heimdall_tools 1.3.41 → 1.3.46

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e2861d76ab4ec09b9a409e934365fdc47935378f99ceeca94ccdf7c1931661d
-  data.tar.gz: f5bc5a6c7339da985cc825216fbb817b070dc94ae31a568955a39c822163a07a
+  metadata.gz: 24ad070383569e79ac08bbc0cae7a049a0f48cbc971d6d897ee2b5aa0989affe
+  data.tar.gz: 993a995384452cf8457b3545e3aaddae4b6f6165453f139b9c33b35e3357ed82
 SHA512:
-  metadata.gz: 53c34b8edc9cd713ee7ae481d6c27c1213ed371a800d1c0e728ae4bfe196561fc3128349547ee839521967fdc96da9478115834541faeba2a83a07cfba1de1a8
-  data.tar.gz: 2f0fb2011e3caa5a9b31fbfe44bc6069284bd35700af2fc6e20a236a2532f328db320c6bd0283930e22ac73d87929ad7dc9306ca5e315fa52c6a7f477b7b6e84
+  metadata.gz: 65e3d1c2566de4d114f75a0de1659cc895b65045718300559179d86f33d2b9dd9110ee8b106944d1ef764ca89efb5a40bd67891534c095e7b1c37dd709f9c4a9
+  data.tar.gz: 2841a54f0abca5d37f4051800f29a90a410bf9599addbfe538d603dae9f725e0c99229c6129fadaee0401cc65a8d5abbbd54ea76d9996d317c4bf1199c4a483a

data/README.md

@@ -9,13 +9,30 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **fortify_mapper** - commercial static code analysis tool
 - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
 - **burpsuite_mapper** - commercial dynamic analysis tool
-- **nessus_mapper** - commercial vulnerability scanner
+- **nessus_mapper** - commercial security scanner (supports compliance and vulnerability scans from Tenable.sc and Tenable.io)
 - **snyk_mapper** - commercial package vulnerability scanner
 - **nikto_mapper** - open-source web server scanner 
 - **jfrog_xray_mapper** - package vulnerability scanner
 - **dbprotect_mapper** - database vulnerability scanner
 - **aws_config_mapper** - assess, audit, and evaluate AWS resources
 - **netsparker_mapper** - web application security scanner
+- **sarif_mapper** - static analysis results interchange format
+- **scoutsuite_mapper** - multi-cloud security auditing tool
+
+## Want to recommend a mapper for another tool? Please use these steps:
+  1. Create an [issue](https://github.com/mitre/heimdall_tools/issues/new), and email saf@groups.mitre.org citing the issue link so we can help
+  2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
+  3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements. (see https://saf.mitre.org/#/normalize)
+  4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10:  
+    https://github.com/mitre/heimdall_tools/tree/master/lib/data  
+    https://github.com/mitre/heimdall_tools/blob/master/lib/data/cwe-nist-mapping.csv  
+    https://github.com/mitre/heimdall_tools/blob/master/lib/data/owasp-nist-mapping.csv  
+  5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
+  6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
+  7. Finally, We'll provide final peer review and support merging your pull request.
+We appreciate your contributions, but we're here to help!
+
+## How to Install Heimdall Tools:
 
 Ruby 2.4 or higher (check using "ruby -v")
 
@@ -136,7 +153,8 @@ example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_result
 
 ## nessus_mapper
 
-nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall
+nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall.
+Supports compliance and vulnerability scans from Tenable.sc and Tenable.io.
 
 Note: A separate HDF JSON file is generated for each host reported in the Nessus Report.
 
@@ -185,6 +203,22 @@ FLAGS:
 example: heimdall_tools nikto_mapper -j nikto_results.json -o nikto_results.json
 ```
 
+## scoutsuite_mapper
+
+scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall
+
+Note: Currently this mapper only supports AWS.
+
+```
+USAGE: heimdall_tools scoutsuite_mapper -i <scoutsuite-results-js> -o <hdf-scan-results-json>
+
+FLAGS:
+    -i --input -j --javascript <scoutsuite-results-js> : path to Scout Suite results Javascript file.
+    -o --output <hdf-scan-results-json>                : path to output scan-results json.
+
+example: heimdall_tools scoutsuite_mapper -i scoutsuite_results.js -o scoutsuite_hdf.json
+```
+
 ## jfrog_xray_mapper
 
 jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
@@ -252,6 +286,21 @@ FLAGS:
 example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
 ```
 
