed9b3beb-92cf-44d9-a9d2-171eeba569d4", | ||
| "queryName": "SQS policy allows ALL (*) actions", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "SQS policy allows ALL (*) actions", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/sqs_queue_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/Unchangeable_password/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "e28ceb92-d588-4166-aac5-766c8f5b7472", | ||
| "queryName": "Unchangeable password", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Unchangeable passwords in AWS password policy", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html" | ||
| "id": "e28ceb92-d588-4166-aac5-766c8f5b7472", | ||
| "queryName": "Unchangeable password", | ||
| "severity": "MEDIUM", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Unchangeable passwords in AWS password policy", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_password_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/all_Auth_Users_get_read_access/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "75480b31-f349-4b9a-861f-bce19588e674", | ||
| "queryName": "All Auth Users Get Read Access", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission" | ||
| "id": "75480b31-f349-4b9a-861f-bce19588e674", | ||
| "queryName": "All Auth Users Get Read Access", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/all_users_gets_read_access/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "a1ef9d2e-4163-40cb-bd92-04f0d602a15d", | ||
| "queryName": "All Users Group Gets Read Access", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "It's not recommended to allow read access for all user groups.", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission" | ||
| "id": "a1ef9d2e-4163-40cb-bd92-04f0d602a15d", | ||
| "queryName": "All Users Group Gets Read Access", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "It's not recommended to allow read access for all user groups.", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_s3_module.html#parameter-permission", | ||
| "platform": "Ansible" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "97707503-a22c-4cd7-b7c0-f088fa7cf830", | ||
| "queryName": "AMI Not Encrypted", | ||
| "severity": "HIGH", | ||
| "category": "Encryption & Key Management", | ||
| "descriptionText": "AWS AMI Encryption is not enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_ami_module.html" | ||
| "id": "97707503-a22c-4cd7-b7c0-f088fa7cf830", | ||
| "queryName": "AMI Not Encrypted", | ||
| "severity": "HIGH", | ||
| "category": "Encryption & Key Management", | ||
| "descriptionText": "AWS AMI Encryption is not enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_ami_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/ami_shared_to_multiple_accounts/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "a19b2942-142e-4e2b-93b7-6cf6a6c8d90f", | ||
| "queryName": "AMI Shared To Multiple Accounts", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Limits access to AWS AMIs by checking if more than one account is using the same image", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_ami_module.html" | ||
| "id": "a19b2942-142e-4e2b-93b7-6cf6a6c8d90f", | ||
| "queryName": "AMI Shared To Multiple Accounts", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Limits access to AWS AMIs by checking if more than one account is using the same image", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/ec2_ami_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/api_gateway_endpoint_config_private/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "559439b2-3e9c-4739-ac46-17e3b24ec215", | ||
| "queryName": "API Gateway Endpoint Config is Private", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Type of Endpoint Configuration is Private", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_api_gateway_module.html" | ||
| "id": "559439b2-3e9c-4739-ac46-17e3b24ec215", | ||
| "queryName": "API Gateway Endpoint Config is Private", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Type of Endpoint Configuration is Private", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_api_gateway_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/api_gateway_public_lambda/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "5e92d816-2177-4083-85b4-f61b4f7176d9", | ||
| "queryName": "Public Lambda via API Gateway", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Allowing to run lambda function using public API Gateway", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/2.4/lambda_policy_module.html" | ||
| "id": "5e92d816-2177-4083-85b4-f61b4f7176d9", | ||
| "queryName": "Public Lambda via API Gateway", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "Allowing to run lambda function using public API Gateway", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/2.4/lambda_policy_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/api_gateway_without_cloud_watch_logs/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "72a931c2-12f5-40d1-93cc-47bff2f7aa2a", | ||
| "queryName": "API Gateway without Cloudwatch Log", | ||
| "severity": "MEDIUM", | ||
| "category": "Logging", | ||
| "descriptionText": "AWS CloudWatch Logs for APIs is not enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/cloudwatchlogs_log_group_module.html#ansible-collections-community-aws-cloudwatchlogs-log-group-module" | ||
| "id": "72a931c2-12f5-40d1-93cc-47bff2f7aa2a", | ||
| "queryName": "API Gateway without Cloudwatch Log", | ||
| "severity": "MEDIUM", | ||
| "category": "Logging", | ||
