Cloud Security Rules

RULE	SERVICE GROUP
M SNS subscription allows access via HTTP	SNS
M SNS topic access policy has wildcard principal	SNS
M SNS topic is not encrypted	SNS
M SNS topic is not encrypted with a customer managed key	SNS
M SQL Advanced Threat Protection alert type is disabled	Database
M SQL Advanced Threat Protection alerts are not send to admins	Database
M SQL Database auditing retention period is less than 90 days	Database
M SQL firewall rule allows public access	Database
M SQL server "Send scan reports to" setting for vulnerability assessments is not enabled	Database
M SQL Server Active Directory Admin is not configured	Database
M SQL Server auditing is disabled	Database
M SQL server auditing is disabled	Database
M SQL Server auditing retention period is less than 90 days	Database
M SQL server firewall rule permits ingress from 0.0.0.0/0 to all ports and protocols	Database
M SQL server TDE protector is not encrypted with a Key Vault customer-managed key	Database
M SQL server vulnerability assessments are not enabled	Database
M SQL statements with sensitive information may be logged	Cloud SQL
M SQL threat alert policy is missing email recipients	Database
M SQS queue is not encrypted	SQS
M SSL policy allows weak algorithms	Compute Engine
M SSM session is not using KMS to encrypt data between client and EC2 instance	SSM
M Storage account allows any traffic by default	Storage
M Storage account containing activity logs is not encrypted with customer-managed keys	Storage
M Storage account does not enforce latest TLS version	Storage
M Storage account for critical data is not encrypted with customer managed keys	Storage
M Storage account geo-replication is disabled	Storage
M Storage Queue read logging is disabled	Storage
M Synapse firewall rule allows public access	Synapse
M Temporary file information is not logged	Cloud SQL
M That inbound traffic is allowed to a resource from any source instead of a restricted range	RDS

Previous Next

AWS

Azure

Google

Kubernetes