+## sarif_mapper
+
+sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
+
+```
+USAGE: heimdall_tools sarif_mapper [OPTIONS] -j <sarif-results-json> -o <hdf-scan-results.json>
+
+FLAGS:
+    -j <sarif_results_json>          : path to SARIF results JSON file.
+    -o --output_prefix <prefix>      : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools sarif_mapper -j sarif_results.json -o sarif_results_hdf.json
+```
+
 ## version  
 
 Prints out the gem version

data/lib/data/aws-config-mapping.csv

@@ -1,107 +1,107 @@
-AwsConfigRuleName,NIST-ID,Rev
-secretsmanager-scheduled-rotation-success-check,AC-2(1)|AC-2(j),4
-iam-user-group-membership-check,AC-2(1)|AC-2(j)|AC-3|AC-6,4
-iam-password-policy,AC-2(1)|AC-2(f)|AC-2(j)|IA-2|IA-5(1)(a)(d)(e)|IA-5(4),4
-access-keys-rotated,AC-2(1)|AC-2(j),4
-iam-user-unused-credentials-check,AC-2(1)|AC-2(3)|AC-2(f)|AC-3|AC-6,4
-securityhub-enabled,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|SA-10|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
-guardduty-enabled-centralized,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|RA-5|SA-10|SI-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
-cloud-trail-cloud-watch-logs-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-6(1)(3)|AU-7(1)|AU-12(a)(c)|CA-7(a)(b)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
-cloudtrail-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
-multi-region-cloudtrail-enabled,AC-2(4)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
-rds-logging-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
-cloudwatch-alarm-action-check,AC-2(4)|AU-6(1)(3)|AU-7(1)|CA-7(a)(b)|IR-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
-redshift-cluster-configuration-check,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-13|SC-28,4
-iam-root-access-key-check,AC-2(f)|AC-2(j)|AC-3|AC-6|AC-6(10),4
-s3-bucket-logging-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
-cloudtrail-s3-dataevents-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
-root-account-mfa-enabled,AC-2(j)|IA-2(1)(11),4
-emr-kerberos-enabled,AC-2(j)|AC-3|AC-5(c)|AC-6,4
-iam-group-has-users-check,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
-iam-policy-no-statements-with-admin-access,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
-iam-user-no-policies-check,AC-2(j)|AC-3|AC-5(c)|AC-6,4
-s3-bucket-public-write-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-lambda-function-public-access-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-rds-snapshots-public-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-redshift-cluster-public-access-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-s3-bucket-policy-grantee-check,AC-3|AC-6|SC-7|SC-7(3),4
-s3-bucket-public-read-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-s3-account-level-public-access-blocks,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-dms-replication-not-public,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-ebs-snapshot-public-restorable-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-sagemaker-notebook-no-direct-internet-access,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-rds-instance-public-access-check,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-lambda-inside-vpc,AC-4|SC-7|SC-7(3),4
-ec2-instances-in-vpc,AC-4|SC-7|SC-7(3),4
-restricted-common-ports,AC-4|CM-2|SC-7|SC-7(3),4
-restricted-ssh,AC-4|SC-7|SC-7(3),4
-vpc-default-security-group-closed,AC-4|SC-7|SC-7(3),4
