515 docs tagged with "logic"

AWS API Gateway API Access Logging in CloudWatch is not enabled - prod.logic.yaml

AWS ELB Load Balancer is unused - prod.logic.yaml

AWS IAM User has inline or directly attached policies - prod.logic.yaml

AWS VPC Flow Logs are not enabled - prod.logic.yaml

AWS WAF Rule Group has no WAF Rules - prod.logic.yaml

AWS WAF Web ACL has no WAF Rules or WAF Rule Groups - prod.logic.yaml

Azure Subscription Application Insights are not configured - prod.logic.yaml

Azure Subscription Bastion Host does not exist - prod.logic.yaml

Google Project has API Keys - prod.logic.yaml

Google Storage Bucket logging is not enabled - prod.logic.yaml

AWS Support Role is not created - prod.logic.yaml

AWS Account Config is not enabled in all regions - prod.logic.yaml

AWS Account EBS Volume Encryption Attribute is not enabled in all regions - prod.logic.yaml

AWS Account IAM Access Analyzer is not enabled for all regions - prod.logic.yaml

AWS Account Multi-Region CloudTrail is not enabled - prod.logic.yaml

AWS Account Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled - prod.logic.yaml

AWS Account Object-level CloudTrail Logging for Write Events for S3 Buckets is not enabled - prod.logic.yaml

AWS Account IAM Password Policy minimum password length is 14 characters or less - prod.logic.yaml

AWS Account IAM Password Policy Number of passwords to remember is not set to 24 - prod.logic.yaml

AWS ACM Certificate Expired - prod.logic.yaml

AWS ACM Certificate expires in the next 7 days - prod.logic.yaml

AWS ACM Certificate with Wildcard Domain Name - prod.logic.yaml

AWS ACM RSA Certificate key length is less than 2048 bits - prod.logic.yaml

AWS API Gateway API Execution Logging in CloudWatch is not enabled - prod.logic.yaml

AWS API Gateway API Route Authorization Type is not configured - prod.logic.yaml

AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication - prod.logic.yaml

AWS API Gateway REST API Stage is not associated with a WAF Web ACL - prod.logic.yaml

AWS API Gateway REST API Stage X-Ray Tracing is not enabled - prod.logic.yaml

AWS Athena Workgroup CloudWatch Metrics are not enabled - prod.logic.yaml

AWS EC2 Auto Scaling Group and Classic Load Balancer AZs are inconsistent - prod.logic.yaml

AWS EC2 Auto Scaling Group Capacity Rebalancing is not enabled - prod.logic.yaml

AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances - prod.logic.yaml

AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2 - prod.logic.yaml

AWS EC2 Auto Scaling Group does not span multiple Availability Zones - prod.logic.yaml

AWS EC2 Auto Scaling Group uses Launch Configuration instead of Launch Template - prod.logic.yaml

AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check - prod.logic.yaml

AWS Backup Recovery Point is expired and failed to delete - prod.logic.yaml

AWS Backup Vault contains unencrypted Recovery Points - prod.logic.yaml

AWS CloudFront Web Distribution Default Root Object is not configured - prod.logic.yaml

AWS CloudFront Distribution Logging is not enabled - prod.logic.yaml

AWS CloudFront Web Distribution does not encrypt traffic to Custom Origins - prod.logic.yaml

AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic - prod.logic.yaml

AWS CloudFront Web Distribution uses Dedicated IP for SSL - prod.logic.yaml

AWS CloudFront Web Distribution uses default SSL/TLS certificate - prod.logic.yaml

AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins - prod.logic.yaml

AWS CloudTrail is not encrypted with KMS CMK - prod.logic.yaml

AWS CloudTrail Log File Validation is not enabled - prod.logic.yaml

AWS CloudTrail S3 Bucket Access Logging is not enabled. - prod.logic.yaml

AWS CloudWatch Metric Alarm does not have any actions configured - prod.logic.yaml

AWS CodeBuild Project Bitbucket Source Location URL contains credentials - prod.logic.yaml

