docs(queries): update queries catalog

rams3sh · Nov 4, 2021 · 472bb0f · 472bb0f
1 parent 25c995b
commit 472bb0f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/docs/queries/all-queries.md b/docs/queries/all-queries.md
@@ -1007,6 +1007,7 @@ This page contains all queries.
 |Trusted Microsoft Services Not Enabled<br/><sup><sub>5400f379-a347-4bdd-a032-446465fdcc6f</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|Trusted MIcrosoft Services are not enabled for Storage Account access|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#bypass">Documentation</a><br/>|
 |Web App Accepting Traffic Other Than HTTPS<br/><sup><sub>11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|Web app should only accept HTTPS traffic in Azure Web App Service.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#https_only">Documentation</a><br/>|
 |Function App FTPS Enforce Disabled<br/><sup><sub>9dab0179-433d-4dff-af8f-0091025691df</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|Azure Function App should only enforce FTPS when 'ftps_state' is enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#ftps_state">Documentation</a><br/>|
+|App Service FTPS Enforce Disabled<br/><sup><sub>85da374f-b00f-4832-9d44-84a1ca1e89f8</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|Azure App Service should only enforce FTPS when 'ftps_state' is enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#ftps_state">Documentation</a><br/>|
 |VM Not Attached To Network<br/><sup><sub>bbf6b3df-4b65-4f87-82cc-da9f30f8c033</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|No Network Security Group is attached to the Virtual Machine|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#network_interface_ids">Documentation</a><br/>|
 |AD Admin Not Configured For SQL Server<br/><sup><sub>a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|The Active Directory Administrator is not configured for a SQL server|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator">Documentation</a><br/>|
 |Redis Not Updated Regularly<br/><sup><sub>b947809d-dd2f-4de9-b724-04d101c515aa</sub></sup>|Terraform|<span style="color:#C00">High</span>|Insecure Configurations|Redis Cache is not configured to be updated regularly with security and operational updates|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#patch_schedule">Documentation</a><br/>|
@@ -1040,6 +1041,7 @@ This page contains all queries.
 |Encryption On Managed Disk Disabled<br/><sup><sub>a99130ab-4c0e-43aa-97f8-78d4fcb30024</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Encryption|Ensure that the encryption is active on the disk|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk#encryption_settings">Documentation</a><br/>|
 |Small Flow Logs Retention Period<br/><sup><sub>7750fcca-dd03-4d38-b663-4b70289bcfd4</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Configurations|Flow logs enable capturing information about IP traffic flowing in and out of the network security groups. Network Security Group Flow Logs must be enabled with retention period greater than or equal to 90 days. This is important, because these logs are used to check for anomalies and give information of suspected breaches|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log">Documentation</a><br/>|
 |Security Group is Not Configured<br/><sup><sub>5c822443-e1ea-46b8-84eb-758ec602e844</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Configurations|Azure Virtual Network subnet must be configured with a Network Security Group, which means the attribute 'security_group' must be defined and not empty|<a href="https://www.terraform.io/docs/providers/azure/r/virtual_network.html">Documentation</a><br/>|
+|Function App Managed Identity Disabled<br/><sup><sub>c87749b3-ff10-41f5-9df2-c421e8151759</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Configurations|Azure Function App should have managed identity enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#identity">Documentation</a><br/>|
 |Security Center Pricing Tier Is Not Standard<br/><sup><sub>819d50fd-1cdf-45c3-9936-be408aaad93e</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Configurations|Make sure that the 'Standard' pricing tiers were selected.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing">Documentation</a><br/>|
 |AKS Network Policy Misconfigured<br/><sup><sub>f5342045-b935-402d-adf1-8dbbd09c0eef</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Configurations|Check if the Azure Kubernetes Service doesn't have the proper network policy configuration.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster">Documentation</a><br/>|
 |Default Network Access is Allowed<br/><sup><sub>9be09caf-2ba4-4fa9-9787-a670dc32c639</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Insecure Defaults|Default Network Access rule for Storage Accounts must be set to deny, which means the attribute 'default_action' must be 'Deny'|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules">Documentation</a><br/>|

