From 2504f9491d4fad7fe417f8c2ed468e58ba5e6f00 Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Wed, 3 Mar 2021 21:17:11 +0530 Subject: [PATCH 1/4] add new categories for all azure policies --- .../azurerm_application_gateway/accurics.azure.NS.147.json | 2 +- .../azure/azurerm_container_registry/accurics.azure.AKS.3.json | 2 +- .../azurerm_container_registry/accurics.azure.EKM.164.json | 2 +- .../azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json | 2 +- .../azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json | 2 +- .../rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json | 2 +- .../opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json | 2 +- .../rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json | 2 +- .../azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json | 2 +- .../azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json | 2 +- .../azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json | 2 +- .../rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json | 2 +- .../rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json | 2 +- .../rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json | 2 +- .../rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.100.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.101.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.102.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.103.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.104.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.105.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.106.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.107.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.108.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.109.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.110.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.111.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.112.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.113.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.114.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.115.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.116.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.117.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.118.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.119.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.170.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.171.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.172.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.173.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.174.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.175.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.176.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.177.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.178.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.179.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.180.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.181.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.182.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.183.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.184.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.185.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.186.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.187.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.188.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.189.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.190.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.191.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.192.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.193.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.194.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.195.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.196.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.197.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.198.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.199.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.200.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.201.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.202.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.203.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.204.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.205.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.206.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.207.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.208.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.209.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.210.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.211.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.212.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.213.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.214.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.215.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.216.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.217.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.218.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.219.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.220.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.221.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.222.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.223.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.224.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.225.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.226.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.227.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.228.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.229.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.230.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.231.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.232.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.233.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.234.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.235.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.236.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.237.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.238.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.239.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.240.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.241.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.242.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.243.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.244.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.245.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.246.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.247.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.248.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.249.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.250.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.251.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.252.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.253.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.254.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.275.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.276.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.277.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.278.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.279.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.280.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.281.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.282.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.283.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.284.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.285.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.286.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.287.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.288.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.289.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.290.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.291.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.292.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.293.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.294.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.295.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.296.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.297.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.298.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.299.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.300.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.301.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.302.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.303.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.304.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.305.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.306.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.307.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.308.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.309.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.310.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.311.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.312.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.313.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.314.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.315.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.35.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.36.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.37.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.38.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.39.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.40.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.41.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.42.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.43.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.44.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.45.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.46.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.47.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.48.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.49.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.50.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.51.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.52.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.53.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.54.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.55.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.56.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.57.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.58.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.59.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.60.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.61.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.62.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.63.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.64.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.65.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.66.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.67.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.68.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.69.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.70.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.71.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.72.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.73.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.74.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.75.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.76.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.77.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.78.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.79.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.80.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.81.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.82.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.83.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.84.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.85.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.86.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.87.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.88.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.89.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.90.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.91.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.92.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.93.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.94.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.95.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.96.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.97.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.98.json | 2 +- .../azurerm_network_security_rule/accurics.azure.NPS.99.json | 2 +- .../azurerm_network_watcher_flow_log/accurics.azure.NS.11.json | 2 +- .../azurerm_network_watcher_flow_log/accurics.azure.NS.342.json | 2 +- .../accurics.azure.LOG.151.json | 2 +- .../accurics.azure.LOG.152.json | 2 +- .../accurics.azure.LOG.153.json | 2 +- .../accurics.azure.LOG.154.json | 2 +- .../accurics.azure.LOG.155.json | 2 +- .../accurics.azure.LOG.364.json | 2 +- .../azure/azurerm_postgresql_server/accurics.azure.BDR.163.json | 2 +- .../azure/azurerm_postgresql_server/accurics.azure.EKM.1.json | 2 +- .../rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json | 2 +- .../rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json | 2 +- .../rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json | 2 +- .../rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json | 2 +- .../rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json | 2 +- .../azure/azurerm_resource_group/accurics.azure.NS.272.json | 2 +- .../azurerm_security_center_contact/accurics.azure.MON.353.json | 2 +- .../accurics.azure.OPS.349.json | 2 +- .../accurics.azure.IAM.137.json | 2 +- .../rego/azure/azurerm_sql_database/accurics.azure.MON.157.json | 2 +- .../azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json | 2 +- .../azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json | 2 +- .../azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json | 2 +- .../rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json | 2 +- .../rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json | 2 +- .../rego/azure/azurerm_sql_server/accurics.azure.MON.354.json | 2 +- .../azure/azurerm_storage_account/accurics.azure.EKM.7.json | 2 +- .../rego/azure/azurerm_storage_account/accurics.azure.NS.2.json | 2 +- .../rego/azure/azurerm_storage_account/accurics.azure.NS.4.json | 2 +- .../azure/azurerm_virtual_network/accurics.azure.NS.161.json | 2 +- 256 files changed, 256 insertions(+), 256 deletions(-) diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json index 7f0e5ea92..186001404 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", "reference_id": "accurics.azure.NS.147", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json index b0ad52b44..ccf5ecb2e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure Container Registry has locks", "reference_id": "accurics.azure.AKS.3", - "category": "Azure Container Services", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json index 9d6ce08cc..5c6529978 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that admin user is disabled for Container Registry", "reference_id": "accurics.azure.EKM.164", - "category": "Encryption and Key Management", + "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json index 8dcdf45b7..8a0fbbaa4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that Cosmos DB Account has an associated tag", "reference_id": "accurics.azure.CAM.162", - "category": "Cloud Assets Management", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json index 0bb29266c..a43405950 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure to filter source Ips for Cosmos DB Account", "reference_id": "accurics.azure.NS.32", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json index 26d27562c..ef5a554f7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", "reference_id": "accurics.azure.EKM.164", - "category": "Encryption and Key Management", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json index 8838c308a..ab5644012 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that logging for Azure KeyVault is 'Enabled'", "reference_id": "accurics.azure.EKM.20", - "category": "Encryption and Key Management", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json index b62d7c09a..3fdb26c05 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that the expiration date is set on all keys", "reference_id": "accurics.azure.EKM.25", - "category": "Key Management", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json index 3db60840a..2388ebb70 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that the expiration date is set on all secrets", "reference_id": "accurics.azure.EKM.26", - "category": "Key Management", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json index 9a43c0a4f..67ffc0e9e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure AKS cluster has Network Policy configured.", "reference_id": "accurics.azure.NS.382", - "category": "Network Security", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json index 4d4b83855..cbf3b3db5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure Kube Dashboard is disabled", "reference_id": "accurics.azure.NS.383", - "category": "Network Security", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json index bfb3f8036..365f7e096 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that 'OS disk' are encrypted", "reference_id": "accurics.azure.EKM.156", - "category": "Encryption and Key Management", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json index 2d0a5d83b..3de180f5f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json @@ -8,6 +8,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", "reference_id": "accurics.azure.LOG.357", - "category": "Monitoring", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json index 096464df7..336821d1e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json @@ -8,6 +8,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", "reference_id": "accurics.azure.MON.355", - "category": "Monitoring", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json index b70ab3a52..eec1f56d7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json +++ b/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json @@ -5,6 +5,6 @@ "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", "reference_id": "accurics.azure.NS.361", - "category": "Network Security", + "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json index a08d92020..8f30623e3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.100.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Puppet Master (TCP:8140) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.100", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json index 491a84e74..ca382edde 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Puppet Master (TCP:8140) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.101", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json index 4052ddfad..be6aa8944 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.102.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SMTP (TCP:25) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.102", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json index 01a6a3877..aa117b29b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SMTP (TCP:25) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.103", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json index ebb8e8fa3..1435f12b5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.104.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SNMP (UDP:161) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.104", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json index 62f45822a..6842e82f7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SNMP (UDP:161) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.105", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json index 5491b8b42..7983fb571 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.106.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2382) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.106", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json index 3f3d15add..793d66293 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.107", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json index 49fd9ad7c..14b6e8ab1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.108.