-vpc-sg-open-only-to-authorized-ports,AC-4|SC-7|SC-7(3),4
-acm-certificate-expiration-check,AC-4|AC-17(2)|SC-12,4
-ec2-instance-no-public-ip,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
-elasticsearch-in-vpc-only,AC-4|SC-7|SC-7(3),4
-emr-master-no-public-ip,AC-4|AC-21(b)|SC-7|SC-7(3),4
-internet-gateway-authorized-vpc-only,AC-4|AC-17(3)|SC-7|SC-7(3),4
-codebuild-project-envvar-awscred-check,AC-6|IA-5(7)|SA-3(a),4
-ec2-imdsv2-check,AC-6,4
-iam-no-inline-policy-check,AC-6,4
-alb-http-to-https-redirection-check,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13|SC-23,4
-redshift-require-tls-ssl,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
-s3-bucket-ssl-requests-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
-elb-acm-certificate-required,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
-alb-http-drop-invalid-header-enabled,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
-elb-tls-https-listeners-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
-api-gw-execution-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
-elb-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
-vpc-flow-logs-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
-wafv2-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-7|SI-4(a)(b)(c),4
-cloud-trail-encryption-enabled,AU-9|SC-13|SC-28,4
-cloudwatch-log-group-encrypted,AU-9|SC-13|SC-28,4
-s3-bucket-replication-enabled,AU-9(2)|CP-9(b)|CP-10|SC-5|SC-36,4
-cw-loggroup-retention-period-check,AU-11|SI-12,4
-ec2-instance-detailed-monitoring-enabled,CA-7(a)(b)|SI-4(2)|SI-4(a)(b)(c),4
-rds-enhanced-monitoring-enabled,CA-7(a)(b),4
-ec2-instance-managed-by-systems-manager,CM-2|CM-7(a)|CM-8(1)|CM-8(3)(a)|SA-3(a)|SA-10|SI-2(2)|SI-7(1),4
-ec2-managedinstance-association-compliance-status-check,CM-2|CM-7(a)|CM-8(3)(a)|SI-2(2),4
-ec2-stopped-instance,CM-2,4
-ec2-volume-inuse-check,CM-2|SC-4,4
-elb-deletion-protection-enabled,CM-2|CP-10,4
-cloudtrail-security-trail-enabled,CM-2,4
-ec2-managedinstance-patch-compliance-status-check,CM-8(3)(a)|SI-2(2)|SI-7(1),4
-db-instance-backup-enabled,CP-9(b)|CP-10|SI-12,4
-dynamodb-pitr-enabled,CP-9(b)|CP-10|SI-12,4
-elasticache-redis-cluster-automatic-backup-check,CP-9(b)|CP-10|SI-12,4
-dynamodb-in-backup-plan,CP-9(b)|CP-10|SI-12,4
-ebs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
-efs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
-rds-in-backup-plan,CP-9(b)|CP-10|SI-12,4
-dynamodb-autoscaling-enabled,CP-10|SC-5,4
-rds-multi-az-support,CP-10|SC-5|SC-36,4
-s3-bucket-versioning-enabled,CP-10|SI-12,4
-vpc-vpn-2-tunnels-up,CP-10,4
-elb-cross-zone-load-balancing-enabled,CP-10|SC-5,4
-root-account-hardware-mfa-enabled,IA-2(1)(11),4
-mfa-enabled-for-iam-console-access,IA-2(1)(2)(11),4
-iam-user-mfa-enabled,IA-2(1)(2)(11),4
-guardduty-non-archived-findings,IR-4(1)|IR-6(1)|IR-7(1)|RA-5|SA-10|SI-4(a)(b)(c),4
-codebuild-project-source-repo-url-check,SA-3(a),4
-autoscaling-group-elb-healthcheck-required,SC-5,4
-rds-instance-deletion-protection-enabled,SC-5,4
-alb-waf-enabled,SC-7|SI-4(a)(b)(c),4
-elasticsearch-node-to-node-encryption-check,SC-7|SC-8|SC-8(1),4
-cmk-backing-key-rotation-enabled,SC-12,4
-kms-cmk-not-scheduled-for-deletion,SC-12|SC-28,4
-api-gw-cache-enabled-and-encrypted,SC-13|SC-28,4
-efs-encrypted-check,SC-13|SC-28,4
-elasticsearch-encrypted-at-rest,SC-13|SC-28,4
-encrypted-volumes,SC-13|SC-28,4
-rds-storage-encrypted,SC-13|SC-28,4
-s3-bucket-server-side-encryption-enabled,SC-13|SC-28,4
