Revert "rule reference ids updated for azure policies"

This reverts commit 20f7527.
tenable · Mar 10, 2021 · 853ed28 · 853ed28
1 parent 25e7c3a
commit 853ed28
Show file tree

Hide file tree

Showing 48 changed files with 51 additions and 51 deletions.
diff --git a/...plication_gateway/AC-AZ-IS-AG-M-0008.json → ...cation_gateway/accurics.azure.NS.147.json b/...plication_gateway/AC-AZ-IS-AG-M-0008.json → ...cation_gateway/accurics.azure.NS.147.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled",
-    "reference_id": "AC-AZ-IS-AG-M-0008",
+    "reference_id": "accurics.azure.NS.147",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...ontainer_registry/AC-AZ-RE-CR-H-0011.json → ...tainer_registry/accurics.azure.AKS.3.json b/...ontainer_registry/AC-AZ-RE-CR-H-0011.json → ...tainer_registry/accurics.azure.AKS.3.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Container Registry has locks",
-    "reference_id": "AC-AZ-RE-CR-H-0011",
+    "reference_id": "accurics.azure.AKS.3",
     "category": "Resilience",
     "version": 2
 }
diff --git a/...ontainer_registry/AC-AZ-IA-CR-M-0010.json → ...iner_registry/accurics.azure.EKM.164.json b/...ontainer_registry/AC-AZ-IA-CR-M-0010.json → ...iner_registry/accurics.azure.EKM.164.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that admin user is disabled for Container Registry",
-    "reference_id": "AC-AZ-IA-CR-M-0010",
+    "reference_id": "accurics.azure.EKM.164",
     "category": "Identity and Access Management",
     "version": 2
 }
diff --git a/..._cosmosdb_account/AC-AZ-CV-CA-M-0013.json → ...mosdb_account/accurics.azure.CAM.162.json b/..._cosmosdb_account/AC-AZ-CV-CA-M-0013.json → ...mosdb_account/accurics.azure.CAM.162.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that Cosmos DB Account has an associated tag",
-    "reference_id": "AC-AZ-CV-CA-M-0013",
+    "reference_id": "accurics.azure.CAM.162",
     "category": "Compliance Validation",
     "version": 2
 }
diff --git a/..._cosmosdb_account/AC-AZ-IS-CA-H-0012.json → ...osmosdb_account/accurics.azure.NS.32.json b/..._cosmosdb_account/AC-AZ-IS-CA-H-0012.json → ...osmosdb_account/accurics.azure.NS.32.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure to filter source Ips for Cosmos DB Account",
-    "reference_id": "AC-AZ-IS-CA-H-0012",
+    "reference_id": "accurics.azure.NS.32",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...azurerm_key_vault/AC-AZ-DP-KV-M-0026.json → ...erm_key_vault/accurics.azure.EKM.164.json b/...azurerm_key_vault/AC-AZ-DP-KV-M-0026.json → ...erm_key_vault/accurics.azure.EKM.164.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault",
-    "reference_id": "AC-AZ-DP-KV-M-0026",
+    "reference_id": "accurics.azure.EKM.164",
     "category": "Data Protection",
     "version": 2
 }
diff --git a/...azurerm_key_vault/AC-AZ-LM-KV-H-0027.json → ...rerm_key_vault/accurics.azure.EKM.20.json b/...azurerm_key_vault/AC-AZ-LM-KV-H-0027.json → ...rerm_key_vault/accurics.azure.EKM.20.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that logging for Azure KeyVault is 'Enabled'",
-    "reference_id": "AC-AZ-LM-KV-H-0027",
+    "reference_id": "accurics.azure.EKM.20",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...erm_key_vault_key/AC-AZ-DP-KK-H-0032.json → ..._key_vault_key/accurics.azure.EKM.25.json b/...erm_key_vault_key/AC-AZ-DP-KK-H-0032.json → ..._key_vault_key/accurics.azure.EKM.25.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all keys",
-    "reference_id": "AC-AZ-DP-KK-H-0032",
+    "reference_id": "accurics.azure.EKM.25",
     "category": "Data Protection",
     "version": 2
 }
diff --git a/..._key_vault_secret/AC-AZ-DP-VS-H-0033.json → ...y_vault_secret/accurics.azure.EKM.26.json b/..._key_vault_secret/AC-AZ-DP-VS-H-0033.json → ...y_vault_secret/accurics.azure.EKM.26.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all secrets",
-    "reference_id": "AC-AZ-DP-VS-H-0033",
+    "reference_id": "accurics.azure.EKM.26",
     "category": "Data Protection",