| "descriptionText": "AWS CloudWatch Logs for APIs is not enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/cloudwatchlogs_log_group_module.html#ansible-collections-community-aws-cloudwatchlogs-log-group-module", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/api_gateway_without_ssl_certificate/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "b47b98ab-e481-4a82-8bb1-1ab39fd36e33", | ||
| "queryName": "API Gateway Without SSL Certificate", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "SSL Client Certificate should be enabled in aws_api_gateway", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/2.8/modules/aws_api_gateway_module.html" | ||
| "id": "b47b98ab-e481-4a82-8bb1-1ab39fd36e33", | ||
| "queryName": "API Gateway Without SSL Certificate", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "SSL Client Certificate should be enabled in aws_api_gateway", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/2.8/modules/aws_api_gateway_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/api_gateway_xray_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "2059155b-27fd-441e-b616-6966c468561f", | ||
| "queryName": "API Gateway X-Ray Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "API Gateway should have X-Ray Tracing enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_api_gateway_module.html#parameter-tracing_enabled" | ||
| "id": "2059155b-27fd-441e-b616-6966c468561f", | ||
| "queryName": "API Gateway X-Ray Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "API Gateway should have X-Ray Tracing enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_api_gateway_module.html#parameter-tracing_enabled", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/authentication_without_mfa/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "eee107f9-b3d8-45d3-b9c6-43b5a7263ce1", | ||
| "queryName": "Authentication Without MFA", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Users should authenticate with MFA (Multi-factor Authentication)", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_mfa_device_info_module.html" | ||
| "id": "eee107f9-b3d8-45d3-b9c6-43b5a7263ce1", | ||
| "queryName": "Authentication Without MFA", | ||
| "severity": "HIGH", | ||
| "category": "Identity and Access Management", | ||
| "descriptionText": "Users should authenticate with MFA (Multi-factor Authentication)", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/iam_mfa_device_info_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/aws_alb_application_protocol_not_http/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "f81d63d2-c5d7-43a4-a5b5-66717a41c895", | ||
| "queryName": "ALB protocol is HTTP", | ||
| "severity": "HIGH", | ||
| "category": "Network Security", | ||
| "descriptionText": "AWS Application Load Balancer (alb) should not listen on HTTP", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/elb_application_lb_module.html" | ||
| "id": "f81d63d2-c5d7-43a4-a5b5-66717a41c895", | ||
| "queryName": "ALB protocol is HTTP", | ||
| "severity": "HIGH", | ||
| "category": "Network Security", | ||
| "descriptionText": "AWS Application Load Balancer (alb) should not listen on HTTP", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/elb_application_lb_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/aws_config_rule_for_encrypted_vols_is_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "7674a686-e4b1-4a95-83d4-1fd53c623d84", | ||
| "queryName": "AWS Config Rule For Encrypted Volumes Is Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Encryption and Key Management", | ||
| "descriptionText": "Check if AWS config rules do not identify Encrypted Volumes as a source.", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_config_rule_module.html#parameter-source/identifier" | ||
| "id": "7674a686-e4b1-4a95-83d4-1fd53c623d84", | ||
| "queryName": "AWS Config Rule For Encrypted Volumes Is Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Encryption and Key Management", | ||
| "descriptionText": "Check if AWS config rules do not identify Encrypted Volumes as a source.", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/aws_config_rule_module.html#parameter-source/identifier", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/aws_sns_topic_subscription/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "905f4741-f965-45c1-98db-f7a00a0e5c73", | ||
| "queryName": "SNS Topic is Publicly Accessible For Subscription", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "This query checks if SNS Topic is Accessible For Subscription", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/sns_topic_module.html" | ||
| "id": "905f4741-f965-45c1-98db-f7a00a0e5c73", | ||
| "queryName": "SNS Topic is Publicly Accessible For Subscription", | ||
| "severity": "MEDIUM", | ||
| "category": "Network Security", | ||
| "descriptionText": "This query checks if SNS Topic is Accessible For Subscription", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/sns_topic_module.html", | ||
| "platform": "Ansible" | ||
| } |
13 changes: 7 additions & 6 deletions
13
assets/queries/ansible/aws/cloudTrail_multi_region_disabled/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| { | ||
| "id": "6ad087d7-a509-4b20-b853-9ef6f5ebaa98", | ||
| "queryName": "CloudTrail Multi Region Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Logging", | ||
| "descriptionText": "Check if MultiRegion is Enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/cloudtrail_module.html#parameter-is_multi_region_trail" | ||
| "id": "6ad087d7-a509-4b20-b853-9ef6f5ebaa98", | ||
| "queryName": "CloudTrail Multi Region Disabled", | ||
| "severity": "MEDIUM", | ||
| "category": "Logging", | ||
| "descriptionText": "Check if MultiRegion is Enabled", | ||
| "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/cloudtrail_module.html#parameter-is_multi_region_trail", | ||
| "platform": "Ansible" | ||
| } |
Oops, something went wrong.