-sagemaker-endpoint-configuration-kms-key-configured,SC-13|SC-28,4
-sagemaker-notebook-instance-kms-key-configured,SC-13|SC-28,4
-sns-encrypted-kms,SC-13|SC-28,4
-dynamodb-table-encrypted-kms,SC-13,4
-s3-bucket-default-lock-enabled,SC-28,4
-ec2-ebs-encryption-by-default,SC-28,4
-rds-snapshot-encrypted,SC-28,4
-cloud-trail-log-file-validation-enabled,SI-7|SI-7(1),4
+AwsConfigRuleSourceIdentifier,AwsConfigRuleName,NIST-ID,Rev
+SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK,secretsmanager-scheduled-rotation-success-check,AC-2(1)|AC-2(j),4
+IAM_USER_GROUP_MEMBERSHIP_CHECK,iam-user-group-membership-check,AC-2(1)|AC-2(j)|AC-3|AC-6,4
+IAM_PASSWORD_POLICY,iam-password-policy,AC-2(1)|AC-2(f)|AC-2(j)|IA-2|IA-5(1)(a)(d)(e)|IA-5(4),4
+ACCESS_KEYS_ROTATED,access-keys-rotated,AC-2(1)|AC-2(j),4
+IAM_USER_UNUSED_CREDENTIALS_CHECK,iam-user-unused-credentials-check,AC-2(1)|AC-2(3)|AC-2(f)|AC-3|AC-6,4
+SECURITYHUB_ENABLED,securityhub-enabled,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|SA-10|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
+GUARDDUTY_ENABLED_CENTRALIZED,guardduty-enabled-centralized,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|RA-5|SA-10|SI-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
+CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED,cloud-trail-cloud-watch-logs-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-6(1)(3)|AU-7(1)|AU-12(a)(c)|CA-7(a)(b)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
+CLOUD_TRAIL_ENABLED,cloudtrail-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
+MULTI_REGION_CLOUD_TRAIL_ENABLED,multi-region-cloudtrail-enabled,AC-2(4)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
+RDS_LOGGING_ENABLED,rds-logging-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
+CLOUDWATCH_ALARM_ACTION_CHECK,cloudwatch-alarm-action-check,AC-2(4)|AU-6(1)(3)|AU-7(1)|CA-7(a)(b)|IR-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
+REDSHIFT_CLUSTER_CONFIGURATION_CHECK,redshift-cluster-configuration-check,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-13|SC-28,4
+IAM_ROOT_ACCESS_KEY_CHECK,iam-root-access-key-check,AC-2(f)|AC-2(j)|AC-3|AC-6|AC-6(10),4
+S3_BUCKET_LOGGING_ENABLED,s3-bucket-logging-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
+CLOUDTRAIL_S3_DATAEVENTS_ENABLED,cloudtrail-s3-dataevents-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
+ROOT_ACCOUNT_MFA_ENABLED,root-account-mfa-enabled,AC-2(j)|IA-2(1)(11),4
+EMR_KERBEROS_ENABLED,emr-kerberos-enabled,AC-2(j)|AC-3|AC-5(c)|AC-6,4
+IAM_GROUP_HAS_USERS_CHECK,iam-group-has-users-check,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
+IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS,iam-policy-no-statements-with-admin-access,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
+IAM_USER_NO_POLICIES_CHECK,iam-user-no-policies-check,AC-2(j)|AC-3|AC-5(c)|AC-6,4
+S3_BUCKET_PUBLIC_WRITE_PROHIBITED,s3-bucket-public-write-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED,lambda-function-public-access-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+RDS_SNAPSHOTS_PUBLIC_PROHIBITED,rds-snapshots-public-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK,redshift-cluster-public-access-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+S3_BUCKET_POLICY_GRANTEE_CHECK,s3-bucket-policy-grantee-check,AC-3|AC-6|SC-7|SC-7(3),4
