From 4afaf0090efe9fc9366affaf731b872d30bd8208 Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Tue, 25 May 2021 01:43:22 +0530 Subject: [PATCH 1/4] adding id property for matching azure network security policies --- .../accurics.azure.NPS.101.json | 39 ++++++++++--------- .../accurics.azure.NPS.103.json | 39 ++++++++++--------- .../accurics.azure.NPS.105.json | 39 ++++++++++--------- .../accurics.azure.NPS.107.json | 39 ++++++++++--------- .../accurics.azure.NPS.109.json | 39 ++++++++++--------- .../accurics.azure.NPS.111.json | 39 ++++++++++--------- .../accurics.azure.NPS.113.json | 39 ++++++++++--------- .../accurics.azure.NPS.115.json | 39 ++++++++++--------- .../accurics.azure.NPS.117.json | 39 ++++++++++--------- .../accurics.azure.NPS.119.json | 39 ++++++++++--------- .../accurics.azure.NPS.171.json | 39 ++++++++++--------- .../accurics.azure.NPS.172.json | 39 ++++++++++--------- .../accurics.azure.NPS.174.json | 39 ++++++++++--------- .../accurics.azure.NPS.176.json | 39 ++++++++++--------- .../accurics.azure.NPS.178.json | 39 ++++++++++--------- .../accurics.azure.NPS.180.json | 39 ++++++++++--------- .../accurics.azure.NPS.182.json | 39 ++++++++++--------- .../accurics.azure.NPS.184.json | 39 ++++++++++--------- .../accurics.azure.NPS.186.json | 39 ++++++++++--------- .../accurics.azure.NPS.188.json | 39 ++++++++++--------- .../accurics.azure.NPS.190.json | 39 ++++++++++--------- .../accurics.azure.NPS.192.json | 39 ++++++++++--------- .../accurics.azure.NPS.194.json | 39 ++++++++++--------- .../accurics.azure.NPS.196.json | 39 ++++++++++--------- .../accurics.azure.NPS.198.json | 39 ++++++++++--------- .../accurics.azure.NPS.200.json | 39 ++++++++++--------- .../accurics.azure.NPS.202.json | 39 ++++++++++--------- .../accurics.azure.NPS.204.json | 39 ++++++++++--------- .../accurics.azure.NPS.206.json | 39 ++++++++++--------- .../accurics.azure.NPS.208.json | 39 ++++++++++--------- .../accurics.azure.NPS.210.json | 39 ++++++++++--------- .../accurics.azure.NPS.212.json | 39 ++++++++++--------- .../accurics.azure.NPS.214.json | 39 ++++++++++--------- .../accurics.azure.NPS.216.json | 39 ++++++++++--------- .../accurics.azure.NPS.218.json | 39 ++++++++++--------- .../accurics.azure.NPS.220.json | 39 ++++++++++--------- .../accurics.azure.NPS.222.json | 39 ++++++++++--------- .../accurics.azure.NPS.224.json | 39 ++++++++++--------- .../accurics.azure.NPS.226.json | 39 ++++++++++--------- .../accurics.azure.NPS.228.json | 39 ++++++++++--------- .../accurics.azure.NPS.230.json | 39 ++++++++++--------- .../accurics.azure.NPS.232.json | 39 ++++++++++--------- .../accurics.azure.NPS.234.json | 39 ++++++++++--------- .../accurics.azure.NPS.236.json | 39 ++++++++++--------- .../accurics.azure.NPS.238.json | 39 ++++++++++--------- .../accurics.azure.NPS.240.json | 39 ++++++++++--------- .../accurics.azure.NPS.242.json | 39 ++++++++++--------- .../accurics.azure.NPS.244.json | 39 ++++++++++--------- .../accurics.azure.NPS.246.json | 39 ++++++++++--------- .../accurics.azure.NPS.248.json | 39 ++++++++++--------- .../accurics.azure.NPS.250.json | 39 ++++++++++--------- .../accurics.azure.NPS.252.json | 39 ++++++++++--------- .../accurics.azure.NPS.254.json | 39 ++++++++++--------- .../accurics.azure.NPS.39.json | 39 ++++++++++--------- .../accurics.azure.NPS.41.json | 39 ++++++++++--------- .../accurics.azure.NPS.43.json | 39 ++++++++++--------- .../accurics.azure.NPS.45.json | 39 ++++++++++--------- .../accurics.azure.NPS.47.json | 39 ++++++++++--------- .../accurics.azure.NPS.49.json | 39 ++++++++++--------- .../accurics.azure.NPS.51.json | 39 ++++++++++--------- .../accurics.azure.NPS.53.json | 39 ++++++++++--------- .../accurics.azure.NPS.55.json | 39 ++++++++++--------- .../accurics.azure.NPS.57.json | 39 ++++++++++--------- .../accurics.azure.NPS.59.json | 39 ++++++++++--------- .../accurics.azure.NPS.61.json | 39 ++++++++++--------- .../accurics.azure.NPS.63.json | 39 ++++++++++--------- .../accurics.azure.NPS.65.json | 39 ++++++++++--------- .../accurics.azure.NPS.67.json | 39 ++++++++++--------- .../accurics.azure.NPS.69.json | 39 ++++++++++--------- .../accurics.azure.NPS.71.json | 39 ++++++++++--------- .../accurics.azure.NPS.73.json | 39 ++++++++++--------- .../accurics.azure.NPS.75.json | 39 ++++++++++--------- .../accurics.azure.NPS.77.json | 39 ++++++++++--------- .../accurics.azure.NPS.79.json | 39 ++++++++++--------- .../accurics.azure.NPS.81.json | 39 ++++++++++--------- .../accurics.azure.NPS.83.json | 39 ++++++++++--------- .../accurics.azure.NPS.85.json | 39 ++++++++++--------- .../accurics.azure.NPS.87.json | 39 ++++++++++--------- .../accurics.azure.NPS.89.json | 39 ++++++++++--------- .../accurics.azure.NPS.91.json | 39 ++++++++++--------- .../accurics.azure.NPS.93.json | 39 ++++++++++--------- .../accurics.azure.NPS.95.json | 39 ++++++++++--------- .../accurics.azure.NPS.97.json | 39 ++++++++++--------- .../accurics.azure.NPS.99.json | 39 ++++++++++--------- 84 files changed, 1680 insertions(+), 1596 deletions(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json index 811640757..75cd19514 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8140ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8140ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Puppet Master (TCP:8140) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.101", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8140ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8140ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Puppet Master (TCP:8140) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.101", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0451" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json index bc148c96e..e309c77b4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort25ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort25ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SMTP (TCP:25) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.103", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort25ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort25ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SMTP (TCP:25) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.103", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0448" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json index 78bcb49bb..01cc62b0b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort161ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort161ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "SNMP (UDP:161) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.105", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort161ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort161ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "SNMP (UDP:161) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.105", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0445" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json index cad9acc63..4686928aa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2382ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2382ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.107", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2382ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2382ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.107", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0442" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json index 5806566e9..554a30ddd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2383ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2383ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.109", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2383ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2383ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.109", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0439" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json index 27c9a69d3..0e4a854c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort4505ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4505ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.111", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort4505ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4505ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.111", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0436" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json index e93128139..3c72de4b7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort4506ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4506ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.113", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort4506ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4506ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.113", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0433" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json index 04f15a5ae..af36da9a8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort23ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort23ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Telnet (TCP:23) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.115", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort23ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort23ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Telnet (TCP:23) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.115", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0430" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json index 7ddbbe4f6..2f66b6e6d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5500ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5500ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Listener (TCP:5500) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.117", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5500ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5500ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Listener (TCP:5500) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.117", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0427" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json index b2c4ab76d..cfd16bd92 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5900ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5900ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Server (TCP:5900) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.119", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5900ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5900ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Server (TCP:5900) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.119", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0424" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json index a54217974..7729f4c40 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3389ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3389ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3389, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", - "reference_id": "accurics.azure.NPS.171", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3389ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3389ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3389, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", + "reference_id": "accurics.azure.NPS.171", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0342" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json index 935ed9236..9768dc6d2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort22ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort22ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 22, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SSH (TCP:22) is exposed to the entire public internet", - "reference_id": "accurics.azure.NPS.172", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort22ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort22ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 22, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SSH (TCP:22) is exposed to the entire public internet", + "reference_id": "accurics.azure.NPS.172", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0285" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json index 8b7a46163..6d68bb9a5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3020ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3020ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.174", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3020ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3020ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.174", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0272" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json index 0aa5c088b..6048518cf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort7001ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort7001ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra (TCP:7001) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.176", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort7001ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort7001ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra (TCP:7001) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.176", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0275" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json index 251b6b821..1d6325559 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort61621ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort61621ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.178", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort61621ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort61621ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.178", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0536" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json index 4ee10f10d..5e1baff21 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort53ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort53ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "DNS (UDP:53) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.180", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort53ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort53ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "DNS (UDP:53) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.180", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0533" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json index 0bbccb381..c4a96d72a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort9000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort9000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.182", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort9000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort9000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.182", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0530" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json index 9b3be935b..9af9e22e0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.184", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.184", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0527" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json index 194265853..847ff0b82 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8080ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8080ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8080) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.186", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8080ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8080ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8080) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.186", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0524" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json index e82cd064d..b5af7b28f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort636ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort636ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "LDAP SSL (TCP:636) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.188", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort636ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort636ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "LDAP SSL (TCP:636) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.188", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0521" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json index 061d203ef..b854f9a01 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1434ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.190", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1434ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.190", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0518" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json index 7d7c25a50..95f92efa3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1434ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.192", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1434ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.192", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0518" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json index b911343bb..21b96dc93 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort135ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort135ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.194", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort135ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort135ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.194", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0512" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json index 77b92d5e5..d538e3ad6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1433ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1433ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.196", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1433ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1433ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.196", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0509" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json index 52aadb57c..f306b3c31 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11214ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.198", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11214ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.198", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0506" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json index fbd441f82..993f05246 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11215ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.200", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11215ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.200", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0503" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json index 4341caf37..3184c23d9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11214ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.202", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11214ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.202", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0506" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json index 9a0408375..470976d0b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11215ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.204", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11215ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.204", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0503" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json index 67c5f1d49..3762dfdc5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort445ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort445ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.206", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort445ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort445ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.206", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0494" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json index 0274ddfc2..cb1c5a335 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort27018ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort27018ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.208", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort27018ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort27018ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.208", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0491" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json index 89bf87b11..3bc5c8d09 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3306ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3306ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MySQL (TCP:3306) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.210", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3306ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3306ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MySQL (TCP:3306) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.210", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0488" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json index 66a3771c6..16419328d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort137ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.212", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort137ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.212", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0485" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json index 2435845f3..e1310691c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort137ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.214", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort137ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.214", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0485" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json index 6d4007fe0..b6bfd06c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort138ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.216", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort138ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.216", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0479" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json index 5008b0f11..4e348171f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort138ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.218", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort138ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.218", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0479" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json index ced54e084..dfb35a0b3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort139ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.220", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort139ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.220", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0473" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json index 7a5c4bdea..3912b27b0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort139ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.222", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort139ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.222", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0473" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json index 00dbe9f3c..429659604 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2484ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.224", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2484ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.224", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0467" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json index 0d580f0ab..c460b6a55 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2484ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.226", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2484ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.226", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0467" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json index c571cf1e5..4386e5953 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort110ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort110ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "POP3 (TCP:110) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.228", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort110ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort110ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "POP3 (TCP:110) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.228", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0461" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json index 711d04a27..6dbcc6dc0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5432ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.230", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5432ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.230", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0458" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json index 447568b69..1c1655ccb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5432ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.232", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5432ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.232", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0458" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json index c0c147a5e..2ea97e518 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.234", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.234", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0452" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json index afb17b639..5a09b0192 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8140ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8140ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Puppet Master (TCP:8140) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.236", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8140ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8140ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Puppet Master (TCP:8140) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.236", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0449" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json index df43585db..1ccad410b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort25ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort25ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SMTP (TCP:25) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.238", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort25ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort25ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SMTP (TCP:25) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.238", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0446" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json index 22618514b..5850cb43c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort161ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort161ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "SNMP (UDP:161) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.240", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort161ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort161ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "SNMP (UDP:161) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.240", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0443" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json index e62205e70..ea235dc17 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2382ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2382ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.242", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2382ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2382ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.242", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0440" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json index 51b7f29d3..a1cbe01f8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2383ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2383ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.244", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2383ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2383ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.244", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0437" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json index e74758b1e..7a6f22764 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort4505ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4505ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.246", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort4505ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4505ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.246", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0434" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json index cfa3e0284..b169cb3e3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort4506ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4506ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.248", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort4506ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4506ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.248", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0431" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json index eba93ad7a..12621e0d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort23ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort23ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Telnet (TCP:23) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.250", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort23ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort23ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Telnet (TCP:23) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.250", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0428" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json index ca06b637f..71fe980bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5500ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5500ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Listener (TCP:5500) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.252", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5500ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5500ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Listener (TCP:5500) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.252", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0425" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json index d4916cd70..ece0556ba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5900ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5900ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Server (TCP:5900) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.254", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5900ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5900ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Server (TCP:5900) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.254", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0422" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json index 082672947..978a9e84d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3020ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3020ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.39", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3020ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3020ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.39", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0270" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json index e4d46e4cf..55b7b6772 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort7001ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort7001ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra (TCP:7001) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.41", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort7001ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort7001ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra (TCP:7001) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.41", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0273" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json index 370406d89..27da2adc2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort61621ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort61621ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.43", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort61621ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort61621ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.43", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0276" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json index 1e1a89af6..7c4a179ff 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort53ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort53ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "DNS (UDP:53) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.45", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort53ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort53ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "DNS (UDP:53) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.45", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0535" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json index f1641cda1..6e3bb3e91 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort9000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort9000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.47", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort9000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort9000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.47", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0532" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json index 5beae42e9..4f51a8e98 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.49", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.49", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0529" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json index 0fb238f67..a74943070 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort8080ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8080ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8080) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.51", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort8080ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8080ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8080) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.51", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0526" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json index 08fefea00..1190dbae4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort636ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort636ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "LDAP SSL (TCP:636) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.53", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort636ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort636ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "LDAP SSL (TCP:636) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.53", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0523" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json index 198f7ce83..92cb3f226 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1434ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.55", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1434ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.55", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0520" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json index 3e76c98bc..9f408124c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1434ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.57", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1434ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.57", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0520" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json index 43108e2ba..ab6b4b511 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort135ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort135ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.59", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort135ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort135ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.59", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0514" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json index 902d2419b..38e43130a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort1433ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1433ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.61", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort1433ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1433ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.61", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0511" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json index 57521e5d1..e2c923864 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11214ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.63", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11214ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.63", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0508" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json index cd1527279..2a373091a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11215ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.65", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11215ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.65", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0505" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json index 1f851e428..88dc652b3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11214ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.67", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11214ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.67", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0508" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json index c7b60fb5c..6f8ebd9c9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort11215ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.69", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort11215ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.69", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0505" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json index dd62311c8..c065fc88c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort445ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort445ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.71", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort445ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort445ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.71", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0496" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json index a2c564df1..cc392562c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort27018ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort27018ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.73", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort27018ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort27018ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.73", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0493" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json index bb8f1f361..cef2e48c7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3306ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3306ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MySQL (TCP:3306) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.75", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3306ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3306ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MySQL (TCP:3306) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.75", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0490" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json index 7db9c4335..8c7a9b4bb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort137ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.77", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort137ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.77", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0487" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json index 4b3c12a57..ddef2a3a5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort137ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.79", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort137ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.79", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0487" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json index f48089d73..f99a0b925 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort138ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.81", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort138ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.81", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0481" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json index e4ccddcc6..eafa4a56a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort138ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.83", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort138ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.83", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0481" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json index dec6b5bef..811136986 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort139ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.85", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort139ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.85", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0475" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json index 88fdd11b1..9f2b42bcf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort139ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.87", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort139ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.87", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0475" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json index 5cad64e24..88c52bb4a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2484ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.89", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2484ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.89", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0469" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json index 1767f4e53..cf816964f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort2484ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.91", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort2484ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.91", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0469" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json index f0776b4ea..787486aa7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort110ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort110ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "POP3 (TCP:110) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.93", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort110ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort110ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "POP3 (TCP:110) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.93", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0463" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json index ce13a0a79..83efbe56b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5432ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.95", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5432ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.95", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0460" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json index 01b5466b8..2ebe429bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort5432ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.97", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort5432ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.97", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0460" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json index 57d486755..3bbe663c4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json @@ -1,20 +1,21 @@ { - "name": "reme_networkPort3000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.99", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_networkPort3000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.99", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0454" +} From 9153b87b43c7a56a129cfde7424d496e35b54133 Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Tue, 25 May 2021 01:52:14 +0530 Subject: [PATCH 2/4] changes for matching rules(siac & terrascan): 1. add id param 2. update category 3. update severity --- .../accurics.azure.NS.147.json | 27 ++++++++-------- .../accurics.azure.AKS.3.json | 27 ++++++++-------- .../accurics.azure.EKM.164.json | 27 ++++++++-------- .../accurics.azure.CAM.162.json | 27 ++++++++-------- .../accurics.azure.NS.32.json | 27 ++++++++-------- .../accurics.azure.EKM.164.json | 27 ++++++++-------- .../accurics.azure.EKM.20.json | 27 ++++++++-------- .../accurics.azure.EKM.25.json | 27 ++++++++-------- .../accurics.azure.EKM.26.json | 27 ++++++++-------- .../accurics.azure.NS.382.json | 23 +++++++------- .../accurics.azure.NS.383.json | 23 +++++++------- .../accurics.azure.LOG.357.json | 29 ++++++++--------- .../accurics.azure.MON.355.json | 29 ++++++++--------- .../accurics.azure.NS.361.json | 23 +++++++------- .../accurics.azure.NS.11.json | 27 ++++++++-------- .../accurics.azure.LOG.151.json | 27 ++++++++-------- .../accurics.azure.LOG.152.json | 27 ++++++++-------- .../accurics.azure.LOG.153.json | 27 ++++++++-------- .../accurics.azure.LOG.154.json | 27 ++++++++-------- .../accurics.azure.LOG.364.json | 23 +++++++------- .../accurics.azure.BDR.163.json | 27 ++++++++-------- .../accurics.azure.EKM.1.json | 27 ++++++++-------- .../accurics.azure.EKM.23.json | 27 ++++++++-------- .../accurics.azure.NS.13.json | 27 ++++++++-------- .../accurics.azure.NS.166.json | 27 ++++++++-------- .../accurics.azure.NS.30.json | 31 ++++++++++--------- .../accurics.azure.NS.31.json | 31 ++++++++++--------- .../accurics.azure.NS.272.json | 27 ++++++++-------- .../accurics.azure.IAM.388.json | 27 ++++++++-------- .../accurics.azure.OPS.349.json | 27 ++++++++-------- .../accurics.azure.IAM.137.json | 27 ++++++++-------- .../accurics.azure.MON.157.json | 27 ++++++++-------- .../accurics.azure.NS.169.json | 27 ++++++++-------- .../accurics.azure.NS.21.json | 31 ++++++++++--------- .../accurics.azure.NS.5.json | 31 ++++++++++--------- .../accurics.azure.IAM.10.json | 27 ++++++++-------- .../accurics.azure.IAM.138.json | 27 ++++++++-------- .../accurics.azure.LOG.356.json | 23 +++++++------- .../accurics.azure.MON.354.json | 23 +++++++------- .../accurics.azure.EKM.7.json | 27 ++++++++-------- .../accurics.azure.NS.2.json | 27 ++++++++-------- .../accurics.azure.NS.4.json | 27 ++++++++-------- .../accurics.azure.IAM.368.json | 27 ++++++++-------- .../accurics.azure.NS.161.json | 27 ++++++++-------- 44 files changed, 614 insertions(+), 570 deletions(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json index b322512ef..b9334094f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json @@ -1,14 +1,15 @@ { - "name": "reme_appGatewayWAFEnabled", - "file": "appGatewayWAFEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_application_gateway", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", - "reference_id": "accurics.azure.NS.147", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_appGatewayWAFEnabled", + "file": "appGatewayWAFEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_application_gateway", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", + "reference_id": "accurics.azure.NS.147", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0189" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json index 189f10e09..ad7239a25 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json @@ -1,14 +1,15 @@ { - "name": "reme_containerRegistryResourceLock", - "file": "containerRegistryResourceLock.rego", - "policy_type": "azure", - "resource_type": "azurerm_container_registry", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure Container Registry has locks", - "reference_id": "accurics.azure.AKS.3", - "category": "Resilience", - "version": 2 -} \ No newline at end of file + "name": "reme_containerRegistryResourceLock", + "file": "containerRegistryResourceLock.rego", + "policy_type": "azure", + "resource_type": "azurerm_container_registry", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure Container Registry has locks", + "reference_id": "accurics.azure.AKS.3", + "category": "Resilience", + "version": 2, + "id": "AC_AZURE_0185" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json index 38fc0a6bd..5a59a4e07 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json @@ -1,14 +1,15 @@ { - "name": "reme_containerRegistryAdminEnabled", - "file": "containerRegistryAdminEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_container_registry", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that admin user is disabled for Container Registry", - "reference_id": "accurics.azure.EKM.164", - "category": "Identity and Access Management", - "version": 2 -} \ No newline at end of file + "name": "reme_containerRegistryAdminEnabled", + "file": "containerRegistryAdminEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_container_registry", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that admin user is disabled for Container Registry", + "reference_id": "accurics.azure.EKM.164", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0186" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json index 1ef7c5570..b9bb3ed1a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json @@ -1,14 +1,15 @@ { - "name": "reme_noTags", - "file": "noTags.rego", - "policy_type": "azure", - "resource_type": "azurerm_cosmosdb_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that Cosmos DB Account has an associated tag", - "reference_id": "accurics.azure.CAM.162", - "category": "Compliance Validation", - "version": 2 -} \ No newline at end of file + "name": "reme_noTags", + "file": "noTags.rego", + "policy_type": "azure", + "resource_type": "azurerm_cosmosdb_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Cosmos DB Account has an associated tag", + "reference_id": "accurics.azure.CAM.162", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0277" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json index 1839cb03e..ee0460aea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json @@ -1,14 +1,15 @@ { - "name": "reme_ipRangeFilterMissing", - "file": "ipRangeFilterMissing.rego", - "policy_type": "azure", - "resource_type": "azurerm_cosmosdb_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure to filter source Ips for Cosmos DB Account", - "reference_id": "accurics.azure.NS.32", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_ipRangeFilterMissing", + "file": "ipRangeFilterMissing.rego", + "policy_type": "azure", + "resource_type": "azurerm_cosmosdb_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure to filter source Ips for Cosmos DB Account", + "reference_id": "accurics.azure.NS.32", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0184" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json index 4fc51a20b..9cfded950 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json @@ -1,14 +1,15 @@ { - "name": "reme_keyVaultSoftDeleteEnabled", - "file": "keyVaultSoftDeleteEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", - "reference_id": "accurics.azure.EKM.164", - "category": "Data Protection", - "version": 2 -} \ No newline at end of file + "name": "reme_keyVaultSoftDeleteEnabled", + "file": "keyVaultSoftDeleteEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", + "reference_id": "accurics.azure.EKM.164", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0170" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json index a4e96547f..a9558c203 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json @@ -1,14 +1,15 @@ { - "name": "reme_keyVaultAuditLoggingEnabled", - "file": "keyVaultAuditLoggingEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that logging for Azure KeyVault is 'Enabled'", - "reference_id": "accurics.azure.EKM.20", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_keyVaultAuditLoggingEnabled", + "file": "keyVaultAuditLoggingEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that logging for Azure KeyVault is 'Enabled'", + "reference_id": "accurics.azure.EKM.20", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0169" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json index 473e07dee..7ed19cb45 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json @@ -1,14 +1,15 @@ { - "name": "reme_checkKeyExpirationIsSet", - "file": "checkKeyExpirationIsSet.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault_key", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that the expiration date is set on all keys", - "reference_id": "accurics.azure.EKM.25", - "category": "Data Protection", - "version": 2 -} \ No newline at end of file + "name": "reme_checkKeyExpirationIsSet", + "file": "checkKeyExpirationIsSet.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault_key", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that the expiration date is set on all keys", + "reference_id": "accurics.azure.EKM.25", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0164" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json index 49a85057c..06d83ce31 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json @@ -1,14 +1,15 @@ { - "name": "reme_checkSecretExpirationIsSet", - "file": "checkSecretExpirationIsSet.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault_secret", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that the expiration date is set on all secrets", - "reference_id": "accurics.azure.EKM.26", - "category": "Data Protection", - "version": 2 -} \ No newline at end of file + "name": "reme_checkSecretExpirationIsSet", + "file": "checkSecretExpirationIsSet.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault_secret", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that the expiration date is set on all secrets", + "reference_id": "accurics.azure.EKM.26", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0163" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json index 9ca74e9f8..8fdc3a728 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json @@ -1,12 +1,13 @@ { - "name": "networkPolicyEnabled", - "file": "networkPolicyEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_kubernetes_cluster", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure AKS cluster has Network Policy configured.", - "reference_id": "accurics.azure.NS.382", - "category": "Infrastructure Security", - "version": 1 -} \ No newline at end of file + "name": "networkPolicyEnabled", + "file": "networkPolicyEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_kubernetes_cluster", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure AKS cluster has Network Policy configured.", + "reference_id": "accurics.azure.NS.382", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0158" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json index 6933c07d2..406749998 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json @@ -1,12 +1,13 @@ { - "name": "kubeDashboardDisabled", - "file": "kubeDashboardDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_kubernetes_cluster", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure Kube Dashboard is disabled", - "reference_id": "accurics.azure.NS.383", - "category": "Infrastructure Security", - "version": 1 -} \ No newline at end of file + "name": "kubeDashboardDisabled", + "file": "kubeDashboardDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_kubernetes_cluster", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure Kube Dashboard is disabled", + "reference_id": "accurics.azure.NS.383", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0161" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json index f818c8e8b..7210aabf2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json @@ -1,15 +1,16 @@ { - "name": "mssqlAuditingRetention", - "file": "mssqlAuditing.rego", - "policy_type": "azure", - "resource_type": "azurerm_mssql_server", - "template_args": { - "checkRetention": true, - "name": "mssqlAuditingRetention" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", - "reference_id": "accurics.azure.LOG.357", - "category": "Logging and Monitoring", - "version": 1 -} \ No newline at end of file + "name": "mssqlAuditingRetention", + "file": "mssqlAuditing.rego", + "policy_type": "azure", + "resource_type": "azurerm_mssql_server", + "template_args": { + "checkRetention": true, + "name": "mssqlAuditingRetention" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", + "reference_id": "accurics.azure.LOG.357", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0136" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json index 6b5ec2dd2..182db767a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json @@ -1,15 +1,16 @@ { - "name": "mssqlServerAuditingEnabled", - "file": "mssqlAuditing.rego", - "policy_type": "azure", - "resource_type": "azurerm_mssql_server", - "template_args": { - "checkRetention": false, - "name": "mssqlServerAuditingEnabled" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", - "reference_id": "accurics.azure.MON.355", - "category": "Logging and Monitoring", - "version": 1 -} \ No newline at end of file + "name": "mssqlServerAuditingEnabled", + "file": "mssqlAuditing.rego", + "policy_type": "azure", + "resource_type": "azurerm_mssql_server", + "template_args": { + "checkRetention": false, + "name": "mssqlServerAuditingEnabled" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", + "reference_id": "accurics.azure.MON.355", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0137" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json index 66c6a9e64..444017801 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json +++ b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json @@ -1,12 +1,13 @@ { - "name": "sslConnectionEnabled", - "file": "sslConnectionEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_mysql_server", - "template_args": null, - "severity": "HIGH", - "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", - "reference_id": "accurics.azure.NS.361", - "category": "Infrastructure Security", - "version": 1 -} \ No newline at end of file + "name": "sslConnectionEnabled", + "file": "sslConnectionEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_mysql_server", + "template_args": null, + "severity": "HIGH", + "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", + "reference_id": "accurics.azure.NS.361", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0131" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json index 465ee7616..80aefb2bc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json @@ -1,14 +1,15 @@ { - "name": "reme_networkWatcherEnabled", - "file": "networkWatcherCheck.