diff --git a/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json b/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json index 557210723..2366ad25f 100644 --- a/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json +++ b/installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json @@ -2462,6 +2462,72 @@ "modifiedDate": "2019-09-18", "severity": "high", "category": "security" + }, + { + "ruleId": "PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine", + "ruleUUID": "azure_virtualmachine_should_be_tagged_with_mandatory_tags", + "policyId": "PacMan_TaggingRule_version-1", + "ruleName": "VirtualmachineTaggingRule", + "targetType": "virtualmachine", + "assetGroup": "azure", + "alexaKeyword": "VirtualmachineTaggingRule", + "ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"VirtualmachineTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_virtualmachine_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}", + "ruleFrequency": "0 * * * ? *", + "ruleExecutable": "", + "ruleRestUrl": "", + "ruleType": "ManageRule", + "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_virtualmachine_should_be_tagged_with_mandatory_tags", + "status": "ENABLED", + "userId": "ASGC", + "displayName": "Virtualmachine should be tagged with mandatory tags", + "createdDate": "2019-10-25", + "modifiedDate": "2019-10-25", + "severity": "high", + "category": "tagging" + }, + { + "ruleId": "PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver", + "ruleUUID": "azure_sqlserver_should_be_tagged_with_mandatory_tags", + "policyId": "PacMan_TaggingRule_version-1", + "ruleName": "SqlserverTaggingRule", + "targetType": "sqlserver", + "assetGroup": "azure", + "alexaKeyword": "SqlserverTaggingRule", + "ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver\",\"autofix\":false,\"alexaKeyword\":\"SqlserverTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_sqlserver_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}", + "ruleFrequency": "0 * * * ? *", + "ruleExecutable": "", + "ruleRestUrl": "", + "ruleType": "ManageRule", + "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_sqlserver_should_be_tagged_with_mandatory_tags", + "status": "ENABLED", + "userId": "ASGC", + "displayName": "Sqlserver should be tagged with mandatory tags", + "createdDate": "2019-10-25", + "modifiedDate": "2019-10-25", + "severity": "high", + "category": "tagging" + }, + { + "ruleId": "PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase", + "ruleUUID": "azure_sqldatabase_should_be_tagged_with_mandatory_tags", + "policyId": "PacMan_TaggingRule_version-1", + "ruleName": "SqldatabaseserverTaggingRule", + "targetType": "sqldatabase", + "assetGroup": "azure", + "alexaKeyword": "SqldatabaseserverTaggingRule", + "ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase\",\"autofix\":false,\"alexaKeyword\":\"SqldatabaseTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"sqldatabase\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_sqldatabase_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}", + "ruleFrequency": "0 * * * ? *", + "ruleExecutable": "", + "ruleRestUrl": "", + "ruleType": "ManageRule", + "ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_sqldatabase_should_be_tagged_with_mandatory_tags", + "status": "ENABLED", + "userId": "ASGC", + "displayName": "Sqldatabase should be tagged with mandatory tags", + "createdDate": "2019-10-25", + "modifiedDate": "2019-10-25", + "severity": "high", + "category": "tagging" } ] diff --git a/installer/resources/pacbot_app/files/DB.sql b/installer/resources/pacbot_app/files/DB.sql index 4916b0d17..4da0ebc0d 100644 --- a/installer/resources/pacbot_app/files/DB.sql +++ b/installer/resources/pacbot_app/files/DB.sql @@ -1345,7 +1345,9 @@ INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`t INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`targetType`,`assetGroup`,`alexaKeyword`,`ruleParams`,`ruleFrequency`,`ruleExecutable`,`ruleRestUrl`,`ruleType`,`ruleArn`,`status`,`userId`,`displayName`,`createdDate`,`modifiedDate`,`severity`,`category`) VALUES ('PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1_Ec2PublicAccessPortWithS5Vulnerability_ec2','aws_ec2_pub_vuln_s5_rule','PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1','Ec2PublicAccessPortWithS5Vuln','ec2','aws','Ec2PublicAccessPortWithS5Vuln','{"params":[{"encrypt":false,"value":"check-for-ec2-public-access-port-with-s5-vulnerabilities","key":"ruleKey"},{"encrypt":false,"value":"S5","key":"severityVulnValue"},{"encrypt":false,"value":"PacMan_EC2WithPublicIPAccess_version-1_Ec2WithPublicAccess_ec2","key":"ec2PortRuleId"},{"key":"esEc2WithVulnInfoForS5Url","value":"/aws_ec2/vulninfo/_search","isValueNew":true,"encrypt":false},{"key":"esEc2PubAccessPortUrl","value":"/aws/issue_ec2/_search","isValueNew":true,"encrypt":false},{"key":"esAppElbWithInstanceUrl","value":"/aws_appelb/appelb_instances/_search","isValueNew":true,"encrypt":false},{"key":"esClassicElbWithInstanceUrl","value":"/aws_classicelb/classicelb_instances/_search","isValueNew":true,"encrypt":false},{"key":"esAppElbPubAccessPortUrl","value":"/aws_appelb/issue_appelb/_search","isValueNew":true,"encrypt":false},{"key":"esClassicElbPubAccessPortUrl","value":"/aws_classicelb/issue_classicelb/_search","isValueNew":true,"encrypt":false},{"key":"appElbPortRuleId","value":"PacMan_ElbWithPublicAccess_version-1_ApplicationElbWithPublicAccess_appelb","isValueNew":true,"encrypt":false},{"key":"classicElbPortRuleId","value":"PacMan_ElbWithPublicAccess_version-1_ClassicElbWithPublicAccess_classicelb","isValueNew":true,"encrypt":false},{"encrypt":false,"value":"critical","key":"severity"},{"encrypt":false,"value":"security","key":"ruleCategory"}],"environmentVariables":[],"ruleId":"PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1_Ec2PublicAccessPortWithS5Vulnerability_ec2","autofix":false,"alexaKeyword":"Ec2PublicAccessPortWithS5Vulnerability","ruleRestUrl":"","targetType":"ec2","pac_ds":"aws","policyId":"PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1","assetGroup":"aws","ruleUUID":"aws_ec2_pub_vuln_s5_rule","ruleType":"ManageRule"}','0 