AWS Connect Instance flow logs are not enabled - prod.logic.yaml

AWS Data Sync Task logging is not enabled - prod.logic.yaml

AWS DAX Cluster Server-Side Encryption is not enabled - prod.logic.yaml

AWS DMS Endpoint doesn't use SSL - prod.logic.yaml

AWS DMS Migration Task Logging is not enabled - prod.logic.yaml

AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled - prod.logic.yaml

AWS DMS Replication Instance is publicly accessible - prod.logic.yaml

AWS DynamoDB Provisioned Table Auto Scaling is not configured - prod.logic.yaml

AWS DynamoDB Table is located in a less cost-effective region - prod.logic.yaml

AWS DynamoDB Table Point In Time Recovery is not enabled - prod.logic.yaml

AWS EC2 Default Security Group does not restrict all traffic - prod.logic.yaml

AWS EBS Snapshot is 90 days old or more - prod.logic.yaml

AWS EBS Snapshot is publicly accessible - prod.logic.yaml

AWS EBS Attached Volume is not encrypted - prod.logic.yaml

AWS EBS Volume is idle - prod.logic.yaml

AWS EBS Volume is underutilized - prod.logic.yaml

AWS EC2 Elastic IP is unused - prod.logic.yaml

AWS EC2 Instance is located in a less cost-effective region - prod.logic.yaml

AWS EC2 Instance Detailed Monitoring is not enabled - prod.logic.yaml

AWS EC2 Instance IAM role is not attached - prod.logic.yaml

AWS EC2 Instance is idle - prod.logic.yaml

AWS EC2 Instance IMDSv2 is not enabled - prod.logic.yaml

AWS EC2 Instance uses paravirtual Virtualization Type - prod.logic.yaml

AWS EC2 Instance is overutilized - prod.logic.yaml

AWS EC2 Instance is underutilized - prod.logic.yaml

AWS EC2 Instance with an auto-assigned public IP address is in a default subnet - prod.logic.yaml

AWS EC2 Instance without a public IP address is in a public subnet - prod.logic.yaml

AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports - prod.logic.yaml

AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports - prod.logic.yaml

AWS EC2 Security Group allows unrestricted CIFS traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted DNS traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted FTP traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted ICMP traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted NetBIOS traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted RPC traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted SMTP traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted Telnet traffic - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to all ports - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to MongoDB - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to MSSQL - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to MySQL - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS - prod.logic.yaml

AWS EC2 Security Group allows unrestricted traffic to PostgreSQL - prod.logic.yaml

AWS ECR Repository Manual Scanning is enabled - prod.logic.yaml

AWS ECR Repository Image Tag Mutability is set to Mutable - prod.logic.yaml

AWS ECR Repository Lifecycle Policy is not configured - prod.logic.yaml

AWS EFS File System encryption is not enabled - prod.logic.yaml

AWS EKS Cluster allows unrestricted public traffic - prod.logic.yaml

AWS EKS Cluster Logging is not enabled for all control plane logs types - prod.logic.yaml

AWS EKS Cluster has node IAM role with AmazonEKS_CNI_Policy attached - prod.logic.yaml

AWS EKS Cluster IAM OIDC provider is not created - prod.logic.yaml

AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled - prod.logic.yaml

AWS ElastiCache Memcached Cluster is underutilized - prod.logic.yaml

AWS ElastiCache Redis Cluster Auto Minor Version Upgrade is not enabled - prod.logic.yaml

AWS ElastiCache Redis Cluster automatic backups are not enabled - prod.logic.yaml

AWS ELB Load Balancer Cross-Zone Load Balancing is not enabled - prod.logic.yaml

AWS ELB Load Balancer is not registered to multiple Availability Zones - prod.logic.yaml

AWS GuardDuty Detector EKS Audit Log Monitoring is not enabled - prod.logic.yaml

AWS GuardDuty is not enabled in all regions - prod.logic.yaml

AWS IAM Server Certificate is expired - prod.logic.yaml

AWS Account Root User has active access keys - prod.logic.yaml

AWS IAM AWSCloudShellFullAccess Policy is attached - prod.logic.yaml

AWS IAM User with credentials unused for 45 days or more is not disabled - prod.logic.yaml

AWS IAM User MFA is not enabled for all users with console password - prod.logic.yaml

AWS IAM Policy allows full administrative privileges - prod.logic.yaml

AWS IAM Role unused - prod.logic.yaml

AWS Account Root User credentials were used is the last 30 days - prod.logic.yaml