diff --git a/docs/queries/terraform-queries.md b/docs/queries/terraform-queries.md
@@ -154,6 +154,7 @@ Bellow are listed queries related with Terraform AZURE:
 |Trusted Microsoft Services Not Enabled<br/><sup><sub>5400f379-a347-4bdd-a032-446465fdcc6f</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|Trusted MIcrosoft Services are not enabled for Storage Account access|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#bypass">Documentation</a><br/>|
 |Web App Accepting Traffic Other Than HTTPS<br/><sup><sub>11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|Web app should only accept HTTPS traffic in Azure Web App Service.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#https_only">Documentation</a><br/>|
 |Function App FTPS Enforce Disabled<br/><sup><sub>9dab0179-433d-4dff-af8f-0091025691df</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|Azure Function App should only enforce FTPS when 'ftps_state' is enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#ftps_state">Documentation</a><br/>|
+|App Service FTPS Enforce Disabled<br/><sup><sub>85da374f-b00f-4832-9d44-84a1ca1e89f8</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|Azure App Service should only enforce FTPS when 'ftps_state' is enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#ftps_state">Documentation</a><br/>|
 |VM Not Attached To Network<br/><sup><sub>bbf6b3df-4b65-4f87-82cc-da9f30f8c033</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|No Network Security Group is attached to the Virtual Machine|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#network_interface_ids">Documentation</a><br/>|
 |AD Admin Not Configured For SQL Server<br/><sup><sub>a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|The Active Directory Administrator is not configured for a SQL server|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator">Documentation</a><br/>|
 |Redis Not Updated Regularly<br/><sup><sub>b947809d-dd2f-4de9-b724-04d101c515aa</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|Redis Cache is not configured to be updated regularly with security and operational updates|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#patch_schedule">Documentation</a><br/>|
@@ -187,6 +188,7 @@ Bellow are listed queries related with Terraform AZURE:
 |Encryption On Managed Disk Disabled<br/><sup><sub>a99130ab-4c0e-43aa-97f8-78d4fcb30024</sub></sup>|<span style="color:#C60">Medium</span>|Encryption|Ensure that the encryption is active on the disk|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk#encryption_settings">Documentation</a><br/>|
 |Small Flow Logs Retention Period<br/><sup><sub>7750fcca-dd03-4d38-b663-4b70289bcfd4</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Flow logs enable capturing information about IP traffic flowing in and out of the network security groups. Network Security Group Flow Logs must be enabled with retention period greater than or equal to 90 days. This is important, because these logs are used to check for anomalies and give information of suspected breaches|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log">Documentation</a><br/>|
 |Security Group is Not Configured<br/><sup><sub>5c822443-e1ea-46b8-84eb-758ec602e844</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Azure Virtual Network subnet must be configured with a Network Security Group, which means the attribute 'security_group' must be defined and not empty|<a href="https://www.terraform.io/docs/providers/azure/r/virtual_network.html">Documentation</a><br/>|
+|Function App Managed Identity Disabled<br/><sup><sub>c87749b3-ff10-41f5-9df2-c421e8151759</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Azure Function App should have managed identity enabled|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#identity">Documentation</a><br/>|
 |Security Center Pricing Tier Is Not Standard<br/><sup><sub>819d50fd-1cdf-45c3-9936-be408aaad93e</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Make sure that the 'Standard' pricing tiers were selected.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing">Documentation</a><br/>|
 |AKS Network Policy Misconfigured<br/><sup><sub>f5342045-b935-402d-adf1-8dbbd09c0eef</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Check if the Azure Kubernetes Service doesn't have the proper network policy configuration.|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster">Documentation</a><br/>|
 |Default Network Access is Allowed<br/><sup><sub>9be09caf-2ba4-4fa9-9787-a670dc32c639</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Defaults|Default Network Access rule for Storage Accounts must be set to deny, which means the attribute 'default_action' must be 'Deny'|<a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules">Documentation</a><br/>|