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2383) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.108", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json index 4b1ceb4a9..35f2a563d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.109", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json index bc8f955d6..bb376d176 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.110.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4505) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.110", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json index e3a67ce27..4796adee1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.111", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json index 55b15b818..a870fc62c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.112.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4506) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.112", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json index 9e9ef8972..79674023d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.113", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json index 6d370bca9..f8018e348 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.114.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Telnet (TCP:23) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.114", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json index dabc8d586..dc11164a9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Telnet (TCP:23) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.115", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json index 724ba67c5..1164b7d08 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.116.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Listener (TCP:5500) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.116", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json index 5ccc2d46c..5a2a0baeb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Listener (TCP:5500) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.117", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json index b8020fa82..b307a12de 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.118.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Server (TCP:5900) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.118", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json index a8fa9f777..4ddc6e01b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "VNC Server (TCP:5900) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.119", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json index 5c8a965bc..e15b618d8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.170.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.170", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json index d76bba655..c692cc559 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.171", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json index 120e76cfb..de09a2b53 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the entire public internet", "reference_id": "accurics.azure.NPS.172", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json index d65ab4cc8..9b6897e6c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.173.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "CIFS / SMB (TCP:3020) is exposed to small Public network", "reference_id": "accurics.azure.NPS.173", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json index 35407bcbe..53550e5cf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.174", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json index d47fdc90a..9aadacbc9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.175.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra (TCP:7001) is exposed to small Public network", "reference_id": "accurics.azure.NPS.175", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json index c4f6e5895..385bfc50a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra (TCP:7001) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.176", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json index 5c4a93356..d0eeaf870 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.177.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Public network", "reference_id": "accurics.azure.NPS.177", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json index 5427c1d04..782aa6090 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.178", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json index 7ecfbe040..922e1c117 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.179.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "DNS (UDP:53) is exposed to small Public network", "reference_id": "accurics.azure.NPS.179", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json index e479544b4..e42f19f4f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "DNS (UDP:53) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.180", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json index c782f0dd2..747601b24 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.181.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Hadoop Name Node (TCP:9000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.181", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json index ba5b2119a..40bd25130 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.182", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json index dd37c85a1..59c9056bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.183.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.183", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json index e03367326..0d5cb3bdb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8000) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.184", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json index 58bd7ae7c..86957f305 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.185.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8080) is exposed to small Public network", "reference_id": "accurics.azure.NPS.185", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json index bbd4866b0..a057b9814 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": " Known internal web port (TCP:8080) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.186", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json index 776e28c8a..b37f64bbf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.187.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "LDAP SSL (TCP:636) is exposed to small Public network", "reference_id": "accurics.azure.NPS.187", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json index 3bc3c0adc..eb6fa04c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "LDAP SSL (TCP:636) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.188", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json index fec6a7001..699eb2182 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.189.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Admin (TCP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.189", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json index cf02673d3..b45d74a95 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.190", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json index 91b186e26..b9b3eedcd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.191.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Browser (UDP:1434) is exposed to small Public network", "reference_id": "accurics.azure.NPS.191", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json index b51160f03..6e05e582b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.192", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json index 8cd6382c9..f0aa9afa3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.193.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Debugger (TCP:135) is exposed to small Public network", "reference_id": "accurics.azure.NPS.193", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json index 8a5e4a906..848500fdf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.194", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json index de0b49a48..9ecabfc88 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.195.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Server (TCP:1433) is exposed to small Public network", "reference_id": "accurics.azure.NPS.195", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json index 9f1413367..3b014bc2b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.196", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json index b86f9d089..8d368f608 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.197.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.197", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json index 0f328276d..de3960341 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.198", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json index 6db41a81a..39533614b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.199.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.199", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json index 78e478c60..ed9d56a65 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.200", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json index 6408236b7..890c625cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.201.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11214) is exposed to small Public network", "reference_id": "accurics.azure.NPS.201", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json index b63a1ccd1..b1192691f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.202", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json index ae6c514f8..a44763cad 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.203.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11215) is exposed to small Public network", "reference_id": "accurics.azure.NPS.203", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json index 0b88a6b36..69b97ae34 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.204", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json index 051452bf4..a108c9d12 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.205.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Microsoft-DS (TCP:445) is exposed to small Public network", "reference_id": "accurics.azure.NPS.205", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json index d8fcdb209..c7f9de2d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.206", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json index 4d0126da2..6765335ed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.207.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Mongo Web Portal (TCP:27018) is exposed to small Public network", "reference_id": "accurics.azure.NPS.207", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json index c73b502f0..e6ee87569 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.208", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json index 0a425c3f6..3cc1ee830 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.209.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MySQL (TCP:3306) is exposed to small Public network", "reference_id": "accurics.azure.NPS.209", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json index ec3db9806..f6ae3a4ab 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "MySQL (TCP:3306) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.210", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json index 04a8733d1..a9b1abce5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.211.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (TCP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.211", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json index 3349d02cf..0ea55d32c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.212", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json index 6e56b1f07..aa7ad6238 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.213.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (UDP:137) is exposed to small Public network", "reference_id": "accurics.azure.NPS.213", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json index 6b34a29ff..ace8988a7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.214", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json index feb52408f..176ce754b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.215.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.215", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json index 4a6213eda..ae308d29d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.216", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json index b1776ab10..c701889bd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.217.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Public network", "reference_id": "accurics.azure.NPS.217", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json index bb6529898..d0f2e59f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.218", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json index 052198ec7..a898914a1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.219.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (TCP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.219", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json index aa251367e..2c0ac9cf5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.220", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json index 53663d6b4..84a898fe6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.221.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (UDP:139) is exposed to small Public network", "reference_id": "accurics.azure.NPS.221", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json index 4df402b9e..9230e4913 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.222", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json index 00d02aa60..bf5152a84 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.223.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (TCP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.223", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json index dedf070d6..a24e406a1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.224", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json index de1885880..9010cadea 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.225.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (UDP:2484) is exposed to small Public network", "reference_id": "accurics.azure.NPS.225", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json index bfa52f3a0..d8984b5a0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.226", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json index 5c0d4e8ab..769a6359d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.227.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "POP3 (TCP:110) is exposed to small Public network", "reference_id": "accurics.azure.NPS.227", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json index da582bf4f..72307d557 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "POP3 (TCP:110) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.228", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json index 2f6d417e9..c97cdc34f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.229.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (TCP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.229", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json index dcbaa095a..7221feedc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.230", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json index 81d0c60b0..791a8123e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.231.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (UDP:5432) is exposed to small Public network", "reference_id": "accurics.azure.NPS.231", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json index 48d5195e5..5412aa5da 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.232", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json index 23bfb5139..5a0047fba 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.233.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Prevalent known internal port (TCP:3000) is exposed to small Public network", "reference_id": "accurics.azure.NPS.233", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json index 1fdd82eb8..d8dd2c6fb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.234", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json index 535f0c6a7..916a6a308 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.235.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Puppet Master (TCP:8140) is exposed to small Public network", "reference_id": "accurics.azure.NPS.235", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json index 1564c8f14..aafa616b1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Puppet Master (TCP:8140) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.236", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json index a48cf577b..64305a6e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.237.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SMTP (TCP:25) is exposed to small Public network", "reference_id": "accurics.azure.NPS.237", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json index 475c48c1d..4b8e854bf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SMTP (TCP:25) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.238", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json index 5930e5a3e..5a4b1e309 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.239.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SNMP (UDP:161) is exposed to small Public network", "reference_id": "accurics.azure.NPS.239", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json index f20d95d44..5f411b979 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SNMP (UDP:161) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.240", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json index 050f41d94..ed0d7e708 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.241.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2382) is exposed to small Public network", "reference_id": "accurics.azure.NPS.241", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json index e079c8166..bdf32c528 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.242", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json index 5fc0e0a4f..4bec78ce0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.243.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2383) is exposed to small Public network", "reference_id": "accurics.azure.NPS.243", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json index 0ea2cd2e2..6b673da88 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.244", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json index 3bea5ba93..a63a2c527 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.245.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4505) is exposed to small Public network", "reference_id": "accurics.azure.NPS.245", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json index 472351a48..8b3e99bc3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.246", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json index df75dd102..edcf3566d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.247.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4506) is exposed to small Public network", "reference_id": "accurics.azure.NPS.247", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json index 7bb85e5ea..1041a93a9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.248", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json index 895ae823c..e429404d9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.249.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Telnet (TCP:23) is exposed to small Public network", "reference_id": "accurics.azure.NPS.249", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json index 49ea49dac..4f37e4a51 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "Telnet (TCP:23) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.250", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json index 4e8f286c2..da5aadbaa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.251.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Listener (TCP:5500) is exposed to small Public network", "reference_id": "accurics.azure.NPS.251", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json index 0e97923a6..d72f6d5b5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Listener (TCP:5500) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.252", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json index 1bc84985d..1cadbb5b6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.253.