Add a lot of new Auditors #23

jonrau1 · 2020-03-31T15:14:05Z

Story
As a user of ElectricEye, I want to be able to run security scans against a multitude of AWS services and components so that I can know their security posture and/or fulfill regulatory or compliance requirements.

Definition of Done

New Auditors and Checks added:
- QLDB: Ledger deletion protection & journal xfer encryption
- Comprehend: completed built-in job output encryption, input encryption and VPC config (15 checks in total for each of the 5 built-in jobs [i.e. entity, sentiment, etc]
- Management Service: Config recorder, Config SNS, Budgets, Compute Optimizer, RAM External Principals check, Xray KMS check
- Forecast: Dataset encryption, Forecast export job encryption
- Image Builder: EBS encryption, deletion on fail, test enabled
Expand the Security Services auditor:
- Macie protection on Bucket (for supported regions)
- Inspector assessment check (just looking if it exists)
- ~~Detective graph check (for supported regions)~~
- KMS Rotation
IAM Policies update in CFN, TF and standalone
Readme list updated with new Auditor checks
Total counts update in the Readme
Complete mapping to the ASFF

Nice to Have

Response Playbooks where it makes sense
- Pagerduty
- Glue Data Catalog encryption
- Macie protection
AMB Fabric Auditor (when AWS fixes the API / feature)

Additional Information
Will be adding 5 new auditors for 28 net-new checks and updating the Security Services auditor for 4 net-new checks.

If AMB is fixed, this will be 6 new auditors and 35 checks in total

jonrau1 · 2020-04-08T00:48:16Z

#22 has added IMDSv2 and Detective check

jonrau1 · 2020-04-19T17:12:50Z

Blocking until #26 is complete

jonrau1 · 2020-06-09T14:09:39Z

New scope for checks:
DDB: KMS, PTR, TTL
GAX: Flow logs, unhealthy endpt check
Glacier: Vault access policy, Vault lock
SSVC: MacieV2
Image Builder: EBS encryption, deletion on fail, test enabled

All other checks in original issue will be chunked into future releases as required

jonrau1 · 2020-06-22T23:27:45Z

Deferring the rest of the wishlist here. The 2.0 version of ElectricEye will be focusing on automation and reporting.

jonrau1 added documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed labels Mar 31, 2020

jonrau1 self-assigned this Mar 31, 2020

jonrau1 added this to To do in ElectricEye Roadmap via automation Mar 31, 2020

jonrau1 removed the help wanted Extra attention is needed label Apr 1, 2020

jonrau1 moved this from To do to Doing in ElectricEye Roadmap Apr 8, 2020

jonrau1 moved this from Doing to Blocked in ElectricEye Roadmap Apr 19, 2020

jonrau1 removed their assignment Apr 19, 2020

jonrau1 moved this from Blocked to Doing in ElectricEye Roadmap Apr 21, 2020

jonrau1 mentioned this issue Jun 4, 2020

Create Lambda Auditor #31

Merged

jonrau1 self-assigned this Jun 9, 2020

jonrau1 moved this from Doing to Done in ElectricEye Roadmap Jun 22, 2020

jonrau1 closed this as completed Jun 22, 2020

jonrau1 mentioned this issue Jun 24, 2020

[PFR] Onboard additional checks to ElectricEye v2.0 #36

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a lot of new Auditors #23

Add a lot of new Auditors #23

jonrau1 commented Mar 31, 2020 •

edited

jonrau1 commented Apr 8, 2020

jonrau1 commented Apr 19, 2020

jonrau1 commented Jun 9, 2020 •

edited

jonrau1 commented Jun 22, 2020

Add a lot of new Auditors #23

Add a lot of new Auditors #23

Comments

jonrau1 commented Mar 31, 2020 • edited

jonrau1 commented Apr 8, 2020

jonrau1 commented Apr 19, 2020

jonrau1 commented Jun 9, 2020 • edited

jonrau1 commented Jun 22, 2020

jonrau1 commented Mar 31, 2020 •

edited

jonrau1 commented Jun 9, 2020 •

edited