PyPI - prowler-cloud - Versions diffs - 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl - Mend

prowler-cloud 5.14.1py3-none-any.whl → 5.15.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (326) hide show

prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.py ADDED Viewed

@@ -0,0 +1,72 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
+class sls_rds_instance_configuration_changes_alert_enabled(Check):
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        found = False
+        for alert in sls_client.alerts:
+            query_list = alert.configuration.get("queryList", [])
+            if not query_list:
+                continue
+            for query_obj in query_list:
+                query = query_obj.get("query", "")
+                if "rds" in query and (
+                    "ModifyHASwitchConfig" in query
+                    or "ModifyDBInstanceHAConfig" in query
+                    or "SwitchDBInstanceHA" in query
+                    or "ModifyDBInstanceSpec" in query
+                    or "MigrateSecurityIPMode" in query
+                    or "ModifySecurityIps" in query
+                    or "ModifyDBInstanceSSL" in query
+                    or "MigrateToOtherZone" in query
+                    or "UpgradeDBInstanceKernelVersion" in query
+                    or "UpgradeDBInstanceEngineVersion" in query
+                    or "ModifyDBInstanceMaintainTime" in query
+                    or "ModifyDBInstanceAutoUpgradeMinorVersion" in query
+                    or "AllocateInstancePublicConnection" in query
+                    or "ModifyDBInstanceConnectionString" in query
+                    or "ModifyDBInstanceNetworkExpireTime" in query
+                    or "ReleaseInstancePublicConnection" in query
+                    or "SwitchDBInstanceNetType" in query
+                    or "ModifyDBInstanceNetworkType" in query
+                    or "ModifyDTCSecurityIpHostsForSQLServer" in query
+                    or "ModifySecurityGroupConfiguration" in query
+                    or "CreateBackup" in query
+                    or "ModifyBackupPolicy" in query
+                    or "DeleteBackup" in query
+                    or "CreateDdrInstance" in query
+                    or "ModifyInstanceCrossBackupPolicy" in query
+                ):
+                    found = True
+                    report = CheckReportAlibabaCloud(
+                        metadata=self.metadata(), resource=alert
+                    )
+                    report.status = "PASS"
+                    report.status_extended = f"SLS Alert {alert.name} is configured for RDS instance configuration changes."
+                    report.resource_id = alert.name
+                    report.resource_arn = alert.arn
+                    report.region = alert.region
+                    findings.append(report)
+                    break
+            if found:
+                break
+        if not found:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=sls_client.provider.identity
+            )
+            report.status = "FAIL"
+            report.status_extended = (
+                "No SLS Alert configured for RDS instance configuration changes."
+            )
+            report.resource_id = sls_client.audited_account
+            report.resource_arn = sls_client.provider.identity.identity_arn
+            report.region = sls_client.region
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "sls_root_account_usage_alert_enabled",
+  "CheckTitle": "A log monitoring and alerts are set up for usage of root account",
+  "CheckType": [
+    "Unusual logon",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "sls",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:log:region:account-id:project/project-name/alert/alert-name",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudSLSAlert",
+  "Description": "Real-time monitoring of API calls can be achieved by directing **ActionTrail Logs** to Log Service and establishing corresponding query and alarms.\n\nIt is recommended that a query and alarm be established for **root account login** attempts.",
+  "Risk": "Monitoring for **root account logins** will provide visibility into the use of a fully privileged account and an opportunity to reduce its use.\n\nRoot account usage should be minimized and closely monitored.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/en/doc-detail/91784.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SLS/root-account-login-frequent-alert.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **SLS Console**\n2. Ensure **ActionTrail** is enabled\n3. Select **Alerts**\n4. Ensure alert rule has been enabled for root account usage",
+      "Url": "https://hub.prowler.com/check/sls_root_account_usage_alert_enabled"
+    }
+  },
+  "Categories": [
+    "logging"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.py ADDED Viewed

