Skip to content

Commit

Permalink
[aws] update docs runbook rules (#197)
Browse files Browse the repository at this point in the history
  • Loading branch information
jacknagz authored Feb 18, 2021
1 parent f796d6a commit 5682402
Show file tree
Hide file tree
Showing 86 changed files with 87 additions and 88 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@ Reports:
- 8.2.3
Severity: High
Description: >
This policy validates that the account password policy enforces the recommended
password complexity requirements.
This policy validates that the account password policy enforces the recommended password complexity requirements.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-enforces-complexity-guidelines
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-enforces-complexity-guidelines
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Tests:
-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Description: >
This policy validates that the account password policy enforces a maximum password age of 90
days or less.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-enforces-password-age-limit-of-90-days-or-less
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-enforces-password-age-limit-of-90-days-or-less
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Tests:
-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Description: >
This policy validates that the account password policy prevents users from re-using previous
passwords, and prevents password reuse for 24 or more prior passwords.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-prevents-password-reuse
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-prevents-password-reuse
Reference: >
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Tests:
Expand Down
2 changes: 1 addition & 1 deletion aws_account_policies/aws_resource_minimum_tags.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Severity: Low
Description: >
This policy ensures that applicable resources have a minimum number of tags set.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-resource-has-minimum-number-of-tags
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-resource-has-minimum-number-of-tags
Reference: https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_account_policies/aws_resource_required_tags.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Severity: Low
Description: >
This policy ensures that AWS resources have specific tags, dependent on their resource type.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-resource-has-required-tags
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-resource-has-required-tags
Reference: https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_acm_policies/aws_acm_certificate_expiration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Medium
Description: >
When a certificate is 60 days away from expiration, ACM automatically attempts to renew it every hour.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-acm-certificate-is-not-expired
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-acm-certificate-is-not-expired
Reference: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_policies/aws_cloudtrail_cloudwatch_logs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Description: >
CloudTrail supports sending data and management events to CloudWatch Logs. This setup can be
used for real-time processing of all CloudTrail data events.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-trails-integrated-with-cloudwatch-logs
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-trails-integrated-with-cloudwatch-logs
Reference: >
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
Tests:
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_policies/aws_cloudtrail_enabled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Description: >
This policy ensures that CloudTrail is enabled in all regions and at least one of them has
management (control plane) operations logged.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-enabled-in-all-regions
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-enabled-in-all-regions
Reference: >
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Tests:
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_policies/aws_cloudtrail_log_encryption.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Severity: Medium
Description: >
This policy validates that CloudTrail Logs are encrypted at rest with customer managed KMS key.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-logs-encrypted-using-kms-cmk
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-logs-encrypted-using-kms-cmk
Reference: >
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
Tests:
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_policies/aws_cloudtrail_log_validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Severity: Medium
Description: >
This policy ensures that CloudTrail logs have file integrity validation enabled.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-log-validation-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-log-validation-enabled
Reference: >
https://amzn.to/2MMgE6W
Tests:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Description: >
This policy validates that the bucket receiving CloudTrail Logs is configured with
S3 Access Logging. This audits all creation, modification, or deletion to CloudTrail audit logs.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-s3-bucket-has-access-logging-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-s3-bucket-has-access-logging-enabled
Reference: >
https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
# Unit testing not supported for policies that might network calls
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Severity: High
Description: >
This policy validates that CloudTrail S3 buckets are not publicly accessible.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-logs-s3-bucket-not-publicly-accessible
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-logs-s3-bucket-not-publicly-accessible
Reference: >
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html
# Unit testing not supported for policies that might network calls
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_cloudtrail_created.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Reports:
Severity: Info
Description: >
A CloudTrail Trail was created, updated, or enabled.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-cloudtrail-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-cloudtrail-modified
Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Operations.html
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_cloudtrail_stopped.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Reports:
Severity: Medium
Description: >
A CloudTrail Trail was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-cloudtrail-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-cloudtrail-modified
Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Operations.html
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_console_login_failed.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Reports:
Severity: Low
Description: >
A console login failed.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-failed
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-failed
Reference: https://amzn.to/3aMSmTd
SummaryAttributes:
- userAgent
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_console_login_without_mfa.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Reports:
- 3.2
Severity: High
Description: An AWS console login was made without multi-factor authentication.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-without-mfa
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-without-mfa
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
SummaryAttributes:
- userAgent
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_console_root_login_failed.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Reports:
- 3.6
Severity: High
Description: A Root console login failed.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-failed
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-failed
Reference: https://amzn.to/3aMSmTd
SummaryAttributes:
- userAgent
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_ec2_gateway_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Reports:
- 3.12
Severity: Info
Description: An EC2 Network Gateway was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-gateway-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-gateway-modified
Reference: reference.link
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_ec2_network_acl_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Reports:
- 3.11
Severity: Info
Description: An EC2 Network ACL was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-network-acl-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-network-acl-modified
Reference: reference.link
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_ec2_route_table_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Reports:
- 3.13
Severity: Info
Description: An EC2 Route Table was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-route-table-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-route-table-modified
Reference: reference.link
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_ec2_security_group_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Reports:
Severity: Info
Description: >