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Server (TCP:5900) is exposed to small Public network", "reference_id": "accurics.azure.NPS.253", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json index 54371c135..eb7ca883c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json @@ -13,6 +13,6 @@ "severity": "MEDIUM", "description": "VNC Server (TCP:5900) is exposed to wide Private network", "reference_id": "accurics.azure.NPS.254", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json index 5547c0892..eda60ae34 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.275.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "CIFS / SMB (TCP:3020) is exposed to small Private network", "reference_id": "accurics.azure.NPS.275", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json index 09ccd2dc0..c7ec9e1ae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.276.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Cassandra (TCP:7001) is exposed to small Private network", "reference_id": "accurics.azure.NPS.276", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json index 8aaa75393..a8caba275 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.277.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Cassandra OpsCenter (TCP:61621) is exposed to small Private network", "reference_id": "accurics.azure.NPS.277", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json index b7b03f3b5..cc6d5bbeb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.278.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "DNS (UDP:53) is exposed to small Private network", "reference_id": "accurics.azure.NPS.278", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json index 8502cd27b..d3a1189de 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.279.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Hadoop Name Node (TCP:9000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.279", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json index 725ed7594..452381e35 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.280.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": " Known internal web port (TCP:8000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.280", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json index 2188a0095..fa16432a4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.281.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": " Known internal web port (TCP:8080) is exposed to small Private network", "reference_id": "accurics.azure.NPS.281", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json index a6a786bfa..54273683a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.282.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "LDAP SSL (TCP:636) is exposed to small Private network", "reference_id": "accurics.azure.NPS.282", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json index 5cb3622d9..c10c2b2a6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.283.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Admin (TCP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.283", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json index 67ee9267a..418a12687 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.284.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Browser (UDP:1434) is exposed to small Private network", "reference_id": "accurics.azure.NPS.284", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json index 7de5d81cd..59c0bc01b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.285.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Debugger (TCP:135) is exposed to small Private network", "reference_id": "accurics.azure.NPS.285", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json index f1e91e23e..e4eb1a24c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.286.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MSSQL Server (TCP:1433) is exposed to small Private network", "reference_id": "accurics.azure.NPS.286", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json index c7981063e..a5e22cd8f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.287.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (TCP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.287", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json index 73ecf0055..4e25ba175 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.288.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (TCP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.288", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json index d8563d31f..03e141cb2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.289.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (UDP:11214) is exposed to small Private network", "reference_id": "accurics.azure.NPS.289", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json index 0b5f5b6c1..e71e40044 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.290.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Memcached SSL (UDP:11215) is exposed to small Private network", "reference_id": "accurics.azure.NPS.290", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json index 64c9d76db..64ac8affd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.291.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Microsoft-DS (TCP:445) is exposed to small Private network", "reference_id": "accurics.azure.NPS.291", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json index c10921671..89a87d303 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.292.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Mongo Web Portal (TCP:27018) is exposed to small Private network", "reference_id": "accurics.azure.NPS.292", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json index 970b6a56b..49d686045 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.293.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "MySQL (TCP:3306) is exposed to small Private network", "reference_id": "accurics.azure.NPS.293", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json index 78d7f4228..df64b806a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.294.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Name Service (TCP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.294", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json index 5c621aacf..4463f7b21 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.295.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Name Service (UDP:137) is exposed to small Private network", "reference_id": "accurics.azure.NPS.295", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json index 5766d2d2d..e9c279de3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.296.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Datagram Service (TCP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.296", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json index dfeedd47c..47fa43401 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.297.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Datagram Service (UDP:138) is exposed to small Private network", "reference_id": "accurics.azure.NPS.297", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json index bbeb2c454..76a90c7b1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.298.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Session Service (TCP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.298", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json index 87a2b223a..d4165bacd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.299.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "NetBIOS Session Service (UDP:139) is exposed to small Private network", "reference_id": "accurics.azure.NPS.299", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json index 7ba5579f2..1fde59991 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.300.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Oracle DB SSL (TCP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.300", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json index 2e717e5bd..1307a57b1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.301.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Oracle DB SSL (UDP:2484) is exposed to small Private network", "reference_id": "accurics.azure.NPS.301", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json index f9b177854..79b99639f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.302.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "POP3 (TCP:110) is exposed to small Private network", "reference_id": "accurics.azure.NPS.302", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json index 690df8894..ee29f0f3e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.303.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "PostgreSQL (TCP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.303", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json index 19f7c7fdc..21e556f1a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.304.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "PostgreSQL (UDP:5432) is exposed to small Private network", "reference_id": "accurics.azure.NPS.304", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json index 4152b7b0d..4f0994055 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.305.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Prevalent known internal port (TCP:3000) is exposed to small Private network", "reference_id": "accurics.azure.NPS.305", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json index c3d7d66a5..ebe31c808 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.306.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Puppet Master (TCP:8140) is exposed to small Private network", "reference_id": "accurics.azure.NPS.306", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json index 38a2216b8..7b7c74dad 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.307.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SMTP (TCP:25) is exposed to small Private network", "reference_id": "accurics.azure.NPS.307", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json index 442804b36..4dec95f39 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.308.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SNMP (UDP:161) is exposed to small Private network", "reference_id": "accurics.azure.NPS.308", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json index 37a81efd7..f85a5b7f3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.309.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SQL Server Analysis (TCP:2382) is exposed to small Private network", "reference_id": "accurics.azure.NPS.309", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json index 7a42caf10..fb1230e99 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.310.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SQL Server Analysis (TCP:2383) is exposed to small Private network", "reference_id": "accurics.azure.NPS.310", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json index 01613dc4e..8ba254ba9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.311.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SaltStack Master (TCP:4505) is exposed to small Private network", "reference_id": "accurics.azure.NPS.311", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json index 3c1a33fa7..e15017747 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.312.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "SaltStack Master (TCP:4506) is exposed to small Private network", "reference_id": "accurics.azure.NPS.312", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json index 9e23b854c..b196d55e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.313.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "Telnet (TCP:23) is exposed to small Private network", "reference_id": "accurics.azure.NPS.313", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json index 271bb4ce9..a17d549ff 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.314.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "VNC Listener (TCP:5500) is exposed to small Private network", "reference_id": "accurics.azure.NPS.314", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json index 3bc795fd2..6d83b0b35 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.315.json @@ -13,6 +13,6 @@ "severity": "LOW", "description": "VNC Server (TCP:5900) is exposed to small Private network", "reference_id": "accurics.azure.NPS.315", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json index 551c54ebe..f541992b3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.35", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json index b40936f66..4c3b877f8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.36", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json index d22d8a4f8..86441148f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the wide public internet", "reference_id": "accurics.azure.NPS.37", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json index 807e4331a..9047763a2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.38.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CIFS / SMB (TCP:3020) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.38", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json index fcdf6d0a4..ca22f0cb6 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.39", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json index 5de920a46..01779a487 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.40.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra (TCP:7001) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.40", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json index bb419a6f8..0ec87eb6a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra (TCP:7001) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.41", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json index 73897d0cb..30ad75692 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.42.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.42", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json index 94be52a77..0e65ebe5b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.43", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json index b1c2a771e..17611caa3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.44.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "DNS (UDP:53) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.44", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json index 215094734..ea88aa608 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "DNS (UDP:53) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.45", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json index f3cc9c782..3936a71c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.46.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Hadoop Name Node (TCP:9000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.46", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json index 1fb6d20ce..072d6049d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.47", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json index ec50e4747..c32187d41 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.48.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.48", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json index fbd9c5c37..c74846556 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8000) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.49", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json index 1302bd998..40f5a90ef 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.50.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8080) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.50", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json index 53254ea21..2fdd59149 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": " Known internal web port (TCP:8080) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.51", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json index 674bd2d35..cbfce3ae5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.52.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "LDAP SSL (TCP:636) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.52", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json index 113023c2f..e1f72fc5e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "LDAP SSL (TCP:636) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.53", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json index f261038a7..3ac5484ed 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.54.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Admin (TCP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.54", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json index 6ed894d61..5ef88ba2c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.55", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json index d5d8d8b53..e81f066e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.56.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Browser (UDP:1434) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.56", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json index b140a307c..521d7dfdb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.57", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json index c757173b5..e769d8ec9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.58.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Debugger (TCP:135) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.58", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json index 41187896f..19a43a2cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.59", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json index e4b89918d..7b94d60b8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.60.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Server (TCP:1433) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.60", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json index 6f760513d..f45359b8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.61", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json index 0e96149dd..fa2304a8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.62.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.62", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json index f8ebeff60..66f9105e2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.63", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json index 09b9425d5..59cdddff2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.64.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.64", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json index 8bf9e8be7..5f223989a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.65", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json index 1ede5f1b9..9471d9ea9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.66.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11214) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.66", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json index e50a95028..7b4670186 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.67", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json index ba85e6c27..c6b532814 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.68.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11215) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.68", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json index 71e963466..4e9faab0c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.69", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json index 13ff31195..1aac9db20 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.70.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Microsoft-DS (TCP:445) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.70", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json index 3be3c53e5..a20dcb1d9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.71", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json index c5d0deb54..e2425d4f4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.72.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Mongo Web Portal (TCP:27018) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.72", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json index f210bf838..382c9ab5b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.73", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json index 856c56f2a..bc984972c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.74.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MySQL (TCP:3306) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.74", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json index 1af0a93a7..aa4cd9ed2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "MySQL (TCP:3306) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.75", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json index 830c14b77..4fdd48061 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.76.