From e03e24b2c1674a50f7bb496ad005eecc0f67c689 Mon Sep 17 00:00:00 2001
From: Shefali Bisht <shefali.bisht@zemosolabs.com>
Date: Mon, 27 Feb 2023 10:40:20 +0530
Subject: [PATCH] bug:delete
 Enable_Azure_Account_Create_or_Update_Network_Security_Group_Rule_Event_log_alert
 policy

---
 installer/resources/pacbot_app/files/DB_Policy.sql | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/installer/resources/pacbot_app/files/DB_Policy.sql b/installer/resources/pacbot_app/files/DB_Policy.sql
index 10615e27a7..c38ec531a3 100644
--- a/installer/resources/pacbot_app/files/DB_Policy.sql
+++ b/installer/resources/pacbot_app/files/DB_Policy.sql
@@ -289,7 +289,7 @@ INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('AzureSQLServerAuthenticationSettings_version-1_EnableAzureADAuthentication_sqlserver','azure_EnableAzureADAuth_sqlserver','EnableAzureADAuthentication','Provision Active Directory Administrator for SQL Servers','Audit provisioning of an Azure Active Directory administrator for SQL Server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services',NULL,NULL,'sqlserver','azure','EnableAzureADAuthentication','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-for-azure-policy-evaluation-results\",\"encrypt\":false},{\"key\":\"azurePolicyEvaluationResults\",\"value\":\"/azure_policyevaluationresults/_search\",\"encrypt\":false},{\"key\":\"policyDefinitionName\",\"value\":\"1f314764-cb73-4fc9-b863-8eca98ac36e9\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"AzureSQLServerAuthenticationSettings_version-1_EnableAzureADAuthentication_sqlserver\",\"autofix\":false,\"alexaKeyword\":\"EnableAzureADAuthentication\",\"policyRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_EnableAzureADAuth_sqlserver\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_EnableAzureADAuth_sqlserver','ENABLED','','2019-11-08','2019-11-09','high','security');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Account_Create_Update_Azure_SQL_Database_log_alert','Azure_Account_Create_Update_Azure_SQL_Database_log_alert','Azure_Account_Create_Update_Azure_SQL_Database_log_alert','Enable Create or Update SQL Database Log Alert','Ensure that an activity log alert is created for Create or Update Azure SQL Database events.','create a Microsoft Azure activity log alert for Create or Update Azure SQL Database (Microsoft.Sql/servers/databases) event','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Create_Update_Azure_SQL_Database_log_alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect Create Update Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to Create or Update Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/write\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Create or Update Azure SQL Database Assignment log alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Account_Create_Update_Azure_SQL_Database_log_alert\",\"autofix\":false,\"alexaKeyword\":\"Create_Update_Azure_SQL_Database_log_alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Azure_Account_Create_Update_Azure_SQL_Database_log_alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Account_Create_Update_Azure_SQL_Database_log_alert','ENABLED','','2022-05-16','2022-05-16','high','operations');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Account_Delete_Azure_Key_Valut_log_alert','Azure_Account_Delete_Azure_Key_Valut_log_alert','Azure_Account_Delete_Azure_Key_Valut_log_alert','Enable Log Alert for Delete Key Vault Events','Ensure there is an activity log alert created for the Delete Key Vault events','To implement a Microsoft Azure activity log alert for Delete Key Vault (Microsoft.KeyVault/vaults) events','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-update-security-policy-activity-log-alert','subscription','azure','Delete_Azure_Key_Valut_log_alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect Delete Key Vault events are triggered\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to Delete Key Vault events are triggered\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.KeyVault/vaults/delete\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Delete Key Valut log alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Account_Delete_Azure_Key_Valut_log_alert\",\"autofix\":false,\"alexaKeyword\":\"Delete_Azure_Key_Valut_log_alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Azure_Account_Delete_Azure_Key_Valut_log_alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Account_Delete_Azure_Key_Valut_log_alert','ENABLED','','2022-05-25','2022-05-25','high','operations');
-INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Account_Delete_Azure_SQL_Database_log_alert','Azure_Account_Delete_Azure_SQL_Database_log_alert','Azure_Account_Delete_Azure_SQL_Database_log_alert','Enable Delete SQL Database Log Alert','Ensure that an activity log alert is created for Delete Azure SQL Database (Microsoft.Sql/servers/databases) events','To create a Microsoft Azure activity log alert for Delete Azure SQL Database events','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Delete_Azure_SQL_Database_log_alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect Delete Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to Delete Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/delete\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable  Delete Azure SQL Database log alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Account_Delete_Azure_SQL_Database_log_alert\",\"autofix\":false,\"alexaKeyword\":\"Delete_Azure_SQL_Database_log_alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Azure_Account_Delete_Azure_SQL_Database_log_alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Account_Delete_Azure_SQL_Database_log_alert','ENABLED','','2022-05-24','2022-05-24','high','operations');
