Feat updating to integrations

queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml

@@ -1,22 +1,16 @@
+Description: List of lambda functions which are not encrypted with CMK
 ID: aws_insight_lambda_function_not_cmk_encrypted
-Title: "Unencrypted Lambda"
-Description: "List of lambda functions which are not encrypted with CMK"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      name,
-      kms_key_arn, account_id, og_account_id, og_resource_id
-    from
-      aws_lambda_function
-    where
-      kms_key_arn is null;
-  PrimaryTable: aws_lambda_function
   ListOfTables:
   - aws_lambda_function
   Parameters: []
+  PrimaryTable: aws_lambda_function
+  QueryToExecute: "select\n  name,\n  kms_key_arn, account_id, og_account_id, og_resource_id\n\
+    from\n  aws_lambda_function\nwhere\n  kms_key_arn is null;"
 Tags:
   category:
   - Security
+Title: Unencrypted Lambda

queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml

@@ -1,21 +1,19 @@
+Description: List certificates for which transparency logging is disabled
 ID: aws_insight_acm_certificate_transparency_logging_disabled
-Title: "Certificates with no Logging"
-Description: "List certificates for which transparency logging is disabled"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id from
-      aws_acm_certificate
-    where
-      certificate_transparency_logging_preference <> 'ENABLED';
-  PrimaryTable: aws_acm_certificate
   ListOfTables:
   - aws_acm_certificate
   Parameters: []
+  PrimaryTable: aws_acm_certificate
+  QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\
+    \ og_resource_id from\n  aws_acm_certificate\nwhere\n  certificate_transparency_logging_preference\
+    \ <> 'ENABLED';"
 Tags:
   category:
   - Security
   - Technical Debt
   - Resiliency
+Title: Certificates with no Logging

queries/11-aws_insight_acm_certificate_expired.yaml

@@ -1,22 +1,19 @@
+Description: List of expired certificates
 ID: aws_insight_acm_certificate_expired
-Title: "Expired Certificates"
-Description: "List of expired certificates"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id from
-      aws_acm_certificate
-    where
-      status = 'EXPIRED';
-  PrimaryTable: aws_acm_certificate
   ListOfTables:
   - aws_acm_certificate
   Parameters: []
+  PrimaryTable: aws_acm_certificate
+  QueryToExecute: "select certificate_arn, domain_name, status, account_id, og_account_id,\
+    \ og_resource_id from\n  aws_acm_certificate\nwhere\n  status = 'EXPIRED';"
 Tags:
   category:
   - Security
   - Technical Debt
   - Resiliency
   - Cost Management
+Title: Expired Certificates

queries/12-aws_insight_ebs_snapshot_older_than_year.yaml

@@ -1,17 +1,18 @@
+Description: List Snapshots older than 365 days
 ID: aws_insight_ebs_snapshot_older_than_year
-Title: "Snapshots older than a year"
-Description: "List Snapshots older than 365 days"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: SELECT snapshot_id, arn, start_time, account_id, og_account_id, og_resource_id FROM aws_ebs_snapshot WHERE start_time < now() - interval '1 year';
-  PrimaryTable: aws_ebs_snapshot
   ListOfTables:
   - aws_ebs_snapshot
   Parameters: []
+  PrimaryTable: aws_ebs_snapshot
+  QueryToExecute: SELECT snapshot_id, arn, start_time, account_id, og_account_id,
+    og_resource_id FROM aws_ebs_snapshot WHERE start_time < now() - interval '1 year';
 Tags:
   category:
   - Security
   - Technical Debt
   - Cost Management
+Title: Snapshots older than a year

queries/13-aws_insight_ec2_classic_load_balancer.yaml

@@ -1,15 +1,15 @@
+Description: List all Classic Load Balancer. Link here.
 ID: aws_insight_ec2_classic_load_balancer
-Title: "Classic Load Balancers"
-Description: "List all Classic Load Balancer. Link here."
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: SELECT name, arn, account_id, og_account_id, og_resource_id FROM aws_ec2_classic_load_balancer
-  PrimaryTable: aws_ec2_classic_load_balancer
   ListOfTables:
   - aws_ec2_classic_load_balancer
   Parameters: []
+  PrimaryTable: aws_ec2_classic_load_balancer
+  QueryToExecute: SELECT name, arn, account_id, og_account_id, og_resource_id FROM
+    aws_ec2_classic_load_balancer
 Tags:
   category:
   - Security
@@ -19,3 +19,4 @@ Tags:
   - Executive
   - Product
   - FinOps
+Title: Classic Load Balancers

queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml

@@ -1,45 +1,29 @@
+Description: List all Load Balancers with out SSL
 ID: aws_insight_elb_classic_lb_use_ssl_certificate
-Title: "Load Balancers with no SSL"
-Description: "List all Load Balancers with out SSL"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    with detailed_classic_listeners as (
-      select
-        name
-      from
-        aws_ec2_classic_load_balancer,
-        jsonb_array_elements(listener_descriptions) as listener_description
-      where
-        listener_description -> 'Listener' ->> 'Protocol' in ('HTTPS', 'SSL', 'TLS')
-        and listener_description -> 'Listener' ->> 'SSLCertificateId' like 'arn:aws:acm%'
-    )
-    select
-      -- Required Columns
-      'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name as resource,
-      case
-        when a.listener_descriptions is null then 'skip'
-        when b.name is not null then 'alarm'
-        else 'ok'
-      end as status,
-      case
-        when a.listener_descriptions is null then a.title || ' has no listener.'
-        when b.name is not null then a.title || ' does not use certificates provided by ACM.'
-        else a.title || ' uses certificates provided by ACM.'
-      end as reason,
-      -- Additional Dimensions
-      region,
-      account_id, og_account_id, og_resource_id
-    from
-      aws_ec2_classic_load_balancer as a
-      left join detailed_classic_listeners as b on a.name = b.name;
-  PrimaryTable: aws_ec2_classic_load_balancer
   ListOfTables:
   - aws_ec2_classic_load_balancer
   Parameters: []
+  PrimaryTable: aws_ec2_classic_load_balancer
+  QueryToExecute: "with detailed_classic_listeners as (\n  select\n    name\n  from\n\
+    \    aws_ec2_classic_load_balancer,\n    jsonb_array_elements(listener_descriptions)\
+    \ as listener_description\n  where\n    listener_description -> 'Listener' ->>\
+    \ 'Protocol' in ('HTTPS', 'SSL', 'TLS')\n    and listener_description -> 'Listener'\
+    \ ->> 'SSLCertificateId' like 'arn:aws:acm%'\n)\nselect\n  -- Required Columns\n\
+    \  'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id\
+    \ || ':loadbalancer/' || a.name as resource,\n  case\n    when a.listener_descriptions\
+    \ is null then 'skip'\n    when b.name is not null then 'alarm'\n    else 'ok'\n\
+    \  end as status,\n  case\n    when a.listener_descriptions is null then a.title\
+    \ || ' has no listener.'\n    when b.name is not null then a.title || ' does not\
+    \ use certificates provided by ACM.'\n    else a.title || ' uses certificates\
+    \ provided by ACM.'\n  end as reason,\n  -- Additional Dimensions\n  region,\n\
+    \  account_id, og_account_id, og_resource_id\nfrom\n  aws_ec2_classic_load_balancer\
+    \ as a\n  left join detailed_classic_listeners as b on a.name = b.name;"
 Tags:
   category:
   - Security
   - Technical Debt
+Title: Load Balancers with no SSL

queries/15-aws_insight_elb_application_lb_waf_enabled.yaml

@@ -1,31 +1,22 @@
+Description: List all ELB with no WAF.
 ID: aws_insight_elb_application_lb_waf_enabled
-Title: "Load Balancers with no WAF"
-Description: "List all ELB with no WAF."
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      -- Required Columns
-      arn as resource, account_id, og_account_id, og_resource_id,
-      case
-        when load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' then 'ok'
-        else 'alarm'
-      end as status,
-      case
-        when load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' then title || ' WAF enabled.'
-        else title || ' WAF disabled.'
-      end as reason,
-      -- Additional Dimensions
-      region 
-    from
-      aws_ec2_application_load_balancer;
-  PrimaryTable: aws_ec2_application_load_balancer
   ListOfTables:
   - aws_ec2_application_load_balancer
   Parameters: []
+  PrimaryTable: aws_ec2_application_load_balancer
+  QueryToExecute: "select\n  -- Required Columns\n  arn as resource, account_id, og_account_id,\
+    \ og_resource_id,\n  case\n    when load_balancer_attributes @> '[{\"Key\":\"\
+    waf.fail_open.enabled\",\"Value\":\"true\"}]' then 'ok'\n    else 'alarm'\n  end\
+    \ as status,\n  case\n    when load_balancer_attributes @> '[{\"Key\":\"waf.fail_open.enabled\"\
+    ,\"Value\":\"true\"}]' then title || ' WAF enabled.'\n    else title || ' WAF\
+    \ disabled.'\n  end as reason,\n  -- Additional Dimensions\n  region \nfrom\n\
+    \  aws_ec2_application_load_balancer;"
 Tags:
   category:
   - Security
   - Technical Debt
+Title: Load Balancers with no WAF