     "version": 2
 }
diff --git a/...ubernetes_cluster/AC-AZ-IS-KC-M-0038.json → ...rnetes_cluster/accurics.azure.NS.382.json b/...ubernetes_cluster/AC-AZ-IS-KC-M-0038.json → ...rnetes_cluster/accurics.azure.NS.382.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure AKS cluster has Network Policy configured.",
-    "reference_id": "AC-AZ-IS-KC-M-0038",
+    "reference_id": "accurics.azure.NS.382",
     "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...ubernetes_cluster/AC-AZ-IS-KC-M-0037.json → ...rnetes_cluster/accurics.azure.NS.383.json b/...ubernetes_cluster/AC-AZ-IS-KC-M-0037.json → ...rnetes_cluster/accurics.azure.NS.383.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Kube Dashboard is disabled",
-    "reference_id": "AC-AZ-IS-KC-M-0037",
+    "reference_id": "accurics.azure.NS.383",
     "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/...rerm_managed_disk/AC-AZ-DP-MD-M-0050.json → ..._managed_disk/accurics.azure.EKM.156.json b/...rerm_managed_disk/AC-AZ-DP-MD-M-0050.json → ..._managed_disk/accurics.azure.EKM.156.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'OS disk' are encrypted",
-    "reference_id": "AC-AZ-DP-MD-M-0050",
+    "reference_id": "accurics.azure.EKM.156",
     "category": "Data Protection",
     "version": 2
 }
diff --git a/...rerm_mssql_server/AC-AZ-LM-MS-M-0056.json → ..._mssql_server/accurics.azure.LOG.357.json b/...rerm_mssql_server/AC-AZ-LM-MS-M-0056.json → ..._mssql_server/accurics.azure.LOG.357.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.",
-    "reference_id": "AC-AZ-LM-MS-M-0056",
+    "reference_id": "accurics.azure.LOG.357",
     "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...rerm_mssql_server/AC-AZ-LM-MS-M-0055.json → ..._mssql_server/accurics.azure.MON.355.json b/...rerm_mssql_server/AC-AZ-LM-MS-M-0055.json → ..._mssql_server/accurics.azure.MON.355.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers",
-    "reference_id": "AC-AZ-LM-MS-M-0055",
+    "reference_id": "accurics.azure.MON.355",
     "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...rerm_mysql_server/AC-AZ-IS-MY-H-0061.json → ...m_mysql_server/accurics.azure.NS.361.json b/...rerm_mysql_server/AC-AZ-IS-MY-H-0061.json → ...m_mysql_server/accurics.azure.NS.361.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.",
-    "reference_id": "AC-AZ-IS-MY-H-0061",
+    "reference_id": "accurics.azure.NS.361",
     "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/..._watcher_flow_log/AC-AZ-LM-NW-H-0194.json → ...atcher_flow_log/accurics.azure.NS.11.json b/..._watcher_flow_log/AC-AZ-LM-NW-H-0194.json → ...atcher_flow_log/accurics.azure.NS.11.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.",
-    "reference_id": "AC-AZ-LM-NW-H-0194",
+    "reference_id": "accurics.azure.NS.11",
     "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/..._watcher_flow_log/AC-AZ-RE-NW-M-0193.json → ...tcher_flow_log/accurics.azure.NS.342.json b/..._watcher_flow_log/AC-AZ-RE-NW-M-0193.json → ...tcher_flow_log/accurics.azure.NS.342.json
@@ -1,12 +1,12 @@
 {
-    "name": "reme_networkWatcherLogRetension",
+    "name": "reme_logRetensionGraterThan90Days",
     "file": "networkWatcherCheck.rego",
     "template_args": {
         "prefix": "reme_"
     },
     "severity": "MEDIUM",
     "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.",
-    "reference_id": "AC-AZ-RE-NW-M-0193",
+    "reference_id": "accurics.azure.NS.342",
     "category": "Resilience",
     "version": 1
 }
diff --git a/...sql_configuration/AC-AZ-LM-PC-M-0198.json → ...configuration/accurics.azure.LOG.151.json b/...sql_configuration/AC-AZ-LM-PC-M-0198.json → ...configuration/accurics.azure.LOG.151.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-LM-PC-M-0198",
+    "reference_id": "accurics.azure.LOG.151",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_configuration/AC-AZ-LM-PC-M-0199.json → ...configuration/accurics.azure.LOG.152.json b/...sql_configuration/AC-AZ-LM-PC-M-0199.json → ...configuration/accurics.azure.LOG.152.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-LM-PC-M-0199",