+S3_BUCKET_PUBLIC_READ_PROHIBITED,s3-bucket-public-read-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS,s3-account-level-public-access-blocks,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+DMS_REPLICATION_NOT_PUBLIC,dms-replication-not-public,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK,ebs-snapshot-public-restorable-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS,sagemaker-notebook-no-direct-internet-access,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+RDS_INSTANCE_PUBLIC_ACCESS_CHECK,rds-instance-public-access-check,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+LAMBDA_INSIDE_VPC,lambda-inside-vpc,AC-4|SC-7|SC-7(3),4
+INSTANCES_IN_VPC,ec2-instances-in-vpc,AC-4|SC-7|SC-7(3),4
+RESTRICTED_INCOMING_TRAFFIC,restricted-common-ports,AC-4|CM-2|SC-7|SC-7(3),4
+INCOMING_SSH_DISABLED,restricted-ssh,AC-4|SC-7|SC-7(3),4
+VPC_DEFAULT_SECURITY_GROUP_CLOSED,vpc-default-security-group-closed,AC-4|SC-7|SC-7(3),4
+VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS,vpc-sg-open-only-to-authorized-ports,AC-4|SC-7|SC-7(3),4
+ACM_CERTIFICATE_EXPIRATION_CHECK,acm-certificate-expiration-check,AC-4|AC-17(2)|SC-12,4
+EC2_INSTANCE_NO_PUBLIC_IP,ec2-instance-no-public-ip,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
+ELASTICSEARCH_IN_VPC_ONLY,elasticsearch-in-vpc-only,AC-4|SC-7|SC-7(3),4
+EMR_MASTER_NO_PUBLIC_IP,emr-master-no-public-ip,AC-4|AC-21(b)|SC-7|SC-7(3),4
+INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY,internet-gateway-authorized-vpc-only,AC-4|AC-17(3)|SC-7|SC-7(3),4
+CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK,codebuild-project-envvar-awscred-check,AC-6|IA-5(7)|SA-3(a),4
+EC2_IMDSV2_CHECK,ec2-imdsv2-check,AC-6,4
+IAM_NO_INLINE_POLICY_CHECK,iam-no-inline-policy-check,AC-6,4
+ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK,alb-http-to-https-redirection-check,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13|SC-23,4
+REDSHIFT_REQUIRE_TLS_SSL,redshift-require-tls-ssl,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
+S3_BUCKET_SSL_REQUESTS_ONLY,s3-bucket-ssl-requests-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
+ELB_ACM_CERTIFICATE_REQUIRED,elb-acm-certificate-required,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
+ALB_HTTP_DROP_INVALID_HEADER_ENABLED,alb-http-drop-invalid-header-enabled,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
+ELB_TLS_HTTPS_LISTENERS_ONLY,elb-tls-https-listeners-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
+API_GW_EXECUTION_LOGGING_ENABLED,api-gw-execution-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
+ELB_LOGGING_ENABLED,elb-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
+VPC_FLOW_LOGS_ENABLED,vpc-flow-logs-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
+WAFV2_LOGGING_ENABLED,wafv2-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-7|SI-4(a)(b)(c),4
+CLOUD_TRAIL_ENCRYPTION_ENABLED,cloud-trail-encryption-enabled,AU-9|SC-13|SC-28,4
+CLOUDWATCH_LOG_GROUP_ENCRYPTED,cloudwatch-log-group-encrypted,AU-9|SC-13|SC-28,4
+S3_BUCKET_REPLICATION_ENABLED,s3-bucket-replication-enabled,AU-9(2)|CP-9(b)|CP-10|SC-5|SC-36,4
+CW_LOGGROUP_RETENTION_PERIOD_CHECK,cw-loggroup-retention-period-check,AU-11|SI-12,4
+EC2_INSTANCE_DETAILED_MONITORING_ENABLED,ec2-instance-detailed-monitoring-enabled,CA-7(a)(b)|SI-4(2)|SI-4(a)(b)(c),4
+RDS_ENHANCED_MONITORING_ENABLED,rds-enhanced-monitoring-enabled,CA-7(a)(b),4
+EC2_INSTANCE_MANAGED_BY_SSM,ec2-instance-managed-by-systems-manager,CM-2|CM-7(a)|CM-8(1)|CM-8(3)(a)|SA-3(a)|SA-10|SI-2(2)|SI-7(1),4
+EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK,ec2-managedinstance-association-compliance-status-check,CM-2|CM-7(a)|CM-8(3)(a)|SI-2(2),4