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_watcher_flow_log", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "reference_id": "accurics.azure.NS.11", - "category": "Logging and Monitoring", - "version": 1 -} \ No newline at end of file + "name": "reme_networkWatcherEnabled", + "file": "networkWatcherCheck.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_watcher_flow_log", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", + "reference_id": "accurics.azure.NS.11", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0418" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json index ab9e8d24b..05840fccb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json @@ -1,14 +1,15 @@ { - "name": "reme_connectionThrottling", - "file": "connectionThrottling.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.151", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_connectionThrottling", + "file": "connectionThrottling.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.151", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0414" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json index cbad5f973..ced6a2de4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json @@ -1,14 +1,15 @@ { - "name": "reme_logConnections", - "file": "logConnections.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.152", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_logConnections", + "file": "logConnections.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.152", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0413" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json index de86e39e6..400a9e00e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json @@ -1,14 +1,15 @@ { - "name": "reme_logDisconnections", - "file": "logDisconnections.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.153", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_logDisconnections", + "file": "logDisconnections.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.153", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0412" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json index 0e042f33d..d48be0c63 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json @@ -1,14 +1,15 @@ { - "name": "reme_logDuration", - "file": "logDuration.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.154", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_logDuration", + "file": "logDuration.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.154", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0411" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json index 5a55d5c14..6e83af673 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json @@ -1,12 +1,13 @@ { - "name": "postgreSqlLogsEnabled", - "file": "postgreSqlLogsEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.364", - "category": "Logging and Monitoring", - "version": 1 -} \ No newline at end of file + "name": "postgreSqlLogsEnabled", + "file": "postgreSqlLogsEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.364", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0409" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json index 43b41d8f5..c71914d9b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json @@ -1,14 +1,15 @@ { - "name": "reme_geoRedundancyDisabled", - "file": "geoRedundancyDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", - "reference_id": "accurics.azure.BDR.163", - "category": "Resilience", - "version": 2 -} \ No newline at end of file + "name": "reme_geoRedundancyDisabled", + "file": "geoRedundancyDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", + "reference_id": "accurics.azure.BDR.163", + "category": "Resilience", + "version": 2, + "id": "AC_AZURE_0407" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json index 16542fdb3..3058a7969 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json @@ -1,14 +1,15 @@ { - "name": "reme_sslEnforceDisabled", - "file": "sslEnforceDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "reference_id": "accurics.azure.EKM.1", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_sslEnforceDisabled", + "file": "sslEnforceDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", + "reference_id": "accurics.azure.EKM.1", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0408" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json index 681a92657..ed4c60ad1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json @@ -1,14 +1,15 @@ { - "name": "reme_nonSslEnabled", - "file": "nonSslEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that the Redis Cache accepts only SSL connections", - "reference_id": "accurics.azure.EKM.23", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_nonSslEnabled", + "file": "nonSslEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that the Redis Cache accepts only SSL connections", + "reference_id": "accurics.azure.EKM.23", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0394" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json index ad8778f47..7e9abb971 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json @@ -1,14 +1,15 @@ { - "name": "reme_redisCacheNoUpdatePatchSchedule", - "file": "redisCacheNoUpdatePatchSchedule.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", - "reference_id": "accurics.azure.NS.13", - "category": "Security Best Practices", - "version": 2 -} \ No newline at end of file + "name": "reme_redisCacheNoUpdatePatchSchedule", + "file": "redisCacheNoUpdatePatchSchedule.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", + "reference_id": "accurics.azure.NS.13", + "category": "Security Best Practices", + "version": 2, + "id": "AC_AZURE_0393" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json index 26fc71cb7..32d3d6ec9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json @@ -1,14 +1,15 @@ { - "name": "reme_allowLessHosts", - "file": "allowLessHosts.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", - "reference_id": "accurics.azure.NS.166", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_allowLessHosts", + "file": "allowLessHosts.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", + "reference_id": "accurics.azure.NS.166", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0390" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json index e752a4266..67611b334 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json @@ -1,16 +1,17 @@ { - "name": "reme_entirelyAccessible", - "file": "publiclyAccessible.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "isEntire": true, - "name": "entirelyAccessible", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", - "reference_id": "accurics.azure.NS.30", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_entirelyAccessible", + "file": "publiclyAccessible.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "isEntire": true, + "name": "entirelyAccessible", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", + "reference_id": "accurics.azure.NS.30", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0392" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json index 9e3e54db4..a73e5ff09 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json @@ -1,16 +1,17 @@ { - "name": "reme_publiclyAccessible", - "file": "publiclyAccessible.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "isEntire": false, - "name": "publiclyAccessible", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", - "reference_id": "accurics.azure.NS.31", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_publiclyAccessible", + "file": "publiclyAccessible.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "isEntire": false, + "name": "publiclyAccessible", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", + "reference_id": "accurics.azure.NS.31", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0391" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json index e45569ff6..6bb055741 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json @@ -1,14 +1,15 @@ { - "name": "reme_resourceGroupLock", - "file": "resourceGroupLock.rego", - "policy_type": "azure", - "resource_type": "azurerm_resource_group", - "template_args": { - "prefix": "reme_" - }, - "severity": "LOW", - "description": "Ensure that Azure Resource Group has resource lock enabled", - "reference_id": "accurics.azure.NS.272", - "category": "Identity and Access Management", - "version": 2 -} \ No newline at end of file + "name": "reme_resourceGroupLock", + "file": "resourceGroupLock.rego", + "policy_type": "azure", + "resource_type": "azurerm_resource_group", + "template_args": { + "prefix": "reme_" + }, + "severity": "LOW", + "description": "Ensure that Azure Resource Group has resource lock enabled", + "reference_id": "accurics.azure.NS.272", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0389" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json index 27537ed3d..a73b4262c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json +++ b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json @@ -1,14 +1,15 @@ { - "name": "reme_checkGuestUser", - "file": "checkGuestUser.rego", - "policy_type": "azure", - "resource_type": "azurerm_role_assignment", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that there are no guest users", - "reference_id": "accurics.azure.IAM.388", - "category": "Identity and Access Management", - "version": 1 -} \ No newline at end of file + "name": "reme_checkGuestUser", + "file": "checkGuestUser.rego", + "policy_type": "azure", + "resource_type": "azurerm_role_assignment", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that there are no guest users", + "reference_id": "accurics.azure.IAM.388", + "category": "Identity and Access Management", + "version": 1, + "id": "AC_AZURE_0388" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json index 070527381..2b526bcf2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json @@ -1,14 +1,15 @@ { - "name": "reme_securityCenterPrincingTier", - "file": "securityCenterPrincingTier.rego", - "policy_type": "azure", - "resource_type": "azurerm_security_center_subscription_pricing", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that standard pricing tiers are selected", - "reference_id": "accurics.azure.OPS.349", - "category": "Security Best Practices", - "version": 1 -} \ No newline at end of file + "name": "reme_securityCenterPrincingTier", + "file": "securityCenterPrincingTier.rego", + "policy_type": "azure", + "resource_type": "azurerm_security_center_subscription_pricing", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that standard pricing tiers are selected", + "reference_id": "accurics.azure.OPS.349", + "category": "Security Best Practices", + "version": 1, + "id": "AC_AZURE_0385" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json index f61584f89..b70828680 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json @@ -1,14 +1,15 @@ { - "name": "reme_sqlServerADPredictableAccount", - "file": "sqlServerADPredictableAccount.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_active_directory_administrator", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", - "reference_id": "accurics.azure.IAM.137", - "category": "Compliance Validation", - "version": 2 -} \ No newline at end of file + "name": "reme_sqlServerADPredictableAccount", + "file": "sqlServerADPredictableAccount.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_active_directory_administrator", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", + "reference_id": "accurics.azure.IAM.137", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0384" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json index 65470c0e2..ad627671f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json @@ -1,14 +1,15 @@ { - "name": "reme_checkAuditEnabled", - "file": "checkAuditEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_database", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", - "reference_id": "accurics.azure.MON.157", - "category": "Logging and Monitoring", - "version": 2 -} \ No newline at end of file + "name": "reme_checkAuditEnabled", + "file": "checkAuditEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_database", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", + "reference_id": "accurics.azure.MON.157", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0383" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json index ccece51b5..ca0ff6639 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json @@ -1,14 +1,15 @@ { - "name": "reme_moreHostsAllowed", - "file": "moreHostsAllowed.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Restrict Azure SQL Server accessibility to a minimal address range", - "reference_id": "accurics.azure.NS.169", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_moreHostsAllowed", + "file": "moreHostsAllowed.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Restrict Azure SQL Server accessibility to a minimal address range", + "reference_id": "accurics.azure.NS.169", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0280" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json index 446ff5735..7a85287c7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json @@ -1,16 +1,17 @@ { - "name": "reme_sqlIngressAccess", - "file": "checkPublicAccessNotAllow.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "isEntire": false, - "name": "sqlIngressAccess", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", - "reference_id": "accurics.azure.NS.21", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_sqlIngressAccess", + "file": "checkPublicAccessNotAllow.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "isEntire": false, + "name": "sqlIngressAccess", + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", + "reference_id": "accurics.azure.NS.21", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0380" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json index c053cf9d7..2126edec2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json @@ -1,16 +1,17 @@ { - "name": "reme_sqlPublicAccess", - "file": "checkPublicAccessNotAllow.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "isEntire": true, - "name": "sqlPublicAccess", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", - "reference_id": "accurics.azure.NS.5", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_sqlPublicAccess", + "file": "checkPublicAccessNotAllow.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "isEntire": true, + "name": "sqlPublicAccess", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", + "reference_id": "accurics.azure.NS.5", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0381" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json index b14f18764..fbf024e6a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json @@ -1,14 +1,15 @@ { - "name": "reme_sqlServerADAdminConfigured", - "file": "sqlServerADAdminConfigured.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", - "reference_id": "accurics.azure.IAM.10", - "category": "Identity and Access Management", - "version": 2 -} \ No newline at end of file + "name": "reme_sqlServerADAdminConfigured", + "file": "sqlServerADAdminConfigured.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", + "reference_id": "accurics.azure.IAM.10", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0378" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json index 8e8eafb17..28a0a4d25 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json @@ -1,14 +1,15 @@ { - "name": "reme_sqlServerPredictableAccount", - "file": "sqlServerPredictableAccount.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", - "reference_id": "accurics.azure.IAM.138", - "category": "Compliance Validation", - "version": 2 -} \ No newline at end of file + "name": "reme_sqlServerPredictableAccount", + "file": "sqlServerPredictableAccount.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", + "reference_id": "accurics.azure.IAM.138", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0377" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json index 638949b56..ac2dee6c5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json @@ -1,12 +1,13 @@ { - "name": "sqlAuditingRetention", - "file": "sqlAuditingRetention.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", - "reference_id": "accurics.azure.LOG.356", - "category": "Compliance Validation", - "version": 1 -} \ No newline at end of file + "name": "sqlAuditingRetention", + "file": "sqlAuditingRetention.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": null, + "severity": "LOW", + "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", + "reference_id": "accurics.azure.LOG.356", + "category": "Compliance Validation", + "version": 1, + "id": "AC_AZURE_0375" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json index bba7b806a..24b1d55b6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json @@ -1,12 +1,13 @@ { - "name": "sqlServerAuditingEnabled", - "file": "sqlServerAuditingEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", - "reference_id": "accurics.azure.MON.354", - "category": "Logging and Monitoring", - "version": 1 -} \ No newline at end of file + "name": "sqlServerAuditingEnabled", + "file": "sqlServerAuditingEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", + "reference_id": "accurics.azure.MON.354", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0376" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json index 8225358c0..69bdf1a56 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json @@ -1,14 +1,15 @@ { - "name": "reme_storageAccountEnableHttps", - "file": "storageAccountEnableHttps.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", - "reference_id": "accurics.azure.EKM.7", - "category": "Data Protection", - "version": 2 -} \ No newline at end of file + "name": "reme_storageAccountEnableHttps", + "file": "storageAccountEnableHttps.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", + "reference_id": "accurics.azure.EKM.7", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0373" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json index 29ded9c91..bd5e13557 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json @@ -1,14 +1,15 @@ { - "name": "reme_storageAccountTrustedMicrosoftServicesEnabled", - "file": "storageAccountTrustedMicrosoftServicesEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "reference_id": "accurics.azure.NS.2", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_storageAccountTrustedMicrosoftServicesEnabled", + "file": "storageAccountTrustedMicrosoftServicesEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", + "reference_id": "accurics.azure.NS.2", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0371" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json index c72b1838f..39b00c956 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json @@ -1,14 +1,15 @@ { - "name": "reme_storageAccountOpenToPublic", - "file": "storageAccountOpenToPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure default network access rule for Storage Accounts is not open to public", - "reference_id": "accurics.azure.NS.4", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_storageAccountOpenToPublic", + "file": "storageAccountOpenToPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure default network access rule for Storage Accounts is not open to public", + "reference_id": "accurics.azure.NS.4", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0370" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json index 471d58d70..ae01359da 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json @@ -1,14 +1,15 @@ { - "name": "reme_checkStorageContainerAccess", - "file": "checkStorageContainerAccess.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_container", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", - "reference_id": "accurics.azure.IAM.368", - "category": "Identity and Access Management", - "version": 1 -} \ No newline at end of file + "name": "reme_checkStorageContainerAccess", + "file": "checkStorageContainerAccess.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_container", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", + "reference_id": "accurics.azure.IAM.368", + "category": "Identity and Access Management", + "version": 1, + "id": "AC_AZURE_0366" +} diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json index b6a705711..b1461f7f0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json @@ -1,14 +1,15 @@ { - "name": "reme_noSecurityGroupAssociated", - "file": "noSecurityGroupAssociated.rego", - "policy_type": "azure", - "resource_type": "azurerm_virtual_network", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", - "reference_id": "accurics.azure.NS.161", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file + "name": "reme_noSecurityGroupAssociated", + "file": "noSecurityGroupAssociated.rego", + "policy_type": "azure", + "resource_type": "azurerm_virtual_network", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", + "reference_id": "accurics.azure.NS.161", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0356" +} From ecc6e5eed85309b7cda7a3495b35a927fd5145ab Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Wed, 26 May 2021 23:32:15 +0530 Subject: [PATCH 3/4] updated indentation to use 4 spaces instead of 2 --- .../accurics.azure.NS.147.json | 28 ++++++------- .../accurics.azure.AKS.3.json | 28 ++++++------- .../accurics.azure.EKM.164.json | 28 ++++++------- .../accurics.azure.CAM.162.json | 28 ++++++------- .../accurics.azure.NS.32.json | 28 ++++++------- .../accurics.azure.EKM.164.json | 28 ++++++------- .../accurics.azure.EKM.20.json | 28 ++++++------- .../accurics.azure.EKM.25.json | 28 ++++++------- .../accurics.azure.EKM.26.json | 28 ++++++------- .../accurics.azure.NS.382.json | 24 +++++------ .../accurics.azure.NS.383.json | 24 +++++------ .../accurics.azure.EKM.156.json | 3 +- .../accurics.azure.LOG.357.json | 30 +++++++------- .../accurics.azure.MON.355.json | 30 +++++++------- .../accurics.azure.NS.361.json | 24 +++++------ .../accurics.azure.NPS.100.json | 3 +- .../accurics.azure.NPS.101.json | 40 +++++++++---------- .../accurics.azure.NPS.102.json | 3 +- .../accurics.azure.NPS.103.json | 40 +++++++++---------- .../accurics.azure.NPS.104.json | 3 +- .../accurics.azure.NPS.105.json | 40 +++++++++---------- .../accurics.azure.NPS.106.json | 3 +- .../accurics.azure.NPS.107.json | 40 +++++++++---------- .../accurics.azure.NPS.108.json | 3 +- .../accurics.azure.NPS.109.json | 40 +++++++++---------- .../accurics.azure.NPS.110.json | 3 +- .../accurics.azure.NPS.111.json | 40 +++++++++---------- .../accurics.azure.NPS.112.json | 3 +- .../accurics.azure.NPS.113.json | 40 +++++++++---------- .../accurics.azure.NPS.114.json | 3 +- .../accurics.azure.NPS.115.json | 40 +++++++++---------- .../accurics.azure.NPS.116.json | 3 +- .../accurics.azure.NPS.117.json | 40 +++++++++---------- .../accurics.azure.NPS.118.json | 3 +- .../accurics.azure.NPS.119.json | 40 +++++++++---------- .../accurics.azure.NPS.170.json | 3 +- .../accurics.azure.NPS.171.json | 40 +++++++++---------- .../accurics.azure.NPS.172.json | 40 +++++++++---------- .../accurics.azure.NPS.173.json | 3 +- .../accurics.azure.NPS.174.json | 40 +++++++++---------- .../accurics.azure.NPS.175.json | 3 +- .../accurics.azure.NPS.176.json | 40 +++++++++---------- .../accurics.azure.NPS.177.json | 3 +- .../accurics.azure.NPS.178.json | 40 +++++++++---------- .../accurics.azure.NPS.179.json | 3 +- .../accurics.azure.NPS.180.json | 40 +++++++++---------- .../accurics.azure.NPS.181.json | 3 +- .../accurics.azure.NPS.182.json | 40 +++++++++---------- .../accurics.azure.NPS.183.json | 3 +- .../accurics.azure.NPS.184.json | 40 +++++++++---------- .../accurics.azure.NPS.185.json | 3 +- .../accurics.azure.NPS.186.json | 40 +++++++++---------- .../accurics.azure.NPS.187.json | 3 +- .../accurics.azure.NPS.188.json | 40 +++++++++---------- .../accurics.azure.NPS.189.json | 3 +- .../accurics.azure.NPS.190.json | 40 +++++++++---------- .../accurics.azure.NPS.191.json | 3 +- .../accurics.azure.NPS.192.json | 40 +++++++++---------- .../accurics.azure.NPS.193.json | 3 +- .../accurics.azure.NPS.194.json | 40 +++++++++---------- .../accurics.azure.NPS.195.json | 3 +- .../accurics.azure.NPS.196.json | 40 +++++++++---------- .../accurics.azure.NPS.197.json | 3 +- .../accurics.azure.NPS.198.json | 40 +++++++++---------- .../accurics.azure.NPS.199.json | 3 +- .../accurics.azure.NPS.200.json | 40 +++++++++---------- .../accurics.azure.NPS.201.json | 3 +- .../accurics.azure.NPS.202.json | 40 +++++++++---------- .../accurics.azure.NPS.203.json | 3 +- .../accurics.azure.NPS.204.json | 40 +++++++++---------- .../accurics.azure.NPS.205.json | 3 +- .../accurics.azure.NPS.206.json | 40 +++++++++---------- .../accurics.azure.NPS.207.json | 3 +- .../accurics.azure.NPS.208.json | 40 +++++++++---------- .../accurics.azure.NPS.209.json | 3 +- .../accurics.azure.NPS.210.json | 40 +++++++++---------- .../accurics.azure.NPS.211.json | 3 +- .../accurics.azure.NPS.212.json | 40 +++++++++---------- .../accurics.azure.NPS.213.json | 3 +- .../accurics.azure.NPS.214.json | 40 +++++++++---------- .../accurics.azure.NPS.215.json | 3 +- .../accurics.azure.NPS.216.json | 40 +++++++++---------- .../accurics.azure.NPS.217.json | 3 +- .../accurics.azure.NPS.218.json | 40 +++++++++---------- .../accurics.azure.NPS.219.json | 3 +- .../accurics.azure.NPS.220.json | 40 +++++++++---------- .../accurics.azure.NPS.221.json | 3 +- .../accurics.azure.NPS.222.json | 40 +++++++++---------- .../accurics.azure.NPS.223.json | 3 +- .../accurics.azure.NPS.224.json | 40 +++++++++---------- .../accurics.azure.NPS.225.json | 3 +- .../accurics.azure.NPS.226.json | 40 +++++++++---------- .../accurics.azure.NPS.227.json | 3 +- .../accurics.azure.NPS.228.json | 40 +++++++++---------- .../accurics.azure.NPS.229.json | 3 +- .../accurics.azure.NPS.230.json | 40 +++++++++---------- .../accurics.azure.NPS.231.json | 3 +- .../accurics.azure.NPS.232.json | 40 +++++++++---------- .../accurics.azure.NPS.233.json | 3 +- .../accurics.azure.NPS.234.json | 40 +++++++++---------- .../accurics.azure.NPS.235.json | 3 +- .../accurics.azure.NPS.236.json | 40 +++++++++---------- .../accurics.azure.NPS.237.json | 3 +- .../accurics.azure.NPS.238.json | 40 +++++++++---------- .../accurics.azure.NPS.239.json | 3 +- .../accurics.azure.NPS.240.json | 40 +++++++++---------- .../accurics.azure.NPS.241.json | 3 +- .../accurics.azure.NPS.242.json | 40 +++++++++---------- .../accurics.azure.NPS.243.json | 3 +- .../accurics.azure.NPS.244.json | 40 +++++++++---------- .../accurics.azure.NPS.245.json | 3 +- .../accurics.azure.NPS.246.json | 40 +++++++++---------- .../accurics.azure.NPS.247.json | 3 +- .../accurics.azure.NPS.248.json | 40 +++++++++---------- .../accurics.azure.NPS.249.json | 3 +- .../accurics.azure.NPS.250.json | 40 +++++++++---------- .../accurics.azure.NPS.251.json | 3 +- .../accurics.azure.NPS.252.json | 40 +++++++++---------- .../accurics.azure.NPS.253.json | 3 +- .../accurics.azure.NPS.254.json | 40 +++++++++---------- .../accurics.azure.NPS.275.json | 3 +- .../accurics.azure.NPS.276.json | 3 +- .../accurics.azure.NPS.277.json | 3 +- .../accurics.azure.NPS.278.json | 3 +- .../accurics.azure.NPS.279.json | 3 +- .../accurics.azure.NPS.280.json | 3 +- .../accurics.azure.NPS.281.json | 3 +- .../accurics.azure.NPS.282.json | 3 +- .../accurics.azure.NPS.283.json | 3 +- .../accurics.azure.NPS.284.json | 3 +- .../accurics.azure.NPS.285.json | 3 +- .../accurics.azure.NPS.286.json | 3 +- .../accurics.azure.NPS.287.json | 3 +- .../accurics.azure.NPS.288.json | 3 +- .../accurics.azure.NPS.289.json | 3 +- .../accurics.azure.NPS.290.json | 3 +- .../accurics.azure.NPS.291.json | 3 +- .../accurics.azure.NPS.292.json | 3 +- .../accurics.azure.NPS.293.json | 3 +- .../accurics.azure.NPS.294.json | 3 +- .../accurics.azure.NPS.295.json | 3 +- .../accurics.azure.NPS.296.json | 3 +- .../accurics.azure.NPS.297.json | 3 +- .../accurics.azure.NPS.298.json | 3 +- .../accurics.azure.NPS.299.json | 3 +- .../accurics.azure.NPS.300.json | 3 +- .../accurics.azure.NPS.301.json | 3 +- .../accurics.azure.NPS.302.json | 3 +- .../accurics.azure.NPS.303.json | 3 +- .../accurics.azure.NPS.304.json | 3 +- .../accurics.azure.NPS.305.json | 3 +- .../accurics.azure.NPS.306.json | 3 +- .../accurics.azure.NPS.307.json | 3 +- .../accurics.azure.NPS.308.json | 3 +- .../accurics.azure.NPS.309.json | 3 +- .../accurics.azure.NPS.310.json | 3 +- .../accurics.azure.NPS.311.json | 3 +- .../accurics.azure.NPS.312.json | 3 +- .../accurics.azure.NPS.313.json | 3 +- .../accurics.azure.NPS.314.json | 3 +- .../accurics.azure.NPS.315.json | 3 +- .../accurics.azure.NPS.35.json | 3 +- .../accurics.azure.NPS.36.json | 3 +- .../accurics.azure.NPS.37.json | 3 +- .../accurics.azure.NPS.38.json | 3 +- .../accurics.azure.NPS.39.json | 40 +++++++++---------- .../accurics.azure.NPS.40.json | 3 +- .../accurics.azure.NPS.41.json | 40 +++++++++---------- .../accurics.azure.NPS.42.json | 3 +- .../accurics.azure.NPS.43.json | 40 +++++++++---------- .../accurics.azure.NPS.44.json | 3 +- .../accurics.azure.NPS.45.json | 40 +++++++++---------- .../accurics.azure.NPS.46.json | 3 +- .../accurics.azure.NPS.47.json | 40 +++++++++---------- .../accurics.azure.NPS.48.json | 3 +- .../accurics.azure.NPS.49.json | 40 +++++++++---------- .../accurics.azure.NPS.50.json | 3 +- .../accurics.azure.NPS.51.json | 40 +++++++++---------- .../accurics.azure.NPS.52.json | 3 +- .../accurics.azure.NPS.53.json | 40 +++++++++---------- .../accurics.azure.NPS.54.json | 3 +- .../accurics.azure.NPS.55.json | 40 +++++++++---------- .../accurics.azure.NPS.56.json | 3 +- .../accurics.azure.NPS.57.json | 40 +++++++++---------- .../accurics.azure.NPS.58.json | 3 +- .../accurics.azure.NPS.59.json | 40 +++++++++---------- .../accurics.azure.NPS.60.json | 3 +- .../accurics.azure.NPS.61.json | 40 +++++++++---------- .../accurics.azure.NPS.62.json | 3 +- .../accurics.azure.NPS.63.json | 40 +++++++++---------- .../accurics.azure.NPS.64.json | 3 +- .../accurics.azure.NPS.65.json | 40 +++++++++---------- .../accurics.azure.NPS.66.json | 3 +- .../accurics.azure.NPS.67.json | 40 +++++++++---------- .../accurics.azure.NPS.68.json | 3 +- .../accurics.azure.NPS.69.json | 40 +++++++++---------- .../accurics.azure.NPS.70.json | 3 +- .../accurics.azure.NPS.71.json | 40 +++++++++---------- .../accurics.azure.NPS.72.json | 3 +- .../accurics.azure.NPS.73.json | 40 +++++++++---------- .../accurics.azure.NPS.74.json | 3 +- .../accurics.azure.NPS.75.json | 40 +++++++++---------- .../accurics.azure.NPS.76.json | 3 +- .../accurics.azure.NPS.77.json | 40 +++++++++---------- .../accurics.azure.NPS.78.json | 3 +- .../accurics.azure.NPS.79.json | 40 +++++++++---------- .../accurics.azure.NPS.80.json | 3 +- .../accurics.azure.NPS.81.json | 40 +++++++++---------- .../accurics.azure.NPS.82.json | 3 +- .../accurics.azure.NPS.83.json | 40 +++++++++---------- .../accurics.azure.NPS.84.json | 3 +- .../accurics.azure.NPS.85.json | 40 +++++++++---------- .../accurics.azure.NPS.86.json | 3 +- .../accurics.azure.NPS.87.json | 40 +++++++++---------- .../accurics.azure.NPS.88.json | 3 +- .../accurics.azure.NPS.89.json | 40 +++++++++---------- .../accurics.azure.NPS.90.json | 3 +- .../accurics.azure.NPS.91.json | 40 +++++++++---------- .../accurics.azure.NPS.92.json | 3 +- .../accurics.azure.NPS.93.json | 40 +++++++++---------- .../accurics.azure.NPS.94.json | 3 +- .../accurics.azure.NPS.95.json | 40 +++++++++---------- .../accurics.azure.NPS.96.json | 3 +- .../accurics.azure.NPS.97.json | 40 +++++++++---------- .../accurics.azure.NPS.98.json | 3 +- .../accurics.azure.NPS.99.json | 40 +++++++++---------- .../accurics.azure.NS.11.json | 28 ++++++------- .../accurics.azure.NS.342.json | 3 +- .../accurics.azure.LOG.151.json | 28 ++++++------- .../accurics.azure.LOG.152.json | 28 ++++++------- .../accurics.azure.LOG.153.json | 28 ++++++------- .../accurics.azure.LOG.154.json | 28 ++++++------- .../accurics.azure.LOG.155.json | 3 +- .../accurics.azure.LOG.364.json | 24 +++++------ .../accurics.azure.BDR.163.json | 28 ++++++------- .../accurics.azure.EKM.1.json | 28 ++++++------- .../accurics.azure.EKM.23.json | 28 ++++++------- .../accurics.azure.NS.13.json | 28 ++++++------- .../accurics.azure.NS.166.json | 28 ++++++------- .../accurics.azure.NS.30.json | 32 +++++++-------- .../accurics.azure.NS.31.json | 32 +++++++-------- .../accurics.azure.NS.272.json | 28 ++++++------- .../accurics.azure.IAM.388.json | 28 ++++++------- .../accurics.azure.MON.353.json | 3 +- .../accurics.azure.OPS.349.json | 28 ++++++------- .../accurics.azure.IAM.137.json | 28 ++++++------- .../accurics.azure.MON.157.json | 28 ++++++------- .../accurics.azure.NS.169.json | 28 ++++++------- .../accurics.azure.NS.21.json | 32 +++++++-------- .../accurics.azure.NS.5.json | 32 +++++++-------- .../accurics.azure.IAM.10.json | 28 ++++++------- .../accurics.azure.IAM.138.json | 28 ++++++------- .../accurics.azure.LOG.356.json | 24 +++++------ .../accurics.azure.MON.354.json | 24 +++++------ .../accurics.azure.EKM.7.json | 28 ++++++------- .../accurics.azure.NS.2.json | 28 ++++++------- .../accurics.azure.NS.4.json | 28 ++++++------- .../accurics.azure.NS.370.json | 3 +- .../accurics.azure.IAM.368.json | 28 ++++++------- .../accurics.azure.NS.18.json | 3 +- .../accurics.azure.NS.161.json | 28 ++++++------- 261 files changed, 2560 insertions(+), 2427 deletions(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json index b9334094f..e304b672b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json @@ -1,15 +1,15 @@ { - "name": "reme_appGatewayWAFEnabled", - "file": "appGatewayWAFEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_application_gateway", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", - "reference_id": "accurics.azure.NS.147", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0189" -} + "name": "reme_appGatewayWAFEnabled", + "file": "appGatewayWAFEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_application_gateway", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", + "reference_id": "accurics.azure.NS.147", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0189" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json index ad7239a25..4b89b09c7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json @@ -1,15 +1,15 @@ { - "name": "reme_containerRegistryResourceLock", - "file": "containerRegistryResourceLock.rego", - "policy_type": "azure", - "resource_type": "azurerm_container_registry", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure Container Registry has locks", - "reference_id": "accurics.azure.AKS.3", - "category": "Resilience", - "version": 2, - "id": "AC_AZURE_0185" -} + "name": "reme_containerRegistryResourceLock", + "file": "containerRegistryResourceLock.rego", + "policy_type": "azure", + "resource_type": "azurerm_container_registry", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure Container Registry has locks", + "reference_id": "accurics.azure.AKS.3", + "category": "Resilience", + "version": 2, + "id": "AC_AZURE_0185" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json index 5a59a4e07..b6df40d8b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json @@ -1,15 +1,15 @@ { - "name": "reme_containerRegistryAdminEnabled", - "file": "containerRegistryAdminEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_container_registry", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that admin user is disabled for Container Registry", - "reference_id": "accurics.azure.EKM.164", - "category": "Identity and Access Management", - "version": 2, - "id": "AC_AZURE_0186" -} + "name": "reme_containerRegistryAdminEnabled", + "file": "containerRegistryAdminEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_container_registry", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that admin user is disabled for Container Registry", + "reference_id": "accurics.azure.EKM.164", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0186" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json index b9bb3ed1a..e77d94900 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json @@ -1,15 +1,15 @@ { - "name": "reme_noTags", - "file": "noTags.rego", - "policy_type": "azure", - "resource_type": "azurerm_cosmosdb_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that Cosmos DB Account has an associated tag", - "reference_id": "accurics.azure.CAM.162", - "category": "Compliance Validation", - "version": 2, - "id": "AC_AZURE_0277" -} + "name": "reme_noTags", + "file": "noTags.rego", + "policy_type": "azure", + "resource_type": "azurerm_cosmosdb_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Cosmos DB Account has an associated tag", + "reference_id": "accurics.azure.CAM.162", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0277" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json index ee0460aea..9a4ae45d5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json @@ -1,15 +1,15 @@ { - "name": "reme_ipRangeFilterMissing", - "file": "ipRangeFilterMissing.rego", - "policy_type": "azure", - "resource_type": "azurerm_cosmosdb_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure to filter source Ips for Cosmos DB Account", - "reference_id": "accurics.azure.NS.32", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0184" -} + "name": "reme_ipRangeFilterMissing", + "file": "ipRangeFilterMissing.rego", + "policy_type": "azure", + "resource_type": "azurerm_cosmosdb_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure to filter source Ips for Cosmos DB Account", + "reference_id": "accurics.azure.NS.32", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0184" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json index 9cfded950..0f50079d7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json @@ -1,15 +1,15 @@ { - "name": "reme_keyVaultSoftDeleteEnabled", - "file": "keyVaultSoftDeleteEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", - "reference_id": "accurics.azure.EKM.164", - "category": "Data Protection", - "version": 2, - "id": "AC_AZURE_0170" -} + "name": "reme_keyVaultSoftDeleteEnabled", + "file": "keyVaultSoftDeleteEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", + "reference_id": "accurics.azure.EKM.164", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0170" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json index a9558c203..c30852cc7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json @@ -1,15 +1,15 @@ { - "name": "reme_keyVaultAuditLoggingEnabled", - "file": "keyVaultAuditLoggingEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that logging for Azure KeyVault is 'Enabled'", - "reference_id": "accurics.azure.EKM.20", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0169" -} + "name": "reme_keyVaultAuditLoggingEnabled", + "file": "keyVaultAuditLoggingEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that logging for Azure KeyVault is 'Enabled'", + "reference_id": "accurics.azure.EKM.20", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0169" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json index 7ed19cb45..1478dbfe8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json @@ -1,15 +1,15 @@ { - "name": "reme_checkKeyExpirationIsSet", - "file": "checkKeyExpirationIsSet.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault_key", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that the expiration date is set on all keys", - "reference_id": "accurics.azure.EKM.25", - "category": "Data Protection", - "version": 2, - "id": "AC_AZURE_0164" -} + "name": "reme_checkKeyExpirationIsSet", + "file": "checkKeyExpirationIsSet.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault_key", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that the expiration date is set on all keys", + "reference_id": "accurics.azure.EKM.25", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0164" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json index 06d83ce31..4009d5108 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json @@ -1,15 +1,15 @@ { - "name": "reme_checkSecretExpirationIsSet", - "file": "checkSecretExpirationIsSet.rego", - "policy_type": "azure", - "resource_type": "azurerm_key_vault_secret", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that the expiration date is set on all secrets", - "reference_id": "accurics.azure.EKM.26", - "category": "Data Protection", - "version": 2, - "id": "AC_AZURE_0163" -} + "name": "reme_checkSecretExpirationIsSet", + "file": "checkSecretExpirationIsSet.rego", + "policy_type": "azure", + "resource_type": "azurerm_key_vault_secret", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that the expiration date is set on all secrets", + "reference_id": "accurics.azure.EKM.26", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0163" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json index 8fdc3a728..f528d9d60 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json @@ -1,13 +1,13 @@ { - "name": "networkPolicyEnabled", - "file": "networkPolicyEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_kubernetes_cluster", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure AKS cluster has Network Policy configured.", - "reference_id": "accurics.azure.NS.382", - "category": "Infrastructure Security", - "version": 1, - "id": "AC_AZURE_0158" -} + "name": "networkPolicyEnabled", + "file": "networkPolicyEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_kubernetes_cluster", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure AKS cluster has Network Policy configured.", + "reference_id": "accurics.azure.NS.382", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0158" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json index 406749998..7aab39ea1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json @@ -1,13 +1,13 @@ { - "name": "kubeDashboardDisabled", - "file": "kubeDashboardDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_kubernetes_cluster", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure Kube Dashboard is disabled", - "reference_id": "accurics.azure.NS.383", - "category": "Infrastructure Security", - "version": 1, - "id": "AC_AZURE_0161" -} + "name": "kubeDashboardDisabled", + "file": "kubeDashboardDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_kubernetes_cluster", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure Kube Dashboard is disabled", + "reference_id": "accurics.azure.NS.383", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0161" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json index 8b6c3e558..b31c24e57 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json @@ -10,5 +10,6 @@ "description": "Ensure that 'OS disk' are encrypted", "reference_id": "accurics.azure.EKM.156", "category": "Data Protection", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json index 7210aabf2..05e0a9a68 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json @@ -1,16 +1,16 @@ { - "name": "mssqlAuditingRetention", - "file": "mssqlAuditing.rego", - "policy_type": "azure", - "resource_type": "azurerm_mssql_server", - "template_args": { - "checkRetention": true, - "name": "mssqlAuditingRetention" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", - "reference_id": "accurics.azure.LOG.357", - "category": "Logging and Monitoring", - "version": 1, - "id": "AC_AZURE_0136" -} + "name": "mssqlAuditingRetention", + "file": "mssqlAuditing.rego", + "policy_type": "azure", + "resource_type": "azurerm_mssql_server", + "template_args": { + "checkRetention": true, + "name": "mssqlAuditingRetention" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", + "reference_id": "accurics.azure.LOG.357", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0136" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json index 182db767a..02208bdca 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json @@ -1,16 +1,16 @@ { - "name": "mssqlServerAuditingEnabled", - "file": "mssqlAuditing.rego", - "policy_type": "azure", - "resource_type": "azurerm_mssql_server", - "template_args": { - "checkRetention": false, - "name": "mssqlServerAuditingEnabled" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", - "reference_id": "accurics.azure.MON.355", - "category": "Logging and Monitoring", - "version": 1, - "id": "AC_AZURE_0137" -} + "name": "mssqlServerAuditingEnabled", + "file": "mssqlAuditing.rego", + "policy_type": "azure", + "resource_type": "azurerm_mssql_server", + "template_args": { + "checkRetention": false, + "name": "mssqlServerAuditingEnabled" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", + "reference_id": "accurics.azure.MON.355", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0137" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json index 444017801..2e269fc03 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json +++ b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json @@ -1,13 +1,13 @@ { - "name": "sslConnectionEnabled", - "file": "sslConnectionEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_mysql_server", - "template_args": null, - "severity": "HIGH", - "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", - "reference_id": "accurics.azure.NS.361", - "category": "Infrastructure Security", - "version": 1, - "id": "AC_AZURE_0131" -} + "name": "sslConnectionEnabled", + "file": "sslConnectionEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_mysql_server", + "template_args": null, + "severity": "HIGH", + "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", + "reference_id": "accurics.azure.NS.361", + "category": "Infrastructure Security", + "version": 1, + "id": "AC_AZURE_0131" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json index 277b91ac0..2b8851a85 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json @@ -16,5 +16,6 @@ "description": "Puppet Master (TCP:8140) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.100", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json index 75cd19514..fe075d1e6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8140ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8140ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Puppet Master (TCP:8140) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.101", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0451" -} + "name": "reme_networkPort8140ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8140ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Puppet Master (TCP:8140) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.101", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0451" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json index f7adc2106..0d117d603 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json @@ -16,5 +16,6 @@ "description": "SMTP (TCP:25) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.102", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json index e309c77b4..6c3464736 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort25ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort25ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SMTP (TCP:25) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.103", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0448" -} + "name": "reme_networkPort25ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort25ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SMTP (TCP:25) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.103", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0448" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json index 3800f8ccd..fb706dfeb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json @@ -16,5 +16,6 @@ "description": "SNMP (UDP:161) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.104", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json index 01cc62b0b..6afcb9610 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort161ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort161ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "SNMP (UDP:161) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.105", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0445" -} + "name": "reme_networkPort161ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort161ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "SNMP (UDP:161) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.105", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0445" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json index bc20ac3e0..c721c1070 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.106", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json index 4686928aa..55a492c00 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2382ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2382ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.107", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0442" -} + "name": "reme_networkPort2382ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2382ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.107", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0442" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json index 9ea0452a1..d90c42842 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.108", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json index 554a30ddd..f3311da04 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2383ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2383ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.109", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0439" -} + "name": "reme_networkPort2383ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2383ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.109", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0439" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json index 0704feed6..4d4ebcde2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4505) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.110", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json index 0e4a854c0..7c4a9cccd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort4505ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4505ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.111", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0436" -} + "name": "reme_networkPort4505ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4505ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.111", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0436" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json index bd7a8b4d8..ef46fdf0d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4506) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.112", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json index 3c72de4b7..dbd35ba7a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort4506ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4506ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.113", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0433" -} + "name": "reme_networkPort4506ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4506ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.113", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0433" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json index cd53c8080..b75584c14 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json @@ -16,5 +16,6 @@ "description": "Telnet (TCP:23) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.114", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json index af36da9a8..169b4bcbe 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort23ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort23ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Telnet (TCP:23) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.115", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0430" -} + "name": "reme_networkPort23ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort23ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Telnet (TCP:23) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.115", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0430" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json index 9696fdc85..0471cd354 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json @@ -16,5 +16,6 @@ "description": "VNC Listener (TCP:5500) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.116", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json index 2f66b6e6d..efbf6c37f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5500ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5500ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Listener (TCP:5500) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.117", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0427" -} + "name": "reme_networkPort5500ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5500ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Listener (TCP:5500) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.117", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0427" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json index 64bd49b69..a6557f088 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json @@ -16,5 +16,6 @@ "description": "VNC Server (TCP:5900) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.118", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json index cfd16bd92..b459875af 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5900ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5900ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Server (TCP:5900) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.119", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0424" -} + "name": "reme_networkPort5900ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5900ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "VNC Server (TCP:5900) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.119", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0424" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json index 9396930a1..03b843eec 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json @@ -16,5 +16,6 @@ "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.170", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json index 7729f4c40..498ef7636 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3389ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3389ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3389, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", - "reference_id": "accurics.azure.NPS.171", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0342" -} + "name": "reme_networkPort3389ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3389ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3389, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", + "reference_id": "accurics.azure.NPS.171", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0342" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json index 9768dc6d2..ae217e3b5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort22ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort22ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 22, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SSH (TCP:22) is exposed to the entire public internet", - "reference_id": "accurics.azure.NPS.172", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0285" -} + "name": "reme_networkPort22ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort22ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 22, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "SSH (TCP:22) is exposed to the entire public internet", + "reference_id": "accurics.azure.NPS.172", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0285" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json index 2a835c0ba..023bae15b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json @@ -16,5 +16,6 @@ "description": "CIFS / SMB (TCP:3020) is exposed to small Public network", "reference_id": "accurics.azure.NPS.173", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json index 6d68bb9a5..9e4a6e610 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3020ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3020ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.174", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0272" -} + "name": "reme_networkPort3020ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3020ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.174", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0272" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json index d0378bf3e..77355a93a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json @@ -16,5 +16,6 @@ "description": "Cassandra (TCP:7001) is exposed to small Public network", "reference_id": "accurics.azure.NPS.175", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json index 6048518cf..d16a80e5e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort7001ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort7001ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra (TCP:7001) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.176", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0275" -} + "name": "reme_networkPort7001ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort7001ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra (TCP:7001) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.176", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0275" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json index 2e9616455..cdbaa7bf9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json @@ -16,5 +16,6 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Public network", "reference_id": "accurics.azure.NPS.177", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json index 1d6325559..7dffc0207 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort61621ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort61621ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.178", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0536" -} + "name": "reme_networkPort61621ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort61621ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.178", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0536" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json index 11d1b3df9..5e9a88f88 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json @@ -16,5 +16,6 @@ "description": "DNS (UDP:53) is exposed to small Public network", "reference_id": "accurics.azure.NPS.179", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json index 5e1baff21..951930986 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort53ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort53ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "DNS (UDP:53) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.180", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0533" -} + "name": "reme_networkPort53ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort53ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "DNS (UDP:53) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.180", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0533" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json index ab9edccda..ae65ba6e9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json @@ -16,5 +16,6 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.181", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json index c4a96d72a..22c6e1fdf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort9000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort9000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.182", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0530" -} + "name": "reme_networkPort9000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort9000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.182", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0530" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json index f5010b74d..81364c033 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.183", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json index 