@@ -0,0 +1,50 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
+class sls_root_account_usage_alert_enabled(Check):
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        found = False
+        for alert in sls_client.alerts:
+            query_list = alert.configuration.get("queryList", [])
+            if not query_list:
+                continue
+            for query_obj in query_list:
+                query = query_obj.get("query", "")
+                if (
+                    "ConsoleSignin" in query
+                    and "event.userIdentity.type" in query
+                    and "root-account" in query
+                ):
+                    found = True
+                    report = CheckReportAlibabaCloud(
+                        metadata=self.metadata(), resource=alert
+                    )
+                    report.status = "PASS"
+                    report.status_extended = (
+                        f"SLS Alert {alert.name} is configured for root account usage."
+                    )
+                    report.resource_id = alert.name
+                    report.resource_arn = alert.arn
+                    report.region = alert.region
+                    findings.append(report)
+                    break
+            if found:
+                break
+        if not found:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=sls_client.provider.identity
+            )
+            report.status = "FAIL"
+            report.status_extended = "No SLS Alert configured for root account usage."
+            report.resource_id = sls_client.audited_account
+            report.resource_arn = sls_client.provider.identity.identity_arn
+            report.region = sls_client.region
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "sls_security_group_changes_alert_enabled",
+  "CheckTitle": "A log monitoring and alerts are set up for security group changes",
+  "CheckType": [
+    "Suspicious network connection",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "sls",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:log:region:account-id:project/project-name/alert/alert-name",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudSLSAlert",
+  "Description": "Real-time monitoring of API calls can be achieved by directing **ActionTrail Logs** to Log Service and establishing corresponding query and alarms.\n\n**Security Groups** are a stateful packet filter that controls ingress and egress traffic within a VPC. It is recommended that a query and alarm be established for changes to Security Groups.",
+  "Risk": "Monitoring changes to **security groups** will help ensure that resources and services are not unintentionally exposed.\n\nUnauthorized security group modifications could lead to **network exposure** and **unauthorized access**.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/en/doc-detail/91784.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SLS/security-group-config-changes-alert.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **SLS Console**\n2. Ensure **ActionTrail** is enabled\n3. Select **Alerts**\n4. Ensure alert rule has been enabled for security group changes",
+      "Url": "https://hub.prowler.com/check/sls_security_group_changes_alert_enabled"
+    }
+  },
+  "Categories": [
+    "logging"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.py ADDED Viewed

@@ -0,0 +1,56 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
+class sls_security_group_changes_alert_enabled(Check):
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        found = False
+        for alert in sls_client.alerts:
+            query_list = alert.configuration.get("queryList", [])
+            if not query_list:
+                continue
+            for query_obj in query_list:
+                query = query_obj.get("query", "")
+                if (
+                    "CreateSecurityGroup" in query
+                    or "AuthorizeSecurityGroup" in query
+                    or "AuthorizeSecurityGroupEgress" in query
+                    or "RevokeSecurityGroup" in query
+                    or "RevokeSecurityGroupEgress" in query
+                    or "JoinSecurityGroup" in query
+                    or "LeaveSecurityGroup" in query
+                    or "DeleteSecurityGroup" in query
+                    or "ModifySecurityGroupPolicy" in query
+                ):
+                    found = True
+                    report = CheckReportAlibabaCloud(
+                        metadata=self.metadata(), resource=alert
+                    )
+                    report.status = "PASS"
+                    report.status_extended = f"SLS Alert {alert.name} is configured for security group changes."
+                    report.resource_id = alert.name
+                    report.resource_arn = alert.arn
+                    report.region = alert.region
+                    findings.append(report)
+                    break
+            if found:
+                break
+        if not found:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=sls_client.provider.identity
+            )
+            report.status = "FAIL"
+            report.status_extended = (
+                "No SLS Alert configured for security group changes."
+            )
+            report.resource_id = sls_client.audited_account
+            report.resource_arn = sls_client.provider.identity.identity_arn
+            report.region = sls_client.region
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/sls/sls_service.py ADDED Viewed

