From dbd8c1acc0851297f1a46d4d164812dc3b62441c Mon Sep 17 00:00:00 2001 From: Arun Kumar <104547029+arunpaladin@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:22:23 -0700 Subject: [PATCH 1/2] [PLG-629] Removed Duplicate policies and update severity azuer. --- installer/resources/pacbot_app/files/DB_Policy.sql | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/installer/resources/pacbot_app/files/DB_Policy.sql b/installer/resources/pacbot_app/files/DB_Policy.sql index 24481726a1..93cbb0d923 100644 --- a/installer/resources/pacbot_app/files/DB_Policy.sql +++ b/installer/resources/pacbot_app/files/DB_Policy.sql @@ -195,7 +195,6 @@ INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('AccountEnsureCloudwatchAlarmExistsForSecurityGroupChanges_version-1_EnableCloudwatchAlarm_account','aws_account_cloudwatch_alarm_for_sg_changes','Security group changes should have log metric filter and alarm','Configure Log Metric Filter and Alarm for Security Group Changes','Configuring log metric filters and alarms for security group changes is crucial for maintaining security, compliance, operational visibility, and incident response capabilities in AWS. It helps detect unauthorized changes, ensures compliance, provides insights, enables proactive alerts, and aids incident response. Overall, it is a best practice for securing AWS resources and preventing security breaches.','Create CloudWatch Logs Metric Filter and corresponding alarm for AWS security group changes','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#configure-log-metric-filter-and-alarm-for-security-group-changes','account','aws','AccountEnsureCloudwatchAlarm','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-cloudwatch-alarm-exists\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"CloudTrailEventCount\",\"key\":\"metricname\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric name should be equal to the given name\",\"defaultVal\":\"CloudTrailEventCount\",\"displayName\":\"Metric name for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"CloudTrailMetrics\",\"key\":\"metricnamespace\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric namespace should be equal to the given name\",\"defaultVal\":\"CloudTrailMetrics\",\"displayName\":\"Metric namespace for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"SEC_GRP_CHANGES_FILTER\",\"key\":\"filtername\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"AccountEnsureCloudwatchAlarmExistsForSecurityGroupChanges_version-1_EnableCloudwatchAlarm_account\",\"autofix\":false,\"alexaKeyword\":\"AccountEnsureCloudwatchAlarm\",\"policyRestUrl\":\"\",\"targetType\":\"account\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"aws_account_cloudwatch_alarm_for_sg_changes\",\"policyType\":\"ManagePolicy\"}','0 0 1/1 * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/aws_account_cloudwatch_alarm_for_sg_changes','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-11-01','2022-11-01','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('AccountEnsureCloudwatchAlarmExistsForUnAuthorizedAPI_version-1_EnableCloudwatchAlarm_account','aws_account_cloudwatch_alarm_for_unauthorized_api','Unauthorized API calls should have log metric filter and alarm','Configure Log Metric Filter and Alarm for Unauthorized API Calls','Configuring log metric filters and alarms for unauthorized API calls is crucial for improving security, compliance, operational visibility, and incident response capabilities. It helps detect potential security threats, ensures compliance, provides insights, enables proactive alerts, and aids incident response. Overall, it is a best practice for safeguarding systems and data from unauthorized access, meeting compliance requirements, identifying operational anomalies, and responding to security incidents effectively.','Create CloudWatch Logs Metric Filter and corresponding alarm for unauthorized API calls','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#configure-log-metric-filter-and-alarm-for-unauthorized-api-calls','account','aws','AccountEnsureCloudwatchAlarm','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-cloudwatch-alarm-exists\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"CloudTrailEventCount\",\"key\":\"metricname\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric name should be equal to the given name\",\"defaultVal\":\"CloudTrailEventCount\",\"displayName\":\"Metric name for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"CloudTrailMetrics\",\"key\":\"metricnamespace\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric namespace should be equal to the given name\",\"defaultVal\":\"CloudTrailMetrics\",\"displayName\":\"Metric namespace