Skip to content

Commit

Permalink
adding qa'ed aws cloudtrail rules to prod (#568)
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrea-youwakim
andrea-youwakim authored Nov 29, 2022
1 parent 273aee7 commit 56bdc53
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions packs/aws.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,14 @@ PackDefinition:
- AWS.CloudTrail.S3Bucket.Public
- AWS.IAM.AccessKeyCompromised
- AWS.KMS.RestrictsUsage
- AWS.KMS.CustomerManagedKeyLoss
- AWS.RDS.Instance.PublicAccess
- AWS.RDS.Instance.SnapshotPublicAccess
- AWS.S3.Bucket.PublicRead
- AWS.S3.Bucket.PublicWrite
- AWS.S3.Bucket.PolicyAllowWithNotPrincipal
- AWS.S3.Bucket.PrincipalRestrictions
- AWS.Macie.Evasion
# Encryption Status
- AWS.DynamoDB.TableEncryption
- AWS.EC2.Volume.Encryption
Expand All @@ -34,6 +36,9 @@ PackDefinition:
- AWS.EC2.NetworkACLModified
- AWS.EC2.RouteTableModified
- AWS.EC2.VPCModified
- AWS.IPSet.Modified
- AWS.Modify.Cloud.Compute.Infrastructure
- AWS.CloudTrail.NetworkACLPermissiveEntry
# Root Activity
- AWS.Console.RootLogin
- AWS.Console.RootLoginFailed
Expand All @@ -52,6 +57,9 @@ PackDefinition:
- AWS.PasswordPolicy.PasswordAgeLimit
- AWS.EC2.SecurityGroupModified
- AWS.CloudTrail.IAMAnythingChanged
- AWS.IAM.PolicyModified
- AWS.IAM.Backdoor.User.Keys
- AWS.IAMUser.ReconAccessDenied
# General Policies and Rules
- AWS.ACM.Certificate.Valid
- AWS.CloudTrail.Created
Expand All @@ -68,6 +76,8 @@ PackDefinition:
- AWS.ELBV2.LoadBalancer.HasSSLPolicy
- AWS.WAF.HasXSSPredicate
- AWS.EC2.Startup.Script.Change
- AWS.RDS.MasterPasswordUpdated
- AWS.RDS.PublicRestore
# Standard Rules applicable to AWS
- Standard.BruteForceByIP
# AWS DataModels
Expand Down

0 comments on commit 56bdc53

Please sign in to comment.