@@ -0,0 +1,137 @@
+from alibabacloud_sls20201230 import models as sls_models
+from pydantic.v1 import BaseModel
+from prowler.lib.logger import logger
+from prowler.providers.alibabacloud.lib.service.service import AlibabaCloudService
+class Alert(BaseModel):
+    name: str
+    display_name: str
+    state: str
+    schedule: dict
+    configuration: dict
+    project: str
+    region: str
+    arn: str = ""
+class LogStore(BaseModel):
+    name: str
+    project: str
+    retention_forever: bool
+    retention_days: int
+    region: str
+    arn: str = ""
+class Sls(AlibabaCloudService):
+    def __init__(self, provider):
+        super().__init__("sls", provider)
+        self.alerts = []
+        self.log_stores = []
+        self._get_alerts()
+        self._get_log_stores()
+    def _get_alerts(self):
+        for region in self.regional_clients:
+            client = self.regional_clients[region]
+            try:
+                # List Projects
+                list_project_request = sls_models.ListProjectRequest(offset=0, size=500)
+                projects_resp = client.list_project(list_project_request)
+                if projects_resp.body and projects_resp.body.projects:
+                    for project in projects_resp.body.projects:
+                        project_name = project.project_name
+                        # List Alerts for each project
+                        list_alert_request = sls_models.ListAlertsRequest(
+                            offset=0, size=500
+                        )
+                        try:
+                            alerts_resp = client.list_alerts(
+                                project_name, list_alert_request
+                            )
+                            if alerts_resp.body and alerts_resp.body.results:
+                                for alert in alerts_resp.body.results:
+                                    self.alerts.append(
+                                        Alert(
+                                            name=alert.name,
+                                            display_name=alert.display_name,
+                                            state=alert.state,
+                                            schedule=(
+                                                alert.schedule.to_map()
+                                                if alert.schedule
+                                                else {}
+                                            ),
+                                            configuration=(
+                                                alert.configuration.to_map()
+                                                if alert.configuration
+                                                else {}
+                                            ),
+                                            project=project_name,
+                                            region=region,
+                                            arn=f"acs:log:{region}:{self.audited_account}:project/{project_name}/alert/{alert.name}",
+                                        )
+                                    )
+                        except Exception as e:
+                            logger.error(
+                                f"{region} -- {e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}"
+                            )
+            except Exception as error:
+                logger.error(
+                    f"{region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
+    def _get_log_stores(self):
+        for region in self.regional_clients:
+            client = self.regional_clients[region]
+            try:
+                # List Projects
+                list_project_request = sls_models.ListProjectRequest(offset=0, size=500)
+                projects_resp = client.list_project(list_project_request)
+                if projects_resp.body and projects_resp.body.projects:
+                    for project in projects_resp.body.projects:
+                        project_name = project.project_name
+                        # List LogStores for each project
+                        list_logstores_request = sls_models.ListLogStoresRequest(
+                            offset=0, size=500
+                        )
+                        try:
+                            logstores_resp = client.list_log_stores(
+                                project_name, list_logstores_request
+                            )
+                            if logstores_resp.body and logstores_resp.body.logstores:
+                                for logstore_name in logstores_resp.body.logstores:
+                                    try:
+                                        logstore_resp = client.get_log_store(
+                                            project_name, logstore_name
+                                        )
+                                        if logstore_resp.body:
+                                            self.log_stores.append(
+                                                LogStore(
+                                                    name=logstore_name,
+                                                    project=project_name,
+                                                    retention_forever=False,
+                                                    retention_days=logstore_resp.body.ttl,
+                                                    region=region,
+                                                    arn=f"acs:log:{region}:{self.audited_account}:project/{project_name}/logstore/{logstore_name}",
+                                                )
+                                            )
+                                    except Exception as e:
+                                        logger.error(
+                                            f"{region} -- {e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}"
+                                        )
+                        except Exception as e:
+                            logger.error(
+                                f"{region} -- {e.__class__.__name__}[{e.__traceback__.tb_lineno}]: {e}"
+                            )
+            except Exception as error:
+                logger.error(
+                    f"{region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )

prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "sls_unauthorized_api_calls_alert_enabled",
+  "CheckTitle": "A log monitoring and alerts are set up for unauthorized API calls",
+  "CheckType": [
+    "Unusual logon",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "sls",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:log:region:account-id:project/project-name/alert/alert-name",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudSLSAlert",
+  "Description": "Real-time monitoring of API calls can be achieved by directing **ActionTrail Logs** to Log Service and establishing corresponding query and alarms.\n\nIt is recommended that a query and alarm be established for **unauthorized API calls**.",
+  "Risk": "Monitoring **unauthorized API calls** will help reveal application errors and may reduce time to detect **malicious activity**.\n\nThis is essential for early detection of potential security breaches.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/en/doc-detail/91784.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SLS/unauthorized-api-calls-alert.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **SLS Console**\n2. Ensure **ActionTrail** is enabled\n3. Select **Alerts**\n4. Ensure alert rule has been enabled for unauthorized API calls",
+      "Url": "https://hub.prowler.com/check/sls_unauthorized_api_calls_alert_enabled"
+    }
+  },
+  "Categories": [
+    "logging"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.py ADDED Viewed