AWS Account Root User MFA is not enabled. - prod.logic.yaml

AWS IAM User Access Keys are not rotated every 90 days or less - prod.logic.yaml

AWS IAM User has more than one active access key - prod.logic.yaml

AWS KMS Symmetric CMK Rotation is not enabled - prod.logic.yaml

AWS RDS Aurora Cluster access is not consistent - prod.logic.yaml

AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabled - prod.logic.yaml

AWS RDS Instance Auto Minor Version Upgrade is not enabled - prod.logic.yaml

AWS RDS Instance automated backups are not enabled - prod.logic.yaml

AWS RDS Instance is located in a less cost-effective region - prod.logic.yaml

AWS RDS Instance uses default endpoint port - prod.logic.yaml

AWS RDS Instance Encryption is not enabled - prod.logic.yaml

AWS RDS Instance is idle - prod.logic.yaml

AWS RDS Instance Multi-AZ Deployment is not enabled - prod.logic.yaml

AWS RDS Instance is overutilized - prod.logic.yaml

AWS RDS Instance is publicly accessible and in an unrestricted public subnet - prod.logic.yaml

AWS RDS Instance is underutilized - prod.logic.yaml

AWS RDS Snapshot is 90 days old or more - prod.logic.yaml

AWS RDS Snapshot is publicly accessible - prod.logic.yaml

AWS Redshift Cluster is underutilized - prod.logic.yaml

AWS S3 Bucket is not configured to block public access - prod.logic.yaml

AWS S3 Bucket is located in a less cost-effective region - prod.logic.yaml

AWS S3 Bucket with Intelligent-Tiering is missing Archive configurations - prod.logic.yaml

AWS S3 Bucket Lifecycle Configuration is not enabled - prod.logic.yaml

AWS S3 Bucket MFA Delete is not enabled - prod.logic.yaml

AWS S3 Bucket Object Lock is not enabled - prod.logic.yaml

AWS S3 Bucket Policy is not set to deny HTTP requests - prod.logic.yaml

AWS S3 Bucket Server Access Logging is not enabled - prod.logic.yaml

AWS S3 Bucket Versioning is not enabled - prod.logic.yaml

AWS Secrets Manager Secret Automatic Rotation is not enabled - prod.logic.yaml

AWS Security Hub is not enabled - prod.logic.yaml

AWS VPC Subnet Map Public IP On Launch is enabled - prod.logic.yaml

AWS VPC Transit Gateway Auto Accept Shared Attachments is enabled - prod.logic.yaml

AWS VPC Network ACL exposes admin ports to public internet ports - prod.logic.yaml

AWS VPC Network ACL is unused - prod.logic.yaml

AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service - prod.logic.yaml

AWS VPC VPN Connection does not have both Tunnels up - prod.logic.yaml

AWS WorkSpace is unused - prod.logic.yaml

Azure App Service is not registered with Microsoft Entra ID - prod.logic.yaml

Azure App Service FTP deployments are not disabled - prod.logic.yaml

Azure App Service Remote Debugging is not disabled - prod.logic.yaml

Azure App Service Authentication is disabled and Basic Authentication is enabled - prod.logic.yaml

Azure App Service HTTPS Only configuration is not enabled - prod.logic.yaml

Azure App Service does not run the latest HTTP version - prod.logic.yaml

Azure App Service Minimum TLS Version is not set to TLS 1.2 or higher - prod.logic.yaml

Azure App Service Plan has no Apps assigned - prod.logic.yaml

Azure Cosmos DB Account has zero Total Request Units - prod.logic.yaml

Azure Cosmos DB Account Private Endpoints are not used - prod.logic.yaml

Azure Cosmos DB Account Virtual Network Filter is not enabled - prod.logic.yaml

Azure Databricks Workspace is not encrypted using customer-managed key (CMK) - prod.logic.yaml

Azure Databricks Workspace is not deployed in a customer-managed virtual network (VNet) - prod.logic.yaml

Azure Key Vault Automatic Key Rotation is not enabled - prod.logic.yaml

Azure Non-RBAC Key Vault stores Keys without expiration date - prod.logic.yaml

Azure Non-RBAC Key Vault stores Secrets without expiration date - prod.logic.yaml

Azure Key Vault Private Endpoints are not used - prod.logic.yaml

Azure Key Vault Public Network Access when using Private Endpoint is enabled - prod.logic.yaml

Azure RBAC Key Vault stores Keys without expiration date - prod.logic.yaml

Azure RBAC Key Vault stores Secrets without expiration date - prod.logic.yaml

Azure Key Vault Role Based Access Control is not enabled - prod.logic.yaml

Azure Key Vault Soft Delete and Purge Protection functions are not enabled - prod.logic.yaml

Microsoft Entra ID Default User Role can create tenants - prod.logic.yaml

Microsoft Entra ID Users Can Register Applications is set to Yes - prod.logic.yaml

Microsoft Entra ID Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users - prod.logic.yaml