An EC2 Security Group was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-securitygroup-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-securitygroup-modified
Reference: reference.link
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_ec2_vpc_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Reports:
- 3.14
Severity: Info
Description: An EC2 VPC was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-vpc-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-vpc-modified
Reference: reference.link
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_iam_policy_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Reports:
Severity: Info
Description: >
An IAM Policy was changed.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-iam-policy-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-iam-policy-modified
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_kms_cmk_loss.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Reports:
Severity: Info
Description: >
A KMS Customer Managed Key was disabled or scheduled for deletion. This could potentially lead to permanent loss of encrypted data.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-kms-cmk-loss
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-kms-cmk-loss
Reference: https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_s3_bucket_policy_modified.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Reports:
Severity: Info
Description: >
An S3 Bucket was modified.
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-s3-bucket-policy-modified
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-s3-bucket-policy-modified
Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_cloudtrail_rules/aws_unauthorized_api_call.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Reports:
- 3.1
Severity: Info
Description: An unauthorized AWS API call was made
Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-unauthorized-api-call
Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-unauthorized-api-call
Reference: https://amzn.to/3aOukaA
SummaryAttributes:
- eventName
Expand Down
2 changes: 1 addition & 1 deletion aws_config_policies/aws_config_global_resources.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Description: >
You can have AWS Config record supported types of global resources, such as
IAM users, groups, roles, and customer managed policies.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-config-is-enabled-for-global-resources
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-config-is-enabled-for-global-resources
Reference: https://amzn.to/2MO8xXM
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_dynamodb_policies/aws_dynamodb_autoscaling.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Description: >
traffic patterns. This enables a table to increase its provisioned read and write capacity
to handle sudden increases in traffic
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-autoscaling-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-autoscaling-enabled
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html
Tests:
-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Description: >
traffic patterns. This enables a table to increase its provisioned read and write capacity
to handle sudden increases in traffic
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-autoscaling-targets-configured
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-autoscaling-targets-configured
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_dynamodb_policies/aws_dynamodb_table_encryption.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Description: >
Table encryption provides an additional layer of data protection by securing from
unauthorized access to the underlying storage
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-encryption-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-encryption-enabled
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_ami_approved_host.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
Checks that AWS EC2 AMI's are only launched on approved dedicated hosts.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-on-approved-host
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-on-approved-host
Reference: https://aws.amazon.com/ec2/dedicated-hosts/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_ami_approved_instance_type.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures that the EC2 instance is running with an instance type approved for its AMI.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-on-approved-instance-type
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-on-approved-instance-type
Reference: https://aws.amazon.com/ec2/instance-types/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_ami_approved_tenancy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures that the EC2 instance was launched with a tenancy approved for its AMI.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-with-approved-tenancy
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-with-approved-tenancy
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_approved_ami.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: High
Description: >
This policy ensures the given EC2 instance is running an AMI from the approved list of AMI's.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-ami
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-ami
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_approved_host.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures the given EC2 Instance is running on an approved dedicated host.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-host
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-host
Reference: https://aws.amazon.com/ec2/dedicated-hosts/
Tests:
-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures that the EC2 instance is running on one of the approved instance types.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-instance-type
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-instance-type
Reference: https://aws.amazon.com/ec2/instance-types/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_approved_tenancy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures the given EC2 Instance is running with an approved tenancy option. The possible tenancy options are dedicated, host, and default.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-with-approved-tenancy
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-with-approved-tenancy
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_approved_vpc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: High
Description: >
This policy ensures that the given EC2 Instance is running in an approved VPC.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-in-approved-vpc
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-in-approved-vpc
Reference: https://aws.amazon.com/vpc/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_detailed_monitoring.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures that the AWS Instance has Detailed Monitoring Enabled
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-has-detailed-monitoring-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-has-detailed-monitoring-enabled
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_instance_ebs_optimization.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: Low
Description: >
This policy ensures EBS optimization is enabled for the given EC2 instance, if applicable.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-is-ebs-optimized
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-is-ebs-optimized
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_volume_encryption.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: High
Description: >
You can encrypt both the boot and data volumes of an EC2 instance.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-volumes-are-encrypted
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-volumes-are-encrypted
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_ec2_policies/aws_ec2_volume_snapshot_encrypted.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: High
Description: >
You can encrypt the snapshot of an EC2 volume to protect against accidental data loss
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-volume-is-encrypted
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-volume-is-encrypted
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_elb_policies/aws_application_load_balancer_web_acl.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Severity: High
Description: >
This policy validates that all application load balancers have an associated Web ACl to enforce protections against various web attacks.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-application-load-balancer-has-web-acl
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-application-load-balancer-has-web-acl
Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
Tests:
-
Expand Down
2 changes: 1 addition & 1 deletion aws_guardduty_policies/aws_guardduty_enabled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Severity: High
Description: >
GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.
Runbook: >
https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-guardduty-is-enabled
https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-guardduty-is-enabled
Reference: https://aws.amazon.com/guardduty/
Tests:
-
Expand Down
Loading

0 comments on commit 5682402

Please sign in to comment.