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (TCP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.76", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json index 964516086..86e8f9619 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.77", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json index 2fa2e83e8..c2a747e89 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.78.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (UDP:137) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.78", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json index da9d2918c..05a693650 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.79", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json index d3ac559d8..92a31a8d7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.80.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.80", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json index b66bdd50a..013de4be0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.81", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json index d71f1e131..6fe1c3363 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.82.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.82", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json index 1e8cd9049..53dc0594d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.83", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json index 0ec3c88b5..7211c37f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.84.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (TCP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.84", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json index 67ae72a86..8f3cc4c47 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.85", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json index 2ca4b56fa..efd520f74 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.86.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (UDP:139) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.86", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json index b9f3973b7..17edad2a4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.87", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json index 8ce6141bf..6fdf11c39 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.88.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (TCP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.88", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json index 37ff253f7..263018338 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.89", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json index 090635ee9..68b809761 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.90.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (UDP:2484) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.90", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json index 76d2354dc..7441ba062 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.91", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json index 34cd8cd11..4bfecb1e7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.92.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "POP3 (TCP:110) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.92", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json index 88712f593..44f137e1e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "POP3 (TCP:110) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.93", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json index 82f6b5dda..22c3a1628 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.94.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (TCP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.94", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json index dc97e3a91..193799d73 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.95", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json index bba59507e..9b9fe1a90 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.96.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (UDP:5432) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.96", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json index f5ed8e224..789824324 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.97", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json index f819d6b71..1bf4612ae 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.98.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Prevalent known internal port (TCP:3000) is exposed to wide Public network", "reference_id": "accurics.azure.NPS.98", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json index 9592ce27d..624b97308 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json @@ -13,6 +13,6 @@ "severity": "HIGH", "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", "reference_id": "accurics.azure.NPS.99", - "category": "Network Ports Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json index 69c85928a..37defbdbf 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", "reference_id": "accurics.azure.NS.11", - "category": "Network Security", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json index 1e8e1fb41..1e9aa613b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", "reference_id": "accurics.azure.NS.342", - "category": "Network Security", + "category": "Resilience", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json index b8ccaea96..2768342d2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.151", - "category": "Logging", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json index c166f5e99..d92cdce90 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.152", - "category": "Logging", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json index 9390bf1bd..a557bbaa5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.153", - "category": "Logging", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json index acd4215c3..4fbc66b29 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.154", - "category": "Logging", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json index 34718109a..5d528a0c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.155", - "category": "Logging", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json index bb369e624..416eae363 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", "reference_id": "accurics.azure.LOG.364", - "category": "Logging", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json index 2e383392c..0d2cc9b5e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", "reference_id": "accurics.azure.BDR.163", - "category": "Backup and Disaster Recovery", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json index 29cae6e06..a88513d48 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", "reference_id": "accurics.azure.EKM.1", - "category": "Encryption and Key Management", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json index 201152c30..0cd495c0b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that the Redis Cache accepts only SSL connections", "reference_id": "accurics.azure.EKM.23", - "category": "Encryption and Key Management", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json index 3837ba95f..35bceb672 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", "reference_id": "accurics.azure.NS.13", - "category": "Network Security", + "category": "Security Best Practices", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json index 52e14ee6b..7fafb19e2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", "reference_id": "accurics.azure.NS.166", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json index d7a03d1e8..90de11137 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json @@ -9,6 +9,6 @@ "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", "reference_id": "accurics.azure.NS.30", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json index fe51fba0a..4237f22f5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json @@ -9,6 +9,6 @@ "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", "reference_id": "accurics.azure.NS.31", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json index 153c4488f..1609a2762 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json @@ -7,6 +7,6 @@ "severity": "LOW", "description": "Ensure that Azure Resource Group has resource lock enabled", "reference_id": "accurics.azure.NS.272", - "category": "Network Security", + "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json index 390dc737b..ece536cd7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'", "reference_id": "accurics.azure.MON.353", - "category": "Monitoring", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json index 7da13582a..429211aa1 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that standard pricing tiers are selected", "reference_id": "accurics.azure.OPS.349", - "category": "Operational Efficiency", + "category": "Security Best Practices", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json index 0bcdc2c4c..f9b4cfc0d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", "reference_id": "accurics.azure.IAM.137", - "category": "Identity and Access Management", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json index 359f70b6e..f2538ae02 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", "reference_id": "accurics.azure.MON.157", - "category": "Monitoring", + "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json index 549e2bf7c..e6e5be407 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Restrict Azure SQL Server accessibility to a minimal address range", "reference_id": "accurics.azure.NS.169", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json index 3326bd00f..91e3c9f51 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json @@ -9,6 +9,6 @@ "severity": "HIGH", "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", "reference_id": "accurics.azure.NS.21", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json index b64c3c080..538589d12 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json @@ -9,6 +9,6 @@ "severity": "HIGH", "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", "reference_id": "accurics.azure.NS.5", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json index e42c803cd..fb0847a9c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", "reference_id": "accurics.azure.IAM.138", - "category": "Identity and Access Management", + "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json index 67e7cef09..0e6e8330c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", "reference_id": "accurics.azure.LOG.356", - "category": "Logging", + "category": "Compliance Validation", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json index 1bccf29aa..8ddb5f211 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json @@ -5,6 +5,6 @@ "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", "reference_id": "accurics.azure.MON.354", - "category": "Monitoring", + "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json index f5bca5b10..fba1a484e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", "reference_id": "accurics.azure.EKM.7", - "category": "Encryption and Key Management", + "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json index aba7ae27b..79e593dc4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", "reference_id": "accurics.azure.NS.2", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json index 4eb41fe78..28ab0e8e4 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json @@ -7,6 +7,6 @@ "severity": "HIGH", "description": "Ensure default network access rule for Storage Accounts is not open to public", "reference_id": "accurics.azure.NS.4", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json index 907585538..4a6e8ae1e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json @@ -7,6 +7,6 @@ "severity": "MEDIUM", "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", "reference_id": "accurics.azure.NS.161", - "category": "Network Security", + "category": "Infrastructure Security", "version": 2 } \ No newline at end of file From 20f75273f40eaa2690df715dc89a6f8702c7b0fe Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Thu, 4 Mar 2021 11:41:33 +0530 Subject: [PATCH 2/4] rule reference ids updated for azure policies --- .../{accurics.azure.NS.147.json => AC-AZ-IS-AG-M-0008.json} | 2 +- ...{accurics.azure.EKM.164.json => AC-AZ-IA-CR-M-0010.json} | 2 +- .../{accurics.azure.AKS.3.json => AC-AZ-RE-CR-H-0011.json} | 2 +- ...{accurics.azure.CAM.162.json => AC-AZ-CV-CA-M-0013.json} | 2 +- .../{accurics.azure.NS.32.json => AC-AZ-IS-CA-H-0012.json} | 2 +- ...{accurics.azure.EKM.164.json => AC-AZ-DP-KV-M-0026.json} | 2 +- .../{accurics.azure.EKM.20.json => AC-AZ-LM-KV-H-0027.json} | 2 +- .../{accurics.azure.EKM.25.json => AC-AZ-DP-KK-H-0032.json} | 2 +- .../{accurics.azure.EKM.26.json => AC-AZ-DP-VS-H-0033.json} | 2 +- .../{accurics.azure.NS.383.json => AC-AZ-IS-KC-M-0037.json} | 2 +- .../{accurics.azure.NS.382.json => AC-AZ-IS-KC-M-0038.json} | 2 +- ...{accurics.azure.EKM.156.json => AC-AZ-DP-MD-M-0050.json} | 2 +- ...{accurics.azure.MON.355.json => AC-AZ-LM-MS-M-0055.json} | 2 +- ...{accurics.azure.LOG.357.json => AC-AZ-LM-MS-M-0056.json} | 2 +- .../{accurics.azure.NS.361.json => AC-AZ-IS-MY-H-0061.json} | 2 +- .../{accurics.azure.NS.11.json => AC-AZ-LM-NW-H-0194.json} | 2 +- .../{accurics.azure.NS.342.json => AC-AZ-RE-NW-M-0193.json} | 4 ++-- ...{accurics.azure.LOG.151.json => AC-AZ-LM-PC-M-0198.json} | 2 +- ...{accurics.azure.LOG.152.json => AC-AZ-LM-PC-M-0199.json} | 2 +- ...{accurics.azure.LOG.153.json => AC-AZ-LM-PC-M-0200.json} | 2 +- ...{accurics.azure.LOG.154.json => AC-AZ-LM-PC-M-0201.json} | 2 +- ...{accurics.azure.LOG.364.json => AC-AZ-LM-PC-M-0203.json} | 2 +- ...{accurics.azure.LOG.155.json => AC-AZ-RE-PC-M-0202.json} | 6 +++--- .../{accurics.azure.EKM.1.json => AC-AZ-IS-PS-H-0204.json} | 2 +- ...{accurics.azure.BDR.163.json => AC-AZ-RE-PS-H-0205.json} | 2 +- .../{accurics.azure.NS.30.json => AC-AZ-IS-RC-H-0218.json} | 2 +- .../{accurics.azure.NS.31.json => AC-AZ-IS-RC-H-0219.json} | 2 +- .../{accurics.azure.EKM.23.json => AC-AZ-IS-RC-M-0216.json} | 2 +- .../{accurics.azure.NS.166.json => AC-AZ-IS-RC-M-0220.json} | 2 +- .../{accurics.azure.NS.13.json => AC-AZ-SP-RC-H-0217.json} | 2 +- .../{accurics.azure.NS.272.json => AC-AZ-IA-RG-L-0221.json} | 2 +- ...{accurics.azure.IAM.388.json => AC-AZ-IA-RA-H-0222.json} | 2 +- ...{accurics.azure.MON.353.json => AC-AZ-LM-SC-M-0224.json} | 2 +- ...{accurics.azure.OPS.349.json => AC-AZ-SP-SS-M-0225.json} | 2 +- ...{accurics.azure.IAM.137.json => AC-AZ-CV-SA-M-0226.json} | 2 +- ...{accurics.azure.MON.157.json => AC-AZ-LM-SD-M-0227.json} | 2 +- .../{accurics.azure.NS.5.json => AC-AZ-IS-SF-H-0229.json} | 2 +- .../{accurics.azure.NS.21.json => AC-AZ-IS-SF-H-0230.json} | 2 +- .../{accurics.azure.NS.169.json => AC-AZ-IS-SF-M-0231.json} | 2 +- ...{accurics.azure.IAM.138.json => AC-AZ-CV-SQ-M-0233.json} | 2 +- ...{accurics.azure.LOG.356.json => AC-AZ-CV-SQ-M-0235.json} | 2 +- .../{accurics.azure.IAM.10.json => AC-AZ-IA-SQ-H-0232.json} | 2 +- ...{accurics.azure.MON.354.json => AC-AZ-LM-SQ-M-0234.json} | 2 +- .../{accurics.azure.EKM.7.json => AC-AZ-DP-SA-H-0237.json} | 2 +- .../{accurics.azure.NS.4.json => AC-AZ-IS-SA-H-0240.json} | 2 +- .../{accurics.azure.NS.2.json => AC-AZ-IS-SA-M-0238.json} | 2 +- ...{accurics.azure.IAM.368.json => AC-AZ-IA-SN-H-0243.json} | 2 +- .../{accurics.azure.NS.161.json => AC-AZ-IS-VN-M-0251.json} | 2 +- 48 files changed, 51 insertions(+), 51 deletions(-) rename pkg/policies/opa/rego/azure/azurerm_application_gateway/{accurics.azure.NS.147.json => AC-AZ-IS-AG-M-0008.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_container_registry/{accurics.azure.EKM.164.json => AC-AZ-IA-CR-M-0010.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_container_registry/{accurics.azure.AKS.3.json => AC-AZ-RE-CR-H-0011.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/{accurics.azure.CAM.162.json => AC-AZ-CV-CA-M-0013.json} (85%) rename pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/{accurics.azure.NS.32.json => AC-AZ-IS-CA-H-0012.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_key_vault/{accurics.azure.EKM.164.json => AC-AZ-DP-KV-M-0026.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_key_vault/{accurics.azure.EKM.20.json => AC-AZ-LM-KV-H-0027.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_key_vault_key/{accurics.azure.EKM.25.json => AC-AZ-DP-KK-H-0032.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_key_vault_secret/{accurics.azure.EKM.26.json => AC-AZ-DP-VS-H-0033.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/{accurics.azure.NS.383.json => AC-AZ-IS-KC-M-0037.json} (84%) rename pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/{accurics.azure.NS.382.json => AC-AZ-IS-KC-M-0038.json} (85%) rename pkg/policies/opa/rego/azure/azurerm_managed_disk/{accurics.azure.EKM.156.json => AC-AZ-DP-MD-M-0050.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_mssql_server/{accurics.azure.MON.355.json => AC-AZ-LM-MS-M-0055.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_mssql_server/{accurics.azure.LOG.357.json => AC-AZ-LM-MS-M-0056.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_mysql_server/{accurics.azure.NS.361.json => AC-AZ-IS-MY-H-0061.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/{accurics.azure.NS.11.json => AC-AZ-LM-NW-H-0194.json} (90%) rename pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/{accurics.azure.NS.342.json => AC-AZ-RE-NW-M-0193.json} (84%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.151.json => AC-AZ-LM-PC-M-0198.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.152.json => AC-AZ-LM-PC-M-0199.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.153.json => AC-AZ-LM-PC-M-0200.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.154.json => AC-AZ-LM-PC-M-0201.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.364.json => AC-AZ-LM-PC-M-0203.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/{accurics.azure.LOG.155.json => AC-AZ-RE-PC-M-0202.json} (67%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_server/{accurics.azure.EKM.1.json => AC-AZ-IS-PS-H-0204.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_postgresql_server/{accurics.azure.BDR.163.json => AC-AZ-RE-PS-H-0205.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_redis_cache/{accurics.azure.NS.30.json => AC-AZ-IS-RC-H-0218.json} (90%) rename pkg/policies/opa/rego/azure/azurerm_redis_cache/{accurics.azure.NS.31.json => AC-AZ-IS-RC-H-0219.json} (90%) rename pkg/policies/opa/rego/azure/azurerm_redis_cache/{accurics.azure.EKM.23.json => AC-AZ-IS-RC-M-0216.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_redis_cache/{accurics.azure.NS.166.json => AC-AZ-IS-RC-M-0220.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_redis_cache/{accurics.azure.NS.13.json => AC-AZ-SP-RC-H-0217.json} (90%) rename pkg/policies/opa/rego/azure/azurerm_resource_group/{accurics.azure.NS.272.json => AC-AZ-IA-RG-L-0221.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_role_assignment/{accurics.azure.IAM.388.json => AC-AZ-IA-RA-H-0222.json} (85%) rename pkg/policies/opa/rego/azure/azurerm_security_center_contact/{accurics.azure.MON.353.json => AC-AZ-LM-SC-M-0224.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/{accurics.azure.OPS.349.json => AC-AZ-SP-SS-M-0225.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/{accurics.azure.IAM.137.json => AC-AZ-CV-SA-M-0226.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_sql_database/{accurics.azure.MON.157.json => AC-AZ-LM-SD-M-0227.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/{accurics.azure.NS.5.json => AC-AZ-IS-SF-H-0229.json} (91%) rename pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/{accurics.azure.NS.21.json => AC-AZ-IS-SF-H-0230.json} (89%) rename pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/{accurics.azure.NS.169.json => AC-AZ-IS-SF-M-0231.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_sql_server/{accurics.azure.IAM.138.json => AC-AZ-CV-SQ-M-0233.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_sql_server/{accurics.azure.LOG.356.json => AC-AZ-CV-SQ-M-0235.json} (86%) rename pkg/policies/opa/rego/azure/azurerm_sql_server/{accurics.azure.IAM.10.json => AC-AZ-IA-SQ-H-0232.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_sql_server/{accurics.azure.MON.354.json => AC-AZ-LM-SQ-M-0234.json} (85%) rename pkg/policies/opa/rego/azure/azurerm_storage_account/{accurics.azure.EKM.7.json => AC-AZ-DP-SA-H-0237.json} (87%) rename pkg/policies/opa/rego/azure/azurerm_storage_account/{accurics.azure.NS.4.json => AC-AZ-IS-SA-H-0240.json} (88%) rename pkg/policies/opa/rego/azure/azurerm_storage_account/{accurics.azure.NS.2.json => AC-AZ-IS-SA-M-0238.json} (89%) rename pkg/policies/opa/rego/azure/azurerm_storage_container/{accurics.azure.IAM.368.json => AC-AZ-IA-SN-H-0243.json} (90%) rename pkg/policies/opa/rego/azure/azurerm_virtual_network/{accurics.azure.NS.161.json => AC-AZ-IS-VN-M-0251.json} (88%) diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json rename to pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json index 186001404..66795e79d 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/AC-AZ-IS-AG-M-0008.