9af9e22e0..5146dfcd0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.184", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0527" -} + "name": "reme_networkPort8000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.184", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0527" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json index 5e1c68b32..0720e8c6f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8080) is exposed to small Public network", "reference_id": "accurics.azure.NPS.185", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json index 847ff0b82..bbab0eebf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8080ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8080ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8080) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.186", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0524" -} + "name": "reme_networkPort8080ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8080ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": " Known internal web port (TCP:8080) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.186", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0524" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json index 26ef06f38..7c62ce5be 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json @@ -16,5 +16,6 @@ "description": "LDAP SSL (TCP:636) is exposed to small Public network", "reference_id": "accurics.azure.NPS.187", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json index b5af7b28f..98a17dfca 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort636ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort636ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "LDAP SSL (TCP:636) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.188", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0521" -} + "name": "reme_networkPort636ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort636ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "LDAP SSL (TCP:636) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.188", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0521" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json index 2ad2fa4b6..6c08ff4de 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json @@ -16,5 +16,6 @@ "description": "MSSQL Admin (TCP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.189", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json index b854f9a01..db9674e07 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1434ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.190", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0518" -} + "name": "reme_networkPort1434ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.190", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0518" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json index 627fd7eff..a7bb1a305 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json @@ -16,5 +16,6 @@ "description": "MSSQL Browser (UDP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.191", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json index 95f92efa3..25abbc00b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1434ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.192", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0518" -} + "name": "reme_networkPort1434ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.192", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0518" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json index c1ba7f7b6..5390a24aa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json @@ -16,5 +16,6 @@ "description": "MSSQL Debugger (TCP:135) is exposed to small Public network", "reference_id": "accurics.azure.NPS.193", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json index 21b96dc93..1aebe5cfa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort135ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort135ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.194", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0512" -} + "name": "reme_networkPort135ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort135ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.194", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0512" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json index c39b28f58..0f99e8822 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json @@ -16,5 +16,6 @@ "description": "MSSQL Server (TCP:1433) is exposed to small Public network", "reference_id": "accurics.azure.NPS.195", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json index d538e3ad6..f38e35c2b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1433ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1433ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.196", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0509" -} + "name": "reme_networkPort1433ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1433ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.196", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0509" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json index c62df92d5..b0f02615e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.197", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json index f306b3c31..4c699ddd9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11214ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.198", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0506" -} + "name": "reme_networkPort11214ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.198", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0506" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json index fe09af974..f18bc7fb1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.199", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json index 993f05246..308f00478 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11215ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.200", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0503" -} + "name": "reme_networkPort11215ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.200", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0503" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json index 46b466f7d..b0865a10c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.201", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json index 3184c23d9..6b20bdeee 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11214ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.202", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0506" -} + "name": "reme_networkPort11214ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.202", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0506" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json index 74e10b751..6353ae434 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.203", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json index 470976d0b..e73246b69 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11215ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.204", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0503" -} + "name": "reme_networkPort11215ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.204", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0503" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json index b62b05896..87d68743f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json @@ -16,5 +16,6 @@ "description": "Microsoft-DS (TCP:445) is exposed to small Public network", "reference_id": "accurics.azure.NPS.205", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json index 3762dfdc5..e7ebdf3d6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort445ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort445ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.206", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0494" -} + "name": "reme_networkPort445ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort445ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.206", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0494" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json index 6fadf1bed..50acfb7a8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json @@ -16,5 +16,6 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to small Public network", "reference_id": "accurics.azure.NPS.207", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json index cb1c5a335..10a4d0c51 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort27018ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort27018ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.208", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0491" -} + "name": "reme_networkPort27018ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort27018ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.208", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0491" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json index ee5e4f973..0a61c111d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json @@ -16,5 +16,6 @@ "description": "MySQL (TCP:3306) is exposed to small Public network", "reference_id": "accurics.azure.NPS.209", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json index 3bc5c8d09..5d15f8f1a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3306ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3306ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MySQL (TCP:3306) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.210", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0488" -} + "name": "reme_networkPort3306ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3306ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "MySQL (TCP:3306) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.210", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0488" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json index 2009886d3..a4a33df4f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.211", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json index 16419328d..81a3c032f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort137ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.212", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0485" -} + "name": "reme_networkPort137ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.212", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0485" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json index 23a2178ce..08b42ad38 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.213", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json index e1310691c..b014f99c8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort137ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.214", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0485" -} + "name": "reme_networkPort137ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.214", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0485" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json index 9b64393a9..ea2d75741 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.215", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json index b6bfd06c0..8cbb80b3f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort138ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.216", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0479" -} + "name": "reme_networkPort138ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.216", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0479" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json index 1ddc4bd45..876feeb7e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.217", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json index 4e348171f..039fd3188 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort138ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.218", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0479" -} + "name": "reme_networkPort138ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.218", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0479" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json index b9d8dacb0..6fcd40ead 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.219", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json index dfb35a0b3..f5b6a6aec 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort139ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.220", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0473" -} + "name": "reme_networkPort139ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.220", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0473" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json index 080d2f6a7..f00088993 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.221", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json index 3912b27b0..70bb7364d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort139ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.222", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0473" -} + "name": "reme_networkPort139ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.222", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0473" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json index 5b76d884f..b39092699 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.223", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json index 429659604..d7c6a7b23 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2484ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.224", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0467" -} + "name": "reme_networkPort2484ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.224", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0467" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json index db9021869..82a415f8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.225", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json index c460b6a55..330d976e9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2484ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.226", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0467" -} + "name": "reme_networkPort2484ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.226", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0467" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json index e46748198..f06dcf139 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json @@ -16,5 +16,6 @@ "description": "POP3 (TCP:110) is exposed to small Public network", "reference_id": "accurics.azure.NPS.227", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json index 4386e5953..ea17f86e0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort110ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort110ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "POP3 (TCP:110) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.228", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0461" -} + "name": "reme_networkPort110ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort110ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "POP3 (TCP:110) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.228", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0461" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json index a5e18778f..8f6544365 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (TCP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.229", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json index 6dbcc6dc0..2ce1139c9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5432ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.230", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0458" -} + "name": "reme_networkPort5432ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.230", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0458" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json index 756bd05c5..11270c61b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (UDP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.231", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json index 1c1655ccb..915f1b7d4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5432ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.232", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0458" -} + "name": "reme_networkPort5432ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.232", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0458" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json index 09efdec65..4fda24750 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json @@ -16,5 +16,6 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.233", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json index 2ea97e518..ec2ff82e7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.234", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0452" -} + "name": "reme_networkPort3000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.234", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0452" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json index 6bff6a551..fd3048162 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json @@ -16,5 +16,6 @@ "description": "Puppet Master (TCP:8140) is exposed to small Public network", "reference_id": "accurics.azure.NPS.235", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json index 5a09b0192..0f94c8ad1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8140ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8140ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Puppet Master (TCP:8140) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.236", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0449" -} + "name": "reme_networkPort8140ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8140ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Puppet Master (TCP:8140) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.236", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0449" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json index 025e9fac8..4323f952e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json @@ -16,5 +16,6 @@ "description": "SMTP (TCP:25) is exposed to small Public network", "reference_id": "accurics.azure.NPS.237", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json index 1ccad410b..70240907b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort25ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort25ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SMTP (TCP:25) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.238", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0446" -} + "name": "reme_networkPort25ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort25ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SMTP (TCP:25) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.238", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0446" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json index c043e7a41..f56c2309a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json @@ -16,5 +16,6 @@ "description": "SNMP (UDP:161) is exposed to small Public network", "reference_id": "accurics.azure.NPS.239", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json index 5850cb43c..d32689652 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort161ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort161ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "SNMP (UDP:161) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.240", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0443" -} + "name": "reme_networkPort161ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort161ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "MEDIUM", + "description": "SNMP (UDP:161) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.240", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0443" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json index d80c9ec60..562411f52 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to small Public network", "reference_id": "accurics.azure.NPS.241", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json index ea235dc17..33a5bc91a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2382ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2382ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.242", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0440" -} + "name": "reme_networkPort2382ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2382ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.242", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0440" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json index 5555267ee..77399ed95 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to small Public network", "reference_id": "accurics.azure.NPS.243", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json index a1cbe01f8..4c98204bb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2383ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2383ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.244", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0437" -} + "name": "reme_networkPort2383ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2383ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.244", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0437" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json index e6c399483..387830c8c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4505) is exposed to small Public network", "reference_id": "accurics.azure.NPS.245", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json index 7a6f22764..d063cc1ae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort4505ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4505ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.246", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0434" -} + "name": "reme_networkPort4505ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4505ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.246", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0434" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json index a03f5e76b..ec155deda 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4506) is exposed to small Public network", "reference_id": "accurics.azure.NPS.247", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json index b169cb3e3..1a226f959 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort4506ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4506ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.248", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0431" -} + "name": "reme_networkPort4506ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4506ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.248", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0431" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json index 0161c6adb..529e295c5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json @@ -16,5 +16,6 @@ "description": "Telnet (TCP:23) is exposed to small Public network", "reference_id": "accurics.azure.NPS.249", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json index 12621e0d3..1d4591f0e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort23ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort23ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Telnet (TCP:23) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.250", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0428" -} + "name": "reme_networkPort23ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort23ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "Telnet (TCP:23) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.250", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0428" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json index 09806b525..c6a6f1969 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json @@ -16,5 +16,6 @@ "description": "VNC Listener (TCP:5500) is exposed to small Public network", "reference_id": "accurics.azure.NPS.251", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json index 71fe980bf..b5375a8bb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5500ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5500ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Listener (TCP:5500) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.252", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0425" -} + "name": "reme_networkPort5500ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5500ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Listener (TCP:5500) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.252", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0425" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json index b09945c97..705dd8abd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json @@ -16,5 +16,6 @@ "description": "VNC Server (TCP:5900) is exposed to small Public network", "reference_id": "accurics.azure.NPS.253", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json index ece0556ba..dfeebb209 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5900ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5900ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Server (TCP:5900) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.254", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0422" -} + "name": "reme_networkPort5900ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5900ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "MEDIUM", + "description": "VNC Server (TCP:5900) is exposed to wide Private network", + "reference_id": "accurics.azure.NPS.254", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0422" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json index 3ffcb70ff..2147af6a6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json @@ -16,5 +16,6 @@ "description": "CIFS / SMB (TCP:3020) is exposed to small Private network", "reference_id": "accurics.azure.NPS.275", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json index 077a1c35c..a0bfa0cbc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json @@ -16,5 +16,6 @@ "description": "Cassandra (TCP:7001) is exposed to small Private network", "reference_id": "accurics.azure.NPS.276", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json index 6fbb0f249..4352ec688 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json @@ -16,5 +16,6 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Private network", "reference_id": "accurics.azure.NPS.277", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json index 453717a0b..0e3651c74 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json @@ -16,5 +16,6 @@ "description": "DNS (UDP:53) is exposed to small Private network", "reference_id": "accurics.azure.NPS.278", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json index 519d4706d..afc41f0b8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json @@ -16,5 +16,6 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.279", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json index 847a4f88e..5d556597f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.280", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json index 335c95e91..c7a1837df 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8080) is exposed to small Private network", "reference_id": "accurics.azure.NPS.281", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json index 01f654616..3413eefbf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json @@ -16,5 +16,6 @@ "description": "LDAP SSL (TCP:636) is exposed to small Private network", "reference_id": "accurics.azure.NPS.282", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json index 526a3ac8d..572f8ce5c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json @@ -16,5 +16,6 @@ "description": "MSSQL Admin (TCP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.283", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json index 360f39e9d..54ab0b31c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json @@ -16,5 +16,6 @@ "description": "MSSQL Browser (UDP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.284", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json index 3bba35813..25d06a864 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json @@ -16,5 +16,6 @@ "description": "MSSQL Debugger (TCP:135) is exposed to small Private network", "reference_id": "accurics.azure.NPS.285", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json index 180ebfe03..a0a19be48 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json @@ -16,5 +16,6 @@ "description": "MSSQL Server (TCP:1433) is exposed to small Private network", "reference_id": "accurics.azure.NPS.286", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json index ebdcf0c19..181eda826 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.287", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json index 1dd915415..e12b9327d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.288", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json index f61429399..1ef793ada 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.289", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json index 9887e046e..c9831e3ea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.290", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json index cb32425ad..59f3bb4fc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json @@ -16,5 +16,6 @@ "description": "Microsoft-DS (TCP:445) is exposed to small Private network", "reference_id": "accurics.azure.NPS.291", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json index b227e237b..8e314addc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json @@ -16,5 +16,6 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to small Private network", "reference_id": "accurics.azure.NPS.292", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json index 5840db48e..aa60ca812 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json @@ -16,5 +16,6 @@ "description": "MySQL (TCP:3306) is exposed to small Private network", "reference_id": "accurics.azure.NPS.293", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json index 