diff --git a/rules/tailscale_rules/tailscale_https_disabled.yml b/rules/tailscale_rules/tailscale_https_disabled.yml index 15dd0a239..8f786c969 100644 --- a/rules/tailscale_rules/tailscale_https_disabled.yml +++ b/rules/tailscale_rules/tailscale_https_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale HTTPS Disabled" Enabled: true Filename: tailscale_https_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1153/enabling-https/#disable-https Severity: High Tests: - ExpectedResult: true diff --git a/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml b/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml index 268e95db4..fe7a3e8a5 100644 --- a/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml +++ b/rules/tailscale_rules/tailscale_machine_approval_requirements_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale Machine Approval Requirements Disabled" Enabled: true Filename: tailscale_machine_approval_requirements_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1099/device-approval/ Severity: High Tests: - ExpectedResult: true diff --git a/rules/tailscale_rules/tailscale_magicdns_disabled.yml b/rules/tailscale_rules/tailscale_magicdns_disabled.yml index 513da6419..c84f88818 100644 --- a/rules/tailscale_rules/tailscale_magicdns_disabled.yml +++ b/rules/tailscale_rules/tailscale_magicdns_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Tailscale Magic DNS Disabled" Enabled: true Filename: tailscale_magicdns_disabled.py Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture. +Reference: https://tailscale.com/kb/1081/magicdns/ Severity: High Tests: - ExpectedResult: true