+    "reference_id": "accurics.azure.LOG.152",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_configuration/AC-AZ-LM-PC-M-0200.json → ...configuration/accurics.azure.LOG.153.json b/...sql_configuration/AC-AZ-LM-PC-M-0200.json → ...configuration/accurics.azure.LOG.153.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-LM-PC-M-0200",
+    "reference_id": "accurics.azure.LOG.153",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_configuration/AC-AZ-LM-PC-M-0201.json → ...configuration/accurics.azure.LOG.154.json b/...sql_configuration/AC-AZ-LM-PC-M-0201.json → ...configuration/accurics.azure.LOG.154.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-LM-PC-M-0201",
+    "reference_id": "accurics.azure.LOG.154",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_configuration/AC-AZ-RE-PC-M-0202.json → ...configuration/accurics.azure.LOG.155.json b/...sql_configuration/AC-AZ-RE-PC-M-0202.json → ...configuration/accurics.azure.LOG.155.json
@@ -1,12 +1,12 @@
 {
-    "name": "reme_logRetentionPsql",
+    "name": "reme_logRetention",
     "file": "logRetention.rego",
     "template_args": {
         "prefix": "reme_"
     },
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-RE-PC-M-0202",
-    "category": "Resilience",
+    "reference_id": "accurics.azure.LOG.155",
+    "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_configuration/AC-AZ-LM-PC-M-0203.json → ...configuration/accurics.azure.LOG.364.json b/...sql_configuration/AC-AZ-LM-PC-M-0203.json → ...configuration/accurics.azure.LOG.364.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-LM-PC-M-0203",
+    "reference_id": "accurics.azure.LOG.364",
     "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...postgresql_server/AC-AZ-RE-PS-H-0205.json → ...gresql_server/accurics.azure.BDR.163.json b/...postgresql_server/AC-AZ-RE-PS-H-0205.json → ...gresql_server/accurics.azure.BDR.163.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL",
-    "reference_id": "AC-AZ-RE-PS-H-0205",
+    "reference_id": "accurics.azure.BDR.163",
     "category": "Resilience",
     "version": 2
 }
diff --git a/...postgresql_server/AC-AZ-IS-PS-H-0204.json → ...stgresql_server/accurics.azure.EKM.1.json b/...postgresql_server/AC-AZ-IS-PS-H-0204.json → ...stgresql_server/accurics.azure.EKM.1.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server",
-    "reference_id": "AC-AZ-IS-PS-H-0204",
+    "reference_id": "accurics.azure.EKM.1",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...urerm_redis_cache/AC-AZ-IS-RC-M-0216.json → ...rm_redis_cache/accurics.azure.EKM.23.json b/...urerm_redis_cache/AC-AZ-IS-RC-M-0216.json → ...rm_redis_cache/accurics.azure.EKM.23.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that the Redis Cache accepts only SSL connections",
-    "reference_id": "AC-AZ-IS-RC-M-0216",
+    "reference_id": "accurics.azure.EKM.23",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...urerm_redis_cache/AC-AZ-SP-RC-H-0217.json → ...erm_redis_cache/accurics.azure.NS.13.json b/...urerm_redis_cache/AC-AZ-SP-RC-H-0217.json → ...erm_redis_cache/accurics.azure.NS.13.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.",
-    "reference_id": "AC-AZ-SP-RC-H-0217",
+    "reference_id": "accurics.azure.NS.13",
     "category": "Security Best Practices",
     "version": 2
 }
diff --git a/...urerm_redis_cache/AC-AZ-IS-RC-M-0220.json → ...rm_redis_cache/accurics.azure.NS.166.json b/...urerm_redis_cache/AC-AZ-IS-RC-M-0220.json → ...rm_redis_cache/accurics.azure.NS.166.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs",
-    "reference_id": "AC-AZ-IS-RC-M-0220",
+    "reference_id": "accurics.azure.NS.166",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...urerm_redis_cache/AC-AZ-IS-RC-H-0218.json → ...erm_redis_cache/accurics.azure.NS.30.json b/...urerm_redis_cache/AC-AZ-IS-RC-H-0218.json → ...erm_redis_cache/accurics.azure.NS.30.json
@@ -8,7 +8,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet",
