diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json similarity index 76% rename from pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json rename to pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json index 7f0e5ea92..66795e79d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", - "reference_id": "accurics.azure.NS.147", - "category": "Network Security", + "reference_id": "AC-AZ-IS-AG-M-0008", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json rename to pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json index 9d6ce08cc..5cfcb0b98 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that admin user is disabled for Container Registry", - "reference_id": "accurics.azure.EKM.164", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-IA-CR-M-0010", + "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json rename to pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json index b0ad52b44..4eddbf98e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure Container Registry has locks", - "reference_id": "accurics.azure.AKS.3", - "category": "Azure Container Services", + "reference_id": "AC-AZ-RE-CR-H-0011", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json similarity index 72% rename from pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json rename to pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json index 8dcdf45b7..90b221708 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that Cosmos DB Account has an associated tag", - "reference_id": "accurics.azure.CAM.162", - "category": "Cloud Assets Management", + "reference_id": "AC-AZ-CV-CA-M-0013", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json rename to pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json index 0bb29266c..7eab2f538 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure to filter source Ips for Cosmos DB Account", - "reference_id": "accurics.azure.NS.32", - "category": "Network Security", + "reference_id": "AC-AZ-IS-CA-H-0012", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json similarity index 76% rename from pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json index 26d27562c..004e1011b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", - "reference_id": "accurics.azure.EKM.164", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-DP-KV-M-0026", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json index 8838c308a..db4c76d68 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that logging for Azure KeyVault is 'Enabled'", - "reference_id": "accurics.azure.EKM.20", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-LM-KV-H-0027", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json similarity index 76% rename from pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json index b62d7c09a..5dddb2154 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all keys", - "reference_id": "accurics.azure.EKM.25", - "category": "Key Management", + "reference_id": "AC-AZ-DP-KK-H-0032", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json index 3db60840a..c1757be9c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all secrets", - "reference_id": "accurics.azure.EKM.26", - "category": "Key Management", + "reference_id": "AC-AZ-DP-VS-H-0033", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json similarity index 70% rename from pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json rename to pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json index 4d4b83855..62b9dff58 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure Kube Dashboard is disabled", - "reference_id": "accurics.azure.NS.383", - "category": "Network Security", + "reference_id": "AC-AZ-IS-KC-M-0037", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json similarity index 72% rename from pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json rename to pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json index 9a43c0a4f..d1bf15464 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure AKS cluster has Network Policy configured.", - "reference_id": "accurics.azure.NS.382", - "category": "Network Security", + "reference_id": "AC-AZ-IS-KC-M-0038", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json similarity index 72% rename from pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json rename to pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json index bfb3f8036..67ab2798e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'OS disk' are encrypted", - "reference_id": "accurics.azure.EKM.156", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-DP-MD-M-0050", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json similarity index 78% rename from pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json rename to pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json index 096464df7..ebed66b3c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json @@ -7,7 +7,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", - "reference_id": "accurics.azure.MON.355", - "category": "Monitoring", + "reference_id": "AC-AZ-LM-MS-M-0055", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json similarity index 79% rename from pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json rename to pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json index 2d0a5d83b..48f2162eb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json @@ -7,7 +7,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", - "reference_id": "accurics.azure.LOG.357", - "category": "Monitoring", + "reference_id": "AC-AZ-LM-MS-M-0056", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json rename to pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json index b70ab3a52..9b560c380 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json +++ b/pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", - "reference_id": "accurics.azure.NS.361", - "category": "Network Security", + "reference_id": "AC-AZ-IS-MY-H-0061", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json new file mode 100644 index 000000000..c9c60cb5b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3020ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0069", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json new file mode 100644 index 000000000..c4366d2cf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort7001ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Cassandra (TCP:7001) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0072", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json new file mode 100644 index 000000000..a4e80481f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort61621ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0075", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json new file mode 100644 index 000000000..520df038a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort53ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "DNS (UDP:53) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0078", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json new file mode 100644 index 000000000..fd2e0ecc0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort9000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0081", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json new file mode 100644 index 000000000..2c257c6e8 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": " Known internal web port (TCP:8000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0084", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json new file mode 100644 index 000000000..9ff5dff4c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8080ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": " Known internal web port (TCP:8080) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0087", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json new file mode 100644 index 000000000..037a1c42c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort636ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "LDAP SSL (TCP:636) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0090", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json new file mode 100644 index 000000000..cded28779 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0096", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json new file mode 100644 index 000000000..5545bfa3e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort135ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0099", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json new file mode 100644 index 000000000..3b9ba0a42 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1433ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0102", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json new file mode 100644 index 000000000..40540aaea --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0111", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json new file mode 100644 index 000000000..fee095042 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0114", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json new file mode 100644 index 000000000..ba2815a9b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort445ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0117", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json new file mode 100644 index 000000000..6dcdd70ab --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort27018ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0120", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json new file mode 100644 index 000000000..d00fea729 