🧠 AWS EC2 Security Group allows unrestricted NetBIOS traffic - prod.logic.yaml🟢
- Contextual name: 🧠 prod.logic.yaml🟢
- ID:
/ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml - Tags:
Uses
Test Results 🟢
Generated at: 2026-02-10T22:32:45.930561949Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| 🟢 | test1 | ✔️ 99 | ✔️ isDisappeared(CA10__disappearanceTime__c) | ✔️ null |
| 🟢 | test2 | ✔️ 199 | ✔️ CA10__AWS_EC2_Security_Group_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test3 | ✔️ 199 | ✔️ CA10__AWS_EC2_Security_Group_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test4 | ✔️ 199 | ✔️ CA10__AWS_EC2_Security_Group_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | test5 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | test6 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | test7 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | test8 | ✔️ 200 | ✔️ otherwise | ✔️ null |
Generation Bundle
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/policy.yaml | DE6B288B1A83673D09EBEF23B8182CAE |
| Open | /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml | 07DEFEBAD19F941142D786E6736D08F2 |
| Open | /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/test-data.json | 7233673E76D1FBA8ECC06D8227645BD8 |
| Open | /types/CA10__CaAwsSecurityGroupRule2__c/object.extracts.yaml | 58DC1872D7462985D50972C65C61C237 |
Available Commands
repo-manager policies generate FULL /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/aws/ec2/security-group-allows-unrestricted-netbios-traffic/prod.logic.yaml
Content
---
inputType: "CA10__CaAwsSecurityGroup__c"
testData:
- file: "test-data.json"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "This security group allows NetBIOS (TCP: 137,139, UDP: 137,138) access from 0.0.0.0/0 or ::/0."
remediationMessage: "Change the security group source to a range other than 0.0.0.0/0 or delete the offending inbound rule."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "This security group does not allow unrestricted NetBIOS access."
relatedLists:
- relationshipName: "CA10__AWS_EC2_Security_Group_Rules__r"
importExtracts:
- file: "/types/CA10__CaAwsSecurityGroupRule2__c/object.extracts.yaml"
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This is an outbound security group rule."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10__direction__c"
right:
TEXT: "Inbound"
- status: "INAPPLICABLE"
currentStateMessage: "This security group rule does not allow unrestricted access."
check:
AND:
args:
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceIpRange__c"
right:
TEXT: "0.0.0.0/0"
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceIpRange__c"
right:
TEXT: "::/0"
- status: "INAPPLICABLE"
currentStateMessage: "This security group rule protocol is not All, TCP, UDP."
check:
# check that protocol is neither all, tcp, or udp
NOT:
arg:
OR:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "All"
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "tcp"
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "udp"
- status: "INCOMPLIANT"
currentStateMessage: "This security group allows NetBIOS access from 0.0.0.0/0 or ::/0."
remediationMessage: "Change the source field to a range other\
\ than 0.0.0.0/0 or delete the offending inbound rule."
check:
OR:
args:
- AND:
args:
- LESS_THAN_EQUAL:
left:
EXTRACT: "CA10__fromPort__c"
right:
NUMBER: 137.0
- GREATER_THAN_EQUAL:
left:
EXTRACT: "CA10__toPort__c"
right:
NUMBER: 137.0
- status: "INCOMPLIANT"
currentStateMessage: "This security group allows NetBIOS access from 0.0.0.0/0 or ::/0."
remediationMessage: "Change the source field to a range other\
\ than 0.0.0.0/0 or delete the offending inbound rule."
check:
AND:
args:
- OR:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "All"
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "udp"
- LESS_THAN_EQUAL:
left:
EXTRACT: "CA10__fromPort__c"
right:
NUMBER: 138.0
- GREATER_THAN_EQUAL:
left:
EXTRACT: "CA10__toPort__c"
right:
NUMBER: 138.0
- status: "INCOMPLIANT"
currentStateMessage: "This security group allows NetBIOS access from 0.0.0.0/0 or ::/0."
remediationMessage: "Change the source field to a range other\
\ than 0.0.0.0/0 or delete the offending inbound rule."
check:
AND:
args:
- OR:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "All"
- IS_EQUAL:
left:
EXTRACT: "CA10__protocol__c"
right:
TEXT: "tcp"
- LESS_THAN_EQUAL:
left:
EXTRACT: "CA10__fromPort__c"
right:
NUMBER: 139.0
- GREATER_THAN_EQUAL:
left:
EXTRACT: "CA10__toPort__c"
right:
NUMBER: 139.0
otherwise:
status: "COMPLIANT"
currentStateMessage: "This security group does not allow unrestricted access."