Microsoft Entra ID Guest Users restricted to their own directory objects - prod.logic.yaml

Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key - prod.logic.yaml

Azure Diagnostic Setting captures Administrative, Alert, Policy, and Security categories - prod.logic.yaml

Azure MySQL Flexible Server audit_log_enabled Parameter is not set to ON - prod.logic.yaml

Azure MySQL Flexible Server audit_log_events Parameter is not set with the CONNECTION event - prod.logic.yaml

Azure MySQL Flexible Server TLS Version is not set to TLS 1.2 - prod.logic.yaml

Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON - prod.logic.yaml

Azure MySQL Server is located in a less cost-effective region - prod.logic.yaml

Azure MySQL Server is underutilized - prod.logic.yaml

Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services - prod.logic.yaml

Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON - prod.logic.yaml

Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON - prod.logic.yaml

Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days - prod.logic.yaml

Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON - prod.logic.yaml

Azure PostgreSQL Server is located in a less cost-effective region - prod.logic.yaml

Azure PostgreSQL Server is Idle - prod.logic.yaml

Azure PostgreSQL Server is underutilized - prod.logic.yaml

Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled - prod.logic.yaml

Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled - prod.logic.yaml

Azure PostgreSQL Single Server log_connections Parameter is not set to ON - prod.logic.yaml

Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON - prod.logic.yaml

Azure Reservation expired in the last 30 days - prod.logic.yaml

Azure Reservation expires in the next 60 days - prod.logic.yaml

Azure SQL Database is located in a less cost-effective region - prod.logic.yaml

Azure SQL Database Transparent Data Encryption is not enabled - prod.logic.yaml

Azure SQL Database is underutilized - prod.logic.yaml

Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) - prod.logic.yaml

Azure SQL Server Public Network Access is not disabled - prod.logic.yaml

Azure SQL Elastic Pool is underutilized - prod.logic.yaml

Azure SQL Server Auditing Retention is less than 90 days - prod.logic.yaml

Azure SQL Server Auditing is not enabled - prod.logic.yaml

Azure SQL Server Microsoft Entra authentication is not configured - prod.logic.yaml

Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key - prod.logic.yaml

Azure SQL Managed Instance is located in a less cost-effective region - prod.logic.yaml

Azure SQL Managed Instance is underutilized - prod.logic.yaml

Azure SQL Virtual Machine is located in a less cost-effective region - prod.logic.yaml

Azure Storage Account is located in a less cost-effective region - prod.logic.yaml

Azure Storage Blob Containers Soft Delete is not enabled - prod.logic.yaml

Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests - prod.logic.yaml

Azure Storage Account Blob Service Versioning is not enabled - prod.logic.yaml

Azure Storage Account Default To OAuth Authentication is not set to Yes - prod.logic.yaml

Azure Storage Account Default Network Access Rule is not set to Deny - prod.logic.yaml

Azure Storage Account Allow Blob Anonymous Access is enabled - prod.logic.yaml

Azure Storage Account Cross Tenant Replication is enabled - prod.logic.yaml

Azure Storage Account Public Network Access is not disabled - prod.logic.yaml

Azure Storage Account Shared Key Access is not disabled - prod.logic.yaml

Azure Storage Account uses Locally Redundant Storage replication option - prod.logic.yaml

Azure Storage Account Minimum TLS Version is not set to TLS 1.2 or higher - prod.logic.yaml

Azure Storage Account Private Endpoints are not used - prod.logic.yaml

Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests - prod.logic.yaml

Azure Storage Account Require Infrastructure Encryption is not enabled - prod.logic.yaml

Azure Storage Account Secure Transfer Required is not enabled - prod.logic.yaml

Azure Storage File Shares SMB Channel Encryption is not set to AES-256-GCM or higher - prod.logic.yaml

Azure Storage File Shares SMB Protocol Version is not set to SMB 3.1.1 or higher - prod.logic.yaml

Azure Storage File Shares Soft Delete is not enabled - prod.logic.yaml

Azure Storage Table Logging is not enabled for Read, Write, and Delete requests - prod.logic.yaml

Azure Storage Account Trusted Azure Services are not enabled as networking exceptions - prod.logic.yaml

Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Create or Update Public IP Address Rule does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Create Policy Assignment does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Delete Network Security Group does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Delete Public IP Address Rule does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Delete Security Solution does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Delete SQL Server Firewall Rule does not exist - prod.logic.yaml

Azure Subscription Activity Log Alert for Service Health does not exist - prod.logic.yaml

Azure Subscription Custom Subscription Administrator Roles exist - prod.logic.yaml