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3306ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MySQL (TCP:3306) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0123", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json new file mode 100644 index 000000000..6fd409304 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0129", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json new file mode 100644 index 000000000..536dfb5a2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0135", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json new file mode 100644 index 000000000..2c22f18cd --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0141", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json new file mode 100644 index 000000000..ab85ebad2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0147", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json new file mode 100644 index 000000000..c3f671d6a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort110ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "POP3 (TCP:110) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0150", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json new file mode 100644 index 000000000..5bd4d79b9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0156", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json new file mode 100644 index 000000000..6bab13730 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0159", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json new file mode 100644 index 000000000..af60b7cb6 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8140ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Puppet Master (TCP:8140) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0162", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json new file mode 100644 index 000000000..3b1d2ebef --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort25ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SMTP (TCP:25) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0165", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json new file mode 100644 index 000000000..e912b245b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort161ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "SNMP (UDP:161) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0168", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json new file mode 100644 index 000000000..d2f1be375 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2382ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0171", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json new file mode 100644 index 000000000..f823a7856 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2383ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0174", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json new file mode 100644 index 000000000..0db5c12db --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4505ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0177", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json new file mode 100644 index 000000000..3afc7de90 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4506ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0180", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json new file mode 100644 index 000000000..e199b4ced --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort23ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Telnet (TCP:23) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0183", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json new file mode 100644 index 000000000..ec0dd4394 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5500ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "VNC Listener (TCP:5500) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0186", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json new file mode 100644 index 000000000..4c6aa48d5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5900ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "VNC Server (TCP:5900) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0189", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json new file mode 100644 index 000000000..e8f53d4b9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3020ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0071", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json new file mode 100644 index 000000000..585f46cb9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort7001ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Cassandra (TCP:7001) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0074", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json new file mode 100644 index 000000000..b5cf700a0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort61621ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0077", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json new file mode 100644 index 000000000..529026fb4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort53ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "DNS (UDP:53) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0080", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json new file mode 100644 index 000000000..68506c522 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort9000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0083", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json new file mode 100644 index 000000000..d8c9bf7e7 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": " Known internal web port (TCP:8000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0086", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json new file mode 100644 index 000000000..9d2cbda7b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8080ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": " Known internal web port (TCP:8080) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0089", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json new file mode 100644 index 000000000..2a666376e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort636ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "LDAP SSL (TCP:636) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0092", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json new file mode 100644 index 000000000..b87a58575 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0098", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json new file mode 100644 index 000000000..c2a6b7192 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort135ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0101", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json new file mode 100644 index 000000000..91315e92a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1433ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0104", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json new file mode 100644 index 000000000..5997e42e4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0113", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json new file mode 100644 index 000000000..7dd595a41 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0116", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json new file mode 100644 index 000000000..6dff8b4f0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort445ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0119", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json new file mode 100644 index 000000000..3d607fe9e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort27018ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0122", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json new file mode 100644 index 000000000..c2d7ffbcf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3306ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MySQL (TCP:3306) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0125", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json new file mode 100644 index 000000000..c6ec8b218 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0131", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json new file mode 100644 index 000000000..320561858 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0137", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json new file mode 100644 index 000000000..53de294ec --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0143", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json new file mode 100644 index 000000000..c5a1b211a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0149", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json new file mode 100644 index 000000000..12556a11a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort110ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "POP3 (TCP:110) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0152", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json new file mode 100644 index 000000000..b1fe997f3 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0158", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json new file mode 100644 index 000000000..cf47348a5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0161", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json new file mode 100644 index 000000000..ba761f28c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8140ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Puppet Master (TCP:8140) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0164", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json new file mode 100644 index 