prowler 5.16.1__py3-none-any.whl → 5.17.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/compliance/cis_1_12_kubernetes.py +24 -0
- dashboard/compliance/cis_5_0_azure.py +25 -0
- dashboard/compliance/cis_6_0_m365.py +24 -0
- dashboard/compliance/prowler_threatscore_alibabacloud.py +28 -0
- dashboard/lib/dropdowns.py +25 -0
- dashboard/lib/layouts.py +3 -1
- dashboard/pages/compliance.py +46 -8
- dashboard/pages/overview.py +57 -0
- prowler/AGENTS.md +100 -318
- prowler/CHANGELOG.md +117 -6
- prowler/__main__.py +20 -0
- prowler/compliance/alibabacloud/prowler_threatscore_alibabacloud.json +1107 -0
- prowler/compliance/azure/cis_5.0_azure.json +3431 -0
- prowler/compliance/cloudflare/__init__.py +0 -0
- prowler/compliance/kubernetes/cis_1.12_kubernetes.json +2915 -0
- prowler/compliance/m365/cis_6.0_m365.json +3087 -0
- prowler/config/cloudflare_mutelist_example.yaml +18 -0
- prowler/config/config.py +2 -1
- prowler/config/config.yaml +12 -0
- prowler/lib/check/check.py +2 -0
- prowler/lib/check/models.py +69 -0
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/compliance/prowler_threatscore/models.py +26 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_alibaba.py +98 -0
- prowler/lib/outputs/finding.py +11 -0
- prowler/lib/outputs/html/html.py +71 -0
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +9 -0
- prowler/providers/alibabacloud/alibabacloud_provider.py +45 -23
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.metadata.json +1 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.metadata.json +1 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.metadata.json +1 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.metadata.json +1 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.metadata.json +1 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.metadata.json +1 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.metadata.json +1 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +1 -0
- prowler/providers/aws/aws_provider.py +8 -5
- prowler/providers/aws/aws_regions_by_service.json +870 -131
- prowler/providers/aws/lib/arn/arn.py +1 -1
- prowler/providers/aws/lib/security_hub/security_hub.py +4 -4
- prowler/providers/aws/models.py +2 -0
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.metadata.json +1 -0
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json +1 -0
- prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json +1 -0
- prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json +1 -0
- prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json +1 -0
- prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json +1 -0
- prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json +1 -0
- prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.metadata.json +1 -0
- prowler/providers/aws/services/acm/acm_certificates_with_secure_key_algorithms/acm_certificates_with_secure_key_algorithms.metadata.json +2 -1
- prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_cache_encrypted/apigateway_restapi_cache_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_tracing_enabled/apigateway_restapi_tracing_enabled.metadata.json +1 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +1 -0
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json +1 -0
- prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json +1 -0
- prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json +1 -0
- prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json +1 -0
- prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json +1 -0
- prowler/providers/aws/services/appsync/appsync_field_level_logging_enabled/appsync_field_level_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/appsync/appsync_graphql_api_no_api_key_authentication/appsync_graphql_api_no_api_key_authentication.metadata.json +1 -0
- prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json +1 -0
- prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json +1 -0
- prowler/providers/aws/services/athena/athena_workgroup_logging_enabled/athena_workgroup_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_capacity_rebalance_enabled/autoscaling_group_capacity_rebalance_enabled.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_elb_health_check_enabled/autoscaling_group_elb_health_check_enabled.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_instance_types/autoscaling_group_multiple_instance_types.metadata.json +1 -0
- prowler/providers/aws/services/autoscaling/autoscaling_group_using_ec2_launch_template/autoscaling_group_using_ec2_launch_template.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +1 -0
- prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json +1 -0
- prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.metadata.json +1 -0
- prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json +1 -0
- prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.metadata.json +1 -0
- prowler/providers/aws/services/bedrock/bedrock_agent_guardrail_enabled/bedrock_agent_guardrail_enabled.metadata.json +25 -13
- prowler/providers/aws/services/bedrock/bedrock_api_key_no_administrative_privileges/bedrock_api_key_no_administrative_privileges.metadata.json +22 -14
- prowler/providers/aws/services/bedrock/bedrock_api_key_no_long_term_credentials/bedrock_api_key_no_long_term_credentials.metadata.json +21 -13
- prowler/providers/aws/services/bedrock/bedrock_guardrail_prompt_attack_filter_enabled/bedrock_guardrail_prompt_attack_filter_enabled.metadata.json +26 -13
- prowler/providers/aws/services/bedrock/bedrock_guardrail_sensitive_information_filter_enabled/bedrock_guardrail_sensitive_information_filter_enabled.metadata.json +24 -11
- prowler/providers/aws/services/bedrock/bedrock_model_invocation_logging_enabled/bedrock_model_invocation_logging_enabled.metadata.json +19 -10
- prowler/providers/aws/services/bedrock/bedrock_model_invocation_logs_encryption_enabled/bedrock_model_invocation_logs_encryption_enabled.metadata.json +24 -12
- prowler/providers/aws/services/bedrock/bedrock_service.py +28 -24
- prowler/providers/aws/services/cloudformation/cloudformation_stack_cdktoolkit_bootstrap_version/cloudformation_stack_cdktoolkit_bootstrap_version.metadata.json +1 -0
- prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json +1 -0
- prowler/providers/aws/services/cloudformation/cloudformation_stacks_termination_protection_enabled/cloudformation_stacks_termination_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_field_level_encryption_enabled/cloudfront_distributions_field_level_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_geo_restrictions_enabled/cloudfront_distributions_geo_restrictions_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.metadata.json +1 -0
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_waf/cloudfront_distributions_using_waf.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.metadata.json +1 -0
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_not_publicly_accessible/cloudwatch_log_group_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +1 -0
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +1 -0
- prowler/providers/aws/services/codeartifact/codeartifact_packages_external_public_publishing_disabled/codeartifact_packages_external_public_publishing_disabled.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_logging_enabled/codebuild_project_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_no_secrets_in_variables/codebuild_project_no_secrets_in_variables.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_not_publicly_accessible/codebuild_project_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_older_90_days/codebuild_project_older_90_days.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_s3_logs_encrypted/codebuild_project_s3_logs_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_source_repo_url_no_sensitive_credentials/codebuild_project_source_repo_url_no_sensitive_credentials.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_user_controlled_buildspec/codebuild_project_user_controlled_buildspec.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_project_uses_allowed_github_organizations/codebuild_project_uses_allowed_github_organizations.metadata.json +1 -0
- prowler/providers/aws/services/codebuild/codebuild_report_group_export_encrypted/codebuild_report_group_export_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/codepipeline/codepipeline_project_repo_private/codepipeline_project_repo_private.metadata.json +1 -0
- prowler/providers/aws/services/cognito/cognito_identity_pool_guest_access_disabled/cognito_identity_pool_guest_access_disabled.metadata.json +23 -13
- prowler/providers/aws/services/cognito/cognito_user_pool_advanced_security_enabled/cognito_user_pool_advanced_security_enabled.metadata.json +25 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_blocks_compromised_credentials_sign_in_attempts/cognito_user_pool_blocks_compromised_credentials_sign_in_attempts.metadata.json +25 -13
- prowler/providers/aws/services/cognito/cognito_user_pool_blocks_potential_malicious_sign_in_attempts/cognito_user_pool_blocks_potential_malicious_sign_in_attempts.metadata.json +25 -13
- prowler/providers/aws/services/cognito/cognito_user_pool_client_prevent_user_existence_errors/cognito_user_pool_client_prevent_user_existence_errors.metadata.json +28 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_client_token_revocation_enabled/cognito_user_pool_client_token_revocation_enabled.metadata.json +25 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_deletion_protection_enabled/cognito_user_pool_deletion_protection_enabled.metadata.json +26 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_mfa_enabled/cognito_user_pool_mfa_enabled.metadata.json +24 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_password_policy_lowercase/cognito_user_pool_password_policy_lowercase.metadata.json +25 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_password_policy_minimum_length_14/cognito_user_pool_password_policy_minimum_length_14.metadata.json +25 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_password_policy_number/cognito_user_pool_password_policy_number.metadata.json +27 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_password_policy_symbol/cognito_user_pool_password_policy_symbol.metadata.json +25 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_password_policy_uppercase/cognito_user_pool_password_policy_uppercase.metadata.json +27 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_self_registration_disabled/cognito_user_pool_self_registration_disabled.metadata.json +26 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_temporary_password_expiration/cognito_user_pool_temporary_password_expiration.metadata.json +24 -14
- prowler/providers/aws/services/cognito/cognito_user_pool_waf_acl_attached/cognito_user_pool_waf_acl_attached.metadata.json +25 -14
- prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +1 -0
- prowler/providers/aws/services/config/config_recorder_using_aws_service_role/config_recorder_using_aws_service_role.metadata.json +1 -0
- prowler/providers/aws/services/datasync/datasync_task_logging_enabled/datasync_task_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/directconnect/directconnect_connection_redundancy/directconnect_connection_redundancy.metadata.json +1 -0
- prowler/providers/aws/services/directconnect/directconnect_virtual_interface_redundancy/directconnect_virtual_interface_redundancy.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_directory_log_forwarding_enabled/directoryservice_directory_log_forwarding_enabled.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_directory_monitor_notifications/directoryservice_directory_monitor_notifications.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_directory_snapshots_limit/directoryservice_directory_snapshots_limit.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_ldap_certificate_expiration/directoryservice_ldap_certificate_expiration.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_radius_server_security_protocol/directoryservice_radius_server_security_protocol.metadata.json +1 -0
- prowler/providers/aws/services/directoryservice/directoryservice_supported_mfa_radius_enabled/directoryservice_supported_mfa_radius_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_endpoint_mongodb_authentication_enabled/dms_endpoint_mongodb_authentication_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_endpoint_neptune_iam_authorization_enabled/dms_endpoint_neptune_iam_authorization_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_endpoint_redis_in_transit_encryption_enabled/dms_endpoint_redis_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_endpoint_ssl_enabled/dms_endpoint_ssl_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_instance_minor_version_upgrade_enabled/dms_instance_minor_version_upgrade_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_instance_multi_az_enabled/dms_instance_multi_az_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_instance_no_public_access/dms_instance_no_public_access.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_instance_no_public_access/dms_instance_no_public_access.py +1 -1
- prowler/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_backup_enabled/documentdb_cluster_backup_enabled.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_cloudwatch_log_export/documentdb_cluster_cloudwatch_log_export.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_deletion_protection/documentdb_cluster_deletion_protection.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_multi_az_enabled/documentdb_cluster_multi_az_enabled.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_public_snapshot/documentdb_cluster_public_snapshot.metadata.json +1 -0
- prowler/providers/aws/services/documentdb/documentdb_cluster_storage_encrypted/documentdb_cluster_storage_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/drs/drs_job_exist/drs_job_exist.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_encryption_enabled/dynamodb_accelerator_cluster_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_in_transit_encryption_enabled/dynamodb_accelerator_cluster_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_accelerator_cluster_multi_az/dynamodb_accelerator_cluster_multi_az.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_autoscaling_enabled/dynamodb_table_autoscaling_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_deletion_protection_enabled/dynamodb_table_deletion_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_protected_by_backup_plan/dynamodb_table_protected_by_backup_plan.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_tables_kms_cmk_encryption_enabled/dynamodb_tables_kms_cmk_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/dynamodb/dynamodb_tables_pitr_enabled/dynamodb_tables_pitr_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.metadata.json +18 -10
- prowler/providers/aws/services/ec2/ec2_client_vpn_endpoint_connection_logging_enabled/ec2_client_vpn_endpoint_connection_logging_enabled.metadata.json +25 -13
- prowler/providers/aws/services/ec2/ec2_ebs_default_encryption/ec2_ebs_default_encryption.metadata.json +23 -14
- prowler/providers/aws/services/ec2/ec2_ebs_public_snapshot/ec2_ebs_public_snapshot.metadata.json +18 -11
- prowler/providers/aws/services/ec2/ec2_ebs_snapshot_account_block_public_access/ec2_ebs_snapshot_account_block_public_access.metadata.json +20 -13
- prowler/providers/aws/services/ec2/ec2_ebs_snapshots_encrypted/ec2_ebs_snapshots_encrypted.metadata.json +22 -14
- prowler/providers/aws/services/ec2/ec2_ebs_volume_encryption/ec2_ebs_volume_encryption.metadata.json +21 -13
- prowler/providers/aws/services/ec2/ec2_ebs_volume_protected_by_backup_plan/ec2_ebs_volume_protected_by_backup_plan.metadata.json +22 -14
- prowler/providers/aws/services/ec2/ec2_ebs_volume_snapshots_exists/ec2_ebs_volume_snapshots_exists.metadata.json +21 -14
- prowler/providers/aws/services/ec2/ec2_elastic_ip_shodan/ec2_elastic_ip_shodan.metadata.json +15 -9
- prowler/providers/aws/services/ec2/ec2_elastic_ip_unassigned/ec2_elastic_ip_unassigned.metadata.json +19 -12
- prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json +20 -13
- prowler/providers/aws/services/ec2/ec2_instance_detailed_monitoring_enabled/ec2_instance_detailed_monitoring_enabled.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json +21 -11
- prowler/providers/aws/services/ec2/ec2_instance_internet_facing_with_instance_profile/ec2_instance_internet_facing_with_instance_profile.metadata.json +22 -13
- prowler/providers/aws/services/ec2/ec2_instance_managed_by_ssm/ec2_instance_managed_by_ssm.metadata.json +22 -13
- prowler/providers/aws/services/ec2/ec2_instance_older_than_specific_days/ec2_instance_older_than_specific_days.metadata.json +15 -9
- prowler/providers/aws/services/ec2/ec2_instance_paravirtual_type/ec2_instance_paravirtual_type.metadata.json +23 -13
- prowler/providers/aws/services/ec2/ec2_instance_port_cassandra_exposed_to_internet/ec2_instance_port_cassandra_exposed_to_internet.metadata.json +19 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_cifs_exposed_to_internet/ec2_instance_port_cifs_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_elasticsearch_kibana_exposed_to_internet/ec2_instance_port_elasticsearch_kibana_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_ftp_exposed_to_internet/ec2_instance_port_ftp_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_kafka_exposed_to_internet/ec2_instance_port_kafka_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_kerberos_exposed_to_internet/ec2_instance_port_kerberos_exposed_to_internet.metadata.json +18 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_ldap_exposed_to_internet/ec2_instance_port_ldap_exposed_to_internet.metadata.json +18 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_memcached_exposed_to_internet/ec2_instance_port_memcached_exposed_to_internet.metadata.json +18 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_mongodb_exposed_to_internet/ec2_instance_port_mongodb_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_mysql_exposed_to_internet/ec2_instance_port_mysql_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_oracle_exposed_to_internet/ec2_instance_port_oracle_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_postgresql_exposed_to_internet/ec2_instance_port_postgresql_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_rdp_exposed_to_internet/ec2_instance_port_rdp_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_redis_exposed_to_internet/ec2_instance_port_redis_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_sqlserver_exposed_to_internet/ec2_instance_port_sqlserver_exposed_to_internet.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_ssh_exposed_to_internet/ec2_instance_port_ssh_exposed_to_internet.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_port_telnet_exposed_to_internet/ec2_instance_port_telnet_exposed_to_internet.metadata.json +19 -12