1057d6708..38396523a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.294", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json index bcc3617cc..51a5325f3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.295", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json index e97e9bb63..86ebe81ed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.296", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json index 8b6370ffb..da5d744ca 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.297", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json index ea99c2edc..2ee88709c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.298", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json index ff5fd9e67..65d15d4d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.299", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json index df9efeb03..3a1f2b3bb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.300", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json index 095cc60d2..76a052e7f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.301", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json index 0e1886931..ca82cb36f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json @@ -16,5 +16,6 @@ "description": "POP3 (TCP:110) is exposed to small Private network", "reference_id": "accurics.azure.NPS.302", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json index b468a0626..4423c7b1f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (TCP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.303", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json index 111242c2a..7938e1ca1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (UDP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.304", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json index 0ba899efd..9de7de1d2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json @@ -16,5 +16,6 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.305", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json index c60228291..75fe9f2df 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json @@ -16,5 +16,6 @@ "description": "Puppet Master (TCP:8140) is exposed to small Private network", "reference_id": "accurics.azure.NPS.306", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json index ecd6c1508..fc9eb8a51 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json @@ -16,5 +16,6 @@ "description": "SMTP (TCP:25) is exposed to small Private network", "reference_id": "accurics.azure.NPS.307", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json index 251fefdd2..542ebbfd5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json @@ -16,5 +16,6 @@ "description": "SNMP (UDP:161) is exposed to small Private network", "reference_id": "accurics.azure.NPS.308", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json index 8b99463b4..a821556f2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to small Private network", "reference_id": "accurics.azure.NPS.309", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json index e9cab356f..a31203653 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json @@ -16,5 +16,6 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to small Private network", "reference_id": "accurics.azure.NPS.310", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json index 107192238..00aa22fc2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4505) is exposed to small Private network", "reference_id": "accurics.azure.NPS.311", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json index e6887eefb..4b0690c61 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json @@ -16,5 +16,6 @@ "description": "SaltStack Master (TCP:4506) is exposed to small Private network", "reference_id": "accurics.azure.NPS.312", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json index 1cea318c0..af7df04cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json @@ -16,5 +16,6 @@ "description": "Telnet (TCP:23) is exposed to small Private network", "reference_id": "accurics.azure.NPS.313", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json index b0f8c1a55..3b7c85007 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json @@ -16,5 +16,6 @@ "description": "VNC Listener (TCP:5500) is exposed to small Private network", "reference_id": "accurics.azure.NPS.314", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json index 4ec8d38bd..564ae25b3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json @@ -16,5 +16,6 @@ "description": "VNC Server (TCP:5900) is exposed to small Private network", "reference_id": "accurics.azure.NPS.315", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json index b58605be6..979659c3c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json @@ -16,5 +16,6 @@ "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.35", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json index 7e7043949..02f9d97f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json @@ -16,5 +16,6 @@ "description": "Remote Desktop (TCP:3389) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.36", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json index 7d32aec4e..b5a868ea1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json @@ -16,5 +16,6 @@ "description": "SSH (TCP:22) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.37", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json index edf532e7b..9ae956a79 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json @@ -16,5 +16,6 @@ "description": "CIFS / SMB (TCP:3020) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.38", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json index 978a9e84d..534049bee 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3020ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3020ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.39", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0270" -} + "name": "reme_networkPort3020ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3020ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.39", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0270" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json index d277ba80f..83c5cd535 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json @@ -16,5 +16,6 @@ "description": "Cassandra (TCP:7001) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.40", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json index 55b7b6772..cf636f178 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort7001ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort7001ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra (TCP:7001) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.41", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0273" -} + "name": "reme_networkPort7001ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort7001ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra (TCP:7001) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.41", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0273" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json index 208827341..f73f51b38 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json @@ -16,5 +16,6 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.42", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json index 27da2adc2..067d44941 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort61621ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort61621ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.43", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0276" -} + "name": "reme_networkPort61621ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort61621ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.43", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0276" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json index 3bfcf15fd..2b0e42bc4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json @@ -16,5 +16,6 @@ "description": "DNS (UDP:53) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.44", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json index 7c4a179ff..93d5aaf3f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort53ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort53ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "DNS (UDP:53) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.45", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0535" -} + "name": "reme_networkPort53ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort53ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "DNS (UDP:53) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.45", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0535" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json index 1b123f899..18768a328 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json @@ -16,5 +16,6 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.46", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json index 6e3bb3e91..2828a2cba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort9000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort9000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.47", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0532" -} + "name": "reme_networkPort9000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort9000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.47", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0532" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json index 3e5acfe4a..b494b1cd5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.48", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json index 4f51a8e98..9191b10bd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.49", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0529" -} + "name": "reme_networkPort8000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.49", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0529" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json index 4e0665053..b3ae48a7b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json @@ -16,5 +16,6 @@ "description": " Known internal web port (TCP:8080) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.50", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json index a74943070..fd2e9f0bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort8080ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8080ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8080) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.51", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0526" -} + "name": "reme_networkPort8080ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8080ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": " Known internal web port (TCP:8080) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.51", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0526" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json index 1cc452a58..f70ced0ba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json @@ -16,5 +16,6 @@ "description": "LDAP SSL (TCP:636) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.52", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json index 1190dbae4..d5c38bc55 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort636ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort636ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "LDAP SSL (TCP:636) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.53", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0523" -} + "name": "reme_networkPort636ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort636ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "LDAP SSL (TCP:636) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.53", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0523" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json index b13e24f3e..0fbaad963 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json @@ -16,5 +16,6 @@ "description": "MSSQL Admin (TCP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.54", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json index 92cb3f226..5d7980ba7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1434ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.55", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0520" -} + "name": "reme_networkPort1434ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.55", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0520" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json index 0ccd4fffa..1a511c0b2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json @@ -16,5 +16,6 @@ "description": "MSSQL Browser (UDP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.56", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json index 9f408124c..2e9ecc119 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1434ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.57", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0520" -} + "name": "reme_networkPort1434ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.57", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0520" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json index 569352ec6..f4421beae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json @@ -16,5 +16,6 @@ "description": "MSSQL Debugger (TCP:135) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.58", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json index ab6b4b511..fd613332f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort135ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort135ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.59", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0514" -} + "name": "reme_networkPort135ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort135ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.59", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0514" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json index e6e57ba32..344c4c49a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json @@ -16,5 +16,6 @@ "description": "MSSQL Server (TCP:1433) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.60", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json index 38e43130a..424dd8a1f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort1433ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1433ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.61", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0511" -} + "name": "reme_networkPort1433ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1433ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.61", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0511" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json index 0480c0b1d..24719dda4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.62", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json index e2c923864..9c5e633df 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11214ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.63", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0508" -} + "name": "reme_networkPort11214ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.63", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0508" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json index e8bd7976f..6cec82ea9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (TCP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.64", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json index 2a373091a..17071f482 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11215ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.65", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0505" -} + "name": "reme_networkPort11215ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.65", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0505" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json index 3f403ee8f..5de1495d8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.66", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json index 88dc652b3..82a0fa645 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11214ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.67", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0508" -} + "name": "reme_networkPort11214ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.67", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0508" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json index 8efe6f912..22ddb0c3c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json @@ -16,5 +16,6 @@ "description": "Memcached SSL (UDP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.68", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json index 6f8ebd9c9..0ee849298 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort11215ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.69", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0505" -} + "name": "reme_networkPort11215ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.69", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0505" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json index b8395d32a..2e8d4315b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json @@ -16,5 +16,6 @@ "description": "Microsoft-DS (TCP:445) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.70", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json index c065fc88c..e1c7e554d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort445ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort445ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.71", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0496" -} + "name": "reme_networkPort445ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort445ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.71", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0496" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json index a15230fb8..2b2833b9b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json @@ -16,5 +16,6 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.72", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json index cc392562c..f46af6f96 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort27018ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort27018ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.73", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0493" -} + "name": "reme_networkPort27018ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort27018ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.73", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0493" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json index 40c1c97f7..13191aa7e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json @@ -16,5 +16,6 @@ "description": "MySQL (TCP:3306) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.74", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json index cef2e48c7..29eb7ed36 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3306ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3306ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MySQL (TCP:3306) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.75", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0490" -} + "name": "reme_networkPort3306ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3306ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "MySQL (TCP:3306) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.75", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0490" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json index 15152ef38..0e7c067ea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.76", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json index 8c7a9b4bb..86d44af35 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort137ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.77", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0487" -} + "name": "reme_networkPort137ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.77", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0487" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json index 217a2639b..7b76862cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json @@ -16,5 +16,6 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.78", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json index ddef2a3a5..02ac67303 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort137ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.79", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0487" -} + "name": "reme_networkPort137ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.79", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0487" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json index ee7dbcce8..c547ca752 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.80", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json index f99a0b925..24221659c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort138ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.81", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0481" -} + "name": "reme_networkPort138ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.81", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0481" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json index 18d56006c..fd9e84799 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json @@ -16,5 +16,6 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.82", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json index eafa4a56a..4f639a77a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort138ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.83", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0481" -} + "name": "reme_networkPort138ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.83", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0481" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json index 9fb6ace4a..945d60382 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.84", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json index 811136986..cf34db29e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort139ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.85", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0475" -} + "name": "reme_networkPort139ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.85", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0475" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json index ce27663ea..68673802c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json @@ -16,5 +16,6 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.86", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json index 9f2b42bcf..79c0bbf29 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort139ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.87", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0475" -} + "name": "reme_networkPort139ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.87", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0475" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json index e31af75c8..ff7e5b790 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.88", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json index 88c52bb4a..9dad3e0f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2484ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.89", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0469" -} + "name": "reme_networkPort2484ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.89", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0469" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json index 6d4584dba..d1649adc1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json @@ -16,5 +16,6 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.90", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json index cf816964f..b9389863b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort2484ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.91", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0469" -} + "name": "reme_networkPort2484ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.91", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0469" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json index 4d168c834..efff729d0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json @@ -16,5 +16,6 @@ "description": "POP3 (TCP:110) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.92", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json index 787486aa7..a4507326b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort110ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort110ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "POP3 (TCP:110) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.93", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0463" -} + "name": "reme_networkPort110ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort110ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "POP3 (TCP:110) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.93", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0463" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json index cb8205b50..37e0713e6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (TCP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.94", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json index 83efbe56b..3da9ee780 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5432ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.95", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0460" -} + "name": "reme_networkPort5432ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.95", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0460" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json index df22b3db4..7782b16a3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json @@ -16,5 +16,6 @@ "description": "PostgreSQL (UDP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.96", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json index 2ebe429bf..335366a00 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort5432ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.97", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0460" -} + "name": "reme_networkPort5432ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "HIGH", + "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.97", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0460" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json index 74a0aec88..ae9e72714 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json @@ -16,5 +16,6 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.98", "category": "Infrastructure Security", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json index 3bbe663c4..afc1a20e9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json @@ -1,21 +1,21 @@ { - "name": "reme_networkPort3000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_security_rule", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.99", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0454" -} + "name": "reme_networkPort3000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_security_rule", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "HIGH", + "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", + "reference_id": "accurics.azure.NPS.99", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0454" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json index 80aefb2bc..221cbab74 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json @@ -1,15 +1,15 @@ { - "name": "reme_networkWatcherEnabled", - "file": "networkWatcherCheck.rego", - "policy_type": "azure", - "resource_type": "azurerm_network_watcher_flow_log", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "reference_id": "accurics.azure.NS.11", - "category": "Logging and Monitoring", - "version": 1, - "id": "AC_AZURE_0418" -} + "name": "reme_networkWatcherEnabled", + "file": "networkWatcherCheck.rego", + "policy_type": "azure", + "resource_type": "azurerm_network_watcher_flow_log", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", + "reference_id": "accurics.azure.NS.11", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0418" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json index 8fcece1a6..19b6ef3fe 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json @@ -10,5 +10,6 @@ "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", "reference_id": "accurics.azure.NS.342", "category": "Resilience", - "version": 1 + "version": 1, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json index 05840fccb..bb9f8dcc2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json @@ -1,15 +1,15 @@ { - "name": "reme_connectionThrottling", - "file": "connectionThrottling.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.151", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0414" -} + "name": "reme_connectionThrottling", + "file": "connectionThrottling.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.151", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0414" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json index ced6a2de4..175459365 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json @@ -1,15 +1,15 @@ { - "name": "reme_logConnections", - "file": "logConnections.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.152", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0413" -} + "name": "reme_logConnections", + "file": "logConnections.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.152", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0413" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json index 400a9e00e..26db9c360 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json @@ -1,15 +1,15 @@ { - "name": "reme_logDisconnections", - "file": "logDisconnections.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.153", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0412" -} + "name": "reme_logDisconnections", + "file": "logDisconnections.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.153", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0412" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json index d48be0c63..b5b485400 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json @@ -1,15 +1,15 @@ { - "name": "reme_logDuration", - "file": "logDuration.