for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"UNAUTH_API_CALLS_FILTER\",\"key\":\"filtername\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"AccountEnsureCloudwatchAlarmExistsForUnAuthorizedAPI_version-1_EnableCloudwatchAlarm_account\",\"autofix\":false,\"alexaKeyword\":\"AccountEnsureCloudwatchAlarm\",\"policyRestUrl\":\"\",\"targetType\":\"account\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"aws_account_cloudwatch_alarm_for_unauthorized_api\",\"policyType\":\"ManagePolicy\"}','0 0 1/1 * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/aws_account_cloudwatch_alarm_for_unauthorized_api','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-11-01','2022-11-01','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('AccountEnsureCloudwatchAlarmExistsForVPCChanges_version-1_EnableCloudwatchAlarm_account','aws_account_cloudwatch_alarm_for_vpc_changes','VPC changes should have log metric filter and alarm','Configure Log Metric Filter and Alarm for VPC Changes','Configuring log metric filters and alarms for VPC changes is essential for improving security, compliance, operational visibility, and incident response in AWS environments. It helps detect unauthorized changes, ensures compliance, provides insights, enables proactive alerting, and aids in incident response. Overall, it is a best practice for maintaining the security and integrity of VPCs, meeting compliance requirements, identifying operational issues, and responding to security incidents effectively.','Create CloudWatch Logs Metric Filter and corresponding alarm for VPC changes','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#configure-log-metric-filter-and-alarm-for-vpc-changes','account','aws','AccountEnsureCloudwatchAlarm','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-cloudwatch-alarm-exists\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"CloudTrailEventCount\",\"key\":\"metricname\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric name should be equal to the given name\",\"defaultVal\":\"CloudTrailEventCount\",\"displayName\":\"Metric name for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"CloudTrailMetrics\",\"key\":\"metricnamespace\",\"isEdit\":true,\"isMandatory\":true,\"description\":\"Metric namespace should be equal to the given name\",\"defaultVal\":\"CloudTrailMetrics\",\"displayName\":\"Metric namespace for cloudwatch alarm\"},{\"encrypt\":false,\"value\":\"VPC_CHANGES_FILTER\",\"key\":\"filtername\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"AccountEnsureCloudwatchAlarmExistsForVPCChanges_version-1_EnableCloudwatchAlarm_account\",\"autofix\":false,\"alexaKeyword\":\"AccountEnsureCloudwatchAlarm\",\"policyRestUrl\":\"\",\"targetType\":\"account\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"aws_account_cloudwatch_alarm_for_vpc_changes\",\"policyType\":\"ManagePolicy\"}','0 0 1/1 * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/aws_account_cloudwatch_alarm_for_vpc_changes','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-11-01','2022-11-01','ENABLED'); -INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Adaptive_App_Control_version-1_AAC_virtualmachine','azure_aac_virtualmachine','AAC','Enable Adaptive Application Controls on Virtual Machines','Enabling Adaptive Application Controls on Virtual Machines brings benefits such as increased security, reduced risk of configuration errors, improved performance, and simplified management. It uses machine learning algorithms to identify and prevent potentially harmful activities, automatically adjusts security policies based on application behavior, and can be managed centrally.',NULL,'https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-adaptive-application-controls','virtualmachine','azure','AdaptiveAppControl','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-for-azure-policy-evaluation-results\",\"encrypt\":false},{\"key\":\"azurePolicyEvaluationResults\",\"value\":\"/azure_policyevaluationresults/_search\",\"encrypt\":false},{\"key\":\"policyDefinitionName\",\"value\":\"47a6b606-51aa-4496-8bb7-64b11cf66adc\",\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Adaptive_App_Control_version-1_AAC_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"AdaptiveAppControl\",\"policyRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_aac_virtualmachine\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_aac_virtualmachine','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2019-08-27','2019-11-06','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('AmazonRDSIdleDBInstancesRule_version-1_AmazonRDSIdleDBInstancesRule_rdsdb','aws_rds_instances_should_not_tbe_idle_state','AmazonRDSIdleDBInstancesRule','Delete AWS RDS DB Instances Running in Idle Mode','Deleting AWS RDS DB instances running in idle mode can lead to cost savings, improved security, simplified maintenance, and better compliance with regulatory requirements. It can help optimize your AWS usage and reduce your attack surface, and ensure that your database is up-to-date