- prowler/providers/aws/services/ec2/ec2_instance_profile_attached/ec2_instance_profile_attached.metadata.json +19 -11
- prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.metadata.json +18 -11
- prowler/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_instance_uses_single_eni/ec2_instance_uses_single_eni.metadata.json +18 -12
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.metadata.json +24 -13
- prowler/providers/aws/services/ec2/ec2_launch_template_imdsv2_required/ec2_launch_template_imdsv2_required.metadata.json +25 -13
- prowler/providers/aws/services/ec2/ec2_launch_template_no_public_ip/ec2_launch_template_no_public_ip.metadata.json +24 -13
- prowler/providers/aws/services/ec2/ec2_launch_template_no_secrets/ec2_launch_template_no_secrets.metadata.json +24 -12
- prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_any_port/ec2_networkacl_allow_ingress_any_port.metadata.json +23 -16
- prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_22/ec2_networkacl_allow_ingress_tcp_port_22.metadata.json +18 -12
- prowler/providers/aws/services/ec2/ec2_networkacl_allow_ingress_tcp_port_3389/ec2_networkacl_allow_ingress_tcp_port_3389.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_networkacl_unused/ec2_networkacl_unused.metadata.json +22 -13
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_all_ports/ec2_securitygroup_allow_ingress_from_internet_to_all_ports.metadata.json +20 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.metadata.json +19 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_any_port/ec2_securitygroup_allow_ingress_from_internet_to_any_port.py +1 -1
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports/ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601.metadata.json +19 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_ftp_20_21.metadata.json +22 -16
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211.metadata.json +19 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mongodb_27017_27018.metadata.json +23 -16
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306.metadata.json +19 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483.metadata.json +17 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434.metadata.json +20 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23/ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23.metadata.json +21 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_allow_wide_open_public_ipv4/ec2_securitygroup_allow_wide_open_public_ipv4.metadata.json +19 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_default_restrict_traffic/ec2_securitygroup_default_restrict_traffic.metadata.json +20 -11
- prowler/providers/aws/services/ec2/ec2_securitygroup_from_launch_wizard/ec2_securitygroup_from_launch_wizard.metadata.json +17 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_not_used/ec2_securitygroup_not_used.metadata.json +19 -12
- prowler/providers/aws/services/ec2/ec2_securitygroup_with_many_ingress_egress_rules/ec2_securitygroup_with_many_ingress_egress_rules.metadata.json +22 -13
- prowler/providers/aws/services/ec2/ec2_transitgateway_auto_accept_vpc_attachments/ec2_transitgateway_auto_accept_vpc_attachments.metadata.json +23 -14
- prowler/providers/aws/services/ec2/lib/security_groups.py +47 -50
- prowler/providers/aws/services/ecr/ecr_registry_scan_images_on_push_enabled/ecr_registry_scan_images_on_push_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ecr/ecr_repositories_lifecycle_policy_enabled/ecr_repositories_lifecycle_policy_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ecr/ecr_repositories_not_publicly_accessible/ecr_repositories_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/ecr/ecr_repositories_scan_images_on_push_enabled/ecr_repositories_scan_images_on_push_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ecr/ecr_repositories_scan_vulnerabilities_in_latest_image/ecr_repositories_scan_vulnerabilities_in_latest_image.metadata.json +1 -0
- prowler/providers/aws/services/ecr/ecr_repositories_tag_immutability/ecr_repositories_tag_immutability.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_cluster_container_insights_enabled/ecs_cluster_container_insights_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_service_fargate_latest_platform_version/ecs_service_fargate_latest_platform_version.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_service_no_assign_public_ip/ecs_service_no_assign_public_ip.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_containers_readonly_access/ecs_task_definitions_containers_readonly_access.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_host_namespace_not_shared/ecs_task_definitions_host_namespace_not_shared.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_host_networking_mode_users/ecs_task_definitions_host_networking_mode_users.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_logging_block_mode/ecs_task_definitions_logging_block_mode.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_logging_enabled/ecs_task_definitions_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_no_environment_secrets/ecs_task_definitions_no_environment_secrets.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_definitions_no_privileged_containers/ecs_task_definitions_no_privileged_containers.metadata.json +1 -0
- prowler/providers/aws/services/ecs/ecs_task_set_no_assign_public_ip/ecs_task_set_no_assign_public_ip.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_access_point_enforce_root_directory/efs_access_point_enforce_root_directory.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_access_point_enforce_user_identity/efs_access_point_enforce_user_identity.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_mount_target_not_publicly_accessible/efs_mount_target_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_multi_az_enabled/efs_multi_az_enabled.metadata.json +1 -0
- prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_deletion_protection_enabled/eks_cluster_deletion_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_kms_cmk_encryption_in_secrets_enabled/eks_cluster_kms_cmk_encryption_in_secrets_enabled.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_network_policy_enabled/eks_cluster_network_policy_enabled.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_not_publicly_accessible/eks_cluster_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_private_nodes_enabled/eks_cluster_private_nodes_enabled.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.metadata.json +1 -0
- prowler/providers/aws/services/eks/eks_control_plane_logging_all_types_enabled/eks_control_plane_logging_all_types_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_cluster_uses_public_subnet/elasticache_cluster_uses_public_subnet.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_auto_minor_version_upgrades/elasticache_redis_cluster_auto_minor_version_upgrades.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_automatic_failover_enabled/elasticache_redis_cluster_automatic_failover_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_backup_enabled/elasticache_redis_cluster_backup_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_in_transit_encryption_enabled/elasticache_redis_cluster_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_multi_az_enabled/elasticache_redis_cluster_multi_az_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_cluster_rest_encryption_enabled/elasticache_redis_cluster_rest_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticache/elasticache_redis_replication_group_auth_enabled/elasticache_redis_replication_group_auth_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_cloudwatch_logging_enabled/elasticbeanstalk_environment_cloudwatch_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_enhanced_health_reporting/elasticbeanstalk_environment_enhanced_health_reporting.metadata.json +1 -0
- prowler/providers/aws/services/elasticbeanstalk/elasticbeanstalk_environment_managed_updates_enabled/elasticbeanstalk_environment_managed_updates_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_connection_draining_enabled/elb_connection_draining_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_cross_zone_load_balancing_enabled/elb_cross_zone_load_balancing_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_desync_mitigation_mode/elb_desync_mitigation_mode.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_insecure_ssl_ciphers/elb_insecure_ssl_ciphers.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_internet_facing/elb_internet_facing.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_is_in_multiple_az/elb_is_in_multiple_az.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_logging_enabled/elb_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_ssl_listeners/elb_ssl_listeners.metadata.json +1 -0
- prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_cross_zone_load_balancing_enabled/elbv2_cross_zone_load_balancing_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_deletion_protection/elbv2_deletion_protection.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_desync_mitigation_mode/elbv2_desync_mitigation_mode.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_insecure_ssl_ciphers/elbv2_insecure_ssl_ciphers.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_internet_facing/elbv2_internet_facing.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_is_in_multiple_az/elbv2_is_in_multiple_az.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_listeners_underneath/elbv2_listeners_underneath.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_logging_enabled/elbv2_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_nlb_tls_termination_enabled/elbv2_nlb_tls_termination_enabled.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_ssl_listeners/elbv2_ssl_listeners.metadata.json +1 -0
- prowler/providers/aws/services/elbv2/elbv2_waf_acl_attached/elbv2_waf_acl_attached.metadata.json +1 -0
- prowler/providers/aws/services/emr/emr_cluster_account_public_block_enabled/emr_cluster_account_public_block_enabled.metadata.json +1 -0
- prowler/providers/aws/services/emr/emr_cluster_master_nodes_no_public_ip/emr_cluster_master_nodes_no_public_ip.metadata.json +1 -0
- prowler/providers/aws/services/emr/emr_cluster_publicly_accesible/emr_cluster_publicly_accesible.metadata.json +1 -0
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +1 -0
- prowler/providers/aws/services/eventbridge/eventbridge_bus_exposed/eventbridge_bus_exposed.metadata.json +1 -0
- prowler/providers/aws/services/eventbridge/eventbridge_global_endpoint_event_replication_enabled/eventbridge_global_endpoint_event_replication_enabled.metadata.json +1 -0
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +1 -0
- prowler/providers/aws/services/firehose/firehose_stream_encrypted_at_rest/firehose_stream_encrypted_at_rest.metadata.json +1 -0
- prowler/providers/aws/services/fms/fms_policy_compliant/fms_policy_compliant.metadata.json +1 -0
- prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_backups_enabled/fsx_file_system_copy_tags_to_backups_enabled.metadata.json +1 -0
- prowler/providers/aws/services/fsx/fsx_file_system_copy_tags_to_volumes_enabled/fsx_file_system_copy_tags_to_volumes_enabled.metadata.json +1 -0
- prowler/providers/aws/services/fsx/fsx_windows_file_system_multi_az_enabled/fsx_windows_file_system_multi_az_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glacier/glacier_vaults_policy_public_access/glacier_vaults_policy_public_access.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_data_catalogs_connection_passwords_encryption_enabled/glue_data_catalogs_connection_passwords_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_data_catalogs_metadata_encryption_enabled/glue_data_catalogs_metadata_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_data_catalogs_not_publicly_accessible/glue_data_catalogs_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_database_connections_ssl_enabled/glue_database_connections_ssl_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_development_endpoints_cloudwatch_logs_encryption_enabled/glue_development_endpoints_cloudwatch_logs_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_development_endpoints_job_bookmark_encryption_enabled/glue_development_endpoints_job_bookmark_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_development_endpoints_s3_encryption_enabled/glue_development_endpoints_s3_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_etl_jobs_amazon_s3_encryption_enabled/glue_etl_jobs_amazon_s3_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_etl_jobs_cloudwatch_logs_encryption_enabled/glue_etl_jobs_cloudwatch_logs_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_etl_jobs_job_bookmark_encryption_enabled/glue_etl_jobs_job_bookmark_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_etl_jobs_logging_enabled/glue_etl_jobs_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/glue/glue_ml_transform_encrypted_at_rest/glue_ml_transform_encrypted_at_rest.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_centrally_managed/guardduty_centrally_managed.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_ec2_malware_protection_enabled/guardduty_ec2_malware_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_eks_audit_log_enabled/guardduty_eks_audit_log_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_eks_runtime_monitoring_enabled/guardduty_eks_runtime_monitoring_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_lambda_protection_enabled/guardduty_lambda_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_no_high_severity_findings/guardduty_no_high_severity_findings.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_rds_protection_enabled/guardduty_rds_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/guardduty/guardduty_s3_protection_enabled/guardduty_s3_protection_enabled.metadata.json +1 -0
- prowler/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json +24 -12
- prowler/providers/aws/services/iam/iam_avoid_root_usage/iam_avoid_root_usage.metadata.json +18 -11
- prowler/providers/aws/services/iam/iam_aws_attached_policy_no_administrative_privileges/iam_aws_attached_policy_no_administrative_privileges.metadata.json +23 -14
- prowler/providers/aws/services/iam/iam_check_saml_providers_sts/iam_check_saml_providers_sts.metadata.json +18 -14
- prowler/providers/aws/services/iam/iam_customer_attached_policy_no_administrative_privileges/iam_customer_attached_policy_no_administrative_privileges.metadata.json +22 -14
- prowler/providers/aws/services/iam/iam_customer_unattached_policy_no_administrative_privileges/iam_customer_unattached_policy_no_administrative_privileges.metadata.json +23 -15
- prowler/providers/aws/services/iam/iam_group_administrator_access_policy/iam_group_administrator_access_policy.metadata.json +25 -12
- prowler/providers/aws/services/iam/iam_inline_policy_allows_privilege_escalation/iam_inline_policy_allows_privilege_escalation.metadata.json +22 -12
- prowler/providers/aws/services/iam/iam_inline_policy_no_administrative_privileges/iam_inline_policy_no_administrative_privileges.metadata.json +22 -14
- prowler/providers/aws/services/iam/iam_inline_policy_no_full_access_to_cloudtrail/iam_inline_policy_no_full_access_to_cloudtrail.metadata.json +22 -15
- prowler/providers/aws/services/iam/iam_inline_policy_no_full_access_to_kms/iam_inline_policy_no_full_access_to_kms.metadata.json +22 -12
- prowler/providers/aws/services/iam/iam_no_custom_policy_permissive_role_assumption/iam_no_custom_policy_permissive_role_assumption.metadata.json +23 -13
- prowler/providers/aws/services/iam/iam_no_expired_server_certificates_stored/iam_no_expired_server_certificates_stored.metadata.json +18 -13
- prowler/providers/aws/services/iam/iam_no_root_access_key/iam_no_root_access_key.metadata.json +20 -11
- prowler/providers/aws/services/iam/iam_password_policy_expires_passwords_within_90_days_or_less/iam_password_policy_expires_passwords_within_90_days_or_less.metadata.json +19 -15
- prowler/providers/aws/services/iam/iam_password_policy_lowercase/iam_password_policy_lowercase.metadata.json +21 -16
- prowler/providers/aws/services/iam/iam_password_policy_minimum_length_14/iam_password_policy_minimum_length_14.metadata.json +22 -15
- prowler/providers/aws/services/iam/iam_password_policy_number/iam_password_policy_number.metadata.json +21 -15
- prowler/providers/aws/services/iam/iam_password_policy_reuse_24/iam_password_policy_reuse_24.metadata.json +21 -15
- prowler/providers/aws/services/iam/iam_password_policy_symbol/iam_password_policy_symbol.metadata.json +22 -15
- prowler/providers/aws/services/iam/iam_password_policy_uppercase/iam_password_policy_uppercase.metadata.json +23 -15
- prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.metadata.json +23 -14
- prowler/providers/aws/services/iam/iam_policy_attached_only_to_group_or_roles/iam_policy_attached_only_to_group_or_roles.metadata.json +20 -13
- prowler/providers/aws/services/iam/iam_policy_cloudshell_admin_not_attached/iam_policy_cloudshell_admin_not_attached.metadata.json +21 -13
- prowler/providers/aws/services/iam/iam_policy_no_full_access_to_cloudtrail/iam_policy_no_full_access_to_cloudtrail.metadata.json +22 -14
- prowler/providers/aws/services/iam/iam_policy_no_full_access_to_kms/iam_policy_no_full_access_to_kms.metadata.json +24 -14
- prowler/providers/aws/services/iam/iam_role_administratoraccess_policy/iam_role_administratoraccess_policy.metadata.json +22 -13
- prowler/providers/aws/services/iam/iam_role_cross_account_readonlyaccess_policy/iam_role_cross_account_readonlyaccess_policy.metadata.json +24 -13
- prowler/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention.metadata.json +22 -11
- prowler/providers/aws/services/iam/iam_root_credentials_management_enabled/iam_root_credentials_management_enabled.metadata.json +22 -15
- prowler/providers/aws/services/iam/iam_root_hardware_mfa_enabled/iam_root_hardware_mfa_enabled.metadata.json +18 -11