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.154", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0411" -} + "name": "reme_logDuration", + "file": "logDuration.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.154", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0411" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json index 57f6dd2d6..4fec3b528 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json @@ -10,5 +10,6 @@ "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.155", "category": "Logging and Monitoring", - "version": 2 + "version": 2, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json index 6e83af673..40f492785 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json @@ -1,13 +1,13 @@ { - "name": "postgreSqlLogsEnabled", - "file": "postgreSqlLogsEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_configuration", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.364", - "category": "Logging and Monitoring", - "version": 1, - "id": "AC_AZURE_0409" -} + "name": "postgreSqlLogsEnabled", + "file": "postgreSqlLogsEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_configuration", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", + "reference_id": "accurics.azure.LOG.364", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0409" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json index c71914d9b..1bf81c572 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json @@ -1,15 +1,15 @@ { - "name": "reme_geoRedundancyDisabled", - "file": "geoRedundancyDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", - "reference_id": "accurics.azure.BDR.163", - "category": "Resilience", - "version": 2, - "id": "AC_AZURE_0407" -} + "name": "reme_geoRedundancyDisabled", + "file": "geoRedundancyDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", + "reference_id": "accurics.azure.BDR.163", + "category": "Resilience", + "version": 2, + "id": "AC_AZURE_0407" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json index 3058a7969..c47c1563d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json @@ -1,15 +1,15 @@ { - "name": "reme_sslEnforceDisabled", - "file": "sslEnforceDisabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_postgresql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "reference_id": "accurics.azure.EKM.1", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0408" -} + "name": "reme_sslEnforceDisabled", + "file": "sslEnforceDisabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_postgresql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", + "reference_id": "accurics.azure.EKM.1", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0408" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json index ed4c60ad1..96f2cbbc0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json @@ -1,15 +1,15 @@ { - "name": "reme_nonSslEnabled", - "file": "nonSslEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that the Redis Cache accepts only SSL connections", - "reference_id": "accurics.azure.EKM.23", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0394" -} + "name": "reme_nonSslEnabled", + "file": "nonSslEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that the Redis Cache accepts only SSL connections", + "reference_id": "accurics.azure.EKM.23", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0394" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json index 7e9abb971..24231861c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json @@ -1,15 +1,15 @@ { - "name": "reme_redisCacheNoUpdatePatchSchedule", - "file": "redisCacheNoUpdatePatchSchedule.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", - "reference_id": "accurics.azure.NS.13", - "category": "Security Best Practices", - "version": 2, - "id": "AC_AZURE_0393" -} + "name": "reme_redisCacheNoUpdatePatchSchedule", + "file": "redisCacheNoUpdatePatchSchedule.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", + "reference_id": "accurics.azure.NS.13", + "category": "Security Best Practices", + "version": 2, + "id": "AC_AZURE_0393" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json index 32d3d6ec9..5ebe7521e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json @@ -1,15 +1,15 @@ { - "name": "reme_allowLessHosts", - "file": "allowLessHosts.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", - "reference_id": "accurics.azure.NS.166", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0390" -} + "name": "reme_allowLessHosts", + "file": "allowLessHosts.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", + "reference_id": "accurics.azure.NS.166", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0390" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json index 67611b334..93feb62f4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json @@ -1,17 +1,17 @@ { - "name": "reme_entirelyAccessible", - "file": "publiclyAccessible.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "isEntire": true, - "name": "entirelyAccessible", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", - "reference_id": "accurics.azure.NS.30", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0392" -} + "name": "reme_entirelyAccessible", + "file": "publiclyAccessible.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "isEntire": true, + "name": "entirelyAccessible", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", + "reference_id": "accurics.azure.NS.30", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0392" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json index a73e5ff09..2cf4b24c1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json @@ -1,17 +1,17 @@ { - "name": "reme_publiclyAccessible", - "file": "publiclyAccessible.rego", - "policy_type": "azure", - "resource_type": "azurerm_redis_cache", - "template_args": { - "isEntire": false, - "name": "publiclyAccessible", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", - "reference_id": "accurics.azure.NS.31", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0391" -} + "name": "reme_publiclyAccessible", + "file": "publiclyAccessible.rego", + "policy_type": "azure", + "resource_type": "azurerm_redis_cache", + "template_args": { + "isEntire": false, + "name": "publiclyAccessible", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", + "reference_id": "accurics.azure.NS.31", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0391" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json index 6bb055741..3b11a08f2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json @@ -1,15 +1,15 @@ { - "name": "reme_resourceGroupLock", - "file": "resourceGroupLock.rego", - "policy_type": "azure", - "resource_type": "azurerm_resource_group", - "template_args": { - "prefix": "reme_" - }, - "severity": "LOW", - "description": "Ensure that Azure Resource Group has resource lock enabled", - "reference_id": "accurics.azure.NS.272", - "category": "Identity and Access Management", - "version": 2, - "id": "AC_AZURE_0389" -} + "name": "reme_resourceGroupLock", + "file": "resourceGroupLock.rego", + "policy_type": "azure", + "resource_type": "azurerm_resource_group", + "template_args": { + "prefix": "reme_" + }, + "severity": "LOW", + "description": "Ensure that Azure Resource Group has resource lock enabled", + "reference_id": "accurics.azure.NS.272", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0389" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json index a73b4262c..f9dee9d4f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json +++ b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json @@ -1,15 +1,15 @@ { - "name": "reme_checkGuestUser", - "file": "checkGuestUser.rego", - "policy_type": "azure", - "resource_type": "azurerm_role_assignment", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that there are no guest users", - "reference_id": "accurics.azure.IAM.388", - "category": "Identity and Access Management", - "version": 1, - "id": "AC_AZURE_0388" -} + "name": "reme_checkGuestUser", + "file": "checkGuestUser.rego", + "policy_type": "azure", + "resource_type": "azurerm_role_assignment", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that there are no guest users", + "reference_id": "accurics.azure.IAM.388", + "category": "Identity and Access Management", + "version": 1, + "id": "AC_AZURE_0388" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json index b9fcb7ce9..db78e3592 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json @@ -8,5 +8,6 @@ "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'", "reference_id": "accurics.azure.MON.353", "category": "Logging and Monitoring", - "version": 1 + "version": 1, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json index 2b526bcf2..738646aa9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json @@ -1,15 +1,15 @@ { - "name": "reme_securityCenterPrincingTier", - "file": "securityCenterPrincingTier.rego", - "policy_type": "azure", - "resource_type": "azurerm_security_center_subscription_pricing", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that standard pricing tiers are selected", - "reference_id": "accurics.azure.OPS.349", - "category": "Security Best Practices", - "version": 1, - "id": "AC_AZURE_0385" -} + "name": "reme_securityCenterPrincingTier", + "file": "securityCenterPrincingTier.rego", + "policy_type": "azure", + "resource_type": "azurerm_security_center_subscription_pricing", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that standard pricing tiers are selected", + "reference_id": "accurics.azure.OPS.349", + "category": "Security Best Practices", + "version": 1, + "id": "AC_AZURE_0385" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json index b70828680..b9648ff01 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json @@ -1,15 +1,15 @@ { - "name": "reme_sqlServerADPredictableAccount", - "file": "sqlServerADPredictableAccount.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_active_directory_administrator", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", - "reference_id": "accurics.azure.IAM.137", - "category": "Compliance Validation", - "version": 2, - "id": "AC_AZURE_0384" -} + "name": "reme_sqlServerADPredictableAccount", + "file": "sqlServerADPredictableAccount.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_active_directory_administrator", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", + "reference_id": "accurics.azure.IAM.137", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0384" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json index ad627671f..fbd39c0c6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json @@ -1,15 +1,15 @@ { - "name": "reme_checkAuditEnabled", - "file": "checkAuditEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_database", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", - "reference_id": "accurics.azure.MON.157", - "category": "Logging and Monitoring", - "version": 2, - "id": "AC_AZURE_0383" -} + "name": "reme_checkAuditEnabled", + "file": "checkAuditEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_database", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", + "reference_id": "accurics.azure.MON.157", + "category": "Logging and Monitoring", + "version": 2, + "id": "AC_AZURE_0383" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json index ca0ff6639..cb86f62e1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json @@ -1,15 +1,15 @@ { - "name": "reme_moreHostsAllowed", - "file": "moreHostsAllowed.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Restrict Azure SQL Server accessibility to a minimal address range", - "reference_id": "accurics.azure.NS.169", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0280" -} + "name": "reme_moreHostsAllowed", + "file": "moreHostsAllowed.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Restrict Azure SQL Server accessibility to a minimal address range", + "reference_id": "accurics.azure.NS.169", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0280" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json index 7a85287c7..106fff2c3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json @@ -1,17 +1,17 @@ { - "name": "reme_sqlIngressAccess", - "file": "checkPublicAccessNotAllow.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "isEntire": false, - "name": "sqlIngressAccess", - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", - "reference_id": "accurics.azure.NS.21", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0380" -} + "name": "reme_sqlIngressAccess", + "file": "checkPublicAccessNotAllow.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "isEntire": false, + "name": "sqlIngressAccess", + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", + "reference_id": "accurics.azure.NS.21", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0380" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json index 2126edec2..096e47bf8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json @@ -1,17 +1,17 @@ { - "name": "reme_sqlPublicAccess", - "file": "checkPublicAccessNotAllow.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_firewall_rule", - "template_args": { - "isEntire": true, - "name": "sqlPublicAccess", - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", - "reference_id": "accurics.azure.NS.5", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0381" -} + "name": "reme_sqlPublicAccess", + "file": "checkPublicAccessNotAllow.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_firewall_rule", + "template_args": { + "isEntire": true, + "name": "sqlPublicAccess", + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", + "reference_id": "accurics.azure.NS.5", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0381" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json index fbf024e6a..e34bd6b00 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json @@ -1,15 +1,15 @@ { - "name": "reme_sqlServerADAdminConfigured", - "file": "sqlServerADAdminConfigured.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", - "reference_id": "accurics.azure.IAM.10", - "category": "Identity and Access Management", - "version": 2, - "id": "AC_AZURE_0378" -} + "name": "reme_sqlServerADAdminConfigured", + "file": "sqlServerADAdminConfigured.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", + "reference_id": "accurics.azure.IAM.10", + "category": "Identity and Access Management", + "version": 2, + "id": "AC_AZURE_0378" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json index 28a0a4d25..59650ec3b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json @@ -1,15 +1,15 @@ { - "name": "reme_sqlServerPredictableAccount", - "file": "sqlServerPredictableAccount.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", - "reference_id": "accurics.azure.IAM.138", - "category": "Compliance Validation", - "version": 2, - "id": "AC_AZURE_0377" -} + "name": "reme_sqlServerPredictableAccount", + "file": "sqlServerPredictableAccount.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", + "reference_id": "accurics.azure.IAM.138", + "category": "Compliance Validation", + "version": 2, + "id": "AC_AZURE_0377" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json index ac2dee6c5..98d30f59b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json @@ -1,13 +1,13 @@ { - "name": "sqlAuditingRetention", - "file": "sqlAuditingRetention.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": null, - "severity": "LOW", - "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", - "reference_id": "accurics.azure.LOG.356", - "category": "Compliance Validation", - "version": 1, - "id": "AC_AZURE_0375" -} + "name": "sqlAuditingRetention", + "file": "sqlAuditingRetention.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": null, + "severity": "LOW", + "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", + "reference_id": "accurics.azure.LOG.356", + "category": "Compliance Validation", + "version": 1, + "id": "AC_AZURE_0375" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json index 24b1d55b6..f4313a215 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json @@ -1,13 +1,13 @@ { - "name": "sqlServerAuditingEnabled", - "file": "sqlServerAuditingEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_sql_server", - "template_args": null, - "severity": "MEDIUM", - "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", - "reference_id": "accurics.azure.MON.354", - "category": "Logging and Monitoring", - "version": 1, - "id": "AC_AZURE_0376" -} + "name": "sqlServerAuditingEnabled", + "file": "sqlServerAuditingEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_sql_server", + "template_args": null, + "severity": "MEDIUM", + "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", + "reference_id": "accurics.azure.MON.354", + "category": "Logging and Monitoring", + "version": 1, + "id": "AC_AZURE_0376" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json index 69bdf1a56..79e5787dd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json @@ -1,15 +1,15 @@ { - "name": "reme_storageAccountEnableHttps", - "file": "storageAccountEnableHttps.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", - "reference_id": "accurics.azure.EKM.7", - "category": "Data Protection", - "version": 2, - "id": "AC_AZURE_0373" -} + "name": "reme_storageAccountEnableHttps", + "file": "storageAccountEnableHttps.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", + "reference_id": "accurics.azure.EKM.7", + "category": "Data Protection", + "version": 2, + "id": "AC_AZURE_0373" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json index bd5e13557..8c0bb6d02 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json @@ -1,15 +1,15 @@ { - "name": "reme_storageAccountTrustedMicrosoftServicesEnabled", - "file": "storageAccountTrustedMicrosoftServicesEnabled.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "reference_id": "accurics.azure.NS.2", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0371" -} + "name": "reme_storageAccountTrustedMicrosoftServicesEnabled", + "file": "storageAccountTrustedMicrosoftServicesEnabled.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", + "reference_id": "accurics.azure.NS.2", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0371" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json index 39b00c956..bac58bdce 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json @@ -1,15 +1,15 @@ { - "name": "reme_storageAccountOpenToPublic", - "file": "storageAccountOpenToPublic.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_account", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure default network access rule for Storage Accounts is not open to public", - "reference_id": "accurics.azure.NS.4", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0370" -} + "name": "reme_storageAccountOpenToPublic", + "file": "storageAccountOpenToPublic.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_account", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Ensure default network access rule for Storage Accounts is not open to public", + "reference_id": "accurics.azure.NS.4", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0370" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json b/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json index b17333bb3..a87580fb1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json @@ -8,5 +8,6 @@ "description": "Ensure default network access rule for Storage Accounts is set to deny.", "reference_id": "accurics.azure.NS.370", "category": "Network Security", - "version": 1 + "version": 1, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json index ae01359da..6512e4235 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json @@ -1,15 +1,15 @@ { - "name": "reme_checkStorageContainerAccess", - "file": "checkStorageContainerAccess.rego", - "policy_type": "azure", - "resource_type": "azurerm_storage_container", - "template_args": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", - "reference_id": "accurics.azure.IAM.368", - "category": "Identity and Access Management", - "version": 1, - "id": "AC_AZURE_0366" -} + "name": "reme_checkStorageContainerAccess", + "file": "checkStorageContainerAccess.rego", + "policy_type": "azure", + "resource_type": "azurerm_storage_container", + "template_args": { + "prefix": "reme_" + }, + "severity": "HIGH", + "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", + "reference_id": "accurics.azure.IAM.368", + "category": "Identity and Access Management", + "version": 1, + "id": "AC_AZURE_0366" +} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json index 043b2e838..436272070 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json @@ -10,5 +10,6 @@ "description": "Ensure that at least one Network Security Group is attached to all VMs and subnets that are public", "reference_id": "accurics.azure.NS.18", "category": "Network Security", - "version": 1 + "version": 1, + "id": "" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json index b1461f7f0..0feecf54e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json @@ -1,15 +1,15 @@ { - "name": "reme_noSecurityGroupAssociated", - "file": "noSecurityGroupAssociated.rego", - "policy_type": "azure", - "resource_type": "azurerm_virtual_network", - "template_args": { - "prefix": "reme_" - }, - "severity": "MEDIUM", - "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", - "reference_id": "accurics.azure.NS.161", - "category": "Infrastructure Security", - "version": 2, - "id": "AC_AZURE_0356" -} + "name": "reme_noSecurityGroupAssociated", + "file": "noSecurityGroupAssociated.rego", + "policy_type": "azure", + "resource_type": "azurerm_virtual_network", + "template_args": { + "prefix": "reme_" + }, + "severity": "MEDIUM", + "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", + "reference_id": "accurics.azure.NS.161", + "category": "Infrastructure Security", + "version": 2, + "id": "AC_AZURE_0356" +} \ No newline at end of file From bb030afd4d9f5591b3c1246b9663dc2ced7f6166 Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Wed, 26 May 2021 23:39:28 +0530 Subject: [PATCH 4/4] removing id field from unmatched policies --- .../azure/azurerm_managed_disk/accurics.azure.EKM.156.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.100.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.102.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.104.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.106.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.108.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.110.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.112.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.114.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.116.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.118.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.170.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.173.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.175.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.177.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.179.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.181.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.183.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.185.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.187.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.189.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.191.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.193.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.195.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.197.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.199.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.201.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.203.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.205.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.207.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.209.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.211.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.213.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.215.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.217.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.219.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.221.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.223.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.225.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.227.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.229.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.231.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.233.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.235.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.237.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.239.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.241.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.243.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.245.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.247.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.249.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.251.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.253.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.275.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.276.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.277.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.278.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.279.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.280.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.281.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.282.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.283.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.284.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.285.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.286.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.287.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.288.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.289.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.290.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.291.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.292.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.293.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.294.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.295.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.296.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.297.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.298.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.299.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.300.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.301.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.302.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.303.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.304.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.305.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.306.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.307.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.308.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.309.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.310.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.311.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.312.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.313.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.314.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.315.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.35.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.36.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.37.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.38.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.40.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.42.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.44.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.46.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.48.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.50.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.52.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.54.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.56.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.58.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.60.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.62.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.64.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.66.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.68.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.70.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.72.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.74.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.76.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.78.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.80.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.82.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.84.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.86.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.88.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.90.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.92.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.94.