Azure Subscription Integration With Microsoft Defender For Cloud Apps is not enabled - prod.logic.yaml

Azure Subscription Integration With Microsoft Defender For Endpoint is not enabled - prod.logic.yaml

Azure Subscription Log Analytics Agent is not auto provisioned - prod.logic.yaml

Azure Subscription Microsoft Defender For App Services is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Containers is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Azure Cosmos DB is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Key Vault is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Open-Source Relational Databases is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Resource Manager is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Servers is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On - prod.logic.yaml

Azure Subscription Microsoft Defender For Storage is not set to On - prod.logic.yaml

Azure Subscription Network Watcher is not enabled in every available region - prod.logic.yaml

Azure Subscription Security Alert Notifications additional email address is not configured - prod.logic.yaml

Azure Subscription Security Alert Notifications for alerts with High or Critical severity are not configured - prod.logic.yaml

Azure Subscription Security Alert Notifications to subscription owners are not configured - prod.logic.yaml

Azure User Access Administrator Role has assignments - prod.logic.yaml

Azure Virtual Machine allows public access to CIFS port - prod.logic.yaml

Azure Virtual Machine allows public access to DNS port - prod.logic.yaml

Azure Virtual Machine allows public access to FTP ports - prod.logic.yaml

Azure Virtual Machine allows public access to HTTP(S) ports - prod.logic.yaml

Azure Virtual Machine allows public access to NetBIOS ports - prod.logic.yaml

Azure Virtual Machine allows public access to RDP port - prod.logic.yaml

Azure Virtual Machine allows public access to RPC port - prod.logic.yaml

Azure Virtual Machine allows public access to SMTP port - prod.logic.yaml

Azure Virtual Machine allows public access to SSH port - prod.logic.yaml

Azure Virtual Machine allows public access to Telnet port - prod.logic.yaml

Azure Virtual Machine allows public access to all ports - prod.logic.yaml

Azure Virtual Machine allows public access to MongoDB ports - prod.logic.yaml

Azure Virtual Machine allows public access to MSSQL port - prod.logic.yaml

Azure Virtual Machine allows public access to MySQL port - prod.logic.yaml

Azure Virtual Machine allows public access to Oracle DBMS ports - prod.logic.yaml

Azure Virtual Machine allows public access to PostgreSQL port - prod.logic.yaml

Azure Virtual Machine allows public UDP access - prod.logic.yaml

Azure Managed Disk Public Network Access is not disabled - prod.logic.yaml

Azure Managed Disk Data Access Auth Mode is not set to Azure Active Directory - prod.logic.yaml

Azure Managed Disk Snapshot is 90 days old or more - prod.logic.yaml

Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key - prod.logic.yaml

Azure Managed Disk Snapshot is stored on Premium SSDs Managed Disk storage - prod.logic.yaml

Azure Virtual Machine Trusted Launch is not enabled - prod.logic.yaml

Azure Unattached Managed Disk is not encrypted with Customer-managed key - prod.logic.yaml

Azure Managed Disk is not attached to any Virtual Machine - prod.logic.yaml

Azure Virtual Machine is located in a less cost-effective region - prod.logic.yaml

Azure Virtual Machine is idle - prod.logic.yaml

Azure Virtual Machine is not utilizing Managed Disks - prod.logic.yaml

Azure Virtual Machine is overutilized - prod.logic.yaml

Azure Virtual Machine is underutilized - prod.logic.yaml

Azure Network Security Group allows public access to CIFS port - prod.logic.yaml

Azure Network Security Group allows public access to DNS port - prod.logic.yaml

Azure Network Security Group allows public access to FTP ports - prod.logic.yaml

Azure Network Security Group allows public access to HTTP(S) ports - prod.logic.yaml

Azure Network Security Group allows public access to NetBIOS ports - prod.logic.yaml

Azure Network Security Group allows public access to RDP port - prod.logic.yaml

Azure Network Security Group allows public access to RPC port - prod.logic.yaml

Azure Network Security Group allows public access to SMTP port - prod.logic.yaml

Azure Network Security Group allows public access to SSH port - prod.logic.yaml

Azure Network Security Group allows public access to Telnet port - prod.logic.yaml

Azure Network Security Group allows public access to all ports - prod.logic.yaml

Azure Network Security Group allows public access to MongoDB ports - prod.logic.yaml

Azure Network Security Group allows public access to MSSQL port - prod.logic.yaml

Azure Network Security Group allows public access to MySQL port - prod.logic.yaml