- prowler/providers/aws/services/iam/iam_root_mfa_enabled/iam_root_mfa_enabled.metadata.json +17 -11
- prowler/providers/aws/services/iam/iam_rotate_access_key_90_days/iam_rotate_access_key_90_days.metadata.json +21 -14
- prowler/providers/aws/services/iam/iam_securityaudit_role_created/iam_securityaudit_role_created.metadata.json +23 -15
- prowler/providers/aws/services/iam/iam_support_role_created/iam_support_role_created.metadata.json +22 -15
- prowler/providers/aws/services/iam/iam_user_accesskey_unused/iam_user_accesskey_unused.metadata.json +20 -10
- prowler/providers/aws/services/iam/iam_user_administrator_access_policy/iam_user_administrator_access_policy.metadata.json +24 -12
- prowler/providers/aws/services/iam/iam_user_console_access_unused/iam_user_console_access_unused.metadata.json +22 -12
- prowler/providers/aws/services/iam/iam_user_hardware_mfa_enabled/iam_user_hardware_mfa_enabled.metadata.json +22 -12
- prowler/providers/aws/services/iam/iam_user_mfa_enabled_console_access/iam_user_mfa_enabled_console_access.metadata.json +23 -14
- prowler/providers/aws/services/iam/iam_user_no_setup_initial_access_key/iam_user_no_setup_initial_access_key.metadata.json +23 -15
- prowler/providers/aws/services/iam/iam_user_two_active_access_key/iam_user_two_active_access_key.metadata.json +24 -14
- prowler/providers/aws/services/iam/iam_user_with_temporary_credentials/iam_user_with_temporary_credentials.metadata.json +24 -14
- prowler/providers/aws/services/inspector2/inspector2_active_findings_exist/inspector2_active_findings_exist.metadata.json +1 -0
- prowler/providers/aws/services/inspector2/inspector2_is_enabled/inspector2_is_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_encryption_at_rest_uses_cmk/kafka_cluster_encryption_at_rest_uses_cmk.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_enhanced_monitoring_enabled/kafka_cluster_enhanced_monitoring_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_in_transit_encryption_enabled/kafka_cluster_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_is_public/kafka_cluster_is_public.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_mutual_tls_authentication_enabled/kafka_cluster_mutual_tls_authentication_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_unrestricted_access_disabled/kafka_cluster_unrestricted_access_disabled.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_cluster_uses_latest_version/kafka_cluster_uses_latest_version.metadata.json +1 -0
- prowler/providers/aws/services/kafka/kafka_connector_in_transit_encryption_enabled/kafka_connector_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kinesis/kinesis_stream_data_retention_period/kinesis_stream_data_retention_period.metadata.json +1 -0
- prowler/providers/aws/services/kinesis/kinesis_stream_encrypted_at_rest/kinesis_stream_encrypted_at_rest.metadata.json +1 -0
- prowler/providers/aws/services/kms/kms_cmk_are_used/kms_cmk_are_used.metadata.json +1 -0
- prowler/providers/aws/services/kms/kms_cmk_not_deleted_unintentionally/kms_cmk_not_deleted_unintentionally.metadata.json +1 -0
- prowler/providers/aws/services/kms/kms_cmk_not_multi_region/kms_cmk_not_multi_region.metadata.json +1 -0
- prowler/providers/aws/services/kms/kms_cmk_rotation_enabled/kms_cmk_rotation_enabled.metadata.json +1 -0
- prowler/providers/aws/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/lightsail/lightsail_database_public/lightsail_database_public.metadata.json +1 -0
- prowler/providers/aws/services/lightsail/lightsail_instance_automated_snapshots/lightsail_instance_automated_snapshots.metadata.json +1 -0
- prowler/providers/aws/services/lightsail/lightsail_instance_public/lightsail_instance_public.metadata.json +1 -0
- prowler/providers/aws/services/lightsail/lightsail_static_ip_unused/lightsail_static_ip_unused.metadata.json +1 -0
- prowler/providers/aws/services/macie/macie_automated_sensitive_data_discovery_enabled/macie_automated_sensitive_data_discovery_enabled.metadata.json +1 -0
- prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json +1 -0
- prowler/providers/aws/services/memorydb/memorydb_cluster_auto_minor_version_upgrades/memorydb_cluster_auto_minor_version_upgrades.metadata.json +1 -0
- prowler/providers/aws/services/mq/mq_broker_active_deployment_mode/mq_broker_active_deployment_mode.metadata.json +1 -0
- prowler/providers/aws/services/mq/mq_broker_auto_minor_version_upgrades/mq_broker_auto_minor_version_upgrades.metadata.json +1 -0
- prowler/providers/aws/services/mq/mq_broker_cluster_deployment_mode/mq_broker_cluster_deployment_mode.metadata.json +1 -0
- prowler/providers/aws/services/mq/mq_broker_logging_enabled/mq_broker_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/mq/mq_broker_not_publicly_accessible/mq_broker_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_backup_enabled/neptune_cluster_backup_enabled.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_copy_tags_to_snapshots/neptune_cluster_copy_tags_to_snapshots.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_deletion_protection/neptune_cluster_deletion_protection.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_iam_authentication_enabled/neptune_cluster_iam_authentication_enabled.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_integration_cloudwatch_logs/neptune_cluster_integration_cloudwatch_logs.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_multi_az/neptune_cluster_multi_az.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_snapshot_encrypted/neptune_cluster_snapshot_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_storage_encrypted/neptune_cluster_storage_encrypted.metadata.json +1 -0
- prowler/providers/aws/services/neptune/neptune_cluster_uses_public_subnet/neptune_cluster_uses_public_subnet.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_deletion_protection/networkfirewall_deletion_protection.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_logging_enabled/networkfirewall_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_multi_az/networkfirewall_multi_az.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_fragmented_packets/networkfirewall_policy_default_action_fragmented_packets.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_full_packets/networkfirewall_policy_default_action_full_packets.metadata.json +1 -0
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_rule_group_associated/networkfirewall_policy_rule_group_associated.metadata.json +1 -0
- prowler/providers/aws/services/opensearch/opensearch_service_domains_access_control_enabled/opensearch_service_domains_access_control_enabled.metadata.json +25 -13
- prowler/providers/aws/services/opensearch/opensearch_service_domains_audit_logging_enabled/opensearch_service_domains_audit_logging_enabled.metadata.json +19 -15
- prowler/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json +25 -14
- prowler/providers/aws/services/opensearch/opensearch_service_domains_encryption_at_rest_enabled/opensearch_service_domains_encryption_at_rest_enabled.metadata.json +19 -14
- prowler/providers/aws/services/opensearch/opensearch_service_domains_fault_tolerant_data_nodes/opensearch_service_domains_fault_tolerant_data_nodes.metadata.json +20 -14
- prowler/providers/aws/services/opensearch/opensearch_service_domains_fault_tolerant_master_nodes/opensearch_service_domains_fault_tolerant_master_nodes.metadata.json +21 -13
- prowler/providers/aws/services/opensearch/opensearch_service_domains_https_communications_enforced/opensearch_service_domains_https_communications_enforced.metadata.json +19 -14
- prowler/providers/aws/services/opensearch/opensearch_service_domains_internal_user_database_enabled/opensearch_service_domains_internal_user_database_enabled.metadata.json +19 -13
- prowler/providers/aws/services/opensearch/opensearch_service_domains_node_to_node_encryption_enabled/opensearch_service_domains_node_to_node_encryption_enabled.metadata.json +22 -14
- prowler/providers/aws/services/opensearch/opensearch_service_domains_not_publicly_accessible/opensearch_service_domains_not_publicly_accessible.metadata.json +19 -11
- prowler/providers/aws/services/opensearch/opensearch_service_domains_updated_to_the_latest_service_software_version/opensearch_service_domains_updated_to_the_latest_service_software_version.metadata.json +20 -12
- prowler/providers/aws/services/opensearch/opensearch_service_domains_use_cognito_authentication_for_kibana/opensearch_service_domains_use_cognito_authentication_for_kibana.metadata.json +22 -14
- prowler/providers/aws/services/organizations/organizations_account_part_of_organizations/organizations_account_part_of_organizations.metadata.json +18 -11
- prowler/providers/aws/services/organizations/organizations_delegated_administrators/organizations_delegated_administrators.metadata.json +17 -10
- prowler/providers/aws/services/organizations/organizations_opt_out_ai_services_policy/organizations_opt_out_ai_services_policy.metadata.json +24 -13
- prowler/providers/aws/services/organizations/organizations_scp_check_deny_regions/organizations_scp_check_deny_regions.metadata.json +19 -12
- prowler/providers/aws/services/organizations/organizations_tags_policies_enabled_and_attached/organizations_tags_policies_enabled_and_attached.metadata.json +17 -11
- prowler/providers/aws/services/rds/rds_cluster_backtrack_enabled/rds_cluster_backtrack_enabled.metadata.json +25 -14
- prowler/providers/aws/services/rds/rds_cluster_copy_tags_to_snapshots/rds_cluster_copy_tags_to_snapshots.metadata.json +19 -12
- prowler/providers/aws/services/rds/rds_cluster_critical_event_subscription/rds_cluster_critical_event_subscription.metadata.json +23 -15
- prowler/providers/aws/services/rds/rds_cluster_default_admin/rds_cluster_default_admin.metadata.json +23 -12
- prowler/providers/aws/services/rds/rds_cluster_deletion_protection/rds_cluster_deletion_protection.metadata.json +25 -14
- prowler/providers/aws/services/rds/rds_cluster_iam_authentication_enabled/rds_cluster_iam_authentication_enabled.metadata.json +26 -13
- prowler/providers/aws/services/rds/rds_cluster_integration_cloudwatch_logs/rds_cluster_integration_cloudwatch_logs.metadata.json +21 -12
- prowler/providers/aws/services/rds/rds_cluster_minor_version_upgrade_enabled/rds_cluster_minor_version_upgrade_enabled.metadata.json +25 -13
- prowler/providers/aws/services/rds/rds_cluster_multi_az/rds_cluster_multi_az.metadata.json +22 -13
- prowler/providers/aws/services/rds/rds_cluster_non_default_port/rds_cluster_non_default_port.metadata.json +18 -12
- prowler/providers/aws/services/rds/rds_cluster_protected_by_backup_plan/rds_cluster_protected_by_backup_plan.metadata.json +23 -15
- prowler/providers/aws/services/rds/rds_cluster_storage_encrypted/rds_cluster_storage_encrypted.metadata.json +25 -14
- prowler/providers/aws/services/rds/rds_instance_backup_enabled/rds_instance_backup_enabled.metadata.json +24 -13
- prowler/providers/aws/services/rds/rds_instance_certificate_expiration/rds_instance_certificate_expiration.metadata.json +21 -12
- prowler/providers/aws/services/rds/rds_instance_copy_tags_to_snapshots/rds_instance_copy_tags_to_snapshots.metadata.json +20 -12
- prowler/providers/aws/services/rds/rds_instance_critical_event_subscription/rds_instance_critical_event_subscription.metadata.json +23 -14
- prowler/providers/aws/services/rds/rds_instance_default_admin/rds_instance_default_admin.metadata.json +22 -12
- prowler/providers/aws/services/rds/rds_instance_deletion_protection/rds_instance_deletion_protection.metadata.json +23 -12
- prowler/providers/aws/services/rds/rds_instance_deprecated_engine_version/rds_instance_deprecated_engine_version.metadata.json +23 -14
- prowler/providers/aws/services/rds/rds_instance_enhanced_monitoring_enabled/rds_instance_enhanced_monitoring_enabled.metadata.json +23 -13
- prowler/providers/aws/services/rds/rds_instance_event_subscription_parameter_groups/rds_instance_event_subscription_parameter_groups.metadata.json +24 -14
- prowler/providers/aws/services/rds/rds_instance_event_subscription_security_groups/rds_instance_event_subscription_security_groups.metadata.json +23 -13
- prowler/providers/aws/services/rds/rds_instance_iam_authentication_enabled/rds_instance_iam_authentication_enabled.metadata.json +25 -13
- prowler/providers/aws/services/rds/rds_instance_inside_vpc/rds_instance_inside_vpc.metadata.json +22 -13
- prowler/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs.metadata.json +21 -12
- prowler/providers/aws/services/rds/rds_instance_minor_version_upgrade_enabled/rds_instance_minor_version_upgrade_enabled.metadata.json +22 -13
- prowler/providers/aws/services/rds/rds_instance_multi_az/rds_instance_multi_az.metadata.json +20 -13
- prowler/providers/aws/services/rds/rds_instance_no_public_access/rds_instance_no_public_access.metadata.json +22 -11
- prowler/providers/aws/services/rds/rds_instance_non_default_port/rds_instance_non_default_port.metadata.json +19 -12
- prowler/providers/aws/services/rds/rds_instance_protected_by_backup_plan/rds_instance_protected_by_backup_plan.metadata.json +23 -14
- prowler/providers/aws/services/rds/rds_instance_storage_encrypted/rds_instance_storage_encrypted.metadata.json +32 -14
- prowler/providers/aws/services/rds/rds_instance_transport_encrypted/rds_instance_transport_encrypted.metadata.json +19 -11
- prowler/providers/aws/services/rds/rds_snapshots_encrypted/rds_snapshots_encrypted.metadata.json +23 -13
- prowler/providers/aws/services/rds/rds_snapshots_public_access/rds_snapshots_public_access.metadata.json +20 -9
- prowler/providers/aws/services/redshift/redshift_cluster_audit_logging/redshift_cluster_audit_logging.metadata.json +21 -14
- prowler/providers/aws/services/redshift/redshift_cluster_automated_snapshot/redshift_cluster_automated_snapshot.metadata.json +23 -14
- prowler/providers/aws/services/redshift/redshift_cluster_automatic_upgrades/redshift_cluster_automatic_upgrades.metadata.json +23 -13
- prowler/providers/aws/services/redshift/redshift_cluster_encrypted_at_rest/redshift_cluster_encrypted_at_rest.metadata.json +22 -13
- prowler/providers/aws/services/redshift/redshift_cluster_enhanced_vpc_routing/redshift_cluster_enhanced_vpc_routing.metadata.json +20 -12
- prowler/providers/aws/services/redshift/redshift_cluster_in_transit_encryption_enabled/redshift_cluster_in_transit_encryption_enabled.metadata.json +21 -13
- prowler/providers/aws/services/redshift/redshift_cluster_multi_az_enabled/redshift_cluster_multi_az_enabled.metadata.json +19 -12
- prowler/providers/aws/services/redshift/redshift_cluster_non_default_database_name/redshift_cluster_non_default_database_name.metadata.json +22 -14
- prowler/providers/aws/services/redshift/redshift_cluster_non_default_username/redshift_cluster_non_default_username.metadata.json +22 -13
- prowler/providers/aws/services/redshift/redshift_cluster_public_access/redshift_cluster_public_access.metadata.json +21 -12
- prowler/providers/aws/services/resourceexplorer2/resourceexplorer2_indexes_found/resourceexplorer2_indexes_found.metadata.json +20 -12
- prowler/providers/aws/services/route53/route53_dangling_ip_subdomain_takeover/route53_dangling_ip_subdomain_takeover.metadata.json +22 -12
- prowler/providers/aws/services/route53/route53_domains_privacy_protection_enabled/route53_domains_privacy_protection_enabled.metadata.json +23 -11
- prowler/providers/aws/services/route53/route53_domains_transferlock_enabled/route53_domains_transferlock_enabled.metadata.json +21 -12
- prowler/providers/aws/services/route53/route53_public_hosted_zones_cloudwatch_logging_enabled/route53_public_hosted_zones_cloudwatch_logging_enabled.metadata.json +20 -12
- prowler/providers/aws/services/s3/s3_access_point_public_access_block/s3_access_point_public_access_block.metadata.json +23 -12
- prowler/providers/aws/services/s3/s3_account_level_public_access_blocks/s3_account_level_public_access_blocks.metadata.json +21 -12
- prowler/providers/aws/services/s3/s3_bucket_acl_prohibited/s3_bucket_acl_prohibited.metadata.json +21 -12
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.metadata.json +23 -12
- prowler/providers/aws/services/s3/s3_bucket_cross_region_replication/s3_bucket_cross_region_replication.metadata.json +18 -12
- prowler/providers/aws/services/s3/s3_bucket_default_encryption/s3_bucket_default_encryption.metadata.json +20 -11
- prowler/providers/aws/services/s3/s3_bucket_event_notifications_enabled/s3_bucket_event_notifications_enabled.metadata.json +22 -13
- prowler/providers/aws/services/s3/s3_bucket_kms_encryption/s3_bucket_kms_encryption.metadata.json +21 -12
- prowler/providers/aws/services/s3/s3_bucket_level_public_access_block/s3_bucket_level_public_access_block.metadata.json +24 -18
- prowler/providers/aws/services/s3/s3_bucket_lifecycle_enabled/s3_bucket_lifecycle_enabled.metadata.json +20 -12
- prowler/providers/aws/services/s3/s3_bucket_no_mfa_delete/s3_bucket_no_mfa_delete.metadata.json +21 -11
- prowler/providers/aws/services/s3/s3_bucket_object_lock/s3_bucket_object_lock.metadata.json +22 -12
- prowler/providers/aws/services/s3/s3_bucket_object_versioning/s3_bucket_object_versioning.metadata.json +21 -12
- prowler/providers/aws/services/s3/s3_bucket_policy_public_write_access/s3_bucket_policy_public_write_access.metadata.json +19 -11
- prowler/providers/aws/services/s3/s3_bucket_public_access/s3_bucket_public_access.metadata.json +19 -11
- prowler/providers/aws/services/s3/s3_bucket_public_list_acl/s3_bucket_public_list_acl.metadata.json +19 -11
- prowler/providers/aws/services/s3/s3_bucket_public_write_acl/s3_bucket_public_write_acl.metadata.json +19 -10
- prowler/providers/aws/services/s3/s3_bucket_secure_transport_policy/s3_bucket_secure_transport_policy.metadata.json +18 -11
- prowler/providers/aws/services/s3/s3_bucket_server_access_logging_enabled/s3_bucket_server_access_logging_enabled.metadata.json +19 -11
- prowler/providers/aws/services/s3/s3_bucket_shadow_resource_vulnerability/s3_bucket_shadow_resource_vulnerability.metadata.json +19 -11
- prowler/providers/aws/services/s3/s3_multi_region_access_point_public_access_block/s3_multi_region_access_point_public_access_block.metadata.json +22 -12
- prowler/providers/aws/services/sagemaker/sagemaker_endpoint_config_prod_variant_instances/sagemaker_endpoint_config_prod_variant_instances.metadata.json +20 -13
- prowler/providers/aws/services/sagemaker/sagemaker_models_network_isolation_enabled/sagemaker_models_network_isolation_enabled.metadata.json +25 -13