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", - "reference_id": "accurics.azure.NS.147", + "reference_id": "AC-AZ-IS-AG-M-0008", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json rename to pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json index 5c6529978..5cfcb0b98 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-IA-CR-M-0010.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that admin user is disabled for Container Registry", - "reference_id": "accurics.azure.EKM.164", + "reference_id": "AC-AZ-IA-CR-M-0010", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json rename to pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json index ccf5ecb2e..4eddbf98e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/AC-AZ-RE-CR-H-0011.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure Container Registry has locks", - "reference_id": "accurics.azure.AKS.3", + "reference_id": "AC-AZ-RE-CR-H-0011", "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json similarity index 85% rename from pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json rename to pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json index 8a0fbbaa4..90b221708 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-CV-CA-M-0013.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that Cosmos DB Account has an associated tag", - "reference_id": "accurics.azure.CAM.162", + "reference_id": "AC-AZ-CV-CA-M-0013", "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json rename to pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json index a43405950..7eab2f538 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.NS.32.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/AC-AZ-IS-CA-H-0012.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure to filter source Ips for Cosmos DB Account", - "reference_id": "accurics.azure.NS.32", + "reference_id": "AC-AZ-IS-CA-H-0012", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json index ef5a554f7..004e1011b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-DP-KV-M-0026.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", - "reference_id": "accurics.azure.EKM.164", + "reference_id": "AC-AZ-DP-KV-M-0026", "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json index ab5644012..db4c76d68 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/AC-AZ-LM-KV-H-0027.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that logging for Azure KeyVault is 'Enabled'", - "reference_id": "accurics.azure.EKM.20", + "reference_id": "AC-AZ-LM-KV-H-0027", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json index 3fdb26c05..5dddb2154 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/AC-AZ-DP-KK-H-0032.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all keys", - "reference_id": "accurics.azure.EKM.25", + "reference_id": "AC-AZ-DP-KK-H-0032", "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json rename to pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json index 2388ebb70..c1757be9c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/AC-AZ-DP-VS-H-0033.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all secrets", - "reference_id": "accurics.azure.EKM.26", + "reference_id": "AC-AZ-DP-VS-H-0033", "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json similarity index 84% rename from pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json rename to pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json index cbf3b3db5..62b9dff58 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0037.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure Kube Dashboard is disabled", - "reference_id": "accurics.azure.NS.383", + "reference_id": "AC-AZ-IS-KC-M-0037", "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json similarity index 85% rename from pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json rename to pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json index 67ffc0e9e..d1bf15464 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/AC-AZ-IS-KC-M-0038.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure AKS cluster has Network Policy configured.", - "reference_id": "accurics.azure.NS.382", + "reference_id": "AC-AZ-IS-KC-M-0038", "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json rename to pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json index 365f7e096..67ab2798e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/AC-AZ-DP-MD-M-0050.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'OS disk' are encrypted", - "reference_id": "accurics.azure.EKM.156", + "reference_id": "AC-AZ-DP-MD-M-0050", "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json rename to pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json index 336821d1e..ebed66b3c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.MON.355.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0055.json @@ -7,7 +7,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers", - "reference_id": "accurics.azure.MON.355", + "reference_id": "AC-AZ-LM-MS-M-0055", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json rename to pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json index 3de180f5f..48f2162eb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mssql_server/accurics.azure.LOG.357.json +++ b/pkg/policies/opa/rego/azure/azurerm_mssql_server/AC-AZ-LM-MS-M-0056.json @@ -7,7 +7,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.", - "reference_id": "accurics.azure.LOG.357", + "reference_id": "AC-AZ-LM-MS-M-0056", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json b/pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json rename to pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json index eec1f56d7..9b560c380 100755 --- a/pkg/policies/opa/rego/azure/azurerm_mysql_server/accurics.azure.NS.361.json +++ b/pkg/policies/opa/rego/azure/azurerm_mysql_server/AC-AZ-IS-MY-H-0061.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.", - "reference_id": "accurics.azure.NS.361", + "reference_id": "AC-AZ-IS-MY-H-0061", "category": "Infrastructure Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json rename to pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json index 37defbdbf..7d7595b12 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-LM-NW-H-0194.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "reference_id": "accurics.azure.NS.11", + "reference_id": "AC-AZ-LM-NW-H-0194", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json similarity index 84% rename from pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json rename to pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json index 1e9aa613b..2a64f33eb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/AC-AZ-RE-NW-M-0193.json @@ -1,12 +1,12 @@ { - "name": "reme_logRetensionGraterThan90Days", + "name": "reme_networkWatcherLogRetension", "file": "networkWatcherCheck.rego", "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "reference_id": "accurics.azure.NS.342", + "reference_id": "AC-AZ-RE-NW-M-0193", "category": "Resilience", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json index 2768342d2..6b921baa9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.151.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0198.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.151", + "reference_id": "AC-AZ-LM-PC-M-0198", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json index d92cdce90..30a79374c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.152.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0199.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.152", + "reference_id": "AC-AZ-LM-PC-M-0199", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json index a557bbaa5..7e8bfc114 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.153.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0200.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.153", + "reference_id": "AC-AZ-LM-PC-M-0200", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json index 4fbc66b29..78c462b57 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.154.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0201.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.154", + "reference_id": "AC-AZ-LM-PC-M-0201", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json index 416eae363..c95cd8f22 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.364.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-LM-PC-M-0203.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.364", + "reference_id": "AC-AZ-LM-PC-M-0203", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json similarity index 67% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json index 5d528a0c0..d50d50e8e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/accurics.azure.LOG.155.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_configuration/AC-AZ-RE-PC-M-0202.json @@ -1,12 +1,12 @@ { - "name": "reme_logRetention", + "name": "reme_logRetentionPsql", "file": "logRetention.rego", "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server", - "reference_id": "accurics.azure.LOG.155", - "category": "Logging and Monitoring", + "reference_id": "AC-AZ-RE-PC-M-0202", + "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json index a88513d48..2036bb05b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-IS-PS-H-0204.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "reference_id": "accurics.azure.EKM.1", + "reference_id": "AC-AZ-IS-PS-H-0204", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json rename to pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json index 0d2cc9b5e..324644c36 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/AC-AZ-RE-PS-H-0205.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", - "reference_id": "accurics.azure.BDR.163", + "reference_id": "AC-AZ-RE-PS-H-0205", "category": "Resilience", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json index 90de11137..93ec13ee3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0218.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", - "reference_id": "accurics.azure.NS.30", + "reference_id": "AC-AZ-IS-RC-H-0218", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json index 4237f22f5..f766e88dd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-H-0219.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", - "reference_id": "accurics.azure.NS.31", + "reference_id": "AC-AZ-IS-RC-H-0219", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json index 0cd495c0b..e676e3fb2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0216.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that the Redis Cache accepts only SSL connections", - "reference_id": "accurics.azure.EKM.23", + "reference_id": "AC-AZ-IS-RC-M-0216", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json index 7fafb19e2..3c6ea9973 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-IS-RC-M-0220.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", - "reference_id": "accurics.azure.NS.166", + "reference_id": "AC-AZ-IS-RC-M-0220", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json rename to pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json index 35bceb672..40273bd66 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/AC-AZ-SP-RC-H-0217.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", - "reference_id": "accurics.azure.NS.13", + "reference_id": "AC-AZ-SP-RC-H-0217", "category": "Security Best Practices", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json rename to pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json index 1609a2762..f377d3d22 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/AC-AZ-IA-RG-L-0221.json @@ -6,7 +6,7 @@ }, "severity": "LOW", "description": "Ensure that Azure Resource Group has resource lock enabled", - "reference_id": "accurics.azure.NS.272", + "reference_id": "AC-AZ-IA-RG-L-0221", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json b/pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json similarity index 85% rename from pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json rename to pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json index ca322d0b8..f628d7e68 100755 --- a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json +++ b/pkg/policies/opa/rego/azure/azurerm_role_assignment/AC-AZ-IA-RA-H-0222.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that there are no guest users", - "reference_id": "accurics.azure.IAM.388", + "reference_id": "AC-AZ-IA-RA-H-0222", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json rename to pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json index ece536cd7..fd908a0c8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_contact/accurics.azure.MON.353.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_contact/AC-AZ-LM-SC-M-0224.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Send email notification for high severity alerts' is set to 'On'", - "reference_id": "accurics.azure.MON.353", + "reference_id": "AC-AZ-LM-SC-M-0224", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json rename to pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json index 429211aa1..dfce74772 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/AC-AZ-SP-SS-M-0225.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that standard pricing tiers are selected", - "reference_id": "accurics.azure.OPS.349", + "reference_id": "AC-AZ-SP-SS-M-0225", "category": "Security Best Practices", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json rename to pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json index f9b4cfc0d..bb1f4f928 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/AC-AZ-CV-SA-M-0226.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", - "reference_id": "accurics.azure.IAM.137", + "reference_id": "AC-AZ-CV-SA-M-0226", "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json rename to pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json index f2538ae02..930a33552 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/AC-AZ-LM-SD-M-0227.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", - "reference_id": "accurics.azure.MON.157", + "reference_id": "AC-AZ-LM-SD-M-0227", "category": "Logging and Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json similarity index 91% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json index 538589d12..cb5d089f2 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0229.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", - "reference_id": "accurics.azure.NS.5", + "reference_id": "AC-AZ-IS-SF-H-0229", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json similarity index 89% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json index 91e3c9f51..4c020c8c0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-H-0230.json @@ -8,7 +8,7 @@ }, "severity": "HIGH", "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", - "reference_id": "accurics.azure.NS.21", + "reference_id": "AC-AZ-IS-SF-H-0230", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json rename to pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json index e6e5be407..e42add61a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/AC-AZ-IS-SF-M-0231.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Restrict Azure SQL Server accessibility to a minimal address range", - "reference_id": "accurics.azure.NS.169", + "reference_id": "AC-AZ-IS-SF-M-0231", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json index fb0847a9c..85dd3162c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0233.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", - "reference_id": "accurics.azure.IAM.138", + "reference_id": "AC-AZ-CV-SQ-M-0233", "category": "Compliance Validation", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json similarity index 86% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json index 0e6e8330c..e1439500c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-CV-SQ-M-0235.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", - "reference_id": "accurics.azure.LOG.356", + "reference_id": "AC-AZ-CV-SQ-M-0235", "category": "Compliance Validation", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json index 566e76c22..e5e8af1d3 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-IA-SQ-H-0232.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", - "reference_id": "accurics.azure.IAM.10", + "reference_id": "AC-AZ-IA-SQ-H-0232", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json similarity index 85% rename from pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json rename to pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json index 8ddb5f211..0380c4cd0 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/AC-AZ-LM-SQ-M-0234.json @@ -4,7 +4,7 @@ "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", - "reference_id": "accurics.azure.MON.354", + "reference_id": "AC-AZ-LM-SQ-M-0234", "category": "Logging and Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json similarity index 87% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json index fba1a484e..4bee6be9b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-DP-SA-H-0237.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", - "reference_id": "accurics.azure.EKM.7", + "reference_id": "AC-AZ-DP-SA-H-0237", "category": "Data Protection", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json index 28ab0e8e4..6b3ddaac9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0240.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure default network access rule for Storage Accounts is not open to public", - "reference_id": "accurics.azure.NS.4", + "reference_id": "AC-AZ-IS-SA-H-0240", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json similarity index 89% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json index 79e593dc4..89eaab0b9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "reference_id": "accurics.azure.NS.2", + "reference_id": "AC-AZ-IS-SA-M-0238", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json b/pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json similarity index 90% rename from pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json rename to pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json index 06f145e7f..f77e6601e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_container/AC-AZ-IA-SN-H-0243.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", - "reference_id": "accurics.azure.IAM.368", + "reference_id": "AC-AZ-IA-SN-H-0243", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json similarity index 88% rename from pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json rename to pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json index 4a6e8ae1e..3279699af 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/AC-AZ-IS-VN-M-0251.json @@ -6,7 +6,7 @@ }, "severity": "MEDIUM", "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", - "reference_id": "accurics.azure.NS.161", + "reference_id": "AC-AZ-IS-VN-M-0251", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file From 831986bb7ab77f01b7e4d6f6643b06bec8692c1f Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Thu, 4 Mar 2021 12:01:01 +0530 Subject: [PATCH 3/4] rule reference ids updated: azure network security rules --- .../AC-AZ-IS-NS-H-0069.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0072.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0075.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0078.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0081.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0084.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0087.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0090.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0096.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0099.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0102.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0111.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0114.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0117.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0120.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0123.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0129.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0135.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0141.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0147.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0150.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0156.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0159.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0162.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0165.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0168.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0171.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0174.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0177.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0180.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0183.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0186.