Azure Network Security Group allows public access to Oracle DBMS ports - prod.logic.yaml

Azure Network Security Group allows public access to PostgreSQL port - prod.logic.yaml

Azure Network Security Group allows public UDP access - prod.logic.yaml

Azure Network Security Group Flow Logs retention period is less than 90 days - prod.logic.yaml

Azure Public IP Address is not associated with any resource - prod.logic.yaml

Azure Virtual Network Flow Logs retention period is less than 90 days - prod.logic.yaml

Azure Virtual Network Gateway has no connections - prod.logic.yaml

Azure VM Scale Set Instance allows public access to CIFS port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to DNS port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to FTP ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to HTTP(S) ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to NetBIOS ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to RDP port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to RPC port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to SMTP port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to SSH port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to Telnet port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to all ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to MongoDB ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to MSSQL port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to MySQL port - prod.logic.yaml

Azure VM Scale Set Instance allows public access to Oracle DBMS ports - prod.logic.yaml

Azure VM Scale Set Instance allows public access to PostgreSQL port - prod.logic.yaml

Azure VM Scale Set Instance allows public UDP access - prod.logic.yaml

AWS EC2 Instance Should Have Breeze Agent Installed - prod.logic.yaml

AWS EKS Cluster Should Have Breeze Agent Installed - prod.logic.yaml

Azure Active Directory Device Should Have Breeze Agent Installed - prod.logic.yaml

Azure AKS Cluster Should Have Breeze Agent Installed - prod.logic.yaml

Azure Virtual Machine Should Have Breeze Agent Installed - prod.logic.yaml

Azure VM Scale Set Instance Should Have Breeze Agent Installed - prod.logic.yaml

Google GCE Instance Should Have Breeze Agent Installed - prod.logic.yaml

Physical Server Should Have Breeze Agent Installed - prod.logic.yaml

vCenter Virtual Machine Should Have Breeze Agent Installed - prod.logic.yaml

Google API Key is not restricted for unused APIs - prod.logic.yaml

Google API Key is not rotated every 90 days - prod.logic.yaml

Google Cloud Asset Inventory API is not enabled - prod.logic.yaml

Google BigQuery Dataset is anonymously or publicly accessible - prod.logic.yaml

Google BigQuery Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) - prod.logic.yaml

Google BigQuery Table is not encrypted with Customer-Managed Encryption Key (CMEK) - prod.logic.yaml

Google GCE Commitment expired in the last 30 days - prod.logic.yaml

Google GCE Commitment expires in the next 60 days - prod.logic.yaml

Google GCE Instance Confidential Compute is not enabled - prod.logic.yaml

Google GCE Instance IP Forwarding is not disabled. - prod.logic.yaml

Google GCE Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) - prod.logic.yaml

Google GCE Disk is idle - prod.logic.yaml

Google GCE Instance is located in a less cost-effective region - prod.logic.yaml

Google GCE Instance is idle - prod.logic.yaml

Google GCE Instance OS Login is not enabled - prod.logic.yaml

Google GCE Instance Block Project-Wide SSH Keys is not enabled - prod.logic.yaml

Google GCE Instance has a public IP address - prod.logic.yaml

Google GCE Instance Enable Connecting to Serial Ports is not disabled - prod.logic.yaml

Google GCE Instance is launched without Shielded VM enabled - prod.logic.yaml

Google GCE Instance is underutilized - prod.logic.yaml

Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs - prod.logic.yaml

Google GCE Instance is configured to use the Default Service Account - prod.logic.yaml

Google GCE Snapshot is 90 days old or more - prod.logic.yaml

Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key - prod.logic.yaml

Google Cloud DNS Managed Zone DNSSEC is not enabled - prod.logic.yaml

Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 - prod.logic.yaml

Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 - prod.logic.yaml

Google GKE Cluster Alpha cluster features are enabled - prod.logic.yaml

Google GKE Cluster Control Plane Authorized Networks are disabled - prod.logic.yaml

Google GKE Cluster Alias IP is disabled - prod.logic.yaml

Google GKE Cluster Logging is not enabled - prod.logic.yaml

Google GKE Cluster Monitoring is not enabled - prod.logic.yaml

Google GKE Cluster Network policy is disabled. - prod.logic.yaml

Google GKE Cluster Private Google Access is not enabled. - prod.logic.yaml

Google GKE Cluster Node Pool Auto-Repair is disabled - prod.logic.yaml

Google GKE Cluster Node Pool Auto-Upgrade is disabled - prod.logic.yaml

Google GKE Cluster Node Pool uses default Service account - prod.logic.yaml

Google Access Approval is not enabled - prod.logic.yaml

Google Organization Essential Contacts is not configured - prod.logic.yaml

Google Project with KMS keys has a principal with Owner role - prod.logic.yaml

Google IAM Roles related to KMS are not assigned to separate users - prod.logic.yaml