- prowler/providers/aws/services/sagemaker/sagemaker_models_vpc_settings_configured/sagemaker_models_vpc_settings_configured.metadata.json +22 -12
- prowler/providers/aws/services/sagemaker/sagemaker_notebook_instance_encryption_enabled/sagemaker_notebook_instance_encryption_enabled.metadata.json +21 -12
- prowler/providers/aws/services/sagemaker/sagemaker_notebook_instance_root_access_disabled/sagemaker_notebook_instance_root_access_disabled.metadata.json +24 -13
- prowler/providers/aws/services/sagemaker/sagemaker_notebook_instance_vpc_settings_configured/sagemaker_notebook_instance_vpc_settings_configured.metadata.json +21 -12
- prowler/providers/aws/services/sagemaker/sagemaker_notebook_instance_without_direct_internet_access_configured/sagemaker_notebook_instance_without_direct_internet_access_configured.metadata.json +23 -12
- prowler/providers/aws/services/sagemaker/sagemaker_service.py +26 -34
- prowler/providers/aws/services/sagemaker/sagemaker_training_jobs_intercontainer_encryption_enabled/sagemaker_training_jobs_intercontainer_encryption_enabled.metadata.json +20 -11
- prowler/providers/aws/services/sagemaker/sagemaker_training_jobs_network_isolation_enabled/sagemaker_training_jobs_network_isolation_enabled.metadata.json +24 -13
- prowler/providers/aws/services/sagemaker/sagemaker_training_jobs_volume_and_output_encryption_enabled/sagemaker_training_jobs_volume_and_output_encryption_enabled.metadata.json +20 -12
- prowler/providers/aws/services/sagemaker/sagemaker_training_jobs_vpc_settings_configured/sagemaker_training_jobs_vpc_settings_configured.metadata.json +24 -13
- prowler/providers/aws/services/secretsmanager/secretsmanager_automatic_rotation_enabled/secretsmanager_automatic_rotation_enabled.metadata.json +25 -14
- prowler/providers/aws/services/secretsmanager/secretsmanager_not_publicly_accessible/secretsmanager_not_publicly_accessible.metadata.json +22 -13
- prowler/providers/aws/services/secretsmanager/secretsmanager_secret_rotated_periodically/secretsmanager_secret_rotated_periodically.metadata.json +20 -12
- prowler/providers/aws/services/secretsmanager/secretsmanager_secret_unused/secretsmanager_secret_unused.metadata.json +18 -10
- prowler/providers/aws/services/securityhub/securityhub_enabled/securityhub_enabled.metadata.json +19 -13
- prowler/providers/aws/services/servicecatalog/servicecatalog_portfolio_shared_within_organization_only/servicecatalog_portfolio_shared_within_organization_only.metadata.json +1 -0
- prowler/providers/aws/services/ses/ses_identity_not_publicly_accessible/ses_identity_not_publicly_accessible.metadata.json +19 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips.metadata.json +22 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers.metadata.json +21 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_cloudfront_distributions/shield_advanced_protection_in_cloudfront_distributions.metadata.json +21 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_global_accelerators/shield_advanced_protection_in_global_accelerators.metadata.json +22 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers.metadata.json +23 -12
- prowler/providers/aws/services/shield/shield_advanced_protection_in_route53_hosted_zones/shield_advanced_protection_in_route53_hosted_zones.metadata.json +22 -12
- prowler/providers/aws/services/sns/sns_subscription_not_using_http_endpoints/sns_subscription_not_using_http_endpoints.metadata.json +1 -0
- prowler/providers/aws/services/sns/sns_topics_kms_encryption_at_rest_enabled/sns_topics_kms_encryption_at_rest_enabled.metadata.json +1 -0
- prowler/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/aws/services/sqs/sqs_queues_not_publicly_accessible/sqs_queues_not_publicly_accessible.metadata.json +22 -12
- prowler/providers/aws/services/sqs/sqs_queues_server_side_encryption_enabled/sqs_queues_server_side_encryption_enabled.metadata.json +22 -12
- prowler/providers/aws/services/ssm/ssm_document_secrets/ssm_document_secrets.metadata.json +22 -14
- prowler/providers/aws/services/ssm/ssm_documents_set_as_public/ssm_documents_set_as_public.metadata.json +20 -12
- prowler/providers/aws/services/ssm/ssm_managed_compliant_patching/ssm_managed_compliant_patching.metadata.json +24 -13
- prowler/providers/aws/services/ssmincidents/ssmincidents_enabled_with_plans/ssmincidents_enabled_with_plans.metadata.json +23 -14
- prowler/providers/aws/services/stepfunctions/stepfunctions_statemachine_logging_enabled/stepfunctions_statemachine_logging_enabled.metadata.json +17 -11
- prowler/providers/aws/services/storagegateway/storagegateway_fileshare_encryption_enabled/storagegateway_fileshare_encryption_enabled.metadata.json +29 -15
- prowler/providers/aws/services/storagegateway/storagegateway_gateway_fault_tolerant/storagegateway_gateway_fault_tolerant.metadata.json +19 -11
- prowler/providers/aws/services/transfer/transfer_server_in_transit_encryption_enabled/transfer_server_in_transit_encryption_enabled.metadata.json +28 -15
- prowler/providers/aws/services/trustedadvisor/trustedadvisor_errors_and_warnings/trustedadvisor_errors_and_warnings.metadata.json +1 -0
- prowler/providers/aws/services/trustedadvisor/trustedadvisor_premium_support_plan_subscribed/trustedadvisor_premium_support_plan_subscribed.metadata.json +1 -0
- prowler/providers/aws/services/vpc/vpc_different_regions/vpc_different_regions.metadata.json +22 -14
- prowler/providers/aws/services/vpc/vpc_endpoint_connections_trust_boundaries/vpc_endpoint_connections_trust_boundaries.metadata.json +21 -14
- prowler/providers/aws/services/vpc/vpc_endpoint_for_ec2_enabled/vpc_endpoint_for_ec2_enabled.metadata.json +24 -13
- prowler/providers/aws/services/vpc/vpc_endpoint_multi_az_enabled/vpc_endpoint_multi_az_enabled.metadata.json +22 -14
- prowler/providers/aws/services/vpc/vpc_endpoint_services_allowed_principals_trust_boundaries/vpc_endpoint_services_allowed_principals_trust_boundaries.metadata.json +19 -12
- prowler/providers/aws/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +24 -14
- prowler/providers/aws/services/vpc/vpc_peering_routing_tables_with_least_privilege/vpc_peering_routing_tables_with_least_privilege.metadata.json +23 -13
- prowler/providers/aws/services/vpc/vpc_subnet_different_az/vpc_subnet_different_az.metadata.json +21 -15
- prowler/providers/aws/services/vpc/vpc_subnet_no_public_ip_by_default/vpc_subnet_no_public_ip_by_default.metadata.json +22 -15
- prowler/providers/aws/services/vpc/vpc_subnet_separate_private_public/vpc_subnet_separate_private_public.metadata.json +21 -15
- prowler/providers/aws/services/vpc/vpc_vpn_connection_tunnels_up/vpc_vpn_connection_tunnels_up.metadata.json +16 -10
- prowler/providers/aws/services/waf/waf_global_rule_with_conditions/waf_global_rule_with_conditions.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_global_rulegroup_not_empty/waf_global_rulegroup_not_empty.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_global_webacl_logging_enabled/waf_global_webacl_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_global_webacl_with_rules/waf_global_webacl_with_rules.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_regional_rule_with_conditions/waf_regional_rule_with_conditions.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_regional_rulegroup_not_empty/waf_regional_rulegroup_not_empty.metadata.json +1 -0
- prowler/providers/aws/services/waf/waf_regional_webacl_with_rules/waf_regional_webacl_with_rules.metadata.json +1 -0
- prowler/providers/aws/services/wafv2/wafv2_webacl_logging_enabled/wafv2_webacl_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/wafv2/wafv2_webacl_rule_logging_enabled/wafv2_webacl_rule_logging_enabled.metadata.json +1 -0
- prowler/providers/aws/services/wafv2/wafv2_webacl_with_rules/wafv2_webacl_with_rules.metadata.json +1 -0
- prowler/providers/aws/services/wellarchitected/wellarchitected_workload_no_high_or_medium_risks/wellarchitected_workload_no_high_or_medium_risks.metadata.json +19 -10
- prowler/providers/aws/services/workspaces/workspaces_volume_encryption_enabled/workspaces_volume_encryption_enabled.metadata.json +21 -12
- prowler/providers/aws/services/workspaces/workspaces_vpc_2private_1public_subnets_nat/workspaces_vpc_2private_1public_subnets_nat.metadata.json +23 -14
- prowler/providers/azure/services/aisearch/aisearch_service_not_publicly_accessible/aisearch_service_not_publicly_accessible.metadata.json +18 -11
- prowler/providers/azure/services/aks/aks_cluster_rbac_enabled/aks_cluster_rbac_enabled.metadata.json +21 -12
- prowler/providers/azure/services/aks/aks_clusters_created_with_private_nodes/aks_clusters_created_with_private_nodes.metadata.json +21 -11
- prowler/providers/azure/services/aks/aks_clusters_public_access_disabled/aks_clusters_public_access_disabled.metadata.json +23 -12
- prowler/providers/azure/services/aks/aks_network_policy_enabled/aks_network_policy_enabled.metadata.json +21 -12
- prowler/providers/azure/services/apim/apim_threat_detection_llm_jacking/apim_threat_detection_llm_jacking.metadata.json +18 -14
- prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.metadata.json +1 -0
- prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.metadata.json +1 -0
- prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.metadata.json +1 -0
- prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.metadata.json +1 -0
- prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.metadata.json +1 -0
- prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.metadata.json +1 -0
- prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.metadata.json +1 -0
- prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.metadata.json +1 -0
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.metadata.json +1 -0
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.metadata.json +1 -0
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.metadata.json +1 -0
- prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.metadata.json +1 -0
- prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.metadata.json +1 -0
- prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_conditional_access_policy_require_mfa_for_management_api/entra_conditional_access_policy_require_mfa_for_management_api.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_global_admin_in_less_than_five_users/entra_global_admin_in_less_than_five_users.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_non_privileged_user_has_mfa/entra_non_privileged_user_has_mfa.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_non_privileged_user_has_mfa/entra_non_privileged_user_has_mfa.py +1 -1
- prowler/providers/azure/services/entra/entra_policy_default_users_cannot_create_security_groups/entra_policy_default_users_cannot_create_security_groups.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_ensure_default_user_cannot_create_apps/entra_policy_ensure_default_user_cannot_create_apps.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/entra_policy_ensure_default_user_cannot_create_tenants.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_guest_invite_only_for_admin_roles/entra_policy_guest_invite_only_for_admin_roles.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_guest_users_access_restrictions/entra_policy_guest_users_access_restrictions.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_restricts_user_consent_for_apps/entra_policy_restricts_user_consent_for_apps.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_policy_user_consent_for_verified_apps/entra_policy_user_consent_for_verified_apps.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_privileged_user_has_mfa/entra_privileged_user_has_mfa.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_privileged_user_has_mfa/entra_privileged_user_has_mfa.py +1 -1
- prowler/providers/azure/services/entra/entra_security_defaults_enabled/entra_security_defaults_enabled.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_service.py +33 -19
- prowler/providers/azure/services/entra/entra_trusted_named_locations_exists/entra_trusted_named_locations_exists.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.metadata.json +1 -0
- prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py +1 -1
- prowler/providers/azure/services/entra/entra_users_cannot_create_microsoft_365_groups/entra_users_cannot_create_microsoft_365_groups.metadata.json +1 -0
- prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.metadata.json +1 -0
- prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.metadata.json +1 -0
- prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_access_only_through_private_endpoints/keyvault_access_only_through_private_endpoints.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_key_expiration_set_in_non_rbac/keyvault_key_expiration_set_in_non_rbac.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_key_rotation_enabled/keyvault_key_rotation_enabled.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_logging_enabled/keyvault_logging_enabled.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_non_rbac_secret_expiration_set/keyvault_non_rbac_secret_expiration_set.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_private_endpoints/keyvault_private_endpoints.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_rbac_enabled/keyvault_rbac_enabled.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_rbac_key_expiration_set/keyvault_rbac_key_expiration_set.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.metadata.json +1 -0
- prowler/providers/azure/services/keyvault/keyvault_recoverable/keyvault_recoverable.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_create_policy_assignment/monitor_alert_create_policy_assignment.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_create_update_nsg/monitor_alert_create_update_nsg.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_create_update_public_ip_address_rule/monitor_alert_create_update_public_ip_address_rule.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_create_update_security_solution/monitor_alert_create_update_security_solution.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_create_update_sqlserver_fr/monitor_alert_create_update_sqlserver_fr.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_delete_nsg/monitor_alert_delete_nsg.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_delete_policy_assignment/monitor_alert_delete_policy_assignment.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_delete_public_ip_address_rule/monitor_alert_delete_public_ip_address_rule.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_delete_security_solution/monitor_alert_delete_security_solution.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_delete_sqlserver_fr/monitor_alert_delete_sqlserver_fr.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_alert_service_health_exists/monitor_alert_service_health_exists.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_diagnostic_setting_with_appropriate_categories/monitor_diagnostic_setting_with_appropriate_categories.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_diagnostic_settings_exists/monitor_diagnostic_settings_exists.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_cmk_encrypted/monitor_storage_account_with_activity_logs_cmk_encrypted.metadata.json +1 -0
- prowler/providers/azure/services/monitor/monitor_storage_account_with_activity_logs_is_private/monitor_storage_account_with_activity_logs_is_private.metadata.json +1 -0
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.metadata.json +1 -0
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.metadata.json +1 -0
- prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.metadata.json +1 -0
- prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.metadata.json +1 -0
- prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.metadata.json +1 -0
- prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.metadata.json +1 -0
- prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.metadata.json +1 -0
- prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.metadata.json +1 -0
- prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json +1 -0
- prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.metadata.json +1 -0
- prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.metadata.json +1 -0
- prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.metadata.json +1 -0
- prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.metadata.json +1 -0
- prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.metadata.json +1 -0
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.metadata.json +1 -0
- prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.metadata.json +1 -0
- prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_backup_enabled/vm_backup_enabled.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_desired_sku_size/vm_desired_sku_size.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_ensure_attached_disks_encrypted_with_cmk/vm_ensure_attached_disks_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_ensure_unattached_disks_encrypted_with_cmk/vm_ensure_unattached_disks_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_ensure_using_approved_images/vm_ensure_using_approved_images.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_ensure_using_managed_disks/vm_ensure_using_managed_disks.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_jit_access_enabled/vm_jit_access_enabled.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_linux_enforce_ssh_authentication/vm_linux_enforce_ssh_authentication.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_scaleset_associated_with_load_balancer/vm_scaleset_associated_with_load_balancer.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_scaleset_not_empty/vm_scaleset_not_empty.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_sufficient_daily_backup_retention_period/vm_sufficient_daily_backup_retention_period.metadata.json +1 -0
- prowler/providers/azure/services/vm/vm_trusted_launch_enabled/vm_trusted_launch_enabled.metadata.json +1 -0
- prowler/providers/cloudflare/__init__.py +0 -0
- prowler/providers/cloudflare/cloudflare_provider.py +269 -0
- prowler/providers/cloudflare/exceptions/__init__.py +0 -0
- prowler/providers/cloudflare/exceptions/exceptions.py +126 -0
- prowler/providers/cloudflare/lib/__init__.py +0 -0
- prowler/providers/cloudflare/lib/arguments/__init__.py +0 -0
- prowler/providers/cloudflare/lib/arguments/arguments.py +16 -0
- prowler/providers/cloudflare/lib/mutelist/__init__.py +0 -0