000000000..fea1d1ee4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort25ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SMTP (TCP:25) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0167", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json new file mode 100644 index 000000000..e8977bf07 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort161ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "SNMP (UDP:161) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0170", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json new file mode 100644 index 000000000..7711b1e42 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2382ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0173", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json new file mode 100644 index 000000000..696b7f208 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2383ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0176", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json new file mode 100644 index 000000000..4206ace8c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4505ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0179", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json new file mode 100644 index 000000000..27f4cbc34 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4506ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0182", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json new file mode 100644 index 000000000..452287c2f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort23ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Telnet (TCP:23) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0185", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json new file mode 100644 index 000000000..20b854a93 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5500ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "VNC Listener (TCP:5500) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0188", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json new file mode 100644 index 000000000..3a1683a6e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5900ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "VNC Server (TCP:5900) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0191", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json index a08d92020..8f30623e3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Puppet Master (TCP:8140) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.100", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json deleted file mode 100755 index 491a84e74..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8140ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Puppet Master (TCP:8140) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.101", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json index 4052ddfad..be6aa8944 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SMTP (TCP:25) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.102", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json deleted file mode 100755 index 01a6a3877..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort25ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SMTP (TCP:25) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.103", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json index ebb8e8fa3..1435f12b5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SNMP (UDP:161) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.104", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json deleted file mode 100755 index 62f45822a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort161ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "SNMP (UDP:161) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.105", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json index 5491b8b42..7983fb571 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2382) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.106", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json deleted file mode 100755 index 3f3d15add..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2382ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.107", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json index 49fd9ad7c..14b6e8ab1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2383) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.108", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json deleted file mode 100755 index 4b1ceb4a9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2383ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.109", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json index bc8f955d6..bb376d176 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4505) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.110", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json deleted file mode 100755 index e3a67ce27..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4505ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.111", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json index 55b15b818..a870fc62c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4506) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.112", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json deleted file mode 100755 index 9e9ef8972..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4506ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.113", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json index 6d370bca9..f8018e348 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Telnet (TCP:23) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.114", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json deleted file mode 100755 index dabc8d586..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort23ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Telnet (TCP:23) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.115", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json index 724ba67c5..1164b7d08 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Listener (TCP:5500) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.116", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json deleted file mode 100755 index 5ccc2d46c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5500ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Listener (TCP:5500) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.117", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json index b8020fa82..b307a12de 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Server (TCP:5900) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.118", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json deleted file mode 100755 index a8fa9f777..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5900ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Server (TCP:5900) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.119", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json index 5c8a965bc..e15b618d8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.170", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json index d76bba655..c692cc559 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.171", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json index 120e76cfb..de09a2b53 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.172", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json index d65ab4cc8..9b6897e6c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "CIFS / SMB (TCP:3020) is exposed to small Public network", "reference_id": "accurics.azure.NPS.173", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json deleted file mode 100755 index 35407bcbe..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3020ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.174", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json index d47fdc90a..9aadacbc9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra (TCP:7001) is exposed to small Public network", "reference_id": "accurics.azure.NPS.175", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json deleted file mode 100755 index c4f6e5895..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort7001ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra (TCP:7001) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.176", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json index 5c4a93356..d0eeaf870 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Public network", "reference_id": "accurics.azure.NPS.177", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json deleted file mode 100755 index 5427c1d04..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort61621ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.178", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json index 7ecfbe040..922e1c117 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "DNS (UDP:53) is exposed to small Public network", "reference_id": "accurics.azure.NPS.179", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json deleted file mode 100755 index e479544b4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort53ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "DNS (UDP:53) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.180", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json index c782f0dd2..747601b24 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Hadoop Name Node (TCP:9000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.181", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json deleted file mode 100755 index ba5b2119a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort9000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.182", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json index dd37c85a1..59c9056bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.183", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json deleted file mode 100755 index e03367326..