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.96.json | 3 +-- .../azurerm_network_security_rule/accurics.azure.NPS.98.json | 3 +-- .../accurics.azure.NS.342.json | 3 +-- .../accurics.azure.LOG.155.json | 3 +-- .../accurics.azure.MON.353.json | 3 +-- .../accurics.azure.NS.370.json | 3 +-- .../azure/azurerm_virtual_machine/accurics.azure.NS.18.json | 3 +-- 133 files changed, 133 insertions(+), 266 deletions(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json index b31c24e57..8b6c3e558 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json @@ -10,6 +10,5 @@ "description": "Ensure that 'OS disk' are encrypted", "reference_id": "accurics.azure.EKM.156", "category": "Data Protection", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json index 2b8851a85..277b91ac0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json @@ -16,6 +16,5 @@ "description": "Puppet Master (TCP:8140) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.100", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json index 0d117d603..f7adc2106 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json @@ -16,6 +16,5 @@ "description": "SMTP (TCP:25) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.102", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json index fb706dfeb..3800f8ccd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json @@ -16,6 +16,5 @@ "description": "SNMP (UDP:161) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.104", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json index c721c1070..bc20ac3e0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.106", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json index d90c42842..9ea0452a1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.108", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json index 4d4ebcde2..0704feed6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4505) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.110", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json index ef46fdf0d..bd7a8b4d8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4506) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.112", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json index b75584c14..cd53c8080 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json @@ -16,6 +16,5 @@ "description": "Telnet (TCP:23) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.114", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json index 0471cd354..9696fdc85 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json @@ -16,6 +16,5 @@ "description": "VNC Listener (TCP:5500) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.116", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json index a6557f088..64bd49b69 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json @@ -16,6 +16,5 @@ "description": "VNC Server (TCP:5900) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.118", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json index 03b843eec..9396930a1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json @@ -16,6 +16,5 @@ "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.170", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json index 023bae15b..2a835c0ba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json @@ -16,6 +16,5 @@ "description": "CIFS / SMB (TCP:3020) is exposed to small Public network", "reference_id": "accurics.azure.NPS.173", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json index 77355a93a..d0378bf3e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json @@ -16,6 +16,5 @@ "description": "Cassandra (TCP:7001) is exposed to small Public network", "reference_id": "accurics.azure.NPS.175", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json index cdbaa7bf9..2e9616455 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json @@ -16,6 +16,5 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Public network", "reference_id": "accurics.azure.NPS.177", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json index 5e9a88f88..11d1b3df9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json @@ -16,6 +16,5 @@ "description": "DNS (UDP:53) is exposed to small Public network", "reference_id": "accurics.azure.NPS.179", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json index ae65ba6e9..ab9edccda 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json @@ -16,6 +16,5 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.181", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json index 81364c033..f5010b74d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.183", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json index 0720e8c6f..5e1c68b32 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8080) is exposed to small Public network", "reference_id": "accurics.azure.NPS.185", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json index 7c62ce5be..26ef06f38 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json @@ -16,6 +16,5 @@ "description": "LDAP SSL (TCP:636) is exposed to small Public network", "reference_id": "accurics.azure.NPS.187", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json index 6c08ff4de..2ad2fa4b6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json @@ -16,6 +16,5 @@ "description": "MSSQL Admin (TCP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.189", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json index a7bb1a305..627fd7eff 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json @@ -16,6 +16,5 @@ "description": "MSSQL Browser (UDP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.191", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json index 5390a24aa..c1ba7f7b6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json @@ -16,6 +16,5 @@ "description": "MSSQL Debugger (TCP:135) is exposed to small Public network", "reference_id": "accurics.azure.NPS.193", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json index 0f99e8822..c39b28f58 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json @@ -16,6 +16,5 @@ "description": "MSSQL Server (TCP:1433) is exposed to small Public network", "reference_id": "accurics.azure.NPS.195", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json index b0f02615e..c62df92d5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.197", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json index f18bc7fb1..fe09af974 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.199", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json index b0865a10c..46b466f7d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.201", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json index 6353ae434..74e10b751 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.203", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json index 87d68743f..b62b05896 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json @@ -16,6 +16,5 @@ "description": "Microsoft-DS (TCP:445) is exposed to small Public network", "reference_id": "accurics.azure.NPS.205", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json index 50acfb7a8..6fadf1bed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json @@ -16,6 +16,5 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to small Public network", "reference_id": "accurics.azure.NPS.207", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json index 0a61c111d..ee5e4f973 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json @@ -16,6 +16,5 @@ "description": "MySQL (TCP:3306) is exposed to small Public network", "reference_id": "accurics.azure.NPS.209", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json index a4a33df4f..2009886d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.211", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json index 08b42ad38..23a2178ce 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.213", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json index ea2d75741..9b64393a9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.215", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json index 876feeb7e..1ddc4bd45 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.217", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json index 6fcd40ead..b9d8dacb0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.219", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json index f00088993..080d2f6a7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.221", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json index b39092699..5b76d884f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.223", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json index 82a415f8e..db9021869 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.225", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json index f06dcf139..e46748198 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json @@ -16,6 +16,5 @@ "description": "POP3 (TCP:110) is exposed to small Public network", "reference_id": "accurics.azure.NPS.227", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json index 8f6544365..a5e18778f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (TCP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.229", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json index 11270c61b..756bd05c5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (UDP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.231", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json index 4fda24750..09efdec65 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json @@ -16,6 +16,5 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.233", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json index fd3048162..6bff6a551 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json @@ -16,6 +16,5 @@ "description": "Puppet Master (TCP:8140) is exposed to small Public network", "reference_id": "accurics.azure.NPS.235", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json index 4323f952e..025e9fac8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json @@ -16,6 +16,5 @@ "description": "SMTP (TCP:25) is exposed to small Public network", "reference_id": "accurics.azure.NPS.237", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json index f56c2309a..c043e7a41 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json @@ -16,6 +16,5 @@ "description": "SNMP (UDP:161) is exposed to small Public network", "reference_id": "accurics.azure.NPS.239", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json index 562411f52..d80c9ec60 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to small Public network", "reference_id": "accurics.azure.NPS.241", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json index 77399ed95..5555267ee 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to small Public network", "reference_id": "accurics.azure.NPS.243", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json index 387830c8c..e6c399483 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4505) is exposed to small Public network", "reference_id": "accurics.azure.NPS.245", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json index ec155deda..a03f5e76b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4506) is exposed to small Public network", "reference_id": "accurics.azure.NPS.247", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json index 529e295c5..0161c6adb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json @@ -16,6 +16,5 @@ "description": "Telnet (TCP:23) is exposed to small Public network", "reference_id": "accurics.azure.NPS.249", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json index c6a6f1969..09806b525 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json @@ -16,6 +16,5 @@ "description": "VNC Listener (TCP:5500) is exposed to small Public network", "reference_id": "accurics.azure.NPS.251", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json index 705dd8abd..b09945c97 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json @@ -16,6 +16,5 @@ "description": "VNC Server (TCP:5900) is exposed to small Public network", "reference_id": "accurics.azure.NPS.253", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json index 2147af6a6..3ffcb70ff 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json @@ -16,6 +16,5 @@ "description": "CIFS / SMB (TCP:3020) is exposed to small Private network", "reference_id": "accurics.azure.NPS.275", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json index a0bfa0cbc..077a1c35c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json @@ -16,6 +16,5 @@ "description": "Cassandra (TCP:7001) is exposed to small Private network", "reference_id": "accurics.azure.NPS.276", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json index 4352ec688..6fbb0f249 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json @@ -16,6 +16,5 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Private network", "reference_id": "accurics.azure.NPS.277", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json index 0e3651c74..453717a0b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json @@ -16,6 +16,5 @@ "description": "DNS (UDP:53) is exposed to small Private network", "reference_id": "accurics.azure.NPS.278", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json index afc41f0b8..519d4706d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json @@ -16,6 +16,5 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.279", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json index 5d556597f..847a4f88e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.280", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json index c7a1837df..335c95e91 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8080) is exposed to small Private network", "reference_id": "accurics.azure.NPS.281", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json index 3413eefbf..01f654616 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json @@ -16,6 +16,5 @@ "description": "LDAP SSL (TCP:636) is exposed to small Private network", "reference_id": "accurics.azure.NPS.282", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json index 572f8ce5c..526a3ac8d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json @@ -16,6 +16,5 @@ "description": "MSSQL Admin (TCP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.283", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json index 54ab0b31c..360f39e9d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json @@ -16,6 +16,5 @@ "description": "MSSQL Browser (UDP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.284", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json index 25d06a864..3bba35813 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json @@ -16,6 +16,5 @@ "description": "MSSQL Debugger (TCP:135) is exposed to small Private network", "reference_id": "accurics.azure.NPS.285", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json index a0a19be48..180ebfe03 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json @@ -16,6 +16,5 @@ "description": "MSSQL Server (TCP:1433) is exposed to small Private network", "reference_id": "accurics.azure.NPS.286", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json index 181eda826..ebdcf0c19 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.287", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json index e12b9327d..1dd915415 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.288", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json index 1ef793ada..f61429399 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.289", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json index c9831e3ea..9887e046e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.290", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json index 59f3bb4fc..cb32425ad 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json @@ -16,6 +16,5 @@ "description": "Microsoft-DS (TCP:445) is exposed to small Private network", "reference_id": "accurics.azure.NPS.291", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json index 8e314addc..b227e237b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json @@ -16,6 +16,5 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to small Private network", "reference_id": "accurics.azure.NPS.292", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json index aa60ca812..5840db48e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json @@ -16,6 +16,5 @@ "description": "MySQL (TCP:3306) is exposed to small Private network", "reference_id": "accurics.azure.NPS.293", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json index 38396523a..1057d6708 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.294", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json index 51a5325f3..bcc3617cc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.295", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json index 86ebe81ed..e97e9bb63 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.296", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json index da5d744ca..8b6370ffb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.297", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json index 2ee88709c..ea99c2edc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.298", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json index 65d15d4d3..ff5fd9e67 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.299", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json index 3a1f2b3bb..df9efeb03 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.300", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json index 76a052e7f..095cc60d2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.301", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json index ca82cb36f..0e1886931 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json @@ -16,6 +16,5 @@ "description": "POP3 (TCP:110) is exposed to small Private network", "reference_id": "accurics.azure.NPS.302", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json index 4423c7b1f..b468a0626 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (TCP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.303", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json index 7938e1ca1..111242c2a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (UDP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.304", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json index 9de7de1d2..0ba899efd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json @@ -16,6 +16,5 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.305", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json index 75fe9f2df..c60228291 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json @@ -16,6 +16,5 @@ "description": "Puppet Master (TCP:8140) is exposed to small Private network", "reference_id": "accurics.azure.NPS.306", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json index fc9eb8a51..ecd6c1508 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json @@ -16,6 +16,5 @@ "description": "SMTP (TCP:25) is exposed to small Private network", "reference_id": "accurics.azure.NPS.307", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json index 542ebbfd5..251fefdd2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json @@ -16,6 +16,5 @@ "description": "SNMP (UDP:161) is exposed to small Private network", "reference_id": "accurics.azure.NPS.308", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json index a821556f2..8b99463b4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2382) is exposed to small Private network", "reference_id": "accurics.azure.NPS.309", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json index a31203653..e9cab356f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json @@ -16,6 +16,5 @@ "description": "SQL Server Analysis (TCP:2383) is exposed to small Private network", "reference_id": "accurics.azure.NPS.310", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json index 00aa22fc2..107192238 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4505) is exposed to small Private network", "reference_id": "accurics.azure.NPS.311", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json index 4b0690c61..e6887eefb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json @@ -16,6 +16,5 @@ "description": "SaltStack Master (TCP:4506) is exposed to small Private network", "reference_id": "accurics.azure.NPS.312", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json index af7df04cd..1cea318c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json @@ -16,6 +16,5 @@ "description": "Telnet (TCP:23) is exposed to small Private network", "reference_id": "accurics.azure.NPS.313", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json index 3b7c85007..b0f8c1a55 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json @@ -16,6 +16,5 @@ "description": "VNC Listener (TCP:5500) is exposed to small Private network", "reference_id": "accurics.azure.NPS.314", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json index 564ae25b3..4ec8d38bd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json @@ -16,6 +16,5 @@ "description": "VNC Server (TCP:5900) is exposed to small Private network", "reference_id": "accurics.azure.NPS.315", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json index 979659c3c..b58605be6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json @@ -16,6 +16,5 @@ "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.35", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json index 02f9d97f5..7e7043949 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json @@ -16,6 +16,5 @@ "description": "Remote Desktop (TCP:3389) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.36", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json index b5a868ea1..7d32aec4e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json @@ -16,6 +16,5 @@ "description": "SSH (TCP:22) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.37", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json index 9ae956a79..edf532e7b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json @@ -16,6 +16,5 @@ "description": "CIFS / SMB (TCP:3020) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.38", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json index 83c5cd535..d277ba80f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json @@ -16,6 +16,5 @@ "description": "Cassandra (TCP:7001) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.40", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json index f73f51b38..208827341 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json @@ -16,6 +16,5 @@ "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.42", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json index 2b0e42bc4..3bfcf15fd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json @@ -16,6 +16,5 @@ "description": "DNS (UDP:53) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.44", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json index 18768a328..1b123f899 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json @@ -16,6 +16,5 @@ "description": "Hadoop Name Node (TCP:9000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.46", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json index b494b1cd5..3e5acfe4a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.48", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json index b3ae48a7b..4e0665053 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json @@ -16,6 +16,5 @@ "description": " Known internal web port (TCP:8080) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.50", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json index f70ced0ba..1cc452a58 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json @@ -16,6 +16,5 @@ "description": "LDAP SSL (TCP:636) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.52", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json index 0fbaad963..b13e24f3e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json @@ -16,6 +16,5 @@ "description": "MSSQL Admin (TCP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.54", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json index 1a511c0b2..0ccd4fffa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json @@ -16,6 +16,5 @@ "description": "MSSQL Browser (UDP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.56", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json index f4421beae..569352ec6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json @@ -16,6 +16,5 @@ "description": "MSSQL Debugger (TCP:135) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.58", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json index 344c4c49a..e6e57ba32 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json @@ -16,6 +16,5 @@ "description": "MSSQL Server (TCP:1433) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.60", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json index 24719dda4..0480c0b1d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.62", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json index 6cec82ea9..e8bd7976f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (TCP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.64", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json index 5de1495d8..3f403ee8f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.66", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json index 22ddb0c3c..8efe6f912 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json @@ -16,6 +16,5 @@ "description": "Memcached SSL (UDP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.68", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json index 2e8d4315b..b8395d32a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json @@ -16,6 +16,5 @@ "description": "Microsoft-DS (TCP:445) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.70", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json index 2b2833b9b..a15230fb8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json @@ -16,6 +16,5 @@ "description": "Mongo Web Portal (TCP:27018) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.72", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json index 13191aa7e..40c1c97f7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json @@ -16,6 +16,5 @@ "description": "MySQL (TCP:3306) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.74", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json index 0e7c067ea..15152ef38 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (TCP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.76", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json index 7b76862cd..217a2639b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json @@ -16,6 +16,5 @@ "description": "NetBIOS Name Service (UDP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.78", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json index c547ca752..ee7dbcce8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.80", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json index fd9e84799..18d56006c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json @@ -16,6 +16,5 @@ "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.82", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json index 945d60382..9fb6ace4a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (TCP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.84", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json index 68673802c..ce27663ea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json @@ -16,6 +16,5 @@ "description": "NetBIOS Session Service (UDP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.86", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json index ff7e5b790..e31af75c8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (TCP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.88", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json index d1649adc1..6d4584dba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json @@ -16,6 +16,5 @@ "description": "Oracle DB SSL (UDP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.90", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json index efff729d0..4d168c834 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json @@ -16,6 +16,5 @@ "description": "POP3 (TCP:110) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.92", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json index 37e0713e6..cb8205b50 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (TCP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.94", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json index 7782b16a3..df22b3db4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json @@ -16,6 +16,5 @@ "description": "PostgreSQL (UDP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.96", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json index ae9e72714..74a0aec88 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json @@ -16,6 +16,5 @@ "description": "Prevalent known internal port (TCP:3000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.98", "category": "Infrastructure Security", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json index 19b6ef3fe..8fcece1a6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json @@ -10,6 +10,5 @@ "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", "reference_id": "accurics.azure.NS.342", "category": "Resilience", - "version": 1, - "id": "" + "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json index 4fec3b528..57f6dd2d6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json @@ -10,6 +10,5 @@ "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.155", "category": "Logging and Monitoring", - "version": 2, - "id": "" + "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json index db78e3592..b9fcb7ce9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json @@ -8,6 +8,5 @@ "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'", "reference_id": "accurics.azure.MON.353", "category": "Logging and Monitoring", - "version": 1, - "id": "" + "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json b/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json index a87580fb1..b17333bb3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account_network_rules/accurics.azure.NS.370.json @@ -8,6 +8,5 @@ "description": "Ensure default network access rule for Storage Accounts is set to deny.", "reference_id": "accurics.azure.NS.370", "category": "Network Security", - "version": 1, - "id": "" + "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json index 436272070..043b2e838 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json @@ -10,6 +10,5 @@ "description": "Ensure that at least one Network Security Group is attached to all VMs and subnets that are public", "reference_id": "accurics.azure.NS.18", "category": "Network Security", - "version": 1, - "id": "" + "version": 1 } \ No newline at end of file