- prowler/providers/cloudflare/lib/mutelist/mutelist.py +20 -0
- prowler/providers/cloudflare/lib/service/__init__.py +0 -0
- prowler/providers/cloudflare/lib/service/service.py +12 -0
- prowler/providers/cloudflare/models.py +56 -0
- prowler/providers/cloudflare/services/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_client.py +4 -0
- prowler/providers/cloudflare/services/dns/dns_service.py +64 -0
- prowler/providers/cloudflare/services/zone/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_always_online_disabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_always_online_disabled/zone_always_online_disabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_always_online_disabled/zone_always_online_disabled.py +45 -0
- prowler/providers/cloudflare/services/zone/zone_automatic_https_rewrites_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_automatic_https_rewrites_enabled/zone_automatic_https_rewrites_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_automatic_https_rewrites_enabled/zone_automatic_https_rewrites_enabled.py +45 -0
- prowler/providers/cloudflare/services/zone/zone_bot_fight_mode_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_bot_fight_mode_enabled/zone_bot_fight_mode_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_bot_fight_mode_enabled/zone_bot_fight_mode_enabled.py +42 -0
- prowler/providers/cloudflare/services/zone/zone_browser_integrity_check_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_browser_integrity_check_enabled/zone_browser_integrity_check_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_browser_integrity_check_enabled/zone_browser_integrity_check_enabled.py +43 -0
- prowler/providers/cloudflare/services/zone/zone_challenge_passage_configured/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_challenge_passage_configured/zone_challenge_passage_configured.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_challenge_passage_configured/zone_challenge_passage_configured.py +45 -0
- prowler/providers/cloudflare/services/zone/zone_client.py +4 -0
- prowler/providers/cloudflare/services/zone/zone_development_mode_disabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_development_mode_disabled/zone_development_mode_disabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_development_mode_disabled/zone_development_mode_disabled.py +43 -0
- prowler/providers/cloudflare/services/zone/zone_dnssec_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_dnssec_enabled/zone_dnssec_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_dnssec_enabled/zone_dnssec_enabled.py +38 -0
- prowler/providers/cloudflare/services/zone/zone_email_obfuscation_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_email_obfuscation_enabled/zone_email_obfuscation_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_email_obfuscation_enabled/zone_email_obfuscation_enabled.py +43 -0
- prowler/providers/cloudflare/services/zone/zone_hotlink_protection_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_hotlink_protection_enabled/zone_hotlink_protection_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_hotlink_protection_enabled/zone_hotlink_protection_enabled.py +43 -0
- prowler/providers/cloudflare/services/zone/zone_hsts_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_hsts_enabled/zone_hsts_enabled.metadata.json +37 -0
- prowler/providers/cloudflare/services/zone/zone_hsts_enabled/zone_hsts_enabled.py +58 -0
- prowler/providers/cloudflare/services/zone/zone_https_redirect_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_https_redirect_enabled/zone_https_redirect_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_https_redirect_enabled/zone_https_redirect_enabled.py +43 -0
- prowler/providers/cloudflare/services/zone/zone_ip_geolocation_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_ip_geolocation_enabled/zone_ip_geolocation_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_ip_geolocation_enabled/zone_ip_geolocation_enabled.py +44 -0
- prowler/providers/cloudflare/services/zone/zone_min_tls_version_secure/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_min_tls_version_secure/zone_min_tls_version_secure.metadata.json +37 -0
- prowler/providers/cloudflare/services/zone/zone_min_tls_version_secure/zone_min_tls_version_secure.py +47 -0
- prowler/providers/cloudflare/services/zone/zone_rate_limiting_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_rate_limiting_enabled/zone_rate_limiting_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_rate_limiting_enabled/zone_rate_limiting_enabled.py +50 -0
- prowler/providers/cloudflare/services/zone/zone_record_caa_exists/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_record_caa_exists/zone_record_caa_exists.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_record_caa_exists/zone_record_caa_exists.py +82 -0
- prowler/providers/cloudflare/services/zone/zone_record_dkim_exists/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_record_dkim_exists/zone_record_dkim_exists.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_record_dkim_exists/zone_record_dkim_exists.py +116 -0
- prowler/providers/cloudflare/services/zone/zone_record_dmarc_exists/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_record_dmarc_exists/zone_record_dmarc_exists.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_record_dmarc_exists/zone_record_dmarc_exists.py +88 -0
- prowler/providers/cloudflare/services/zone/zone_record_spf_exists/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_record_spf_exists/zone_record_spf_exists.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_record_spf_exists/zone_record_spf_exists.py +68 -0
- prowler/providers/cloudflare/services/zone/zone_security_under_attack_disabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_security_under_attack_disabled/zone_security_under_attack_disabled.metadata.json +37 -0
- prowler/providers/cloudflare/services/zone/zone_security_under_attack_disabled/zone_security_under_attack_disabled.py +47 -0
- prowler/providers/cloudflare/services/zone/zone_service.py +328 -0
- prowler/providers/cloudflare/services/zone/zone_ssl_strict/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_ssl_strict/zone_ssl_strict.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_ssl_strict/zone_ssl_strict.py +42 -0
- prowler/providers/cloudflare/services/zone/zone_tls_1_3_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_tls_1_3_enabled/zone_tls_1_3_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_tls_1_3_enabled/zone_tls_1_3_enabled.py +39 -0
- prowler/providers/cloudflare/services/zone/zone_universal_ssl_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_universal_ssl_enabled/zone_universal_ssl_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_universal_ssl_enabled/zone_universal_ssl_enabled.py +42 -0
- prowler/providers/cloudflare/services/zone/zone_waf_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_waf_enabled/zone_waf_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_waf_enabled/zone_waf_enabled.py +40 -0
- prowler/providers/common/provider.py +7 -0
- prowler/providers/gcp/services/apikeys/apikeys_api_restrictions_configured/apikeys_api_restrictions_configured.metadata.json +1 -0
- prowler/providers/gcp/services/apikeys/apikeys_key_exists/apikeys_key_exists.metadata.json +1 -0
- prowler/providers/gcp/services/apikeys/apikeys_key_rotated_in_90_days/apikeys_key_rotated_in_90_days.metadata.json +1 -0
- prowler/providers/gcp/services/artifacts/artifacts_container_analysis_enabled/artifacts_container_analysis_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/bigquery/bigquery_dataset_cmk_encryption/bigquery_dataset_cmk_encryption.metadata.json +1 -0
- prowler/providers/gcp/services/bigquery/bigquery_dataset_public_access/bigquery_dataset_public_access.metadata.json +1 -0
- prowler/providers/gcp/services/bigquery/bigquery_table_cmk_encryption/bigquery_table_cmk_encryption.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_automated_backups/cloudsql_instance_automated_backups.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_local_infile_flag/cloudsql_instance_mysql_local_infile_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_mysql_skip_show_database_flag/cloudsql_instance_mysql_skip_show_database_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_enable_pgaudit_flag/cloudsql_instance_postgres_enable_pgaudit_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_connections_flag/cloudsql_instance_postgres_log_connections_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_disconnections_flag/cloudsql_instance_postgres_log_disconnections_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_error_verbosity_flag/cloudsql_instance_postgres_log_error_verbosity_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_duration_statement_flag/cloudsql_instance_postgres_log_min_duration_statement_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_error_statement_flag/cloudsql_instance_postgres_log_min_error_statement_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_min_messages_flag/cloudsql_instance_postgres_log_min_messages_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_postgres_log_statement_flag/cloudsql_instance_postgres_log_statement_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_private_ip_assignment/cloudsql_instance_private_ip_assignment.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_access/cloudsql_instance_public_access.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_public_ip/cloudsql_instance_public_ip.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_contained_database_authentication_flag/cloudsql_instance_sqlserver_contained_database_authentication_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag/cloudsql_instance_sqlserver_cross_db_ownership_chaining_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_external_scripts_enabled_flag/cloudsql_instance_sqlserver_external_scripts_enabled_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_remote_access_flag/cloudsql_instance_sqlserver_remote_access_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_trace_flag/cloudsql_instance_sqlserver_trace_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_connections_flag/cloudsql_instance_sqlserver_user_connections_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_sqlserver_user_options_flag/cloudsql_instance_sqlserver_user_options_flag.metadata.json +1 -0
- prowler/providers/gcp/services/cloudsql/cloudsql_instance_ssl_connections/cloudsql_instance_ssl_connections.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_audit_logs_enabled/cloudstorage_audit_logs_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_log_retention_policy_lock/cloudstorage_bucket_log_retention_policy_lock.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_logging_enabled/cloudstorage_bucket_logging_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_public_access/cloudstorage_bucket_public_access.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_soft_delete_enabled/cloudstorage_bucket_soft_delete_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_sufficient_retention_period/cloudstorage_bucket_sufficient_retention_period.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_uniform_bucket_level_access/cloudstorage_bucket_uniform_bucket_level_access.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_versioning_enabled/cloudstorage_bucket_versioning_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_firewall_rdp_access_from_the_internet_allowed/compute_firewall_rdp_access_from_the_internet_allowed.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_firewall_ssh_access_from_the_internet_allowed/compute_firewall_ssh_access_from_the_internet_allowed.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_image_not_publicly_shared/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_image_not_publicly_shared/compute_image_not_publicly_shared.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_image_not_publicly_shared/compute_image_not_publicly_shared.py +39 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_block_project_wide_ssh_keys_disabled/compute_instance_block_project_wide_ssh_keys_disabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_confidential_computing_enabled/compute_instance_confidential_computing_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_default_service_account_in_use/compute_instance_default_service_account_in_use.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_default_service_account_in_use_with_full_api_access/compute_instance_default_service_account_in_use_with_full_api_access.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_disk_auto_delete_disabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_disk_auto_delete_disabled/compute_instance_disk_auto_delete_disabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_disk_auto_delete_disabled/compute_instance_disk_auto_delete_disabled.py +34 -0
- prowler/providers/gcp/services/compute/compute_instance_encryption_with_csek_enabled/compute_instance_encryption_with_csek_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_group_autohealing_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_group_autohealing_enabled/compute_instance_group_autohealing_enabled.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_group_autohealing_enabled/compute_instance_group_autohealing_enabled.py +50 -0
- prowler/providers/gcp/services/compute/compute_instance_group_load_balancer_attached/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_group_load_balancer_attached/compute_instance_group_load_balancer_attached.metadata.json +38 -0
- prowler/providers/gcp/services/compute/compute_instance_group_load_balancer_attached/compute_instance_group_load_balancer_attached.py +36 -0
- prowler/providers/gcp/services/compute/compute_instance_group_multiple_zones/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_group_multiple_zones/compute_instance_group_multiple_zones.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_group_multiple_zones/compute_instance_group_multiple_zones.py +45 -0
- prowler/providers/gcp/services/compute/compute_instance_ip_forwarding_is_enabled/compute_instance_ip_forwarding_is_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_on_host_maintenance_migrate/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_on_host_maintenance_migrate/compute_instance_on_host_maintenance_migrate.metadata.json +39 -0
- prowler/providers/gcp/services/compute/compute_instance_on_host_maintenance_migrate/compute_instance_on_host_maintenance_migrate.py +41 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_public_ip/compute_instance_public_ip.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_serial_ports_in_use/compute_instance_serial_ports_in_use.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_shielded_vm_enabled/compute_instance_shielded_vm_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_instance_single_network_interface/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_single_network_interface/compute_instance_single_network_interface.metadata.json +40 -0
- prowler/providers/gcp/services/compute/compute_instance_single_network_interface/compute_instance_single_network_interface.py +43 -0
- prowler/providers/gcp/services/compute/compute_loadbalancer_logging_enabled/compute_loadbalancer_logging_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_network_default_in_use/compute_network_default_in_use.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_network_dns_logging_enabled/compute_network_dns_logging_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_network_not_legacy/compute_network_not_legacy.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_2fa_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_2fa_enabled/compute_project_os_login_2fa_enabled.metadata.json +41 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_2fa_enabled/compute_project_os_login_2fa_enabled.py +39 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_public_address_shodan/compute_public_address_shodan.metadata.json +1 -0
- prowler/providers/gcp/services/compute/compute_service.py +362 -2
- prowler/providers/gcp/services/compute/compute_snapshot_not_outdated/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_snapshot_not_outdated/compute_snapshot_not_outdated.metadata.json +38 -0
- prowler/providers/gcp/services/compute/compute_snapshot_not_outdated/compute_snapshot_not_outdated.py +60 -0
- prowler/providers/gcp/services/compute/compute_subnet_flow_logs_enabled/compute_subnet_flow_logs_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/dataproc/dataproc_encrypted_with_cmks_disabled/dataproc_encrypted_with_cmks_disabled.metadata.json +1 -0
- prowler/providers/gcp/services/dns/dns_dnssec_disabled/dns_dnssec_disabled.metadata.json +1 -0
- prowler/providers/gcp/services/dns/dns_rsasha1_in_use_to_key_sign_in_dnssec/dns_rsasha1_in_use_to_key_sign_in_dnssec.metadata.json +1 -0
- prowler/providers/gcp/services/dns/dns_rsasha1_in_use_to_zone_sign_in_dnssec/dns_rsasha1_in_use_to_zone_sign_in_dnssec.metadata.json +1 -0
- prowler/providers/gcp/services/gcr/gcr_container_scanning_enabled/gcr_container_scanning_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/gke/gke_cluster_no_default_service_account/gke_cluster_no_default_service_account.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_account_access_approval_enabled/iam_account_access_approval_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_cloud_asset_inventory_enabled/iam_cloud_asset_inventory_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_no_service_roles_at_project_level/iam_no_service_roles_at_project_level.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_organization_essential_contacts_configured/iam_organization_essential_contacts_configured.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_role_sa_enforce_separation_of_duties/iam_role_sa_enforce_separation_of_duties.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_sa_no_administrative_privileges/iam_sa_no_administrative_privileges.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_sa_no_user_managed_keys/iam_sa_no_user_managed_keys.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_sa_user_managed_key_rotate_90_days/iam_sa_user_managed_key_rotate_90_days.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_sa_user_managed_key_unused/iam_sa_user_managed_key_unused.metadata.json +1 -0
- prowler/providers/gcp/services/iam/iam_service_account_unused/iam_service_account_unused.metadata.json +1 -0