@@ -0,0 +1,56 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
+class sls_unauthorized_api_calls_alert_enabled(Check):
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        found = False
+        for alert in sls_client.alerts:
+            query_list = alert.configuration.get("queryList", [])
+            if not query_list:
+                continue
+            for query_obj in query_list:
+                query = query_obj.get("query", "")
+                if "ApiCall" in query and (
+                    "NoPermission" in query
+                    or "Forbidden" in query
+                    or "Forbbiden" in query
+                    or "InvalidAccessKeyId" in query
+                    or "InvalidSecurityToken" in query
+                    or "SignatureDoesNotMatch" in query
+                    or "InvalidAuthorization" in query
+                    or "AccessForbidden" in query
+                    or "NotAuthorized" in query
+                ):
+                    found = True
+                    report = CheckReportAlibabaCloud(
+                        metadata=self.metadata(), resource=alert
+                    )
+                    report.status = "PASS"
+                    report.status_extended = f"SLS Alert {alert.name} is configured for unauthorized API calls."
+                    report.resource_id = alert.name
+                    report.resource_arn = alert.arn
+                    report.region = alert.region
+                    findings.append(report)
+                    break
+            if found:
+                break
+        if not found:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=sls_client.provider.identity
+            )
+            report.status = "FAIL"
+            report.status_extended = (
+                "No SLS Alert configured for unauthorized API calls."
+            )
+            report.resource_id = sls_client.audited_account
+            report.resource_arn = sls_client.provider.identity.identity_arn
+            report.region = sls_client.region
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "sls_vpc_changes_alert_enabled",
+  "CheckTitle": "Log monitoring and alerts are set up for VPC changes",
+  "CheckType": [
+    "Suspicious network connection",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "sls",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:log:region:account-id:project/project-name/alert/alert-name",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudSLSAlert",
+  "Description": "It is recommended that a **log search/analysis query and alarm** be established for **VPC changes**.",
+  "Risk": "Monitoring changes to **VPC** will help ensure VPC traffic flow is not getting impacted.\n\nUnauthorized VPC modifications could disrupt network connectivity or create security vulnerabilities.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/en/doc-detail/91784.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SLS/vpc-config-changes-alert.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **SLS Console**\n2. Ensure **ActionTrail** is enabled\n3. Select **Alerts**\n4. Ensure alert rule has been enabled for VPC changes",
+      "Url": "https://hub.prowler.com/check/sls_vpc_changes_alert_enabled"
+    }
+  },
+  "Categories": [
+    "logging"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.py ADDED Viewed

@@ -0,0 +1,57 @@
+from prowler.lib.check.models import Check, CheckReportAlibabaCloud
+from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
+class sls_vpc_changes_alert_enabled(Check):
+    def execute(self) -> list[CheckReportAlibabaCloud]:
+        findings = []
+        found = False
+        for alert in sls_client.alerts:
+            query_list = alert.configuration.get("queryList", [])
+            if not query_list:
+                continue
+            for query_obj in query_list:
+                query = query_obj.get("query", "")
+                if ("Ecs" in query or "Vpc" in query) and (
+                    "CreateVpc" in query
+                    or "DeleteVpc" in query
+                    or "DisableVpcClassicLink" in query
+                    or "EnableVpcClassicLink" in query
+                    or "DeletionProtection" in query
+                    or "AssociateVpcCidrBlock" in query
+                    or "UnassociateVpcCidrBlock" in query
+                    or "RevokeInstanceFromCen" in query
+                    or "CreateVSwitch" in query
+                    or "DeleteVSwitch" in query
+                ):
+                    found = True
+                    report = CheckReportAlibabaCloud(
+                        metadata=self.metadata(), resource=alert
+                    )
+                    report.status = "PASS"
+                    report.status_extended = (
+                        f"SLS Alert {alert.name} is configured for VPC changes."
+                    )
+                    report.resource_id = alert.name
+                    report.resource_arn = alert.arn
+                    report.region = alert.region
+                    findings.append(report)
+                    break
+            if found:
+                break
+        if not found:
+            report = CheckReportAlibabaCloud(
+                metadata=self.metadata(), resource=sls_client.provider.identity
+            )
+            report.status = "FAIL"
+            report.status_extended = "No SLS Alert configured for VPC changes."
+            report.resource_id = sls_client.audited_account
+            report.resource_arn = sls_client.provider.identity.identity_arn
+            report.region = sls_client.region
+            findings.append(report)
+        return findings

prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/__init__.py ADDED Viewed

File without changes

prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.metadata.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "Provider": "alibabacloud",
+  "CheckID": "sls_vpc_network_route_changes_alert_enabled",
+  "CheckTitle": "Log monitoring and alerts are set up for VPC network route changes",
+  "CheckType": [
+    "Suspicious network connection",
+    "Cloud threat detection"
+  ],
+  "ServiceName": "sls",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "acs:log:region:account-id:project/project-name/alert/alert-name",
+  "Severity": "medium",
+  "ResourceType": "AlibabaCloudSLSAlert",
+  "Description": "It is recommended that a **metric filter and alarm** be established for **VPC network route** changes.",
+  "Risk": "Monitoring changes to **route tables** will help ensure that all VPC traffic flows through an expected path.\n\nUnauthorized route changes could redirect traffic through malicious intermediaries.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://www.alibabacloud.com/help/en/doc-detail/91784.htm",
+    "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SLS/vpc-network-route-changes-alert.html"
+  ],
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "1. Log on to the **SLS Console**\n2. Ensure **ActionTrail** is enabled\n3. Select **Alerts**\n4. Ensure alert rule has been enabled for VPC network route changes",
+      "Url": "https://hub.prowler.com/check/sls_vpc_network_route_changes_alert_enabled"
+    }
+  },
+  "Categories": [
+    "logging"
+  ],
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler-cloud 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl

prowler-cloud 5.14.1py3-none-any.whl → 5.15.0py3-none-any.whl