Google Resource Manager Organization has a Redis IAM role assigned - prod.logic.yaml

Google IAM Service Account has admin privileges - prod.logic.yaml

Google IAM Service Account User-Managed Key is not rotated every 90 days - prod.logic.yaml

Google IAM Service Account has User-Managed Keys - prod.logic.yaml

Google User has both Service Account Admin and Service Account User roles assigned - prod.logic.yaml

Google IAM Policy Binding Member (User) is assigned a basic role - prod.logic.yaml

Google KMS Crypto Key is not rotated every 90 days - prod.logic.yaml

Google GCE External Forwarding Rule is configured to use a Target HTTP Proxy - prod.logic.yaml

Google HTTP(S) Load Balancer Logging is not enabled - prod.logic.yaml

Google Cloud Audit Logging is not configured properly - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist - prod.logic.yaml

Google Logging Log Metric Filter and Alerts Cloud Storage IAM Permission Changes do not exist - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist - prod.logic.yaml

Google Logging Log Sink for All Log Entries is not configured - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist - prod.logic.yaml

Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist - prod.logic.yaml

Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist - prod.logic.yaml

Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level - prod.logic.yaml

Google Project has a default network - prod.logic.yaml

Google Project has a legacy network - prod.logic.yaml

Google Cloud SQL Instance Automated Backups are not configured - prod.logic.yaml

Google Cloud SQL Instance is located in a less cost-effective region - prod.logic.yaml

Google Cloud SQL Instance is idle - prod.logic.yaml

Google Cloud SQL Instance External Authorized Networks whitelists all public IP addresses - prod.logic.yaml

Google Cloud SQL Instance SSL Connections are not enforced - prod.logic.yaml

Google Cloud SQL Instance is underutilized - prod.logic.yaml

Google Cloud SQL Instance has public IP addresses - prod.logic.yaml

Google Cloud MySQL Instance Local_infile Database Flag is not set to off - prod.logic.yaml

Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on - prod.logic.yaml

Google Cloud PostgreSQL Instance cloudsql.enable_pgaudit Database Flag is not set to on - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_checkpoints Database Flag is not set to On - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On - prod.logic.yaml

Google Cloud PostgreSQL Instance `Log_error_verbosity` Database Flag is not set to DEFAULT or stricter - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_min_duration_statement Database Flag is not set to `-1` (Disabled) - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning - prod.logic.yaml

Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately - prod.logic.yaml

Google Cloud PostgreSQL Instance log_temp_files Database Flag is not set to 0 - prod.logic.yaml

Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on - prod.logic.yaml

Google Cloud SQL Server Instance contained database authentication Database Flag is set to on - prod.logic.yaml

Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off - prod.logic.yaml

Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off - prod.logic.yaml

Google Cloud SQL Server Instance remote access Database Flag is not set to off - prod.logic.yaml

Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value - prod.logic.yaml

Google Cloud SQL Server Instance user options Database Flag is configured - prod.logic.yaml

Google Storage Bucket is located in a less cost-effective region - prod.logic.yaml

Google Storage Bucket with Log Sink does not have Versioning - prod.logic.yaml

Google Storage Bucket is anonymously or publicly accessible - prod.logic.yaml

Google Storage Bucket Uniform Bucket-Level Access is not enabled - prod.logic.yaml

Google GCE Firewall Rule logging is disabled - prod.logic.yaml

Google GCE IP Address is unused - prod.logic.yaml

Google GCE Network allows unrestricted traffic to all ports - prod.logic.yaml

Google GCE Network allows unrestricted traffic to Cassandra - prod.logic.yaml

Google GCE Network allows unrestricted CiscoSecure/WebSM traffic - prod.logic.yaml

Google GCE Network allows unrestricted traffic to Directory services" - prod.logic.yaml

Google GCE Network allows unrestricted DNS traffic - prod.logic.yaml

Google GCE Network DNS Policy Logging is not enabled - prod.logic.yaml

Google GCE Network has no egress deny Firewall Rule - prod.logic.yaml

Google GCE Network allows unrestricted traffic to Elasticsearch - prod.logic.yaml