- prowler/providers/gcp/services/kms/kms_key_not_publicly_accessible/kms_key_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/gcp/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_compute_configuration_changes_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_compute_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_compute_configuration_changes_enabled.metadata.json +38 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_compute_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_compute_configuration_changes_enabled.py +50 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled.metadata.json +1 -0
- prowler/providers/gcp/services/logging/logging_sink_created/logging_sink_created.metadata.json +1 -0
- prowler/providers/github/services/organization/organization_default_repository_permission_strict/organization_default_repository_permission_strict.metadata.json +1 -0
- prowler/providers/github/services/organization/organization_members_mfa_required/organization_members_mfa_required.metadata.json +1 -0
- prowler/providers/github/services/organization/organization_repository_creation_limited/organization_repository_creation_limited.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_branch_delete_on_merge_enabled/repository_branch_delete_on_merge_enabled.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_deletion_disabled/repository_default_branch_deletion_disabled.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_disallows_force_push/repository_default_branch_disallows_force_push.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_protection_applies_to_admins/repository_default_branch_protection_applies_to_admins.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_protection_enabled/repository_default_branch_protection_enabled.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_requires_codeowners_review/repository_default_branch_requires_codeowners_review.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_requires_conversation_resolution/repository_default_branch_requires_conversation_resolution.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_requires_linear_history/repository_default_branch_requires_linear_history.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_requires_multiple_approvals/repository_default_branch_requires_multiple_approvals.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_requires_signed_commits/repository_default_branch_requires_signed_commits.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_default_branch_status_checks_required/repository_default_branch_status_checks_required.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_dependency_scanning_enabled/repository_dependency_scanning_enabled.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_has_codeowners_file/repository_has_codeowners_file.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.metadata.json +1 -1
- prowler/providers/github/services/repository/repository_inactive_not_archived/repository_inactive_not_archived.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_public_has_securitymd_file/repository_public_has_securitymd_file.metadata.json +1 -0
- prowler/providers/github/services/repository/repository_secret_scanning_enabled/repository_secret_scanning_enabled.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_always_pull_images_plugin/apiserver_always_pull_images_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_anonymous_requests/apiserver_anonymous_requests.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_audit_log_maxage_set/apiserver_audit_log_maxage_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_audit_log_maxbackup_set/apiserver_audit_log_maxbackup_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_audit_log_maxsize_set/apiserver_audit_log_maxsize_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_audit_log_path_set/apiserver_audit_log_path_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_auth_mode_include_node/apiserver_auth_mode_include_node.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_auth_mode_include_rbac/apiserver_auth_mode_include_rbac.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_auth_mode_not_always_allow/apiserver_auth_mode_not_always_allow.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_client_ca_file_set/apiserver_client_ca_file_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_deny_service_external_ips/apiserver_deny_service_external_ips.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_disable_profiling/apiserver_disable_profiling.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_encryption_provider_config_set/apiserver_encryption_provider_config_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_etcd_cafile_set/apiserver_etcd_cafile_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_etcd_tls_config/apiserver_etcd_tls_config.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_event_rate_limit/apiserver_event_rate_limit.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_kubelet_cert_auth/apiserver_kubelet_cert_auth.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_kubelet_tls_auth/apiserver_kubelet_tls_auth.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_namespace_lifecycle_plugin/apiserver_namespace_lifecycle_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_no_always_admit_plugin/apiserver_no_always_admit_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_no_token_auth_file/apiserver_no_token_auth_file.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_node_restriction_plugin/apiserver_node_restriction_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_request_timeout_set/apiserver_request_timeout_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_security_context_deny_plugin/apiserver_security_context_deny_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_service_account_key_file_set/apiserver_service_account_key_file_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_service_account_lookup_true/apiserver_service_account_lookup_true.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_service_account_plugin/apiserver_service_account_plugin.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_strong_ciphers_only/apiserver_strong_ciphers_only.metadata.json +1 -0
- prowler/providers/kubernetes/services/apiserver/apiserver_tls_config/apiserver_tls_config.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_bind_address/controllermanager_bind_address.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_disable_profiling/controllermanager_disable_profiling.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_garbage_collection/controllermanager_garbage_collection.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_root_ca_file_set/controllermanager_root_ca_file_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_rotate_kubelet_server_cert/controllermanager_rotate_kubelet_server_cert.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_service_account_credentials/controllermanager_service_account_credentials.metadata.json +1 -0
- prowler/providers/kubernetes/services/controllermanager/controllermanager_service_account_private_key_file/controllermanager_service_account_private_key_file.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_admission_hostport_containers/core_minimize_admission_hostport_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_admission_windows_hostprocess_containers/core_minimize_admission_windows_hostprocess_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_allowPrivilegeEscalation_containers/core_minimize_allowPrivilegeEscalation_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_containers_added_capabilities/core_minimize_containers_added_capabilities.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_containers_capabilities_assigned/core_minimize_containers_capabilities_assigned.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_hostIPC_containers/core_minimize_hostIPC_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_hostNetwork_containers/core_minimize_hostNetwork_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_hostPID_containers/core_minimize_hostPID_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_net_raw_capability_admission/core_minimize_net_raw_capability_admission.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_privileged_containers/core_minimize_privileged_containers.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_minimize_root_containers_admission/core_minimize_root_containers_admission.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_no_secrets_envs/core_no_secrets_envs.metadata.json +1 -0
- prowler/providers/kubernetes/services/core/core_seccomp_profile_docker_default/core_seccomp_profile_docker_default.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_client_cert_auth/etcd_client_cert_auth.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_no_auto_tls/etcd_no_auto_tls.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_no_peer_auto_tls/etcd_no_peer_auto_tls.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_peer_client_cert_auth/etcd_peer_client_cert_auth.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_peer_tls_config/etcd_peer_tls_config.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_tls_encryption/etcd_tls_encryption.metadata.json +1 -0
- prowler/providers/kubernetes/services/etcd/etcd_unique_ca/etcd_unique_ca.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_authorization_mode/kubelet_authorization_mode.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_client_ca_file_set/kubelet_client_ca_file_set.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_conf_file_ownership/kubelet_conf_file_ownership.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_conf_file_permissions/kubelet_conf_file_permissions.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_config_yaml_ownership/kubelet_config_yaml_ownership.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_config_yaml_permissions/kubelet_config_yaml_permissions.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_disable_anonymous_auth/kubelet_disable_anonymous_auth.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_disable_read_only_port/kubelet_disable_read_only_port.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_event_record_qps/kubelet_event_record_qps.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_manage_iptables/kubelet_manage_iptables.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_rotate_certificates/kubelet_rotate_certificates.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_service_file_ownership_root/kubelet_service_file_ownership_root.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_service_file_permissions/kubelet_service_file_permissions.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_streaming_connection_timeout/kubelet_streaming_connection_timeout.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_strong_ciphers_only/kubelet_strong_ciphers_only.metadata.json +1 -0
- prowler/providers/kubernetes/services/kubelet/kubelet_tls_cert_and_key/kubelet_tls_cert_and_key.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_cluster_admin_usage/rbac_cluster_admin_usage.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_csr_approval_access/rbac_minimize_csr_approval_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_node_proxy_subresource_access/rbac_minimize_node_proxy_subresource_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_pod_creation_access/rbac_minimize_pod_creation_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_pv_creation_access/rbac_minimize_pv_creation_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_secret_access/rbac_minimize_secret_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_service_account_token_creation/rbac_minimize_service_account_token_creation.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_webhook_config_access/rbac_minimize_webhook_config_access.metadata.json +1 -0
- prowler/providers/kubernetes/services/rbac/rbac_minimize_wildcard_use_roles/rbac_minimize_wildcard_use_roles.metadata.json +1 -0
- prowler/providers/kubernetes/services/scheduler/scheduler_bind_address/scheduler_bind_address.metadata.json +1 -0
- prowler/providers/kubernetes/services/scheduler/scheduler_profiling/scheduler_profiling.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_external_calendar_sharing_disabled/admincenter_external_calendar_sharing_disabled.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_groups_not_public_visibility/admincenter_groups_not_public_visibility.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_organization_customer_lockbox_enabled/admincenter_organization_customer_lockbox_enabled.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_settings_password_never_expire/admincenter_settings_password_never_expire.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_users_admins_reduced_license_footprint/admincenter_users_admins_reduced_license_footprint.metadata.json +1 -0
- prowler/providers/m365/services/admincenter/admincenter_users_between_two_and_four_global_admins/admincenter_users_between_two_and_four_global_admins.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antiphishing_policy_configured/defender_antiphishing_policy_configured.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antispam_connection_filter_policy_empty_ip_allowlist/defender_antispam_connection_filter_policy_empty_ip_allowlist.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antispam_connection_filter_policy_safe_list_off/defender_antispam_connection_filter_policy_safe_list_off.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antispam_outbound_policy_configured/defender_antispam_outbound_policy_configured.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antispam_outbound_policy_forwarding_disabled/defender_antispam_outbound_policy_forwarding_disabled.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_antispam_policy_inbound_no_allowed_domains/defender_antispam_policy_inbound_no_allowed_domains.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_chat_report_policy_configured/defender_chat_report_policy_configured.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_domain_dkim_enabled/defender_domain_dkim_enabled.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_malware_policy_common_attachments_filter_enabled/defender_malware_policy_common_attachments_filter_enabled.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_malware_policy_comprehensive_attachments_filter_applied/defender_malware_policy_comprehensive_attachments_filter_applied.metadata.json +1 -0
- prowler/providers/m365/services/defender/defender_malware_policy_notifications_internal_users_malware_enabled/defender_malware_policy_notifications_internal_users_malware_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_consent_workflow_enabled/entra_admin_consent_workflow_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_portals_access_restriction/entra_admin_portals_access_restriction.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_users_cloud_only/entra_admin_users_cloud_only.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_users_mfa_enabled/entra_admin_users_mfa_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_users_phishing_resistant_mfa_enabled/entra_admin_users_phishing_resistant_mfa_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_admin_users_sign_in_frequency_enabled/entra_admin_users_sign_in_frequency_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_dynamic_group_for_guests_created/entra_dynamic_group_for_guests_created.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_identity_protection_sign_in_risk_enabled/entra_identity_protection_sign_in_risk_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_identity_protection_user_risk_enabled/entra_identity_protection_user_risk_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_intune_enrollment_sign_in_frequency_every_time/entra_intune_enrollment_sign_in_frequency_every_time.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_legacy_authentication_blocked/entra_legacy_authentication_blocked.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_managed_device_required_for_authentication/entra_managed_device_required_for_authentication.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_managed_device_required_for_mfa_registration/entra_managed_device_required_for_mfa_registration.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_password_hash_sync_enabled/entra_password_hash_sync_enabled.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_policy_ensure_default_user_cannot_create_tenants/entra_policy_ensure_default_user_cannot_create_tenants.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_policy_guest_invite_only_for_admin_roles/entra_policy_guest_invite_only_for_admin_roles.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_policy_guest_users_access_restrictions/entra_policy_guest_users_access_restrictions.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_policy_restricts_user_consent_for_apps/entra_policy_restricts_user_consent_for_apps.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_service.py +34 -17
- prowler/providers/m365/services/entra/entra_thirdparty_integrated_apps_not_allowed/entra_thirdparty_integrated_apps_not_allowed.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_users_mfa_capable/entra_users_mfa_capable.metadata.json +1 -0
- prowler/providers/m365/services/entra/entra_users_mfa_enabled/entra_users_mfa_enabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_external_email_tagging_enabled/exchange_external_email_tagging_enabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_mailbox_audit_bypass_disabled/exchange_mailbox_audit_bypass_disabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_mailbox_policy_additional_storage_restricted/exchange_mailbox_policy_additional_storage_restricted.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_organization_mailbox_auditing_enabled/exchange_organization_mailbox_auditing_enabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_organization_mailtips_enabled/exchange_organization_mailtips_enabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_organization_modern_authentication_enabled/exchange_organization_modern_authentication_enabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_roles_assignment_policy_addins_disabled/exchange_roles_assignment_policy_addins_disabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_transport_config_smtp_auth_disabled/exchange_transport_config_smtp_auth_disabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_transport_rules_mail_forwarding_disabled/exchange_transport_rules_mail_forwarding_disabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_transport_rules_whitelist_disabled/exchange_transport_rules_whitelist_disabled.metadata.json +1 -0