+EC2_STOPPED_INSTANCE,ec2-stopped-instance,CM-2,4
+EC2_VOLUME_INUSE_CHECK,ec2-volume-inuse-check,CM-2|SC-4,4
+ELB_DELETION_PROTECTION_ENABLED,elb-deletion-protection-enabled,CM-2|CP-10,4
+CLOUDTRAIL_SECURITY_TRAIL_ENABLED,cloudtrail-security-trail-enabled,CM-2,4
+EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK,ec2-managedinstance-patch-compliance-status-check,CM-8(3)(a)|SI-2(2)|SI-7(1),4
+DB_INSTANCE_BACKUP_ENABLED,db-instance-backup-enabled,CP-9(b)|CP-10|SI-12,4
+DYNAMODB_PITR_ENABLED,dynamodb-pitr-enabled,CP-9(b)|CP-10|SI-12,4
+ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK,elasticache-redis-cluster-automatic-backup-check,CP-9(b)|CP-10|SI-12,4
+DYNAMODB_IN_BACKUP_PLAN,dynamodb-in-backup-plan,CP-9(b)|CP-10|SI-12,4
+EBS_IN_BACKUP_PLAN,ebs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
+EFS_IN_BACKUP_PLAN,efs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
+RDS_IN_BACKUP_PLAN,rds-in-backup-plan,CP-9(b)|CP-10|SI-12,4
+DYNAMODB_AUTOSCALING_ENABLED,dynamodb-autoscaling-enabled,CP-10|SC-5,4
+RDS_MULTI_AZ_SUPPORT,rds-multi-az-support,CP-10|SC-5|SC-36,4
+S3_BUCKET_VERSIONING_ENABLED,s3-bucket-versioning-enabled,CP-10|SI-12,4
+VPC_VPN_2_TUNNELS_UP,vpc-vpn-2-tunnels-up,CP-10,4
+ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED,elb-cross-zone-load-balancing-enabled,CP-10|SC-5,4
+ROOT_ACCOUNT_HARDWARE_MFA_ENABLED,root-account-hardware-mfa-enabled,IA-2(1)(11),4
+MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS,mfa-enabled-for-iam-console-access,IA-2(1)(2)(11),4
+IAM_USER_MFA_ENABLED,iam-user-mfa-enabled,IA-2(1)(2)(11),4
+GUARDDUTY_NON_ARCHIVED_FINDINGS,guardduty-non-archived-findings,IR-4(1)|IR-6(1)|IR-7(1)|RA-5|SA-10|SI-4(a)(b)(c),4
+CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK,codebuild-project-source-repo-url-check,SA-3(a),4
+AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED,autoscaling-group-elb-healthcheck-required,SC-5,4
+RDS_INSTANCE_DELETION_PROTECTION_ENABLED,rds-instance-deletion-protection-enabled,SC-5,4
+ALB_WAF_ENABLED,alb-waf-enabled,SC-7|SI-4(a)(b)(c),4
+ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK,elasticsearch-node-to-node-encryption-check,SC-7|SC-8|SC-8(1),4
+CMK_BACKING_KEY_ROTATION_ENABLED,cmk-backing-key-rotation-enabled,SC-12,4
+KMS_CMK_NOT_SCHEDULED_FOR_DELETION,kms-cmk-not-scheduled-for-deletion,SC-12|SC-28,4
+API_GW_CACHE_ENABLED_AND_ENCRYPTED,api-gw-cache-enabled-and-encrypted,SC-13|SC-28,4
+EFS_ENCRYPTED_CHECK,efs-encrypted-check,SC-13|SC-28,4
+ELASTICSEARCH_ENCRYPTED_AT_REST,elasticsearch-encrypted-at-rest,SC-13|SC-28,4
+ENCRYPTED_VOLUMES,encrypted-volumes,SC-13|SC-28,4
+RDS_STORAGE_ENCRYPTED,rds-storage-encrypted,SC-13|SC-28,4
+S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED,s3-bucket-server-side-encryption-enabled,SC-13|SC-28,4
+SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED,sagemaker-endpoint-configuration-kms-key-configured,SC-13|SC-28,4
+SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED,sagemaker-notebook-instance-kms-key-configured,SC-13|SC-28,4
+SNS_ENCRYPTED_KMS,sns-encrypted-kms,SC-13|SC-28,4
+DYNAMODB_TABLE_ENCRYPTED_KMS,dynamodb-table-encrypted-kms,SC-13,4
+S3_BUCKET_DEFAULT_LOCK_ENABLED,s3-bucket-default-lock-enabled,SC-28,4
+EC2_EBS_ENCRYPTION_BY_DEFAULT,ec2-ebs-encryption-by-default,SC-28,4
+RDS_SNAPSHOT_ENCRYPTED,rds-snapshot-encrypted,SC-28,4
+CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED,cloud-trail-log-file-validation-enabled,SI-7|SI-7(1),4