+--INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Account_Delete_Azure_SQL_Database_log_alert','Azure_Account_Delete_Azure_SQL_Database_log_alert','Azure_Account_Delete_Azure_SQL_Database_log_alert','Enable Delete SQL Database Log Alert','Ensure that an activity log alert is created for Delete Azure SQL Database (Microsoft.Sql/servers/databases) events','To create a Microsoft Azure activity log alert for Delete Azure SQL Database events','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Delete_Azure_SQL_Database_log_alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect Delete Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to Delete Azure SQL Database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/delete\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable  Delete Azure SQL Database log alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Account_Delete_Azure_SQL_Database_log_alert\",\"autofix\":false,\"alexaKeyword\":\"Delete_Azure_SQL_Database_log_alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Azure_Account_Delete_Azure_SQL_Database_log_alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Account_Delete_Azure_SQL_Database_log_alert','ENABLED','','2022-05-24','2022-05-24','high','operations');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Check_Public_Access_For_Storage_Account','azure_check_public_access_for_storage_account','Azure_Check_Public_Access_For_Storage_Account','Deny Public Access to Storage Account','Azure Storage Account should not be publically accessible','Enable cloudtrail for all regions',"https://github.com/PaladinCloud/CE/wiki/Azure-Policy#deny-public-access-to-storage-account",'storageaccount','azure','CheckStorageAccountPublicAccess','{\"params\":[{\"encrypt\":false,\"value\":\"check-public-access-for-storage-account\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Check_Public_Access_For_Storage_Account\",\"autofix\":false,\"alexaKeyword\":\"CheckStorageAccountPublicAccess\",\"policyRestUrl\":\"\",\"targetType\":\"storageaccount\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_check_public_access_for_storage_account\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_check_public_access_for_storage_account','ENABLED','','2022-06-03','2022-06-03','critical','security');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Close_management_ports_version-1_SecurityCenter_virtualmachine','azure_virtualmachine_security_center','Close_management_ports','Deny Access to Virtual Machine Management Ports','Management ports usually consist of the ports that you have used to connect to your Azure virtual machines i.e. Remote Desktop Protocol (RDP) and the Secure Shell (SSH) protocol. These protocols enable admins to manage VMs from remote locations and are common management ports','','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#deny-access-to-virtual-machine-management-ports','virtualmachine','azure','Close_management_ports','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-security-rule\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Management@ports@should@be@closed@on@your@virtual@machines\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Close_management_ports_version-1_SecurityCenter_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"close management port\",\"policyRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_virtualmachine_security_center\",\"policyType\":\"ManagePolicy\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_virtualmachine_security_center','ENABLED','ASGC','2019-10-25','2019-10-25','critical','security');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, status, userId, createdDate, modifiedDate, severity, category) VALUES ('Azure_Create_Network_Security_Group_log_alert','Azure_Account_Create_Network_Security_Group_log_alert','Azure_Create_Network_Security_Group_log_alert','Enable Log Alert for Create/Update Network Security Group',' Ensure that an activity log alert is created for the Create or Update Network Security Group events','create a Microsoft Azure activity log alert for Create or Update Network Security Group event','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Create_Network_Security_Group','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to create or  Update Network Security Group\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to create or  Update Network Security Group\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Network/networkSecurityGroups/write\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Create or Update Network Security Group log alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Create_Network_Security_Group_log_alert\",\"autofix\":false,\"alexaKeyword\":\"Create_Network_Security_Group\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Azure_Account_Create_Network_Security_Group_log_alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Account_Create_Network_Security_Group_log_alert','ENABLED','ASGC','2022-05-24','2022-05-24','high','operations');
@@ -975,3 +975,5 @@ UPDATE cf_PolicyTable SET resolutionUrl = 'https://github.com/PaladinCloud/CE/wi
 UPDATE cf_PolicyTable SET resolutionUrl = 'https://github.com/PaladinCloud/CE/wiki/AWS-Policy#deny-lambda-privilege-to-non-allow-listed-iam-roles' where policyId='UnapprovedIamRoleWithLambdaAccess_version-1_UnapprovedIamRoleLambdaAccess_iamrole';
 
 update cf_PolicyTable set policyParams = '{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-unused-ami\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"cost\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"AWSAMIUnused_version-1_Unused_ami\",\"autofix\":false,\"alexaKeyword\":\"AWSUnusedAMI\",\"policyRestUrl\":\"\",\"targetType\":\"ami\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"aws_ami_unused\",\"policyType\":\"ManagePolicy\"}' where policyId='AWSAMIUnused_version-1_Unused_ami';
+
+delete from cf_PolicyTable where policyId in ('Azure_Account_Create_Update_Azure_SQL_Database_log_alert', 'UntaggedOrUnusedEbsRule_version-1_version-1_UntaggedOrUnusedEbsRule_volume', 'Azure_policies-JIT_Network_Access_version-1_JIT_virtualmachine','Enable_Azure_Account_Create_or_Update_Network_Security_Group_Rule_Event_log_alert');
\ No newline at end of file