and free from vulnerabilities.','Consider taking a snapshot of the idle DB instance and then deleting it,See Deleting a DB Instance with a Final Snapshot','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#delete-aws-rds-db-instances-running-in-idle-mode','rdsdb','aws','AmazonRDSIdleDBInstancesRule','{\"assetGroup\":\"aws\",\"policyId\":\"AmazonRDSIdleDBInstancesRule_version-1_AmazonRDSIdleDBInstancesRule_rdsdb\",\"policyRestUrl\":\"\",\"environmentVariables\":[],\"policyUUID\":\"aws_rds_instances_should_not_tbe_idle_state\",\"policyType\":\"ManagePolicy\",\"pac_ds\":\"aws\",\"targetType\":\"rdsdb\",\"params\":[{\"defaultVal\":\"Ti39halfu8\",\"encrypt\":false,\"isEdit\":true,\"displayName\":\"Check Id\",\"description\":\"Check Id Keyword\",\"value\":\"Ti39halfu8\",\"key\":\"checkId\",\"isMandatory\":true},{\"encrypt\":false,\"value\":\"check-for-amazon-RDS-idle-DB-instances\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"cost\",\"key\":\"policyCategory\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"/aws_checks/checks_resources/_search\",\"key\":\"esServiceURL\"}],\"autofix\":false,\"alexaKeyword\":\"AmazonRDSIdleDBInstancesRule\"}','0 0/12 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/aws_rds_instances_should_not_tbe_idle_state','high','cost','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2018-03-15','2018-09-19','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Attached-EBS-volumes-are-encrypted_version-1_Attached_EBS_volumes_should_be_encrypted','AWS_Attached_EBS_volumes_should_be_encrypted','Attached_EBS_volumes_should_be_encrypted','Encrypt EBS Volume','To meet security and compliance standards, it is important to ensure that all your Amazon Elastic Block Store (EBS) volumes are encrypted. You can confidently store senTo meet security and compliance standards, it is important to ensure that all your Amazon Elastic Block Store (EBS) volumes are encrypted. You can confidently store sensitive, confidential, and critical data on your EBS volumes by enabling encryption.sitive, confidential, and critical data on your EBS volumes by enabling encryption.','To enable encryption on your existing EBS volumes, you need to re-create them and turn the encryption feature on','https://github.com/PaladinCloud/CE/wiki/AWS-Policy#encrypt-ebs-volume','volume','aws','EBSVolumeEncryption','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-for-ebs-snapshot-should-be-encrypted\",\"encrypt\":false},{\"key\":\"esEbsWithInstanceUrl\",\"value\":\"/aws/volume_attachments/_search\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"}],\"environmentVariables\":[],\"policyId\":\"Attached-EBS-volumes-are-encrypted_version-1_Attached_EBS_volumes_should_be_encrypted\",\"autofix\":false,\"alexaKeyword\":\"EBSVolumeEncryption\",\"policyRestUrl\":\"\",\"targetType\":\"volume\",\"pac_ds\":\"aws\",\"assetGroup\":\"aws\",\"policyUUID\":\"AWS_Attached_EBS_volumes_should_be_encrypted\",\"policyType\":\"ManagePolicy\"}','0 0 1/1 * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/AWS_Attached_EBS_volumes_should_be_encrypted','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-05-11','2022-05-11','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Auditing_Advanced_Data_Security_version-1_SADS_sqlserver','azure_sads_sqlserver','SADS','Enable Auditing for Advanced Data Security SQL Server ','Enabling auditing for Advanced Data Security on SQL Server provides benefits such as enhanced security, compliance, improved visibility, forensic analysis, and continuous monitoring. Auditing allows you to track and log security-related events, detect potential security threats, meet compliance requirements, provide greater visibility into user activity, conduct forensic analysis, and proactively monitor for suspicious activity. It is an essential component of a robust security strategy for organizations handling sensitive data on their SQL Server.','Auditing should be enabled on advanced data security settings on SQL Server','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-auditing-for-advanced-data-security-sql-server','sqlserver','azure','SADS','{\"params\":[{\"key\":\"policyKey\",\"value\":\"check-for-azure-policy-evaluation-results\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"azurePolicyEvaluationResults\",\"value\":\"/azure_policyevaluationresults/_search\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyDefinitionName\",\"value\":\"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Auditing_Advanced_Data_Security_version-1_SADS_sqlserver\",\"autofix\":false,\"alexaKeyword\":\"SADS\",\"policyRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_sads_sqlserver\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_sads_sqlserver','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2019-09-26','2019-11-06','ENABLED'); @@ -380,7 +379,7 @@ INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Create_or_Update_SQL_Database_Log_Alert','Enable_Create_or_Update_SQL_Database_Log_Alert','Enable log Alert for Create/Update SQL DB','Enable Log Alert for Create/Update SQL DB','Ensure that an activity log alert is created for Create/Update SQL Database Rule events.',NULL,'https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Enable_Create_or_Update_SQL_Database_Log_Alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not configured to detect create or update SQL Database events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is configured to detect create or update SQL Database Rule events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/write\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Create or Update SQL Database Log Alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"autofix\":false,\"alexaKeyword\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Create_or_Update_SQL_Database_Log_Alert','high','operations','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-07','2022-07-07','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Delete_SQL_Database_Log_Alert','Enable_Delete_SQL_Database_Log_Alert','Enable log Alert for Delete SQL DB','Enable Log Alert for Delete SQL DB','To improve security and availability of Azure SQL databases and reduce the impact of accidental or intentional deletions, monitor for \"Delete Azure SQL Database\"\" events using Microsoft Azure Monitor service and an Azure activity log alert. This alert triggers notifications whenever events matching the conditions of \"\"Administrative\"\" category and \"\"Delete Azure SQL Database (Microsoft.Sql/servers/databases)\"\" signal name in the Activity Log occur.\"',NULL,'https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Enable_Delete_SQL_Database_Log_Alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not configured to detect delete SQL Database events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is configured to detect delete SQL Database Rule events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/delete\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Delete SQL Database Log Alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Delete_SQL_Database_Log_Alert\",\"autofix\":false,\"alexaKeyword\":\"Enable_Delete_SQL_Database_Log_Alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Delete_SQL_Database_Log_Alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Delete_SQL_Database_Log_Alert','high','operations','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-07','2022-07-07','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Email_Subscription_Admin','Enable_Email_Subscription_Admin','Enable Also send email notifications to admins and subscription owners','Enable Vulnerability Assessment (VA) Setting \'Also Send email Notifications to Admins and Subscripti','Enabling the \"Also Send email Notifications to Admins and Subscription Owners\"\" setting in Vulnerability Assessment promotes timely remediation, improved security awareness, shared accountability, centralized communication, and comprehensive reporting. This helps maintain a proactive security posture and fosters a security-aware culture within the organization.\"','1.Go to SQL servers \n2.Select a server instance \n3.Click on Security Center \n4.Select Configure next to Enabled at subscription-level \n5.In Section Vulnerability Assessment Settings , configure Storage Accounts if not already \n6. Check/enable Also send email notifications to admins and subscription owners \n7. Click Save','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#Enable-send-email-notifications-to-admins-and-subscription-owners-in-vulnerability-settings-for-sql-server','sqlserver','azure','EmailSubscriptionAdminSQLServer','{\"params\":[{\"encrypt\":false,\"value\":\"check-if-emailSubscriptionAdmins-is-enabled\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Email_Subscription_Admin\",\"autofix\":false,\"alexaKeyword\":\"EmailSubscriptionAdminSQLServer\",\"policyRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Email_Subscription_Admin\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Email_Subscription_Admin','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-20','2022-10-20','ENABLED'); -INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Encryption_for_Unattached_Disk_Volumes','azure_Enable_Encryption_for_Unattached_Disk_Volumes','Enable_Encryption_for_Unattached_Disk_Volumes','Encrypt Unattached Disk Volumes with CMK','Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine. We recommend encrypting all disk volumes attached to Azure virtual machines within the application tier to ensure confidentiality and meet compliance and security requirements. It is also important to encrypt detached disk volumes using Azure Disk Encryption, which uses BitLocker for Windows and DM-Crypt for Linux to encrypt the OS and data disks of Azure virtual machines. Integration with Azure Key Vault allows for control and management of disk encryption keys and secrets. Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine.','enable encryption for your unattached Microsoft Azure VM disk volumes','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-unattached-disk-volumes','disk','azure','Enable_Encryption_for_Unattached_Disk_Volumes','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-postgree-ssl-enforcement\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable Encryption for Unattached Disk Volumes\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"autofix\":false,\"alexaKeyword\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyRestUrl\":\"\",\"targetType\":\"disk\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_Enable_Encryption_for_Unattached_Disk_Volumes','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-19','2022-05-19','ENABLED'); +INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Encryption_for_Unattached_Disk_Volumes','azure_Enable_Encryption_for_Unattached_Disk_Volumes','Enable_Encryption_for_Unattached_Disk_Volumes','Encrypt Unattached Disk Volumes with CMK','Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine. We recommend encrypting all disk volumes attached to Azure virtual machines within the application tier to ensure confidentiality and meet compliance and security requirements. It is also important to encrypt detached disk volumes using Azure Disk Encryption, which uses BitLocker for Windows and DM-Crypt for Linux to encrypt the OS and data disks of Azure virtual machines. Integration with Azure Key Vault allows for control and management of disk encryption keys and secrets. Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine.','enable encryption for your unattached Microsoft Azure VM disk volumes','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-unattached-disk-volumes','disk','azure','Enable_Encryption_for_Unattached_Disk_Volumes','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-postgree-ssl-enforcement\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable Encryption for Unattached Disk Volumes\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"autofix\":false,\"alexaKeyword\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyRestUrl\":\"\",\"targetType\":\"disk\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_Enable_Encryption_for_Unattached_Disk_Volumes','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-19','2022-05-19','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_HTTPS_For_LoadBalancer','Enable_HTTPS_For_LoadBalancer','Enable https for load balancer','Enable HTTPS for Google Cloud Load Balancers','It is crucial to enforce HTTPS for your Google Cloud load balancers to protect the communication between clients and load balancers from eavesdropping and MITM attacks. This is especially important when sensitive data is involved. Configuring valid SSL/TLS certificates on GCP load balancers is essential to ensure encrypted web traffic between clients and load balancers.','1. Navigate to Cloud Load Balancing dashboard at https://console.cloud.google.com/net-services/loadbalancing.\n2. On the Load balancing page, select Load balancers to access the list with the Google Cloud load balancers created for the selected project\n3. Choose the HTTP load balancer that you want to reconfigure , click on the 3-dot button to access the options menu, then select Edit\n4. On the Edit HTTP(S) load balancer page, select Frontend configuration tab, and choose Add Frontend IP and port to create a new, secure frontend configuration for the selected load balancer\n5. On the Edit HTTP(S) load balancer page, click Update to associate the newly created HTTPS frontend configuration with the selected Google Cloud load balancer','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#Enable-HTTPS-for-Google-Cloud-Load-Balancers','gcploadbalancer','gcp','Enable_HTTPS_For_LoadBalancer','{\"params\":[{\"encrypt\":false,\"value\":\"enable-https-for-loadbalancer\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_HTTPS_For_LoadBalancer\",\"autofix\":false,\"alexaKeyword\":\"Enable_HTTPS_For_LoadBalancer\",\"policyRestUrl\":\"\",\"targetType\":\"gcploadbalancer\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_HTTPS_For_LoadBalancer\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_HTTPS_For_LoadBalancer','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-12-08','2022-12-08','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Https_For_Cloudfunc','Enable_Https_For_Cloudfunc','Enable_Https_For_Cloudfunc','Enable https for Cloud Functions','This policy identifies GCP Cloud Functions for which the HTTP trigger is not secured. When you configure HTTP functions to be triggered only with HTTPS, user