data/lib/data/scoutsuite-nist-mapping.csv

@@ -0,0 +1,140 @@
+rule,nistid
+acm-certificate-with-close-expiration-date,SC-12
+acm-certificate-with-transparency-logging-disabled,SC-12
+cloudformation-stack-with-role,AC-6
+cloudtrail-duplicated-global-services-logging,AU-6
+cloudtrail-no-cloudwatch-integration,AU-12|SI-4(2)
+cloudtrail-no-data-logging,AU-12
+cloudtrail-no-encryption-with-kms,AU-6
+cloudtrail-no-global-services-logging,AU-12
+cloudtrail-no-log-file-validation,AU-6
+cloudtrail-no-logging,AU-12
+cloudtrail-not-configured,AU-12
+cloudwatch-alarm-without-actions,AU-12
+config-recorder-not-configured,CM-8|CM-8(2)|CM-8(6)
+ec2-ami-public,AC-3
+ec2-default-security-group-in-use,AC-3(3)
+ec2-default-security-group-with-rules,AC-3(3)
+ec2-ebs-snapshot-not-encrypted,SC-28
+ec2-ebs-snapshot-public,AC-3
+ec2-ebs-volume-not-encrypted,SC-28
+ec2-instance-in-security-group,CM-7(1)
+ec2-instance-type,CM-2
+ec2-instance-types,CM-2
+ec2-instance-with-public-ip,AC-3
+ec2-instance-with-user-data-secrets,AC-3
+ec2-security-group-opens-all-ports,CM-7(1)
+ec2-security-group-opens-all-ports-to-all,CM-7(1)
+ec2-security-group-opens-all-ports-to-self,CM-7(1)
+ec2-security-group-opens-icmp-to-all,CM-7(1)
+ec2-security-group-opens-known-port-to-all,CM-7(1)
+ec2-security-group-opens-plaintext-port,CM-7(1)
+ec2-security-group-opens-port-range,CM-7(1)
+ec2-security-group-opens-port-to-all,CM-7(1)
+ec2-security-group-whitelists-aws,CM-7(1)
+ec2-security-group-whitelists-aws-ip-from-banned-region,CM-7(1)
+ec2-security-group-whitelists-non-elastic-ips,CM-7(1)
+ec2-security-group-whitelists-unknown-aws,CM-7(1)
+ec2-security-group-whitelists-unknown-cidrs,CM-7(1)
+ec2-unused-security-group,CM-7(1)
+elb-listener-allowing-cleartext,SC-8
+elb-no-access-logs,AU-12
+elb-older-ssl-policy,SC-8
+elbv2-http-request-smuggling,SC-8
+elbv2-listener-allowing-cleartext,SC-8
+elbv2-no-access-logs,AU-12
+elbv2-no-deletion-protection,SI-7
+elbv2-older-ssl-policy,SC-8
+iam-assume-role-lacks-external-id-and-mfa,AC-17
+iam-assume-role-no-mfa,AC-6
+iam-assume-role-policy-allows-all,AC-6
+iam-ec2-role-without-instances,AC-6
+iam-group-with-inline-policies,AC-6
+iam-group-with-no-users,AC-6
+iam-human-user-with-policies,AC-6
+iam-inline-policy-allows-non-sts-action,AC-6
+iam-inline-policy-allows-NotActions,AC-6
+iam-inline-policy-for-role,AC-6
+iam-managed-policy-allows-full-privileges,AC-6
+iam-managed-policy-allows-non-sts-action,AC-6
+iam-managed-policy-allows-NotActions,AC-6
+iam-managed-policy-for-role,AC-6
+iam-managed-policy-no-attachments,AC-6
+iam-no-support-role,IR-7
+iam-password-policy-expiration-threshold,AC-2
+iam-password-policy-minimum-length,AC-2
+iam-password-policy-no-expiration,AC-2
+iam-password-policy-no-lowercase-required,AC-2
+iam-password-policy-no-number-required,AC-2