- prowler/providers/m365/services/exchange/exchange_user_mailbox_auditing_enabled/exchange_user_mailbox_auditing_enabled.metadata.json +1 -0
- prowler/providers/m365/services/purview/purview_audit_log_search_enabled/purview_audit_log_search_enabled.metadata.json +1 -0
- prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_managed/sharepoint_external_sharing_managed.metadata.json +1 -0
- prowler/providers/m365/services/sharepoint/sharepoint_external_sharing_restricted/sharepoint_external_sharing_restricted.metadata.json +1 -0
- prowler/providers/m365/services/sharepoint/sharepoint_guest_sharing_restricted/sharepoint_guest_sharing_restricted.metadata.json +1 -0
- prowler/providers/m365/services/sharepoint/sharepoint_modern_authentication_required/sharepoint_modern_authentication_required.metadata.json +1 -0
- prowler/providers/m365/services/sharepoint/sharepoint_onedrive_sync_restricted_unmanaged_devices/sharepoint_onedrive_sync_restricted_unmanaged_devices.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_email_sending_to_channel_disabled/teams_email_sending_to_channel_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_external_domains_restricted/teams_external_domains_restricted.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_external_file_sharing_restricted/teams_external_file_sharing_restricted.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_external_users_cannot_start_conversations/teams_external_users_cannot_start_conversations.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_anonymous_user_join_disabled/teams_meeting_anonymous_user_join_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_anonymous_user_start_disabled/teams_meeting_anonymous_user_start_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_chat_anonymous_users_disabled/teams_meeting_chat_anonymous_users_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_dial_in_lobby_bypass_disabled/teams_meeting_dial_in_lobby_bypass_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_external_chat_disabled/teams_meeting_external_chat_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_external_control_disabled/teams_meeting_external_control_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_external_lobby_bypass_disabled/teams_meeting_external_lobby_bypass_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_presenters_restricted/teams_meeting_presenters_restricted.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_meeting_recording_disabled/teams_meeting_recording_disabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_security_reporting_enabled/teams_security_reporting_enabled.metadata.json +1 -0
- prowler/providers/m365/services/teams/teams_unmanaged_communication_disabled/teams_unmanaged_communication_disabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/clusters/clusters_authentication_enabled/clusters_authentication_enabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/clusters/clusters_backup_enabled/clusters_backup_enabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/clusters/clusters_encryption_at_rest_enabled/clusters_encryption_at_rest_enabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/clusters/clusters_tls_enabled/clusters_tls_enabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/organizations/organizations_api_access_list_required/organizations_api_access_list_required.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/organizations/organizations_mfa_required/organizations_mfa_required.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/organizations/organizations_security_contact_defined/organizations_security_contact_defined.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/organizations/organizations_service_account_secrets_expiration/organizations_service_account_secrets_expiration.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/projects/projects_auditing_enabled/projects_auditing_enabled.metadata.json +1 -0
- prowler/providers/mongodbatlas/services/projects/projects_network_access_list_exposed_to_internet/projects_network_access_list_exposed_to_internet.metadata.json +1 -0
- prowler/providers/nhn/services/compute/compute_instance_login_user/compute_instance_login_user.metadata.json +1 -0
- prowler/providers/nhn/services/compute/compute_instance_public_ip/compute_instance_public_ip.metadata.json +1 -0
- prowler/providers/nhn/services/compute/compute_instance_security_groups/compute_instance_security_groups.metadata.json +1 -0
- prowler/providers/nhn/services/network/network_vpc_has_empty_routingtables/network_vpc_has_empty_routingtables.metadata.json +1 -0
- prowler/providers/nhn/services/network/network_vpc_subnet_enable_dhcp/network_vpc_subnet_enable_dhcp.metadata.json +1 -0
- prowler/providers/nhn/services/network/network_vpc_subnet_has_external_router/network_vpc_subnet_has_external_router.metadata.json +1 -0
- prowler/providers/oraclecloud/oraclecloud_provider.py +75 -74
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +1 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +1 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +1 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +1 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +1 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +1 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +1 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +1 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +1 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +1 -0
- {prowler-5.16.1.dist-info → prowler-5.17.0.dist-info}/METADATA +63 -6
- {prowler-5.16.1.dist-info → prowler-5.17.0.dist-info}/RECORD +1306 -1177
- {prowler-5.16.1.dist-info → prowler-5.17.0.dist-info}/LICENSE +0 -0
- {prowler-5.16.1.dist-info → prowler-5.17.0.dist-info}/WHEEL +0 -0
- {prowler-5.16.1.dist-info → prowler-5.17.0.dist-info}/entry_points.txt +0 -0
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching a Web Application or authenticate those with tokens before they reach the app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.",
|
|
12
13
|
"Risk": "By Enabling App Service Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles authentication of users with the specified provider (Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter), validation, storing and refreshing of tokens, managing the authenticated sessions and injecting identity information into request headers.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites/config",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure HTTP links by default. Non-secure HTTP requests can be restricted and all HTTP requests redirected to the secure HTTPS port. It is recommended to enforce HTTPS-only traffic.",
|
|
12
13
|
"Risk": "Enabling HTTPS-only traffic will redirect all non-secure HTTP requests to HTTPS ports. HTTPS uses the TLS/SSL protocol to provide a secure connection which is both encrypted and authenticated. It is therefore important to support HTTPS for the security benefits.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the newer version.",
|
|
12
13
|
"Risk": "Newer versions may contain security enhancements and additional functionality. Using the latest software version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#general-settings",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.",
|
|
12
13
|
"Risk": "Newer versions may contain security enhancements and additional functionality. Using the latest software version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#general-settings",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest full Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.",
|
|
12
13
|
"Risk": "Newer versions may contain security enhancements and additional functionality. Using the latest software version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected. Using the latest full version will keep your stack secure to vulnerabilities and exploits.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#general-settings",
|
prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.metadata.json
CHANGED
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.",
|
|
12
13
|
"Risk": "Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected. HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#general-settings",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites/config",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "By default, Azure Functions, Web, and API Services can be deployed over FTP. If FTP is required for an essential deployment workflow, FTPS should be required for FTP login for all App Service Apps and Functions.",
|
|
12
13
|
"Risk": "Azure FTP deployment endpoints are public. An attacker listening to traffic on a wifi network used by a remote employee or a corporate network could see login traffic in clear-text which would then grant them full control of the code base of the app or service. This finding is more severe if User Credentials for deployment are set at the subscription level rather than using the default Application Credentials which are unique per App.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure Functions provide a way to secure HTTP function endpoints during development and production. Using access keys adds an extra layer of protection, ensuring that only authorized users or systems can access the functions. This is particularly important when dealing with public apps or sensitive data.",
|
|
12
13
|
"Risk": "Unprotected function endpoints may be vulnerable to unauthorized access, leading to potential data breaches or malicious activity.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=python-v2%2Cisolated-process%2Cnodejs-v4%2Cfunctionsv2&pivots=programming-language-csharp#authorization-keys",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Application Insights is a powerful tool for monitoring the performance and health of Azure Function Apps. It provides valuable insights into exceptions, performance issues, and usage patterns, enabling timely detection and resolution of issues.",
|
|
12
13
|
"Risk": "Without Application Insights, you may miss critical errors, performance degradation, or abnormal behavior in your Function App, potentially impacting availability and user experience.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure FTP deployment endpoints are unencrypted and public, making them vulnerable to attacks. Disabling FTP and FTPS deployments enhances security by preventing unauthorized access to login credentials and sensitive codebases.",
|
|
12
13
|
"Risk": "If left enabled, attackers can intercept network traffic and gain full control of the app or service, leading to potential data breaches and unauthorized modifications.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure Functions should have managed identities configured for enhanced security and access control.",
|
|
12
13
|
"Risk": "Not using managed identities can lead to less secure authentication and authorization practices, potentially exposing sensitive data.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "It is important to ensure that Azure functions are not configured with administrative privileges to maintain the principle of least privilege and reduce the attack surface. By limiting the privileges of Azure functions, potential security risks and data leaks can be mitigated.",
|
|
12
13
|
"Risk": "If Azure functions are configured with administrative privileges, it increases the risk of unauthorized access, privilege escalation, and data breaches. Attackers can exploit these privileges to gain access to sensitive data and compromise the entire system.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Keeping Azure Functions up to date with the latest supported runtime version is crucial for security and performance. Updates often include security patches and enhancements, helping to protect against known vulnerabilities and potential exploits. Additionally, newer runtime versions may offer improved functionality and optimized resource utilization.",
|
|
12
13
|
"Risk": "Using outdated runtime versions may introduce security risks and performance degradation. Outdated runtimes may have unpatched vulnerabilities, making them susceptible to attacks.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/azure-functions/functions-versions",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Azure Functions should not be exposed to the public internet. Restricting access helps protect applications from potential threats and reduces the attack surface.",
|
|
12
13
|
"Risk": "Exposing Azure Functions to the public internet increases the risk of unauthorized access, data breaches, and other security threats.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Enabling Virtual Network Integration for Azure Functions provides an additional layer of security by restricting access to selected virtual network subnets. This helps to protect your Function Apps from unauthorized access and potential threats.",
|
|
12
13
|
"Risk": "Without Virtual Network Integration, your Function Apps may be exposed to the public internet, increasing the risk of unauthorized access and potential security breaches.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options#virtual-network-integration",
|
prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.metadata.json
CHANGED
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites/config",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Enable AppServiceHTTPLogs diagnostic log category for Azure App Service instances to ensure all http requests are captured and centrally logged.",
|
|
12
13
|
"Risk": "Capturing web requests can be important supporting information for security analysts performing monitoring and incident response activities. Once logging, these logs can be ingested into SIEM or other central aggregation point for the organization.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-3-enable-logging-for-security-investigation",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites/config",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App service allows TLS 1.2 by default, which is the recommended TLS level by industry standards such as PCI DSS.",
|
|
12
13
|
"Risk": "App service currently allows the web app to set TLS versions 1.0, 1.1 and 1.2. It is highly recommended to use the latest TLS 1.2 version for web app secure connections.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-tls-versions",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Web/sites",
|
|
11
|
+
"ResourceGroup": "serverless",
|
|
11
12
|
"Description": "Managed service identity in App Service provides more security by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in App Service, the app will connect to other Azure services securely without the need for usernames and passwords.",
|
|
12
13
|
"Risk": "App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "low",
|
|
10
10
|
"ResourceType": "Microsoft.Insights/components",
|
|
11
|
+
"ResourceGroup": "monitoring",
|
|
11
12
|
"Description": "Application Insights within Azure act as an Application Performance Monitoring solution providing valuable data into how well an application performs and additional information when performing incident response. The types of log data collected include application metrics, telemetry data, and application trace logging data providing organizations with detailed information about application activity and application transactions. Both data sets help organizations adopt a proactive and retroactive means to handle security and performance related metrics within their modern applications.",
|
|
12
13
|
"Risk": "Configuring Application Insights provides additional data not found elsewhere within Azure as part of a much larger logging and monitoring program within an organization's Information Security practice. The types and contents of these logs will act as both a potential cost saving measure (application performance) and a means to potentially confirm the source of a potential incident (trace logging). Metrics and Telemetry data provide organizations with a proactive approach to cost savings by monitoring an application's performance, while the trace logging data provides necessary details in a reactive incident response scenario by helping organizations identify the potential source of an incident within their application.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "ContainerRegistry",
|
|
11
|
+
"ResourceGroup": "container",
|
|
11
12
|
"Description": "Ensure that the admin user is disabled and Role-Based Access Control (RBAC) is used instead since it could grant unrestricted access to the registry",
|
|
12
13
|
"Risk": "If the admin user is enabled, it may lead to unauthorized access to the container registry and its resources, which could compromise the confidentiality, integrity, and availability of the images stored within.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "ContainerRegistry",
|
|
11
|
+
"ResourceGroup": "container",
|
|
11
12
|
"Description": "Ensure that public network access to the Azure Container Registry is restricted.",
|
|
12
13
|
"Risk": "Public accessibility exposes the Container Registry to potential attacks, unauthorized usage, and data breaches. Restricting access minimizes the surface area for attacks and ensures that only authorized networks can access the registry.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-access-selected-networks",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "ContainerRegistry",
|
|
11
|
+
"ResourceGroup": "container",
|
|
11
12
|
"Description": "Ensure that a private link is used for accessing the Azure Container Registry to enhance security and restrict access to the registry over the public internet.",
|
|
12
13
|
"Risk": "Without using a private link, the Azure Container Registry may be exposed to the public internet, increasing the risk of unauthorized access and potential data breaches.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/private-link/private-link-overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "CosmosDB",