Google GCE Network allows unrestricted FTP traffic - prod.logic.yaml

Google GCE Network allows unrestricted HTTP traffic - prod.logic.yaml

Google GCE Network allows unrestricted LDAP traffic - prod.logic.yaml

Google GCE Network allows unrestricted traffic to Memcached - prod.logic.yaml

Google GCE Network allows unrestricted traffic to MongoDB - prod.logic.yaml

Google GCE Network allows unrestricted traffic to MySQL - prod.logic.yaml

Google GCE Network allows unrestricted NetBIOS traffic - prod.logic.yaml

Google GCE Network allows unrestricted traffic to OracleDB - prod.logic.yaml

Google GCE Network allows unrestricted POP3 traffic - prod.logic.yaml

Google GCE Network allows unrestricted traffic to PostgreSQL - prod.logic.yaml

Google GCE Network allows unrestricted RDP traffic - prod.logic.yaml

Google GCE Network allows unrestricted traffic to Redis - prod.logic.yaml

Google GCE Network allows unrestricted SMTP traffic - prod.logic.yaml

Google GCE Network allows unrestricted SSH traffic - prod.logic.yaml

Google GCE Network allows unrestricted Telnet traffic - prod.logic.yaml

Google GCE Subnetwork Flow Logs are not enabled - prod.logic.yaml

Snowflake User Default Role is ACCOUNTADMIN - prod.logic.yaml

Snowflake User Default Role is not set - prod.logic.yaml

Snowflake User MFA is not enabled - prod.logic.yaml

Snowflake User password is not rotated every 90 days - prod.logic.yaml

AND Unit Tests - unit-test.logic.yaml

BOOLEAN_FROM Unit Tests - unit-test.logic.yaml

COLLECTION_SIZE Unit Tests - unit-test.logic.yaml

CONTAINS_ALL Unit Tests: CollectionType - unit-test.logic.yaml

CONTAINS_ALL Unit Tests: TextType - unit-test.logic.yaml

CONTAINS Unit Tests: CollectionType - unit-test.logic.yaml

CONTAINS Unit Tests: TextType - unit-test.logic.yaml

DATE_TIME_FROM Unit Tests - unit-test.logic.yaml

DURATION_FROM Unit Tests - unit-test.logic.yaml

ENDS_WITH Unit Tests - unit-test.logic.yaml

GREATER_THAN_EQUAL Unit Tests - unit-test.logic.yaml

GREATER_THAN Unit Tests - unit-test.logic.yaml

IS_AFTER_TODAY Unit Tests - unit-test.logic.yaml

IS_BEFORE_TODAY Unit Tests - unit-test.logic.yaml

IS_BEYOND_LAST_DAYS Unit Tests - unit-test.logic.yaml

IS_BEYOND_NEXT_DAYS Unit Tests - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: BooleanType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: BytesType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: DateTimeType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: JsonType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: NumberType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: SetType - unit-test.logic.yaml

IS_EMPTY / NOT_EMPTY Unit Tests: TextType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: BooleanType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: BytesType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: CollectionType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: DateTimeType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: JsonType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: NumberType - unit-test.logic.yaml

IS_EQUAL / NOT_EQUAL Unit Tests: TextType - unit-test.logic.yaml

IS_WITHIN_LAST_DAYS Unit Tests - unit-test.logic.yaml

IS_WITHIN_NEXT_DAYS Unit Tests - unit-test.logic.yaml

LESS_THAN_EQUAL Unit Tests - unit-test.logic.yaml

LESS_THAN Unit Tests - unit-test.logic.yaml

LIST_FROM Unit Tests for Bytes Items - unit-test.logic.yaml

LIST_FROM Unit Tests for Text Items - unit-test.logic.yaml

LIST Unit Tests for Bytes Items - unit-test.logic.yaml

LIST Unit Tests for Text Items - unit-test.logic.yaml

OR Unit Tests - unit-test.logic.yaml

SET_FROM Unit Tests for Bytes Items - unit-test.logic.yaml

SET_FROM Unit Tests for Text Items - unit-test.logic.yaml

SET Unit Tests for Bytes Items - unit-test.logic.yaml

SET Unit Tests for Text Items - unit-test.logic.yaml

STARTS_WITH Unit Tests - unit-test.logic.yaml

TAG_EXISTS Unit Tests - unit-test.logic.yaml

TAG_VALUE Unit Tests - unit-test.logic.yaml

AWS Account Has No IAM Users - wip.logic.yaml

AWS IAM Policy (Customer Managed) Contains Potential Credentials Exposure - wip.logic.yaml