-
Notifications
You must be signed in to change notification settings - Fork 96
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2adfee1
commit 4b75f4a
Showing
331 changed files
with
19,226 additions
and
16,976 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
127 changes: 0 additions & 127 deletions
127
rules/findings/Azure/Activity Log/CIS1.4/azure-activity-log-disabled-alerts.json
This file was deleted.
Oops, something went wrong.
103 changes: 103 additions & 0 deletions
103
rules/findings/Azure/App Service/CIS3.0/azure-app-service-basic-auth-enabled.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| { | ||
| "args": [ | ||
|
|
||
| ], | ||
| "provider": "Azure", | ||
| "serviceType": "App Services", | ||
| "serviceName": "Hosted Services", | ||
| "displayName": "Ensure that 'Basic Authentication' is 'Disabled'", | ||
| "description": "Basic Authentication provides the ability to create identities and authentication for an App Service without a centralized Identity Provider. For a more effective, capable, and secure solution for Identity, Authentication, Authorization, and Accountability, a centralized Identity Provider such as Entra ID is strongly advised.", | ||
| "rationale": "Basic Authentication introduces an identity silo which can produce privileged access to a resource. This can be exploited in numerous ways and represents a significant vulnerability and attack vector.", | ||
| "impact": "An Identity Provider that can be used by the App Service for authenticating users is required.", | ||
| "remediation": { | ||
| "text": null, | ||
| "code": { | ||
| "powerShell": null, | ||
| "iac": null, | ||
| "terraform": null, | ||
| "other": null | ||
| } | ||
| }, | ||
| "recommendation": null, | ||
| "references": [ | ||
| "https://learn.microsoft.com/en-us/azure/app-service/configure-basic-auth-disable?tabs=portal" | ||
| ], | ||
| "compliance": [ | ||
| { | ||
| "name": "CIS Microsoft Azure Foundations", | ||
| "version": "3.0.0", | ||
| "reference": "9.6", | ||
| "profile": "Level 1" | ||
| } | ||
| ], | ||
| "level": "medium", | ||
| "tags": [ | ||
|
|
||
| ], | ||
| "rule": { | ||
| "path": "", | ||
| "subPath": null, | ||
| "selectCondition": { | ||
|
|
||
| }, | ||
| "query": [ | ||
| ], | ||
| "shouldExist": null, | ||
| "returnObject": null, | ||
| "removeIfNotExists": null | ||
| }, | ||
| "output": { | ||
| "html": { | ||
| "data": { | ||
| "expandObject": null | ||
| }, | ||
| "table": "asList", | ||
| "decorate": [ | ||
|
|
||
| ], | ||
| "emphasis": [ | ||
| ], | ||
| "actions": { | ||
| "objectData": { | ||
| "properties": [ | ||
|
|
||
| ], | ||
| "expandObject": null, | ||
| "limit": null | ||
| }, | ||
| "showGoToButton": null, | ||
| "showModalButton": null, | ||
| "directLink": null | ||
| } | ||
| }, | ||
| "text": { | ||
| "data": { | ||
| "properties": { | ||
|
|
||
| }, | ||
| "expandObject": null | ||
| }, | ||
| "status": { | ||
| "keyName": [ | ||
|
|
||
| ], | ||
| "message": "", | ||
| "defaultMessage": null | ||
| }, | ||
| "properties": { | ||
| "resourceName": null, | ||
| "resourceId": null, | ||
| "resourceType": null | ||
| }, | ||
| "onlyStatus": false | ||
| } | ||
| }, | ||
| "idSuffix": "app_service_basic_auth_enabled", | ||
| "notes": [ | ||
|
|
||
| ], | ||
| "categories": [ | ||
|
|
||
| ] | ||
| } | ||
|
|
103 changes: 103 additions & 0 deletions
103
rules/findings/Azure/App Service/CIS3.0/azure-app-service-lack-keyvault-secret.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| { | ||
| "args": [ | ||
|
|
||
| ], | ||
| "provider": "Azure", | ||
| "serviceType": "App Services", | ||
| "serviceName": "Hosted Services", | ||
| "displayName": "Ensure Azure Key Vaults are Used to Store Secrets", | ||
| "description": "Azure Key Vault will store multiple types of sensitive information such as encryption keys, certificate thumbprints, and Managed Identity Credentials. Access to these 'Secrets' can be controlled through granular permissions.", | ||
| "rationale": "The credentials given to an application have permissions to create, delete, or modify data stored within the systems they access. If these credentials are stored within the application itself, anyone with access to the application or a copy of the code has access to them. Storing within Azure Key Vault as secrets increases security by controlling access. This also allows for updates of the credentials without redeploying the entire application.", | ||
| "impact": "Integrating references to secrets within the key vault are required to be specifically integrated within the application code. This will require additional configuration to be made during the writing of an application, or refactoring of an already written one. There are also additional costs that are charged per 10000 requests to the Key Vault.", | ||
| "remediation": { | ||
| "text": "", | ||
| "code": { | ||
| "powerShell": null, | ||
| "iac": null, | ||
| "terraform": null, | ||
| "other": null | ||
| } | ||
| }, | ||
| "recommendation": null, | ||
| "references": [ | ||
| "https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references", | ||
| "https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-identity-management#im-3-manage-application-identities-securely-and-automatically", | ||
| "https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest" | ||
| ], | ||
| "compliance": [ | ||
| { | ||
| "name": "CIS Microsoft Azure Foundations", | ||
| "version": "3.0.0", | ||
| "reference": "9.11", | ||
| "profile": "Level 2" | ||
| } | ||
| ], | ||
| "level": "low", | ||
| "tags": [ | ||
|
|
||
| ], | ||
| "rule": { | ||
| "path": "", | ||
| "subPath": null, | ||
| "selectCondition": { | ||
|
|
||
| }, | ||
| "query": [ | ||
| ], | ||
| "shouldExist": null, | ||
| "returnObject": null, | ||
| "removeIfNotExists": null | ||
| }, | ||
| "output": { | ||
| "html": { | ||
| "data": { | ||
| "expandObject": null | ||
| }, | ||
| "table": "Normal", | ||
| "decorate": [ | ||
|
|
||
| ], | ||
| "emphasis": [ | ||
|
|
||
| ], | ||
| "actions": { | ||
| "objectData": { | ||
| "expandObject": null, | ||
| "limit": null | ||
| }, | ||
| "showGoToButton": "True", | ||
| "showModalButton": "True", | ||
| "directLink": null | ||
| } | ||
| }, | ||
| "text": { | ||
| "data": { | ||
| "properties": { | ||
|
|
||
| }, | ||
| "expandObject": null | ||
| }, | ||
| "status": { | ||
| "keyName": [ | ||
|
|
||
| ], | ||
| "message": "", | ||
| "defaultMessage": null | ||
| }, | ||
| "properties": { | ||
| "resourceName": null, | ||
| "resourceId": null, | ||
| "resourceType": null | ||
| }, | ||
| "onlyStatus": false | ||
| } | ||
| }, | ||
| "idSuffix": "app_service_lack_keyvault_configuration", | ||
| "notes": [ | ||
|
|
||
| ], | ||
| "categories": [ | ||
|
|
||
| ] | ||
| } | ||
|
|
Oops, something went wrong.