|
|
11
|
+
"ResourceGroup": "database",
|
|
11
12
|
"Description": "Limiting your Cosmos DB to only communicate on whitelisted networks lowers its attack footprint.",
|
|
12
13
|
"Risk": "Selecting certain networks for your Cosmos DB to communicate restricts the number of networks including the internet that can interact with what is stored within the database.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "CosmosDB",
|
|
11
|
+
"ResourceGroup": "database",
|
|
11
12
|
"Description": "Cosmos DB can use tokens or AAD for client authentication which in turn will use Azure RBAC for authorization. Using AAD is significantly more secure because AAD handles the credentials and allows for MFA and centralized management, and the Azure RBAC better integrated with the rest of Azure.",
|
|
12
13
|
"Risk": "AAD client authentication is considerably more secure than token-based authentication because the tokens must be persistent at the client. AAD does not require this.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "CosmosDB",
|
|
11
|
+
"ResourceGroup": "database",
|
|
11
12
|
"Description": "Private endpoints limit network traffic to approved sources.",
|
|
12
13
|
"Risk": "For sensitive data, private endpoints allow granular control of which services can communicate with Cosmos DB and ensure that this network traffic is private. You set this up on a case by case basis for each service you wish to be connected.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Databricks/workspaces/{workspaceName}",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDatabricksWorkspace",
|
|
11
|
+
"ResourceGroup": "ai_ml",
|
|
11
12
|
"Description": "Checks whether Azure Databricks workspaces are configured to use customer-managed keys (CMK) for encryption at rest, providing greater control over data encryption and compliance.",
|
|
12
13
|
"Risk": "Without CMK, organizations have less control over encryption keys, which may impact regulatory compliance and increase risk of unauthorized data access.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/databricks/security/keys/customer-managed-keys",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Databricks/workspaces/{workspaceName}",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureDatabricksWorkspace",
|
|
11
|
+
"ResourceGroup": "ai_ml",
|
|
11
12
|
"Description": "Checks whether Azure Databricks workspaces are deployed in a customer-managed Virtual Network (VNet Injection) instead of a Databricks-managed VNet.",
|
|
12
13
|
"Risk": "Using a Databricks-managed VNet limits control over network security policies, firewall configurations, and routing, increasing the risk of unauthorized access or data exfiltration.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureEmailNotifications",
|
|
11
|
+
"ResourceGroup": "monitoring",
|
|
11
12
|
"Description": "Microsoft Defender for Cloud emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.",
|
|
12
13
|
"Risk": "Microsoft Defender for Cloud emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "Microsoft.Security/assessments",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Install endpoint protection for all virtual machines.",
|
|
12
13
|
"Risk": "Installing endpoint protection systems (like anti-malware for Azure) provides for real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureEmailNotifications",
|
|
11
|
+
"ResourceGroup": "monitoring",
|
|
11
12
|
"Description": "Ensure that Microsoft Defender for Cloud is configured to send email notifications for attack paths identified in the Azure subscription with an appropriate minimal risk level.",
|
|
12
13
|
"Risk": "If attack path notifications are not enabled, security teams may not be promptly informed about exploitable attack sequences, increasing the risk of delayed mitigation and potential breaches.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.",
|
|
12
13
|
"Risk": "Missing critical security information about your Azure VMs, such as security alerts, security recommendations, and change tracking.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Enable automatic provisioning of vulnerability assessment for machines on both Azure and hybrid (Arc enabled) machines.",
|
|
12
13
|
"Risk": "Vulnerability assessment for machines scans for various security-related configurations and events such as system updates, OS vulnerabilities, and endpoint protection, then produces alerts on threat and vulnerability findings.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-va",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Security/assessments",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Container images used by containers should have vulnerabilities resolved. Azure Defender for Container Registries can help you identify and resolve vulnerabilities in your container images. It provides vulnerability scanning and prioritized security recommendations for your container images. You can use Azure Defender for Container Registries to scan your container images for vulnerabilities and get prioritized security recommendations to resolve them. You can also use Azure Defender for Container Registries to monitor your container registries for security threats and get prioritized security recommendations to resolve them. Azure Defender for Container Registries integrates with Azure Security Center to provide a unified view of security across your container registries and other Azure resources. Azure Defender for Container Registries is part of Azure Defender, which provides advanced threat protection for your hybrid workloads. Azure Defender uses advanced analytics and global threat intelligence to detect attacks that might otherwise go unnoticed.",
|
|
12
13
|
"Risk": "If vulnerabilities are not resolved, attackers can exploit them to gain unauthorized access to your containerized applications and data.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "Microsoft.Security",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Scan images being deployed to Azure (AKS) for vulnerabilities. Vulnerability scanning for images stored in Azure Container Registry is generally available in Azure Security Center. This capability is powered by Qualys, a leading provider of information security. When you push an image to Container Registry, Security Center automatically scans it, then checks for known vulnerabilities in packages or dependencies defined in the file. When the scan completes (after about 10 minutes), Security Center provides details and a security classification for each vulnerability detected, along with guidance on how to remediate issues and protect vulnerable attack surfaces.",
|
|
12
13
|
"Risk": "Vulnerabilities in software packages can be exploited by hackers or malicious users to obtain unauthorized access to local cloud resources. Azure Defender and other third party products allow images to be scanned for known vulnerabilities.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-check-health",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for App Services Is Set To 'On' ",
|
|
12
13
|
"Risk": "Turning on Microsoft Defender for App Service enables threat detection for App Service, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Azure Resource Manager Is Set To 'On' ",
|
|
12
13
|
"Risk": "Scanning resource requests lets you be alerted every time there is suspicious activity in order to prevent a security threat from being introduced.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' ",
|
|
12
13
|
"Risk": "Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Azure SQL database servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Containers Is Set To 'On' ",
|
|
12
13
|
"Risk": "Ensure that Microsoft Defender for Cloud is enabled for all your Azure containers. Turning on the Defender for Cloud service enables threat detection for containers, providing threat intelligence, anomaly detection, and behavior analytics.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Cosmos DB Is Set To 'On' ",
|
|
12
13
|
"Risk": "In scanning Cosmos DB requests within a subscription, requests are compared to a heuristic list of potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Databases Is Set To 'On' ",
|
|
12
13
|
"Risk": "Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for DNS Is Set To 'On' ",
|
|
12
13
|
"Risk": "DNS lookups within a subscription are scanned and compared to a dynamic list of websites that might be potential security threats. These threats could be a result of a security breach within your services, thus scanning for them could prevent a potential security threat from being introduced.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for KeyVault Is Set To 'On' ",
|
|
12
13
|
"Risk": "By default, Microsoft Defender for Cloud is disabled for Azure key vaults. Defender for Cloud detects unusual and potentially harmful attempts to access or exploit your Azure Key Vault data. This layer of protection allows you to address threats without being a security expert, and without the need to use and manage third-party security monitoring tools or services.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' ",
|
|
12
13
|
"Risk": "Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Servers Is Set to 'On'",
|
|
12
13
|
"Risk": "Turning on Microsoft Defender for Servers enables threat detection for Servers, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' ",
|
|
12
13
|
"Risk": "Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderPlan",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure That Microsoft Defender for Storage Is Set To 'On' ",
|
|
12
13
|
"Risk": "Ensure that Microsoft Defender for Cloud is enabled for your Microsoft Azure storage accounts. Defender for storage accounts is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your Azure cloud storage accounts.",
|
|
13
14
|
"RelatedUrl": "",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "DefenderIoT",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Microsoft Defender for IoT acts as a central security hub for IoT devices within your organization.",
|
|
12
13
|
"Risk": "IoT devices are very rarely patched and can be potential attack vectors for enterprise networks. Updating their network configuration to use a central security hub allows for detection of these breaches.",
|
|
13
14
|
"RelatedUrl": "https://azure.microsoft.com/en-us/services/iot-defender/#overview",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "DefenderSettings",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "This integration setting enables Microsoft Defender for Cloud Apps (formerly 'Microsoft Cloud App Security' or 'MCAS' - see additional info) to communicate with Microsoft Defender for Cloud.",
|
|
12
13
|
"Risk": "Microsoft Defender for Cloud offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Microsoft Defender for Cloud detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Defender for Cloud Apps. To benefit from these analytics, subscription must have a Cloud App Security license. Microsoft Defender for Cloud Apps works only with Standard Tier subscriptions.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/defender-for-cloud-introduction#secure-cloud-applications",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureEmailNotifications",
|
|
11
|
+
"ResourceGroup": "monitoring",
|
|
11
12
|
"Description": "Microsoft Defender for Cloud sends email notifications when alerts of a certain severity level or higher are triggered. By setting the minimum severity to 'High', 'Medium', or even 'Low', you ensure that alerts with equal or greater severity (e.g., High or Critical) are still delivered. Selecting a lower threshold like 'Low' results in more comprehensive alert coverage.",
|
|
12
13
|
"Risk": "If this setting is too restrictive (e.g., set to 'Critical' only), important security alerts with 'High' or 'Medium' severity might be missed. Ensuring that 'High' or a lower threshold is configured helps security teams stay informed about significant threats and respond in a timely manner.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/azure/defender-for-cloud/email-notifications-alerts#manage-notifications-on-email",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "AzureEmailNotifications",
|
|
11
|
+
"ResourceGroup": "monitoring",
|
|
11
12
|
"Description": "Enable security alert emails to subscription owners.",
|
|
12
13
|
"Risk": "Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "AzureDefenderRecommendation",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "Ensure that the latest OS patches for all virtual machines are applied.",
|
|
12
13
|
"Risk": "The Azure Security Center retrieves a list of available security and critical updates from Windows Update or Windows Server Update Services (WSUS), depending on which service is configured on a Windows VM. The security center also checks for the latest updates in Linux systems. If a VM is missing a system update, the security center will recommend system updates be applied.",
|
|
13
14
|
"RelatedUrl": "https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-posture-vulnerability-management#pv-7-rapidly-and-automatically-remediate-software-vulnerabilities",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "DefenderSettings",
|
|
11
|
+
"ResourceGroup": "security",
|
|
11
12
|
"Description": "This integration setting enables Microsoft Defender for Endpoint (formerly 'Advanced Threat Protection' or 'ATP' or 'WDATP' - see additional info) to communicate with Microsoft Defender for Cloud.",
|
|
12
13
|
"Risk": "Microsoft Defender for Endpoint integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within Microsoft Defender for Cloud. This integration helps to spot abnormalities, as well as detect and respond to advanced attacks on endpoints monitored by Microsoft Defender for Cloud. MDE works only with Standard Tier subscriptions.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-in/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "medium",
|
|
10
10
|
"ResourceType": "#microsoft.graph.conditionalAccess",
|
|
11
|
+
"ResourceGroup": "IAM",
|
|
11
12
|
"Description": "This recommendation ensures that users accessing the Windows Azure Service Management API (i.e. Azure Powershell, Azure CLI, Azure Resource Manager API, etc.) are required to use multifactor authentication (MFA) credentials when accessing resources through the Windows Azure Service Management API.",
|
|
12
13
|
"Risk": "Administrative access to the Windows Azure Service Management API should be secured with a higher level of scrutiny to authenticating mechanisms. Enabling multifactor authentication is recommended to reduce the potential for abuse of Administrative actions, and to prevent intruders or compromised admin credentials from changing administrative settings.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-azure-management",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "#microsoft.graph.directoryRole",
|
|
11
|
+
"ResourceGroup": "IAM",
|
|
11
12
|
"Description": "This recommendation aims to maintain a balance between security and operational efficiency by ensuring that a minimum of 2 and a maximum of 4 users are assigned the Global Administrator role in Microsoft Entra ID. Having at least two Global Administrators ensures redundancy, while limiting the number to four reduces the risk of excessive privileged access.",
|
|
12
13
|
"Risk": "The Global Administrator role has extensive privileges across all services in Microsoft Entra ID. The Global Administrator role should never be used in regular daily activities, administrators should have a regular user account for daily activities, and a separate account for administrative responsibilities. Limiting the number of Global Administrators helps mitigate the risk of unauthorized access, reduces the potential impact of human error, and aligns with the principle of least privilege to reduce the attack surface of an Azure tenant. Conversely, having at least two Global Administrators ensures that administrative functions can be performed without interruption in case of unavailability of a single admin.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices#5-limit-the-number-of-global-administrators-to-less-than-5",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "#microsoft.graph.users",
|
|
11
|
+
"ResourceGroup": "IAM",
|
|
11
12
|
"Description": "Enable multi-factor authentication for all non-privileged users.",
|
|
12
13
|
"Risk": "Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-howitworks",
|
|
@@ -21,7 +21,7 @@ class entra_non_privileged_user_has_mfa(Check):
|
|
|
21
21
|
f"Non-privileged user {user.name} does not have MFA."
|
|
22
22
|
)
|
|
23
23
|
|
|
24
|
-
if
|
|
24
|
+
if user.is_mfa_capable:
|
|
25
25
|
report.status = "PASS"
|
|
26
26
|
report.status_extended = (
|
|
27
27
|
f"Non-privileged user {user.name} has MFA."
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "#microsoft.graph.authorizationPolicy",
|
|
11
|
+
"ResourceGroup": "IAM",
|
|
11
12
|
"Description": "Restrict security group creation to administrators only.",
|
|
12
13
|
"Risk": "When creating security groups is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Unless a business requires this day-to-day delegation, security group creation should be restricted to administrators only.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity/users/groups-self-service-management",
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
"ResourceIdTemplate": "",
|
|
9
9
|
"Severity": "high",
|
|
10
10
|
"ResourceType": "#microsoft.graph.authorizationPolicy",
|
|
11
|
+
"ResourceGroup": "IAM",
|
|
11
12
|
"Description": "Require administrators or appropriately delegated users to register third-party applications.",
|
|
12
13
|
"Risk": "It is recommended to only allow an administrator to register custom-developed applications. This ensures that the application undergoes a formal security review and approval process prior to exposing Azure Active Directory data. Certain users like developers or other high-request users may also be delegated permissions to prevent them from waiting on an administrative user. Your organization should review your policies and decide your needs.",
|
|
13
14
|
"RelatedUrl": "https://learn.microsoft.com/en-us/entra/identity-platform/how-applications-are-added#who-has-permission-to-add-applications-to-my-azure-ad-instance",
|