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.184", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json index 58bd7ae7c..86957f305 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8080) is exposed to small Public network", "reference_id": "accurics.azure.NPS.185", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json deleted file mode 100755 index bbd4866b0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8080ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8080) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.186", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json index 776e28c8a..b37f64bbf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "LDAP SSL (TCP:636) is exposed to small Public network", "reference_id": "accurics.azure.NPS.187", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json deleted file mode 100755 index 3bc3c0adc..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort636ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "LDAP SSL (TCP:636) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.188", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json index fec6a7001..699eb2182 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Admin (TCP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.189", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json deleted file mode 100755 index cf02673d3..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.190", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json index 91b186e26..b9b3eedcd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Browser (UDP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.191", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json deleted file mode 100755 index b51160f03..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.192", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json index 8cd6382c9..f0aa9afa3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Debugger (TCP:135) is exposed to small Public network", "reference_id": "accurics.azure.NPS.193", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json deleted file mode 100755 index 8a5e4a906..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort135ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.194", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json index de0b49a48..9ecabfc88 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Server (TCP:1433) is exposed to small Public network", "reference_id": "accurics.azure.NPS.195", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json deleted file mode 100755 index 9f1413367..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1433ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.196", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json index b86f9d089..8d368f608 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.197", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json deleted file mode 100755 index 0f328276d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.198", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json index 6db41a81a..39533614b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.199", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json deleted file mode 100755 index 78e478c60..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.200", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json index 6408236b7..890c625cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.201", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json deleted file mode 100755 index b63a1ccd1..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.202", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json index ae6c514f8..a44763cad 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.203", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json deleted file mode 100755 index 0b88a6b36..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.204", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json index 051452bf4..a108c9d12 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Microsoft-DS (TCP:445) is exposed to small Public network", "reference_id": "accurics.azure.NPS.205", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json deleted file mode 100755 index d8fcdb209..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort445ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.206", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json index 4d0126da2..6765335ed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Mongo Web Portal (TCP:27018) is exposed to small Public network", "reference_id": "accurics.azure.NPS.207", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json deleted file mode 100755 index c73b502f0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort27018ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.208", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json index 0a425c3f6..3cc1ee830 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MySQL (TCP:3306) is exposed to small Public network", "reference_id": "accurics.azure.NPS.209", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json deleted file mode 100755 index ec3db9806..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3306ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MySQL (TCP:3306) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.210", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json index 04a8733d1..a9b1abce5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (TCP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.211", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json deleted file mode 100755 index 3349d02cf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.212", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json index 6e56b1f07..aa7ad6238 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (UDP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.213", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json deleted file mode 100755 index 6b34a29ff..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.214", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json index feb52408f..176ce754b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.215", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json deleted file mode 100755 index 4a6213eda..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.216", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json index b1776ab10..c701889bd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.217", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json deleted file mode 100755 index bb6529898..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.218", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json index 052198ec7..a898914a1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (TCP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.219", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json deleted file mode 100755 index aa251367e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.220", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json index 53663d6b4..84a898fe6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (UDP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.221", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json deleted file mode 100755 index 4df402b9e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.222", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json index 00d02aa60..bf5152a84 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (TCP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.223", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json deleted file mode 100755 index dedf070d6..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.224", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json index de1885880..9010cadea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (UDP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.225", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json deleted file mode 100755 index bfa52f3a0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.226", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json index 5c0d4e8ab..769a6359d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "POP3 (TCP:110) is exposed to small Public network", "reference_id": "accurics.azure.NPS.227", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json deleted file mode 100755 index da582bf4f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort110ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "POP3 (TCP:110) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.228", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json index 2f6d417e9..c97cdc34f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (TCP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.229", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json deleted file mode 100755 index dcbaa095a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.230", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json index 81d0c60b0..791a8123e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (UDP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.231", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json deleted file mode 100755 index 48d5195e5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.232", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json index 23bfb5139..5a0047fba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Prevalent known internal port (TCP:3000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.233", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json deleted file mode 100755 index 1fdd82eb8..