Cloud Security Rules

RULE	SERVICE GROUP
M Auto provisioning of Microsoft Defender for Containers is disabled	Security Center
M Auto Scaling group does not span two or more Availability Zones	EC2
M Automatic key rotation in Azure Key Vault is not enabled	Key Vault
M Automatic provisioning of monitoring agent is disabled	Security Center
M Automation variables are not encrypted	Automation
M AWS ACM certificates are using wildcards	ACM
M AWS AppSync GraphQL logging is not enabled	AppSync
M AWS default network ACL allows public access	VPC
M AWS ECR replication configuration for private registry is not configured	ECR
M AWS Glue Metadata is not encrypted at rest	Glue
M AWS IAM access key hasn't been used for at least 90 days	IAM
M AWS IAM user password hasn't been used for at least 90 days	IAM
M AWS Lambda function-level ReservedConcurrentExecutions limit is not set	Lambda
M AWS network ACL allows public access	VPC
M AWS network ACL rule allows public access	VPC
M AWS security group rule allows public access	VPC
M AWS WorkSpaces access is not restricted to trusted IP addresses	WorkSpaces
M Azure Data Lake Analytics Firewall Rule allows public access	Data Lake
M Azure Defender is disabled for Azure Resource Manager (ARM)	Security Center
M Azure Defender is disabled for virtual machines	Security Center
M Azure Defender is disabled on Container Registry	Security Center
M Azure Defender is disabled on key vaults	Security Center
M Azure Defender is disabled on Kubernetes Service	Security Center
M Azure Defender is disabled on SQL server virtual machines	Security Center
M Azure Defender is disabled on SQL servers	Security Center
M Azure Defender is disabled on storage accounts	Security Center
M Azure Kubernetes Service instance has RBAC disabled	Container
M Backend service logging is disabled	Compute Engine
M Batch job runs in admin mode	Batch
M Batch job runs with privileged flag set to true	Batch

Previous Next