requests will be redirected to use the HTTPS protocol, which is more secure. It is recommended to set the \'Require HTTPS\' for configuring HTTP triggers while deploying your function.','1. Login to GCP console\n2. Navigate to \'Cloud Functions\' service (Left Panel)\n3. Click on the alerting function\n4. Click on \'EDIT\'\n5. Under section \'Trigger\', click on \'EDIT\'\n6. Select the checkbox against the field \'Require HTTPS\'\n7. Click on \'SAVE\'\n8. Click on \'NEXT\'\n9. Click on \'DEPLOY\'','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#gcp-cloud-function-http-trigger-is-not-secured','cloudfunctiongen1','gcp','cloudfunctionhttps','{\"params\":[{\"encrypt\":false,\"value\":\"Enable-Https-For-Cloudfunc\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Https_For_Cloudfunc\",\"autofix\":false,\"policyRestUrl\":\"\",\"targetType\":\"cloudfunctiongen1\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_Https_For_Cloudfunc\",\"policyType\":\"ManagePolicy\"}','0 0 ? * MON *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Https_For_Cloudfunc','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'admin@paladincloud.io','2023-01-18','2023-01-18','ENABLED'); INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Integrity_Monitoring_For_Node_Pool','Enable_Integrity_Monitoring_For_Node_Pool','Integrity Monitoring should be enabled','Enable Integrity Monitoring for Shielded GKE Nodes','Enabling integrity monitoring for Shielded Google Kubernetes Engine (GKE) nodes is important for ensuring the security and integrity of your Kubernetes clusters. Shielded GKE nodes use advanced security features to protect the nodes from potential attacks or tampering, and integrity monitoring ensures that the nodes have not been modified in an unauthorized way. Enabling integrity monitoring can help detect potential security breaches, configure alerts and notifications, and respond to potential threats in a timely manner. This is a best practice for maintaining the security and integrity of your Kubernetes clusters.','Once a Node pool is provisioned, it cannot be updated to enable Integrity Monitoring. You must create new Node pools within the cluster with Integrity Monitoring enabled Using Google Cloud Console \n1. Go to Kubernetes Engine by visiting https://console.cloud.google.com/kubernetes/list \n2. From the list of clusters, click on the cluster requiring the update and click ADD NODE POOL \n3. Ensure that the Integrity monitoring checkbox is checked under the Shielded options Heading. \n4. Click SAVE.','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#Enable-Integrity-Monitoring-for-Shielded-GKE-Nodes','gkecluster','gcp','IntegrityMonitoringForNodePool','{\"params\":[{\"encrypt\":false,\"value\":\"enable-node-pool-managements\",\"key\":\"policyKey\"},{\"key\":\"nodePoolKey\",\"value\":\"enableIntegrityMonitoring\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"description\",\"value\":\"Ensure Integrity monitoring for GKE nodes enabled\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"Integrity monitoring for GKE nodes disabled\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Integrity_Monitoring_For_Node_Pool\",\"autofix\":false,\"alexaKeyword\":\"IntegrityMonitoringForNodePool\",\"policyRestUrl\":\"\",\"targetType\":\"gkecluster\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_Integrity_Monitoring_For_Node_Pool\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Integrity_Monitoring_For_Node_Pool','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-27','2022-10-27','ENABLED'); @@ -747,10 +746,6 @@ INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `def INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AccountEnsureCloudwatchAlarmExistsForVPCChanges_version-1_EnableCloudwatchAlarm_account','metricname','CloudTrailEventCount','CloudTrailEventCount','true','true','false','Metric name for cloudwatch alarm','Metric name should be equal to the given name'); INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AccountEnsureCloudwatchAlarmExistsForVPCChanges_version-1_EnableCloudwatchAlarm_account','metricnamespace','CloudTrailMetrics','CloudTrailMetrics','true','true','false','Metric namespace for cloudwatch alarm','Metric namespace should be equal to the given name'); INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AccountEnsureCloudwatchAlarmExistsForVPCChanges_version-1_EnableCloudwatchAlarm_account','filtername','VPC_CHANGES_FILTER','','false','false','false','',''); -INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Adaptive_App_Control_version-1_AAC_virtualmachine','policyKey','check-for-azure-policy-evaluation-results','','false','false','false','',''); -INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Adaptive_App_Control_version-1_AAC_virtualmachine','azurePolicyEvaluationResults','/azure_policyevaluationresults/_search','','false','false','false','',''); -INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Adaptive_App_Control_version-1_AAC_virtualmachine','policyDefinitionName','47a6b606-51aa-4496-8bb7-64b11cf66adc','','false','false','false','',''); -INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Adaptive_App_Control_version-1_AAC_virtualmachine','policyOwner','','','false','false','false','',''); INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AmazonRDSIdleDBInstancesRule_version-1_AmazonRDSIdleDBInstancesRule_rdsdb','checkId','Ti39halfu8','Ti39halfu8','false','true','false','Check