Cloud Security Rules

RULE	SERVICE GROUP
M MSSQL vulnerability assessment email notifications are disabled	Database
M Multi-AZ is not turned on for RDS instance	RDS
M MySQL allows loading local data	Cloud SQL
M MySQL firewall rule allows public access	Database
M MySQL server does not have minimum TLS version set to 1.2	Database
M Network access bypass for Trusted Microsoft Services is not enabled on the storage account	Storage
M Network security group allows public access	Network
M Network security group flow log retention period is below 90 days	Network
M Network security group permits ingress from '0.0.0.0/0' to port 3389 (RDP)	Network
M Network security groups should not permit ingress from the internet to UDP ports	Network
M Network security rule allows open egress	Network
M Network security rule allows public access	Network
M Non-encrypted Athena DB at rest	Athena
M Object versioning is not enabled	Cloud Storage
M OS Login is disabled	Compute Engine
M Packet mirroring resource in use	Compute Engine
M Periodic vulnerability assessment is not enabled on SQL server	Database
M Pod is running with added capabilities	Deployment
M Pod stores secrets in environment variables	Service
M Pods and containers should apply a security context	Kubernetes (Container) Engine
M Pods should not run containers with the NET_RAW capability	Container
M Policy allows all capabilities	Pod Security Policy
M Policy allows any apparmor profile	Deployment
M Policy allows insecure seccomp profiles	Deployment
M Policy allows sharing of host's Network namespace	Network
M Policy allows sharing of host's PID namespace	Pod Security Policy
M Policy does not prevent use of root group	Pod Security Policy
M Policy does not prevent use of root user	Deployment
M Policy does not restrict default capabilities	Pod Security Policy
M Policy sets insecure default privilege escalation control	Pod Security Policy

Previous Next

AWS

Azure

Google

Kubernetes