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.234", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json index 535f0c6a7..916a6a308 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Puppet Master (TCP:8140) is exposed to small Public network", "reference_id": "accurics.azure.NPS.235", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json deleted file mode 100755 index 1564c8f14..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8140ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Puppet Master (TCP:8140) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.236", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json index a48cf577b..64305a6e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SMTP (TCP:25) is exposed to small Public network", "reference_id": "accurics.azure.NPS.237", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json deleted file mode 100755 index 475c48c1d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort25ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SMTP (TCP:25) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.238", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json index 5930e5a3e..5a4b1e309 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SNMP (UDP:161) is exposed to small Public network", "reference_id": "accurics.azure.NPS.239", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json deleted file mode 100755 index f20d95d44..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort161ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "SNMP (UDP:161) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.240", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json index 050f41d94..ed0d7e708 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2382) is exposed to small Public network", "reference_id": "accurics.azure.NPS.241", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json deleted file mode 100755 index e079c8166..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2382ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.242", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json index 5fc0e0a4f..4bec78ce0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2383) is exposed to small Public network", "reference_id": "accurics.azure.NPS.243", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json deleted file mode 100755 index 0ea2cd2e2..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2383ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.244", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json index 3bea5ba93..a63a2c527 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4505) is exposed to small Public network", "reference_id": "accurics.azure.NPS.245", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json deleted file mode 100755 index 472351a48..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4505ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.246", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json index df75dd102..edcf3566d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4506) is exposed to small Public network", "reference_id": "accurics.azure.NPS.247", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json deleted file mode 100755 index 7bb85e5ea..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4506ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.248", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json index 895ae823c..e429404d9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Telnet (TCP:23) is exposed to small Public network", "reference_id": "accurics.azure.NPS.249", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json deleted file mode 100755 index 49ea49dac..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort23ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Telnet (TCP:23) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.250", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json index 4e8f286c2..da5aadbaa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Listener (TCP:5500) is exposed to small Public network", "reference_id": "accurics.azure.NPS.251", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json deleted file mode 100755 index 0e97923a6..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5500ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Listener (TCP:5500) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.252", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json index 1bc84985d..1cadbb5b6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Server (TCP:5900) is exposed to small Public network", "reference_id": "accurics.azure.NPS.253", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json deleted file mode 100755 index 54371c135..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5900ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Server (TCP:5900) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.254", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json index 5547c0892..eda60ae34 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "CIFS / SMB (TCP:3020) is exposed to small Private network", "reference_id": "accurics.azure.NPS.275", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json index 09ccd2dc0..c7ec9e1ae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Cassandra (TCP:7001) is exposed to small Private network", "reference_id": "accurics.azure.NPS.276", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json index 8aaa75393..a8caba275 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Private network", "reference_id": "accurics.azure.NPS.277", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json index b7b03f3b5..cc6d5bbeb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "DNS (UDP:53) is exposed to small Private network", "reference_id": "accurics.azure.NPS.278", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json index 8502cd27b..d3a1189de 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Hadoop Name Node (TCP:9000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.279", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json index 725ed7594..452381e35 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": " Known internal web port (TCP:8000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.280", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json index 2188a0095..fa16432a4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": " Known internal web port (TCP:8080) is exposed to small Private network", "reference_id": "accurics.azure.NPS.281", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json index a6a786bfa..54273683a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "LDAP SSL (TCP:636) is exposed to small Private network", "reference_id": "accurics.azure.NPS.282", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json index 5cb3622d9..c10c2b2a6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Admin (TCP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.283", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json index 67ee9267a..418a12687 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Browser (UDP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.284", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json index 7de5d81cd..59c0bc01b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Debugger (TCP:135) is exposed to small Private network", "reference_id": "accurics.azure.NPS.285", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json index f1e91e23e..e4eb1a24c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Server (TCP:1433) is exposed to small Private network", "reference_id": "accurics.azure.NPS.286", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json index c7981063e..a5e22cd8f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (TCP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.287", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json index 73ecf0055..4e25ba175 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (TCP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.288", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json index d8563d31f..03e141cb2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (UDP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.289", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json index 0b5f5b6c1..e71e40044 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (UDP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.290", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json index 64c9d76db..64ac8affd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Microsoft-DS (TCP:445) is exposed to small Private network", "reference_id": "accurics.azure.NPS.291", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json index c10921671..89a87d303 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Mongo Web Portal (TCP:27018) is exposed to small Private network", "reference_id": "accurics.azure.NPS.292", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json index 970b6a56b..49d686045 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MySQL (TCP:3306) is exposed to small Private network", "reference_id": "accurics.azure.NPS.293", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json