0 ? * MON *','','','Manage Rule',concat('arn:aws:events:',@region,':',@account,':rule/aws_ec2_pub_vuln_s5_rule'),'ENABLED','ASGC','An Ec2 instance with remotely exploitable vulnerability (S5) should not be open to internet','2019-08-05','2019-08-05','high','governance'); INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`targetType`,`assetGroup`,`alexaKeyword`,`ruleParams`,`ruleFrequency`,`ruleExecutable`,`ruleRestUrl`,`ruleType`,`ruleArn`,`status`,`userId`,`displayName`,`createdDate`,`modifiedDate`,`severity`,`category`) VALUES ('PacMan_Ec2InstanceScannedByQualys_version-1_Ec2-instance-scanned-by-qualys-API_ec2','aws_ec2_qualys_scanned_rule','PacMan_Ec2InstanceScannedByQualys_version-1','Ec2InstanceScannedByQualysAPI','ec2','aws','Ec2InstanceScannedByQualysAPI','{"params":[{"encrypt":false,"value":"30","key":"target"},{"key":"esQualysUrl","value":"/aws_ec2/qualysinfo/_search","isValueNew":true,"encrypt":false},{"key":"discoveredDaysRange","value":"7","isValueNew":true,"encrypt":false},{"key":"ruleKey","value":"check-for-resource-scanned-by-qualys","isValueNew":true,"encrypt":false},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"security","key":"ruleCategory"}],"environmentVariables":[],"ruleId":"PacMan_Ec2InstanceScannedByQualys_version-1_Ec2-instance-scanned-by-qualys-API_ec2","autofix":false,"alexaKeyword":"Ec2InstanceScannedByQualysAPI","ruleRestUrl":"","targetType":"ec2","pac_ds":"aws","policyId":"PacMan_Ec2InstanceScannedByQualys_version-1","assetGroup":"aws","ruleUUID":"aws_ec2_qualys_scanned_rule","ruleType":"ManageRule"}','0 0 ? * MON *','','','Manage Rule',concat('arn:aws:events:',@region,':',@account,':rule/aws_ec2_qualys_scanned_rule'),'ENABLED','ASGC','Every EC2 instance should be scanned by Qualys vulnerability assessment tool atleast once a month','2019-09-18','2019-09-18','high','security'); - +INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine','azure_virtualmachine_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','VirtualmachineTaggingRule','virtualmachine','azure','VirtualmachineTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine","autofix":false,"alexaKeyword":"VirtualmachineTaggingRule","ruleRestUrl":"","targetType":"virtualmachine","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_virtualmachine_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_virtualmachine_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Virtualmachine should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null); +INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver','azure_sqlserver_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','SqlserverTaggingRule','sqlserver','azure','SqlserverTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver","autofix":false,"alexaKeyword":"SqlserverTaggingRule","ruleRestUrl":"","targetType":"sqlserver","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_sqlserver_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_sqlserver_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Sqlserver should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null); +INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase','azure_sqldatabase_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','SqldatabaseTaggingRule','sqldatabase','azure','SqldatabaseTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase","autofix":false,"alexaKeyword":"SqldatabaseTaggingRule","ruleRestUrl":"","targetType":"sqldatabase","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_sqldatabase_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_sqldatabase_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Sqldatabase should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null); /* Omni Seach Configuration */ @@ -2523,6 +2525,7 @@ UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability application resource details both' WHERE `cfkey` = 'vulnerability.application.resourcedetailsboth'; UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability severity summary' WHERE `cfkey` = 'vulnerability.summary.severity'; UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability types' WHERE `cfkey` = 'vulnerability.types'; +UPDATE `cf_Policy` SET policyDesc = 'All cloud assets should be tagged with following mandatory tags. Application, Environment, Role and Stack. Assets without these mandatory tags will be marked as non-complaint. Below is an example for the tag value pairs.\n\nTag name: Application\nExample value: Rebellion\n\nNotes\nThis value for the application tag should be the approved application name give for the project during the cloud on-boarding process. Unknown applications will be marked for review and possible termination.\n\nTag name: Environment\nExample value: Production or Non Production or Non Production::qat1 or Non Production::dit1 (Refer Naming guide)\n\nNotes\nThe value for environment should distinguish the asset as a Production or Non Production class. You can further qualify Non Production assets using the :: separator. Look at the examples 3 and 4.\n\nTag name: Stack\nExample Value: Apache Httpd\n\nTag name: Role\nExample value: Webserver\n\n \nEach asset should at least have these 4 mandatory tags. You can have additional tags as well' WHERE policyId = 'PacMan_TaggingRule_version-1'; DELETE FROM `pac_config_properties` WHERE cfkey='features.vulnerability.enabled'; INSERT IGNORE INTO pac_config_properties(`cfkey`,`value`,`application`,`profile`,`label`,`createdBy`,`createdDate`,`modifiedBy`,`modifiedDate`) VALUES ('features.vulnerability.enabled',concat(@VULNERABILITY_FEATURE_ENABLED,''),'api','prd','latest',NULL,NULL,NULL,NULL);