Id','Check Id Keyword'); INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AmazonRDSIdleDBInstancesRule_version-1_AmazonRDSIdleDBInstancesRule_rdsdb','policyKey','check-for-amazon-RDS-idle-DB-instances','','false','false','false','',''); INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('AmazonRDSIdleDBInstancesRule_version-1_AmazonRDSIdleDBInstancesRule_rdsdb','esServiceURL','/aws_checks/checks_resources/_search','','false','false','false','',''); @@ -2955,7 +2950,6 @@ update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-poli update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Assign-Mandatory-Tags-to-Virtual-Machine' where policyId='TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine'; update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Assign-Mandatory-Tags-Virtual-Network' where policyId='TaggingRule_version-1_VnetTaggingRule_vnet'; update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Restrict-Network-Ports-on-Network-Security-Groups-Associated-to-VM' where policyId='Access_Through_Internet_version-1_AIE_virtualmachine'; -update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-Adaptive-Application-Controls-on-Virtual-Machines' where policyId='Adaptive_App_Control_version-1_AAC_virtualmachine'; update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-Auditing-for-Advanced-Data-Security-SQL-Server' where policyId='Auditing_Advanced_Data_Security_version-1_SADS_sqlserver'; update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Check-Unrestricted-Network-Access-to-Storage-Accounts' where policyId='AzureAuditNetworkAccessToStorageAccounts_version-1_ConfigureNetworkRulesOnStorageAccount_storageaccount'; update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Check-Storage-VNet-Integration' where policyId='AzureAuditStorageVnetIntegration_version-1_AuditStorageVnetIntegration_storageaccount'; @@ -3592,4 +3586,5 @@ DELETE IGNORE FROM cf_PolicyParams WHERE policyId='Enable_transparent_data_encry DELETE IGNORE FROM cf_PolicyTable WHERE policyId='Enable_transparent_data_encryption_for_sql_db'; UPDATE cf_PolicyTable SET policyDisplayName='Encrypt VM Boot Disk using Key Vault' where policyId='Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine'; -UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes with CMK' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; \ No newline at end of file +UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes with CMK' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; +UPDATE cf_PolicyTable SET severity='medium' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; \ No newline at end of file From dcb8faf48af7dff0b275211e06623f8a6daad774 Mon Sep 17 00:00:00 2001 From: Arun Kumar <104547029+arunpaladin@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:39:02 -0700 Subject: [PATCH 2/2] [PLG-629] Removed Duplicate and update severity Azure policy. --- installer/resources/pacbot_app/files/DB_Policy.sql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installer/resources/pacbot_app/files/DB_Policy.sql b/installer/resources/pacbot_app/files/DB_Policy.sql index 93cbb0d923..898f53308e 100644 --- a/installer/resources/pacbot_app/files/DB_Policy.sql +++ b/installer/resources/pacbot_app/files/DB_Policy.sql @@ -3585,6 +3585,6 @@ UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes wit DELETE IGNORE FROM cf_PolicyParams WHERE policyId='Enable_transparent_data_encryption_for_sql_db'; DELETE IGNORE FROM cf_PolicyTable WHERE policyId='Enable_transparent_data_encryption_for_sql_db'; -UPDATE cf_PolicyTable SET policyDisplayName='Encrypt VM Boot Disk using Key Vault' where policyId='Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine'; -UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes with CMK' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; -UPDATE cf_PolicyTable SET severity='medium' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; \ No newline at end of file +UPDATE cf_PolicyTable SET severity='medium' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes'; +DELETE IGNORE FROM cf_PolicyParams WHERE policyId='Adaptive_App_Control_version-1_AAC_virtualmachine'; +DELETE IGNORE FROM cf_PolicyTable WHERE policyId='Adaptive_App_Control_version-1_AAC_virtualmachine'; \ No newline at end of file