index 78d7f4228..df64b806a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Name Service (TCP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.294", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json index 5c621aacf..4463f7b21 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Name Service (UDP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.295", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json index 5766d2d2d..e9c279de3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.296", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json index dfeedd47c..47fa43401 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.297", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json index bbeb2c454..76a90c7b1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Session Service (TCP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.298", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json index 87a2b223a..d4165bacd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Session Service (UDP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.299", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json index 7ba5579f2..1fde59991 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Oracle DB SSL (TCP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.300", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json index 2e717e5bd..1307a57b1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Oracle DB SSL (UDP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.301", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json index f9b177854..79b99639f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "POP3 (TCP:110) is exposed to small Private network", "reference_id": "accurics.azure.NPS.302", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json index 690df8894..ee29f0f3e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "PostgreSQL (TCP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.303", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json index 19f7c7fdc..21e556f1a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "PostgreSQL (UDP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.304", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json index 4152b7b0d..4f0994055 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Prevalent known internal port (TCP:3000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.305", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json index c3d7d66a5..ebe31c808 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Puppet Master (TCP:8140) is exposed to small Private network", "reference_id": "accurics.azure.NPS.306", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json index 38a2216b8..7b7c74dad 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SMTP (TCP:25) is exposed to small Private network", "reference_id": "accurics.azure.NPS.307", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json index 442804b36..4dec95f39 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SNMP (UDP:161) is exposed to small Private network", "reference_id": "accurics.azure.NPS.308", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json index 37a81efd7..f85a5b7f3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SQL Server Analysis (TCP:2382) is exposed to small Private network", "reference_id": "accurics.azure.NPS.309", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json index 7a42caf10..fb1230e99 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SQL Server Analysis (TCP:2383) is exposed to small Private network", "reference_id": "accurics.azure.NPS.310", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json index 01613dc4e..8ba254ba9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SaltStack Master (TCP:4505) is exposed to small Private network", "reference_id": "accurics.azure.NPS.311", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json index 3c1a33fa7..e15017747 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SaltStack Master (TCP:4506) is exposed to small Private network", "reference_id": "accurics.azure.NPS.312", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json index 9e23b854c..b196d55e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Telnet (TCP:23) is exposed to small Private network", "reference_id": "accurics.azure.NPS.313", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json index 271bb4ce9..a17d549ff 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "VNC Listener (TCP:5500) is exposed to small Private network", "reference_id": "accurics.azure.NPS.314", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json index 3bc795fd2..6d83b0b35 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "VNC Server (TCP:5900) is exposed to small Private network", "reference_id": "accurics.azure.NPS.315", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json index 551c54ebe..f541992b3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.35", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json index b40936f66..4c3b877f8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.36", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json index d22d8a4f8..86441148f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.37", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json index 807e4331a..9047763a2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CIFS / SMB (TCP:3020) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.38", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json deleted file mode 100755 index fcdf6d0a4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3020ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.39", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json index 5de920a46..01779a487 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra (TCP:7001) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.40", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json deleted file mode 100755 index bb419a6f8..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort7001ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra (TCP:7001) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.41", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json index 73897d0cb..30ad75692 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.42", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json deleted file mode 100755 index 94be52a77..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort61621ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.43", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json index b1c2a771e..17611caa3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "DNS (UDP:53) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.44", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json deleted file mode 100755 index 215094734..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort53ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "DNS (UDP:53) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.45", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json index f3cc9c782..3936a71c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Hadoop Name Node (TCP:9000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.46", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json deleted file mode 100755 index 1fb6d20ce..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort9000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.47", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json index ec50e4747..c32187d41 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.48", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json deleted file mode 100755 index fbd9c5c37..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.49", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json index 1302bd998..40f5a90ef 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8080) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.50", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json deleted file mode 100755 index 53254ea21..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8080ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8080) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.51", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json index 674bd2d35..cbfce3ae5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "LDAP SSL (TCP:636) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.52", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json deleted file mode 100755 index 113023c2f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort636ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "LDAP SSL (TCP:636) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.53", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json index f261038a7..3ac5484ed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Admin (TCP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.54", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json deleted file mode 100755 index 6ed894d61..