queries/16-aws_insight_vpc_with_public_cidr.yaml

@@ -1,29 +1,21 @@
+Description: List VPCs with public CIDR blocks
 ID: aws_insight_vpc_with_public_cidr
-Title: "VPCs with Public IP Range"
-Description: "List VPCs with public CIDR blocks"
-Connector:
-- aws
+IntegrationTypeName:
+- aws_cloud
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      vpc_id,
-      cidr_block,
-      state,
-      region, account_id, og_account_id, og_resource_id
-    from
-      aws_vpc
-    where
-      (not cidr_block <<= '10.0.0.0/8'
-      and not cidr_block <<= '192.168.0.0/16'
-      and not cidr_block <<= '172.16.0.0/12');
-  PrimaryTable: aws_vpc
   ListOfTables:
   - aws_vpc
   Parameters: []
+  PrimaryTable: aws_vpc
+  QueryToExecute: "select\n  vpc_id,\n  cidr_block,\n  state,\n  region, account_id,\
+    \ og_account_id, og_resource_id\nfrom\n  aws_vpc\nwhere\n  (not cidr_block <<=\
+    \ '10.0.0.0/8'\n  and not cidr_block <<= '192.168.0.0/16'\n  and not cidr_block\
+    \ <<= '172.16.0.0/12');"
 Tags:
   category:
   - Security
   - Technical Debt
   - Resiliency
   - Cost Management
+Title: VPCs with Public IP Range

queries/17-azure_insight_compute_disk_unattached.yaml

@@ -1,23 +1,17 @@
+Description: List of unattached Disks
 ID: azure_insight_compute_disk_unattached
-Title: "Unused Azure Disks"
-Description: "List of unattached Disks"
-Connector:
-- azure
+IntegrationTypeName:
+- azure_subscription
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      name,
-      disk_state, subscription_id, og_account_id, og_resource_id
-    from
-      azure_compute_disk
-    where
-      disk_state = 'Unattached';
-  PrimaryTable: azure_compute_disk
   ListOfTables:
   - azure_compute_disk
   Parameters: []
+  PrimaryTable: azure_compute_disk
+  QueryToExecute: "select\n  name,\n  disk_state, subscription_id, og_account_id,\
+    \ og_resource_id\nfrom\n  azure_compute_disk\nwhere\n  disk_state = 'Unattached';"
 Tags:
   category:
   - Technical Debt
   - Cost Management
+Title: Unused Azure Disks

queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml

@@ -1,26 +1,19 @@
+Description: List of compute disks which are not available in multiple az
 ID: azure_insight_compute_disk_unavailable_in_multiple_az
-Title: "Non-Resiliency Azure Disks"
-Description: "List of compute disks which are not available in multiple az"
-Connector:
-- azure
+IntegrationTypeName:
+- azure_subscription
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      name,
-      az,
-      region, subscription_id, og_account_id, og_resource_id
-    from
-      azure_compute_disk
-      cross join jsonb_array_elements(zones) az
-    where
-      zones is not null;
-  PrimaryTable: azure_compute_disk
   ListOfTables:
   - azure_compute_disk
   Parameters: []
+  PrimaryTable: azure_compute_disk
+  QueryToExecute: "select\n  name,\n  az,\n  region, subscription_id, og_account_id,\
+    \ og_resource_id\nfrom\n  azure_compute_disk\n  cross join jsonb_array_elements(zones)\
+    \ az\nwhere\n  zones is not null;"
 Tags:
   category:
   - Security
   - Technical Debt
   - Resiliency
+Title: Non-Resiliency Azure Disks

queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml

@@ -1,22 +1,15 @@
+Description: List of compute disks which are not encrypted with customer key
 ID: azure_insight_compute_disk_not_encrypted_with_customer_key
-Title: "Unecrypted Disks"
-Description: "List of compute disks which are not encrypted with customer key"
-Connector:
-- azure
+IntegrationTypeName:
+- azure_subscription
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      name,
-      encryption_type, subscription_id, og_account_id, og_resource_id
-    from
-      azure_compute_disk
-    where
-      encryption_type <> 'EncryptionAtRestWithCustomerKey';
-  PrimaryTable: azure_compute_disk
   ListOfTables:
   - azure_compute_disk
   Parameters: []
+  PrimaryTable: azure_compute_disk
+  QueryToExecute: "select\n  name,\n  encryption_type, subscription_id, og_account_id,\
+    \ og_resource_id\nfrom\n  azure_compute_disk\nwhere\n  encryption_type <> 'EncryptionAtRestWithCustomerKey';"
 Tags:
   category:
   - Security
@@ -25,3 +18,4 @@ Tags:
   - Security
   - DevOps
   - Product
+Title: Unecrypted Disks