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-H-0189.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0071.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0074.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0077.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0080.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0083.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0086.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0089.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0092.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0098.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0101.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0104.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0113.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0116.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0119.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0122.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0125.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0131.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0137.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0143.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0149.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0152.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0158.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0161.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0164.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0167.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0170.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0173.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0176.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0179.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0182.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0185.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0188.json | 18 ++++++++++++++++++ .../AC-AZ-IS-NS-L-0191.json | 18 ++++++++++++++++++ .../accurics.azure.NPS.101.json | 18 ------------------ .../accurics.azure.NPS.103.json | 18 ------------------ .../accurics.azure.NPS.105.json | 18 ------------------ .../accurics.azure.NPS.107.json | 18 ------------------ .../accurics.azure.NPS.109.json | 18 ------------------ .../accurics.azure.NPS.111.json | 18 ------------------ .../accurics.azure.NPS.113.json | 18 ------------------ .../accurics.azure.NPS.115.json | 18 ------------------ .../accurics.azure.NPS.117.json | 18 ------------------ .../accurics.azure.NPS.119.json | 18 ------------------ .../accurics.azure.NPS.174.json | 18 ------------------ .../accurics.azure.NPS.176.json | 18 ------------------ .../accurics.azure.NPS.178.json | 18 ------------------ .../accurics.azure.NPS.180.json | 18 ------------------ .../accurics.azure.NPS.182.json | 18 ------------------ .../accurics.azure.NPS.184.json | 18 ------------------ .../accurics.azure.NPS.186.json | 18 ------------------ .../accurics.azure.NPS.188.json | 18 ------------------ .../accurics.azure.NPS.190.json | 18 ------------------ .../accurics.azure.NPS.192.json | 18 ------------------ .../accurics.azure.NPS.194.json | 18 ------------------ .../accurics.azure.NPS.196.json | 18 ------------------ .../accurics.azure.NPS.198.json | 18 ------------------ .../accurics.azure.NPS.200.json | 18 ------------------ .../accurics.azure.NPS.202.json | 18 ------------------ .../accurics.azure.NPS.204.json | 18 ------------------ .../accurics.azure.NPS.206.json | 18 ------------------ .../accurics.azure.NPS.208.json | 18 ------------------ .../accurics.azure.NPS.210.json | 18 ------------------ .../accurics.azure.NPS.212.json | 18 ------------------ .../accurics.azure.NPS.214.json | 18 ------------------ .../accurics.azure.NPS.216.json | 18 ------------------ .../accurics.azure.NPS.218.json | 18 ------------------ .../accurics.azure.NPS.220.json | 18 ------------------ .../accurics.azure.NPS.222.json | 18 ------------------ .../accurics.azure.NPS.224.json | 18 ------------------ .../accurics.azure.NPS.226.json | 18 ------------------ .../accurics.azure.NPS.228.json | 18 ------------------ .../accurics.azure.NPS.230.json | 18 ------------------ .../accurics.azure.NPS.232.json | 18 ------------------ .../accurics.azure.NPS.234.json | 18 ------------------ .../accurics.azure.NPS.236.json | 18 ------------------ .../accurics.azure.NPS.238.json | 18 ------------------ .../accurics.azure.NPS.240.json | 18 ------------------ .../accurics.azure.NPS.242.json | 18 ------------------ .../accurics.azure.NPS.244.json | 18 ------------------ .../accurics.azure.NPS.246.json | 18 ------------------ .../accurics.azure.NPS.248.json | 18 ------------------ .../accurics.azure.NPS.250.json | 18 ------------------ .../accurics.azure.NPS.252.json | 18 ------------------ .../accurics.azure.NPS.254.json | 18 ------------------ .../accurics.azure.NPS.39.json | 18 ------------------ .../accurics.azure.NPS.41.json | 18 ------------------ .../accurics.azure.NPS.43.json | 18 ------------------ .../accurics.azure.NPS.45.json | 18 ------------------ .../accurics.azure.NPS.47.json | 18 ------------------ .../accurics.azure.NPS.49.json | 18 ------------------ .../accurics.azure.NPS.51.json | 18 ------------------ .../accurics.azure.NPS.53.json | 18 ------------------ .../accurics.azure.NPS.55.json | 18 ------------------ .../accurics.azure.NPS.57.json | 18 ------------------ .../accurics.azure.NPS.59.json | 18 ------------------ .../accurics.azure.NPS.61.json | 18 ------------------ .../accurics.azure.NPS.63.json | 18 ------------------ .../accurics.azure.NPS.65.json | 18 ------------------ .../accurics.azure.NPS.67.json | 18 ------------------ .../accurics.azure.NPS.69.json | 18 ------------------ .../accurics.azure.NPS.71.json | 18 ------------------ .../accurics.azure.NPS.73.json | 18 ------------------ .../accurics.azure.NPS.75.json | 18 ------------------ .../accurics.azure.NPS.77.json | 18 ------------------ .../accurics.azure.NPS.79.json | 18 ------------------ .../accurics.azure.NPS.81.json | 18 ------------------ .../accurics.azure.NPS.83.json | 18 ------------------ .../accurics.azure.NPS.85.json | 18 ------------------ .../accurics.azure.NPS.87.json | 18 ------------------ .../accurics.azure.NPS.89.json | 18 ------------------ .../accurics.azure.NPS.91.json | 18 ------------------ .../accurics.azure.NPS.93.json | 18 ------------------ .../accurics.azure.NPS.95.json | 18 ------------------ .../accurics.azure.NPS.97.json | 18 ------------------ .../accurics.azure.NPS.99.json | 18 ------------------ 148 files changed, 1188 insertions(+), 1476 deletions(-) create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json create mode 100644 pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json delete mode 100755 pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json new file mode 100644 index 000000000..c9c60cb5b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3020ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0069", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json new file mode 100644 index 000000000..c4366d2cf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort7001ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Cassandra (TCP:7001) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0072", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json new file mode 100644 index 000000000..a4e80481f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort61621ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0075", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json new file mode 100644 index 000000000..520df038a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort53ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "DNS (UDP:53) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0078", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json new file mode 100644 index 000000000..fd2e0ecc0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort9000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0081", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json new file mode 100644 index 000000000..2c257c6e8 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": " Known internal web port (TCP:8000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0084", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json new file mode 100644 index 000000000..9ff5dff4c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8080ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": " Known internal web port (TCP:8080) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0087", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json new file mode 100644 index 000000000..037a1c42c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort636ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "LDAP SSL (TCP:636) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0090", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json new file mode 100644 index 000000000..cded28779 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1434ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0096", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json new file mode 100644 index 000000000..5545bfa3e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort135ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0099", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json new file mode 100644 index 000000000..3b9ba0a42 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort1433ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0102", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json new file mode 100644 index 000000000..40540aaea --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11214ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0111", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json new file mode 100644 index 000000000..fee095042 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0114.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort11215ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0114", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json new file mode 100644 index 000000000..ba2815a9b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0117.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort445ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0117", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json new file mode 100644 index 000000000..6dcdd70ab --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0120.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort27018ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0120", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json new file mode 100644 index 000000000..d00fea729 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0123.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3306ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "MySQL (TCP:3306) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0123", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json new file mode 100644 index 000000000..6fd409304 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0129.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort137ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0129", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json new file mode 100644 index 000000000..536dfb5a2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0135.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort138ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0135", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json new file mode 100644 index 000000000..2c22f18cd --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0141.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort139ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0141", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json new file mode 100644 index 000000000..ab85ebad2 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0147.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2484ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0147", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json new file mode 100644 index 000000000..c3f671d6a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0150.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort110ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "POP3 (TCP:110) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0150", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json new file mode 100644 index 000000000..5bd4d79b9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0156.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5432ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0156", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json new file mode 100644 index 000000000..6bab13730 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0159.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort3000ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0159", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json new file mode 100644 index 000000000..af60b7cb6 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0162.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort8140ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Puppet Master (TCP:8140) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0162", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json new file mode 100644 index 000000000..3b1d2ebef --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0165.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort25ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SMTP (TCP:25) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0165", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json new file mode 100644 index 000000000..e912b245b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0168.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPublicEntireUdp", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort161ExposedPublicEntireUdp", + "numberOfHosts": 1, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "High", + "description": "SNMP (UDP:161) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0168", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json new file mode 100644 index 000000000..d2f1be375 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0171.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2382ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0171", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json new file mode 100644 index 000000000..f823a7856 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0174.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort2383ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0174", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json new file mode 100644 index 000000000..0db5c12db --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0177.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4505ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0177", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json new file mode 100644 index 000000000..3afc7de90 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0180.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort4506ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0180", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json new file mode 100644 index 000000000..e199b4ced --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0183.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort23ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "Telnet (TCP:23) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0183", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json new file mode 100644 index 000000000..ec0dd4394 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0186.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5500ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "VNC Listener (TCP:5500) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0186", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json new file mode 100644 index 000000000..4c6aa48d5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0189.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPublicEntire", + "file": "networkPortExposedPublic.rego", + "template_args": { + "endLimit": 0, + "evalHosts": true, + "name": "networkPort5900ExposedPublicEntire", + "numberOfHosts": 1, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "High", + "description": "VNC Server (TCP:5900) is exposed to entire Public network", + "reference_id": "AC-AZ-IS-NS-H-0189", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json new file mode 100644 index 000000000..e8f53d4b9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0071.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3020ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3020ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3020, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0071", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json new file mode 100644 index 000000000..585f46cb9 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0074.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort7001ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort7001ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 7001, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Cassandra (TCP:7001) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0074", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json new file mode 100644 index 000000000..b5cf700a0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0077.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort61621ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort61621ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 61621, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0077", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json new file mode 100644 index 000000000..529026fb4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0080.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort53ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort53ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 53, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "DNS (UDP:53) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0080", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json new file mode 100644 index 000000000..68506c522 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0083.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort9000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort9000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 9000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0083", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json new file mode 100644 index 000000000..d8c9bf7e7 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0086.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": " Known internal web port (TCP:8000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0086", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json new file mode 100644 index 000000000..9d2cbda7b --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0089.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8080ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8080ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8080, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": " Known internal web port (TCP:8080) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0089", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json new file mode 100644 index 000000000..2a666376e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0092.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort636ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort636ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 636, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "LDAP SSL (TCP:636) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0092", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json new file mode 100644 index 000000000..b87a58575 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0098.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1434ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1434ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 1434, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0098", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json new file mode 100644 index 000000000..c2a6b7192 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0101.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort135ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort135ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 135, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0101", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json new file mode 100644 index 000000000..91315e92a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0104.