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.55", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json index d5d8d8b53..e81f066e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Browser (UDP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.56", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json deleted file mode 100755 index b140a307c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.57", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json index c757173b5..e769d8ec9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Debugger (TCP:135) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.58", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json deleted file mode 100755 index 41187896f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort135ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.59", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json index e4b89918d..7b94d60b8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Server (TCP:1433) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.60", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json deleted file mode 100755 index 6f760513d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1433ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.61", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json index 0e96149dd..fa2304a8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.62", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json deleted file mode 100755 index f8ebeff60..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.63", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json index 09b9425d5..59cdddff2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.64", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json deleted file mode 100755 index 8bf9e8be7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.65", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json index 1ede5f1b9..9471d9ea9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.66", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json deleted file mode 100755 index e50a95028..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.67", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json index ba85e6c27..c6b532814 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.68", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json deleted file mode 100755 index 71e963466..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.69", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json index 13ff31195..1aac9db20 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Microsoft-DS (TCP:445) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.70", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json deleted file mode 100755 index 3be3c53e5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort445ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.71", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json index c5d0deb54..e2425d4f4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Mongo Web Portal (TCP:27018) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.72", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json deleted file mode 100755 index f210bf838..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort27018ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.73", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json index 856c56f2a..bc984972c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MySQL (TCP:3306) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.74", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json deleted file mode 100755 index 1af0a93a7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3306ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MySQL (TCP:3306) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.75", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json index 830c14b77..4fdd48061 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (TCP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.76", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json deleted file mode 100755 index 964516086..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.77", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json index 2fa2e83e8..c2a747e89 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (UDP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.78", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json deleted file mode 100755 index da9d2918c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.79", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json index d3ac559d8..92a31a8d7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.80", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json deleted file mode 100755 index b66bdd50a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.81", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json index d71f1e131..6fe1c3363 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.82", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json deleted file mode 100755 index 1e8cd9049..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.83", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json index 0ec3c88b5..7211c37f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (TCP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.84", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json deleted file mode 100755 index 67ae72a86..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.85", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json index 2ca4b56fa..efd520f74 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (UDP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.86", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json deleted file mode 100755 index b9f3973b7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.87", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json index 8ce6141bf..6fdf11c39 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (TCP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.88", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json deleted file mode 100755 index 37ff253f7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.89", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json index 090635ee9..68b809761 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (UDP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.90", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json deleted file mode 100755 index 76d2354dc..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.91", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json index 34cd8cd11..4bfecb1e7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "POP3 (TCP:110) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.92", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json deleted file mode 100755 index 88712f593..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort110ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "POP3 (TCP:110) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.93", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json index 82f6b5dda..22c3a1628 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (TCP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.94", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json deleted file mode 100755 index dc97e3a91..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.95", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json index bba59507e..9b9fe1a90 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (UDP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.96", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json deleted file mode 100755 index f5ed8e224..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.97", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json index f819d6b71..1bf4612ae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Prevalent known internal port (TCP:3000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.98", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json deleted file mode 100755 index 9592ce27d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.99", - "category": "Network Ports Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json similarity index 82% rename from pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json rename to pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json index 69c85928a..7d7595b12 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "reference_id": "accurics.azure.NS.11", - "category": "Network Security", + "reference_id": "AC-AZ-LM-NW-H-0194", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json similarity index 78% rename from pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json rename to pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json index 1e8e1fb41..2a64f33eb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json @@ -1,12 +1,12 @@ { - "name": "reme_logRetensionGraterThan90Days", + "name": "reme_networkWatcherLogRetension", "file": "networkWatcherCheck.rego", "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "reference_id": "accurics.azure.NS.342", - "category": "Network Security", + "reference_id": "AC-AZ-RE-NW-M-0193", + "category": "Resilience", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json similarity index 78% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json index b8ccaea96..6b921baa9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.151", - "category": "Logging", + "reference_id": "AC-AZ-LM-PC-M-0198", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json index c166f5e99..30a79374c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.152", - "category": "Logging", + "reference_id": "AC-AZ-LM-PC-M-0199", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json index 9390bf1bd..7e8bfc114 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.153", - "category": "Logging", + "reference_id": "AC-AZ-LM-PC-M-0200", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json similarity index 76% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json index acd4215c3..78c462b57 