+iam-password-policy-no-symbol-required,AC-2
+iam-password-policy-no-uppercase-required,AC-2
+iam-password-policy-reuse-enabled,IA-5(1)
+iam-role-with-inline-policies,AC-6
+iam-root-account-no-hardware-mfa,IA-2(1)
+iam-root-account-no-mfa,IA-2(1)
+iam-root-account-used-recently,AC-6(9)
+iam-root-account-with-active-certs,AC-6(9)
+iam-root-account-with-active-keys,AC-6(9)
+iam-service-user-with-password,AC-2
+iam-unused-credentials-not-disabled,AC-2
+iam-user-no-key-rotation,AC-2
+iam-user-not-in-category-group,AC-2
+iam-user-not-in-common-group,AC-2
+iam-user-unused-access-key-initial-setup,AC-2
+iam-user-with-multiple-access-keys,IA-2
+iam-user-without-mfa,IA-2(1)
+iam-user-with-password-and-key,IA-2
+iam-user-with-policies,AC-2
+kms-cmk-rotation-disabled,SC-12
+logs-no-alarm-aws-configuration-changes,CM-8|CM-8(2)|CM-8(6)
+logs-no-alarm-cloudtrail-configuration-changes,AU-6
+logs-no-alarm-cmk-deletion,AC-2
+logs-no-alarm-console-authentication-failures,AC-2
+logs-no-alarm-iam-policy-changes,AC-2
+logs-no-alarm-nacl-changes,CM-6(2)
+logs-no-alarm-network-gateways-changes,AU-12|CM-6(2)
+logs-no-alarm-root-usage,AU-2
+logs-no-alarm-route-table-changes,AU-12|CM-6(2)
+logs-no-alarm-s3-policy-changes,AC-6|AU-12
+logs-no-alarm-security-group-changes,AC-2(4)
+logs-no-alarm-signin-without-mfa,AC-2
+logs-no-alarm-unauthorized-api-calls,AU-6|SI-4(2)
+logs-no-alarm-vpc-changes,CM-6(1)
+rds-instance-backup-disabled,CP-9
+rds-instance-ca-certificate-deprecated,SC-12
+rds-instance-no-minor-upgrade,SI-2
+rds-instance-short-backup-retention-period,CP-9
+rds-instance-single-az,CP-7
+rds-instance-storage-not-encrypted,SC-28
+rds-postgres-instance-with-invalid-certificate,SC-12
+rds-security-group-allows-all,CM-7(1)
+rds-snapshot-public,SC-28
+redshift-cluster-database-not-encrypted,SC-28
+redshift-cluster-no-version-upgrade,SI-2
+redshift-cluster-publicly-accessible,AC-3
+redshift-parameter-group-logging-disabled,AU-12
+redshift-parameter-group-ssl-not-required,SC-8
+redshift-security-group-whitelists-all,CM-7(1)
+route53-domain-no-autorenew,SC-2
+route53-domain-no-transferlock,SC-2
+route53-domain-transferlock-not-authorized,SC-2
+s3-bucket-allowing-cleartext,SC-28
+s3-bucket-no-default-encryption,SC-28
+s3-bucket-no-logging,AU-2|AU-12
+s3-bucket-no-mfa-delete,SI-7
+s3-bucket-no-versioning,SI-7
+s3-bucket-world-acl,AC-3(3)
+s3-bucket-world-policy-arg,AC-3(3)
+s3-bucket-world-policy-star,AC-3(3)
+ses-identity-dkim-not-enabled,SC-23
+ses-identity-dkim-not-verified,SC-23
+ses-identity-world-policy,AC-6
+sns-topic-world-policy,AC-6
+sqs-queue-world-policy,AC-6
+vpc-custom-network-acls-allow-all,SC-7
+vpc-default-network-acls-allow-all,SC-7
+vpc-network-acl-not-used,SC-7
+vpc-routing-tables-with-peering,AC-3(3)
+vpc-subnet-with-bad-acls,SC-7
+vpc-subnet-with-default-acls,SC-7
+vpc-subnet-without-flow-log,AU-12