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort1433ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort1433ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 1433, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0104", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json new file mode 100644 index 000000000..5997e42e4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0113.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11214ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11214ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11214, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0113", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json new file mode 100644 index 000000000..7dd595a41 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0116.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort11215ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort11215ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 11215, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0116", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json new file mode 100644 index 000000000..6dff8b4f0 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0119.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort445ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort445ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 445, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0119", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json new file mode 100644 index 000000000..3d607fe9e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0122.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort27018ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort27018ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 27018, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0122", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json new file mode 100644 index 000000000..c2d7ffbcf --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0125.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3306ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3306ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3306, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "MySQL (TCP:3306) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0125", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json new file mode 100644 index 000000000..c6ec8b218 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0131.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort137ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort137ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 137, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0131", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json new file mode 100644 index 000000000..320561858 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0137.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort138ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort138ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 138, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0137", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json new file mode 100644 index 000000000..53de294ec --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0143.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort139ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort139ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 139, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0143", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json new file mode 100644 index 000000000..c5a1b211a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0149.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2484ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2484ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 2484, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0149", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json new file mode 100644 index 000000000..12556a11a --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0152.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort110ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort110ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 110, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "POP3 (TCP:110) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0152", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json new file mode 100644 index 000000000..b1fe997f3 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0158.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5432ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5432ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 5432, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0158", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json new file mode 100644 index 000000000..cf47348a5 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0161.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort3000ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort3000ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 3000, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0161", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json new file mode 100644 index 000000000..ba761f28c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0164.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort8140ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort8140ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 8140, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Puppet Master (TCP:8140) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0164", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json new file mode 100644 index 000000000..fea1d1ee4 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0167.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort25ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort25ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 25, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SMTP (TCP:25) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0167", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json new file mode 100644 index 000000000..e8977bf07 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0170.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort161ExposedPrivateWideUdp", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort161ExposedPrivateWideUdp", + "numberOfHosts": 24, + "portNumber": 161, + "prefix": "reme_", + "protocol": "UDP" + }, + "severity": "Low", + "description": "SNMP (UDP:161) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0170", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json new file mode 100644 index 000000000..7711b1e42 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0173.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2382ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2382ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2382, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0173", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json new file mode 100644 index 000000000..696b7f208 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0176.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort2383ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort2383ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 2383, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0176", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json new file mode 100644 index 000000000..4206ace8c --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0179.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4505ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4505ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4505, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0179", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json new file mode 100644 index 000000000..27f4cbc34 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0182.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort4506ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort4506ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 4506, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0182", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json new file mode 100644 index 000000000..452287c2f --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0185.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort23ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort23ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 23, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "Telnet (TCP:23) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0185", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json new file mode 100644 index 000000000..20b854a93 --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0188.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5500ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5500ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5500, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "VNC Listener (TCP:5500) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0188", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json new file mode 100644 index 000000000..3a1683a6e --- /dev/null +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-L-0191.json @@ -0,0 +1,18 @@ +{ + "name": "reme_networkPort5900ExposedPrivateWide", + "file": "networkPortExposedPrivate.rego", + "template_args": { + "endLimit": 1, + "evalHosts": false, + "name": "networkPort5900ExposedPrivateWide", + "numberOfHosts": 24, + "portNumber": 5900, + "prefix": "reme_", + "protocol": "TCP" + }, + "severity": "Low", + "description": "VNC Server (TCP:5900) is exposed to wide Private network", + "reference_id": "AC-AZ-IS-NS-L-0191", + "category": "Infrastructure Security", + "version": 2 +} diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json deleted file mode 100755 index ca382edde..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.101.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8140ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Puppet Master (TCP:8140) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.101", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json deleted file mode 100755 index aa117b29b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.103.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort25ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SMTP (TCP:25) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.103", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json deleted file mode 100755 index 6842e82f7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.105.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort161ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "SNMP (UDP:161) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.105", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json deleted file mode 100755 index 793d66293..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.107.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2382ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2382) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.107", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json deleted file mode 100755 index 35f2a563d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.109.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2383ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SQL Server Analysis (TCP:2383) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.109", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json deleted file mode 100755 index 4796adee1..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.111.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4505ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4505) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.111", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json deleted file mode 100755 index 79674023d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.113.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort4506ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "SaltStack Master (TCP:4506) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.113", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json deleted file mode 100755 index dc11164a9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.115.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort23ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Telnet (TCP:23) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.115", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json deleted file mode 100755 index 5a2a0baeb..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.117.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5500ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Listener (TCP:5500) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.117", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json deleted file mode 100755 index 4ddc6e01b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.119.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5900ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "VNC Server (TCP:5900) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.119", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json deleted file mode 100755 index 53550e5cf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.174.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3020ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "CIFS / SMB (TCP:3020) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.174", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json deleted file mode 100755 index 385bfc50a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.176.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort7001ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra (TCP:7001) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.176", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json deleted file mode 100755 index 782aa6090..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.178.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort61621ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.178", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json deleted file mode 100755 index e42f19f4f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.180.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort53ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "DNS (UDP:53) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.180", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json deleted file mode 100755 index 40bd25130..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.182.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort9000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Hadoop Name Node (TCP:9000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.182", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json deleted file mode 100755 index 0d5cb3bdb..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.184.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.184", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json deleted file mode 100755 index a057b9814..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.186.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8080ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": " Known internal web port (TCP:8080) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.186", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json deleted file mode 100755 index eb6fa04c0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.188.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort636ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "LDAP SSL (TCP:636) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.188", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json deleted file mode 100755 index b45d74a95..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.190.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Admin (TCP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.190", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json deleted file mode 100755 index 6e05e582b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.192.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1434ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "MSSQL Browser (UDP:1434) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.192", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json deleted file mode 100755 index 848500fdf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.194.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort135ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Debugger (TCP:135) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.194", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json deleted file mode 100755 index 3b014bc2b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.196.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort1433ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MSSQL Server (TCP:1433) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.196", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json deleted file mode 100755 index de3960341..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.198.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.198", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json deleted file mode 100755 index ed9d56a65..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.200.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (TCP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.200", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json deleted file mode 100755 index b1192691f..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.202.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11214ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11214) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.202", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json deleted file mode 100755 index 69b97ae34..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.204.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort11215ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Memcached SSL (UDP:11215) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.204", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json deleted file mode 100755 index c7f9de2d3..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.206.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort445ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Microsoft-DS (TCP:445) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.206", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json deleted file mode 100755 index e6ee87569..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.208.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort27018ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Mongo Web Portal (TCP:27018) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.208", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json deleted file mode 100755 index f6ae3a4ab..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.210.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3306ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "MySQL (TCP:3306) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.210", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json deleted file mode 100755 index 0ea55d32c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.212.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (TCP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.212", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json deleted file mode 100755 index ace8988a7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.214.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort137ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Name Service (UDP:137) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.214", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json deleted file mode 100755 index ae308d29d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.216.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.216", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json deleted file mode 100755 index d0f2e59f5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.218.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort138ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.218", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json deleted file mode 100755 index 2c0ac9cf5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.220.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (TCP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.220", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json deleted file mode 100755 index 9230e4913..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.222.