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.154", - "category": "Logging", + "reference_id": "AC-AZ-LM-PC-M-0201", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json index bb369e624..c95cd8f22 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.364", - "category": "Logging", + "reference_id": "AC-AZ-LM-PC-M-0203", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json similarity index 70% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json index 34718109a..d50d50e8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json @@ -1,12 +1,12 @@ { - "name": "reme_logRetention", + "name": "reme_logRetentionPsql", "file": "logRetention.rego", "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.155", - "category": "Logging", + "reference_id": "AC-AZ-RE-PC-M-0202", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json index 29cae6e06..2036bb05b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "reference_id": "accurics.azure.EKM.1", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-IS-PS-H-0204", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json similarity index 73% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json index 2e383392c..324644c36 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", - "reference_id": "accurics.azure.BDR.163", - "category": "Backup and Disaster Recovery", + "reference_id": "AC-AZ-RE-PS-H-0205", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json similarity index 80% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json index d7a03d1e8..93ec13ee3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", - "reference_id": "accurics.azure.NS.30", - "category": "Network Security", + "reference_id": "AC-AZ-IS-RC-H-0218", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json similarity index 81% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json index fe51fba0a..f766e88dd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", - "reference_id": "accurics.azure.NS.31", - "category": "Network Security", + "reference_id": "AC-AZ-IS-RC-H-0219", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json similarity index 72% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json index 201152c30..e676e3fb2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that the Redis Cache accepts only SSL connections", - "reference_id": "accurics.azure.EKM.23", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-IS-RC-M-0216", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json index 52e14ee6b..3c6ea9973 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", - "reference_id": "accurics.azure.NS.166", - "category": "Network Security", + "reference_id": "AC-AZ-IS-RC-M-0220", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json similarity index 81% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json index 3837ba95f..40273bd66 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", - "reference_id": "accurics.azure.NS.13", - "category": "Network Security", + "reference_id": "AC-AZ-SP-RC-H-0217", + "category": "Security Best Practices", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json similarity index 73% rename from pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json rename to pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json index 153c4488f..f377d3d22 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json @@ -6,7 +6,7 @@ }, "severity": "LOW", "description": "Ensure that Azure Resource Group has resource lock enabled", - "reference_id": "accurics.azure.NS.272", - "category": "Network Security", + "reference_id": "AC-AZ-IA-RG-L-0221", + "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json b/pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json similarity index 85% rename from pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json rename to pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json index ca322d0b8..f628d7e68 100755 --- a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json +++ b/pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that there are no guest users", - "reference_id": "accurics.azure.IAM.388", + "reference_id": "AC-AZ-IA-RA-H-0222", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json rename to pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json index 390dc737b..fd908a0c8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'", - "reference_id": "accurics.azure.MON.353", - "category": "Monitoring", + "reference_id": "AC-AZ-LM-SC-M-0224", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json rename to pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json index 7da13582a..dfce74772 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that standard pricing tiers are selected", - "reference_id": "accurics.azure.OPS.349", - "category": "Operational Efficiency", + "reference_id": "AC-AZ-SP-SS-M-0225", + "category": "Security Best Practices", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json similarity index 76% rename from pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json rename to pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json index 0bcdc2c4c..bb1f4f928 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", - "reference_id": "accurics.azure.IAM.137", - "category": "Identity and Access Management", + "reference_id": "AC-AZ-CV-SA-M-0226", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json rename to pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json index 359f70b6e..930a33552 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", - "reference_id": "accurics.azure.MON.157", - "category": "Monitoring", + "reference_id": "AC-AZ-LM-SD-M-0227", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json similarity index 82% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json index b64c3c080..cb5d089f2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", - "reference_id": "accurics.azure.NS.5", - "category": "Network Security", + "reference_id": "AC-AZ-IS-SF-H-0229", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json similarity index 79% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json index 3326bd00f..4c020c8c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", - "reference_id": "accurics.azure.NS.21", - "category": "Network Security", + "reference_id": "AC-AZ-IS-SF-H-0230", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json index 549e2bf7c..e42add61a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Restrict Azure SQL Server accessibility to a minimal address range", - "reference_id": "accurics.azure.NS.169", - "category": "Network Security", + "reference_id": "AC-AZ-IS-SF-M-0231", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json index e42c803cd..85dd3162c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", - "reference_id": "accurics.azure.IAM.138", - "category": "Identity and Access Management", + "reference_id": "AC-AZ-CV-SQ-M-0233", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json similarity index 74% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json index 67e7cef09..e1439500c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", - "reference_id": "accurics.azure.LOG.356", - "category": "Logging", + "reference_id": "AC-AZ-CV-SQ-M-0235", + "category": "Compliance Validation", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json index 566e76c22..e5e8af1d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", - "reference_id": "accurics.azure.IAM.10", + "reference_id": "AC-AZ-IA-SQ-H-0232", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json similarity index 73% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json index 1bccf29aa..0380c4cd0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", - "reference_id": "accurics.azure.MON.354", - "category": "Monitoring", + "reference_id": "AC-AZ-LM-SQ-M-0234", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json similarity index 75% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json index f5bca5b10..4bee6be9b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", - "reference_id": "accurics.azure.EKM.7", - "category": "Encryption and Key Management", + "reference_id": "AC-AZ-DP-SA-H-0237", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json similarity index 79% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json index aba7ae27b..eb411a720 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "reference_id": "accurics.azure.NS.2", - "category": "Network Security", + "reference_id": "AC-AZ-IS-SA-H-0239", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json index 4eb41fe78..6b3ddaac9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure default network access rule for Storage Accounts is not open to public", - "reference_id": "accurics.azure.NS.4", - "category": "Network Security", + "reference_id": "AC-AZ-IS-SA-H-0240", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json b/pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json rename to pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json index 06f145e7f..f77e6601e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", - "reference_id": "accurics.azure.IAM.368", + "reference_id": "AC-AZ-IA-SN-H-0243", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json similarity index 77% rename from pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json rename to pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json index 907585538..3279699af 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", - "reference_id": "accurics.azure.NS.161", - "category": "Network Security", + "reference_id": "AC-AZ-IS-VN-M-0251", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file