Azure Risk Category Changes (#604)

* add new categories for all azure policies * rule reference ids updated for azure policies * rule reference ids updated: azure network security rules * post review rule reference id fix * Revert "post review rule reference id fix" This reverts commit c973143. * Revert "rule reference ids updated:" This reverts commit 831986b. * Revert "rule reference ids updated for azure policies" This reverts commit 20f7527.
tenable · Mar 12, 2021 · bc364ad · bc364ad
1 parent dbaf3a1
commit bc364ad
Show file tree

Hide file tree

Showing 256 changed files with 256 additions and 256 deletions.
diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json
@@ -7,6 +7,6 @@
     "severity": "MEDIUM",
     "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled",
     "reference_id": "accurics.azure.NS.147",
-    "category": "Network Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json
@@ -7,6 +7,6 @@
     "severity": "HIGH",
     "description": "Ensure Container Registry has locks",
     "reference_id": "accurics.azure.AKS.3",
-    "category": "Azure Container Services",
+    "category": "Resilience",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json
@@ -7,6 +7,6 @@
     "severity": "MEDIUM",
     "description": "Ensure that admin user is disabled for Container Registry",
     "reference_id": "accurics.azure.EKM.164",
-    "category": "Encryption and Key Management",
+    "category": "Identity and Access Management",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json
@@ -7,6 +7,6 @@
     "severity": "MEDIUM",
     "description": "Ensure that Cosmos DB Account has an associated tag",
     "reference_id": "accurics.azure.CAM.162",
-    "category": "Cloud Assets Management",
+    "category": "Compliance Validation",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json
@@ -7,6 +7,6 @@
     "severity": "HIGH",
     "description": "Ensure to filter source Ips for Cosmos DB Account",
     "reference_id": "accurics.azure.NS.32",
-    "category": "Network Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json
@@ -7,6 +7,6 @@
     "severity": "MEDIUM",
     "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault",
     "reference_id": "accurics.azure.EKM.164",
-    "category": "Encryption and Key Management",
+    "category": "Data Protection",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json
@@ -7,6 +7,6 @@
     "severity": "HIGH",
     "description": "Ensure that logging for Azure KeyVault is 'Enabled'",
     "reference_id": "accurics.azure.EKM.20",
-    "category": "Encryption and Key Management",
+    "category": "Logging and Monitoring",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json
@@ -7,6 +7,6 @@
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all keys",
     "reference_id": "accurics.azure.EKM.25",
-    "category": "Key Management",
+    "category": "Data Protection",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json
@@ -7,6 +7,6 @@
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all secrets",
     "reference_id": "accurics.azure.EKM.26",
-    "category": "Key Management",
+    "category": "Data Protection",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json
@@ -5,6 +5,6 @@
     "severity": "MEDIUM",
     "description": "Ensure AKS cluster has Network Policy configured.",
     "reference_id": "accurics.azure.NS.382",
-    "category": "Network Security",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json
@@ -5,6 +5,6 @@
     "severity": "MEDIUM",
     "description": "Ensure Kube Dashboard is disabled",
     "reference_id": "accurics.azure.NS.383",
-    "category": "Network Security",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json
@@ -7,6 +7,6 @@
     "severity": "MEDIUM",
     "description": "Ensure that 'OS disk' are encrypted",
     "reference_id": "accurics.azure.EKM.156",
-    "category": "Encryption and Key Management",
+    "category": "Data Protection",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json
@@ -8,6 +8,6 @@
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.",
     "reference_id": "accurics.azure.LOG.357",
-    "category": "Monitoring",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json
@@ -8,6 +8,6 @@
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers",
     "reference_id": "accurics.azure.MON.355",
-    "category": "Monitoring",
+    "category": "Logging and Monitoring",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json
@@ -5,6 +5,6 @@
     "severity": "HIGH",
     "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.",
     "reference_id": "accurics.azure.NS.361",
-    "category": "Network Security",
+    "category": "Infrastructure Security",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "Puppet Master (TCP:8140) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.100",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "Puppet Master (TCP:8140) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.101",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SMTP (TCP:25) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.102",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SMTP (TCP:25) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.103",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SNMP (UDP:161) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.104",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SNMP (UDP:161) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.105",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SQL Server Analysis (TCP:2382) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.106",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.107",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SQL Server Analysis (TCP:2383) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.108",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.109",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SaltStack Master (TCP:4505) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.110",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SaltStack Master (TCP:4505) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.111",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SaltStack Master (TCP:4506) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.112",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SaltStack Master (TCP:4506) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.113",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "Telnet (TCP:23) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.114",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "Telnet (TCP:23) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.115",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "VNC Listener (TCP:5500) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.116",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "VNC Listener (TCP:5500) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.117",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "VNC Server (TCP:5900) is exposed to wide Public network",
     "reference_id": "accurics.azure.NPS.118",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "VNC Server (TCP:5900) is exposed to entire Public network",
     "reference_id": "accurics.azure.NPS.119",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the entire public internet",
     "reference_id": "accurics.azure.NPS.170",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet",
     "reference_id": "accurics.azure.NPS.171",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json
@@ -13,6 +13,6 @@
     "severity": "HIGH",
     "description": "SSH (TCP:22) is exposed to the entire public internet",
     "reference_id": "accurics.azure.NPS.172",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "CIFS / SMB (TCP:3020) is exposed to small Public network",
     "reference_id": "accurics.azure.NPS.173",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network",
     "reference_id": "accurics.azure.NPS.174",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "Cassandra (TCP:7001) is exposed to small Public network",
     "reference_id": "accurics.azure.NPS.175",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "Cassandra (TCP:7001) is exposed to wide Private network",
     "reference_id": "accurics.azure.NPS.176",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Public network",
     "reference_id": "accurics.azure.NPS.177",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json
@@ -13,6 +13,6 @@
     "severity": "MEDIUM",
     "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network",
     "reference_id": "accurics.azure.NPS.178",
-    "category": "Network Ports Security",
+    "category": "Infrastructure Security",
     "version": 2
 }