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort139ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "NetBIOS Session Service (UDP:139) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.222", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json deleted file mode 100755 index a24e406a1..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.224.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (TCP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.224", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json deleted file mode 100755 index d8984b5a0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.226.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2484ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "Oracle DB SSL (UDP:2484) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.226", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json deleted file mode 100755 index 72307d557..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.228.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort110ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "POP3 (TCP:110) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.228", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json deleted file mode 100755 index 7221feedc..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.230.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (TCP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.230", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json deleted file mode 100755 index 5412aa5da..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.232.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5432ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "PostgreSQL (UDP:5432) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.232", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json deleted file mode 100755 index d8dd2c6fb..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.234.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort3000ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Prevalent known internal port (TCP:3000) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.234", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json deleted file mode 100755 index aafa616b1..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.236.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8140ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort8140ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 8140, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Puppet Master (TCP:8140) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.236", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json deleted file mode 100755 index 4b8e854bf..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.238.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort25ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort25ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 25, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SMTP (TCP:25) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.238", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json deleted file mode 100755 index 5f411b979..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.240.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort161ExposedPrivateWideUdp", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort161ExposedPrivateWideUdp", - "numberOfHosts": 24, - "portNumber": 161, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "MEDIUM", - "description": "SNMP (UDP:161) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.240", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json deleted file mode 100755 index bdf32c528..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.242.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2382ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2382ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2382, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2382) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.242", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json deleted file mode 100755 index 6b673da88..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.244.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2383ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort2383ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 2383, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SQL Server Analysis (TCP:2383) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.244", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json deleted file mode 100755 index 8b3e99bc3..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.246.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4505ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4505ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4505, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4505) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.246", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json deleted file mode 100755 index 1041a93a9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.248.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort4506ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort4506ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 4506, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "SaltStack Master (TCP:4506) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.248", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json deleted file mode 100755 index 4f37e4a51..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.250.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort23ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort23ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 23, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "Telnet (TCP:23) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.250", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json deleted file mode 100755 index d72f6d5b5..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.252.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5500ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5500ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5500, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Listener (TCP:5500) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.252", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json deleted file mode 100755 index eb7ca883c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.254.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5900ExposedPrivateWide", - "file": "networkPortExposedPrivate.rego", - "template_args": { - "endLimit": 1, - "evalHosts": false, - "name": "networkPort5900ExposedPrivateWide", - "numberOfHosts": 24, - "portNumber": 5900, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "MEDIUM", - "description": "VNC Server (TCP:5900) is exposed to wide Private network", - "reference_id": "accurics.azure.NPS.254", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json deleted file mode 100755 index ca22f0cb6..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.39.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3020ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3020ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3020, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "CIFS / SMB (TCP:3020) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.39", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json deleted file mode 100755 index 0ec87eb6a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.41.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort7001ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort7001ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 7001, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra (TCP:7001) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.41", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json deleted file mode 100755 index 0e65ebe5b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.43.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort61621ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort61621ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 61621, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Cassandra OpsCenter (TCP:61621) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.43", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json deleted file mode 100755 index ea88aa608..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.45.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort53ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort53ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 53, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "DNS (UDP:53) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.45", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json deleted file mode 100755 index 072d6049d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.47.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort9000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort9000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 9000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Hadoop Name Node (TCP:9000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.47", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json deleted file mode 100755 index c74846556..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.49.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.49", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json deleted file mode 100755 index 2fdd59149..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.51.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort8080ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort8080ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 8080, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": " Known internal web port (TCP:8080) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.51", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json deleted file mode 100755 index e1f72fc5e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.53.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort636ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort636ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 636, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "LDAP SSL (TCP:636) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.53", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json deleted file mode 100755 index 5ef88ba2c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.55.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Admin (TCP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.55", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json deleted file mode 100755 index 521d7dfdb..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.57.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1434ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1434ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 1434, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "MSSQL Browser (UDP:1434) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.57", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json deleted file mode 100755 index 19a43a2cd..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.59.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort135ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort135ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 135, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Debugger (TCP:135) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.59", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json deleted file mode 100755 index f45359b8e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.61.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort1433ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort1433ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 1433, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MSSQL Server (TCP:1433) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.61", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json deleted file mode 100755 index 66f9105e2..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.63.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.63", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json deleted file mode 100755 index 5f223989a..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.65.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Memcached SSL (TCP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.65", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json deleted file mode 100755 index 7b4670186..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.67.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11214ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11214ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11214, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11214) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.67", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json deleted file mode 100755 index 4e9faab0c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.69.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort11215ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort11215ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 11215, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Memcached SSL (UDP:11215) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.69", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json deleted file mode 100755 index a20dcb1d9..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.71.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort445ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort445ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 445, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Microsoft-DS (TCP:445) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.71", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json deleted file mode 100755 index 382c9ab5b..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.73.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort27018ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort27018ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 27018, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Mongo Web Portal (TCP:27018) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.73", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json deleted file mode 100755 index aa4cd9ed2..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.75.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3306ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3306ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3306, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "MySQL (TCP:3306) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.75", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json deleted file mode 100755 index 86e8f9619..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.77.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (TCP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.77", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json deleted file mode 100755 index 05a693650..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.79.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort137ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort137ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 137, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Name Service (UDP:137) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.79", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json deleted file mode 100755 index 013de4be0..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.81.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (TCP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.81", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json deleted file mode 100755 index 53dc0594d..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.83.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort138ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort138ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 138, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Datagram Service (UDP:138) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.83", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json deleted file mode 100755 index 8f3cc4c47..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.85.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (TCP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.85", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json deleted file mode 100755 index 17edad2a4..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.87.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort139ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort139ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 139, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "NetBIOS Session Service (UDP:139) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.87", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json deleted file mode 100755 index 263018338..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.89.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (TCP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.89", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json deleted file mode 100755 index 7441ba062..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.91.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort2484ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort2484ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 2484, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "Oracle DB SSL (UDP:2484) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.91", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json deleted file mode 100755 index 44f137e1e..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.93.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort110ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort110ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 110, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "POP3 (TCP:110) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.93", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json deleted file mode 100755 index 193799d73..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.95.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "PostgreSQL (TCP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.95", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json deleted file mode 100755 index 789824324..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.97.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort5432ExposedPublicEntireUdp", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort5432ExposedPublicEntireUdp", - "numberOfHosts": 1, - "portNumber": 5432, - "prefix": "reme_", - "protocol": "UDP" - }, - "severity": "HIGH", - "description": "PostgreSQL (UDP:5432) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.97", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json deleted file mode 100755 index 624b97308..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.99.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "reme_networkPort3000ExposedPublicEntire", - "file": "networkPortExposedPublic.rego", - "template_args": { - "endLimit": 0, - "evalHosts": true, - "name": "networkPort3000ExposedPublicEntire", - "numberOfHosts": 1, - "portNumber": 3000, - "prefix": "reme_", - "protocol": "TCP" - }, - "severity": "HIGH", - "description": "Prevalent known internal port (TCP:3000) is exposed to entire Public network", - "reference_id": "accurics.azure.NPS.99", - "category": "Infrastructure Security", - "version": 2 -} \ No newline at end of file From c973143737578610ec3ea6d1580eab225f061a38 Mon Sep 17 00:00:00 2001 From: Gaurav Gogia <16029099+gaurav-gogia@users.noreply.github.com> Date: Sat, 6 Mar 2021 00:42:25 +0530 Subject: [PATCH 4/4] post review rule reference id fix --- .../{AC-AZ-IS-SA-M-0238.json => AC-AZ-IS-SA-H-0239.json} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename pkg/policies/opa/rego/azure/azurerm_storage_account/{AC-AZ-IS-SA-M-0238.json => AC-AZ-IS-SA-H-0239.json} (89%) diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json similarity index 89% rename from pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json rename to pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json index 89eaab0b9..eb411a720 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-M-0238.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/AC-AZ-IS-SA-H-0239.json @@ -6,7 +6,7 @@ }, "severity": "HIGH", "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "reference_id": "AC-AZ-IS-SA-M-0238", + "reference_id": "AC-AZ-IS-SA-H-0239", "category": "Infrastructure Security", "version": 2 } \ No newline at end of file