-    "reference_id": "AC-AZ-IS-RC-H-0218",
+    "reference_id": "accurics.azure.NS.30",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...urerm_redis_cache/AC-AZ-IS-RC-H-0219.json → ...erm_redis_cache/accurics.azure.NS.31.json b/...urerm_redis_cache/AC-AZ-IS-RC-H-0219.json → ...erm_redis_cache/accurics.azure.NS.31.json
@@ -8,7 +8,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources",
-    "reference_id": "AC-AZ-IS-RC-H-0219",
+    "reference_id": "accurics.azure.NS.31",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...rm_resource_group/AC-AZ-IA-RG-L-0221.json → ...resource_group/accurics.azure.NS.272.json b/...rm_resource_group/AC-AZ-IA-RG-L-0221.json → ...resource_group/accurics.azure.NS.272.json
@@ -6,7 +6,7 @@
     },
     "severity": "LOW",
     "description": "Ensure that Azure Resource Group has resource lock enabled",
-    "reference_id": "AC-AZ-IA-RG-L-0221",
+    "reference_id": "accurics.azure.NS.272",
     "category": "Identity and Access Management",
     "version": 2
 }
diff --git a/...m_role_assignment/AC-AZ-IA-RA-H-0222.json → ...le_assignment/accurics.azure.IAM.388.json b/...m_role_assignment/AC-AZ-IA-RA-H-0222.json → ...le_assignment/accurics.azure.IAM.388.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that there are no guest users",
-    "reference_id": "AC-AZ-IA-RA-H-0222",
+    "reference_id": "accurics.azure.IAM.388",
     "category": "Identity and Access Management",
     "version": 1
 }
diff --git a/...ty_center_contact/AC-AZ-LM-SC-M-0224.json → ...enter_contact/accurics.azure.MON.353.json b/...ty_center_contact/AC-AZ-LM-SC-M-0224.json → ...enter_contact/accurics.azure.MON.353.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'",
-    "reference_id": "AC-AZ-LM-SC-M-0224",
+    "reference_id": "accurics.azure.MON.353",
     "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/...scription_pricing/AC-AZ-SP-SS-M-0225.json → ...ption_pricing/accurics.azure.OPS.349.json b/...scription_pricing/AC-AZ-SP-SS-M-0225.json → ...ption_pricing/accurics.azure.OPS.349.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that standard pricing tiers are selected",
-    "reference_id": "AC-AZ-SP-SS-M-0225",
+    "reference_id": "accurics.azure.OPS.349",
     "category": "Security Best Practices",
     "version": 1
 }
diff --git a/...ory_administrator/AC-AZ-CV-SA-M-0226.json → ...administrator/accurics.azure.IAM.137.json b/...ory_administrator/AC-AZ-CV-SA-M-0226.json → ...administrator/accurics.azure.IAM.137.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account",
-    "reference_id": "AC-AZ-CV-SA-M-0226",
+    "reference_id": "accurics.azure.IAM.137",
     "category": "Compliance Validation",
     "version": 2
 }
diff --git a/...rerm_sql_database/AC-AZ-LM-SD-M-0227.json → ..._sql_database/accurics.azure.MON.157.json b/...rerm_sql_database/AC-AZ-LM-SD-M-0227.json → ..._sql_database/accurics.azure.MON.157.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database",
-    "reference_id": "AC-AZ-LM-SD-M-0227",
+    "reference_id": "accurics.azure.MON.157",
     "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/...sql_firewall_rule/AC-AZ-IS-SF-M-0231.json → ..._firewall_rule/accurics.azure.NS.169.json b/...sql_firewall_rule/AC-AZ-IS-SF-M-0231.json → ..._firewall_rule/accurics.azure.NS.169.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Restrict Azure SQL Server accessibility to a minimal address range",
-    "reference_id": "AC-AZ-IS-SF-M-0231",
+    "reference_id": "accurics.azure.NS.169",
     "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/...sql_firewall_rule/AC-AZ-IS-SF-H-0230.json → ...l_firewall_rule/accurics.azure.NS.21.json b/...sql_firewall_rule/AC-AZ-IS-SF-H-0230.json → ...l_firewall_rule/accurics.azure.NS.21.json
@@ -8,7 +8,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)",
-    "reference_id": "AC-AZ-IS-SF-H-0230",
+    "reference_id": "accurics.azure.NS.21",
     "category": "Infrastructure Security",
     "version": 2
 }