You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update test file names in ProwlerStringIOParser tests Set file_content.name for
- empty CSV test to "test_empty.csv"
- AWS CSV test to "test_aws.csv"
- AWS JSON test to "test_aws.json"
- Azure CSV test to "test_azure.csv"
- Azure JSON test to "test_azure.json"
- GCP CSV test to "test_gcp.csv"
- GCP JSON test to "test_gcp.json"
- Kubernetes CSV test to "test_kubernetes.csv"
- Kubernetes JSON test to "test_kubernetes.json"
2023-09-27 09:41:37.760834;2023-09-27 09:41:38.065516;123456789012;test-aws;123456789012;;AWS;;74f356f4-e032-42d6-b2cf-1718edc92687;aws;iam_root_hardware_mfa_enabled;Ensure hardware MFA is enabled for the root account;security;FAIL;Hardware MFA is not enabled for the root account.;False;iam;;high;iam-account;123456789012;test-aws;;;;global;The test root account's hardware MFA device is not enabled.;If the root account doesn't have a hardware MFA, alternative mechanisms will be required to gain access to the account in case a password is lost or compromised. Without MFA or alternative mechanisms, it may be difficult or impossible to access the account.;https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html;Implement a hardware MFA for the root account;https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html;;;aws iam enable-mfa-device;;PCI-DSS-3.2.1: 8.3.1, 8.3.2 | CIS-1.4: 1.6 | CIS-1.5: 1.6 | AWS-Foundational-Security-Best-Practices: iam, root-account | KISA-ISMS-P-2023: 2.7.3 | CIS-2.0: 1.6 | KISA-ISMS-P-2023-korean: 2.7.3 | AWS-Well-Architected-Framework-Security-Pillar: SEC01-BP05 | AWS-Account-Security-Onboarding: Prerequisites, MFA requirements for root user | CSA-CCM-4.0: DSP-07, IAM-10 | BSI-CS-C2: 3.3 | IceCat: Rule-2 | CIS-3.0: 1.6 | ENS-RD2022: mp.if.3.aws.iam.7;root-account, security-best-practices, permissions-management, compliance, conditional-access, csf-recovery, nist-id-am-2;;;Recommendation: Implement a hardware MFA device for the root account;1.0.0""")
2025-02-14 14:27:30.710664;2025-02-14 14:27:30.710664;00000000-0000-0000-0000-000000000000;AzureSubscription;00000000-0000-0000-0000-000000000000;00000000-0000-0000-0000-000000000000;AzureTenant;;00000000-0000-0000-0000-000000000000;azure;iam_subscription_roles_owner_no_ad;Ensure Azure Active Directory Administrator Is Configured;;FAIL;Administrator not configured for SQL server testserver.;False;iam;;medium;Microsoft.Sql/servers;/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testgroup/providers/Microsoft.Sql/servers/testserver;testserver;;sqlserver;global;eastus;Designating Azure AD administrator for SQL Server is recommended;;https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage;Configure an Azure AD administrator for Azure SQL server;https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure;;terraform code here;azure cli code here;;CIS-1.3.0: 4.3.6;security-best-practices, compliance;;;;1.0.0""")
2025-01-01 10:00:00.000000;2025-01-01 10:10:00.000000;123456789012;gcp-project-name;;;;;123456789012-bc-gcp-networking-2-123456789012-456;gcp;bc_gcp_networking_2;Ensure that Firewall Rules do not allow access from 0.0.0.0/0 to Remote Desktop Protocol (RDP);;FAIL;Firewall rule default-allow-rdp allows 0.0.0.0/0 on port RDP.;False;firewall;;high;firewall;projects/gcp-project-name/global/firewalls/default-allow-rdp;default-allow-rdp;;;;global;TCP port 3389 is used for Remote Desktop Protocol. It should not be exposed to the internet.;Unrestricted access to TCP port 3389 from untrusted sources increases risks from external attackers.;https://cloud.google.com/vpc/docs/using-firewalls;Remove any 3389 port firewall rules that have source 0.0.0.0/0 or ::/0 in your VPC Network.;https://cloud.google.com/vpc/docs/using-firewalls;;;gcloud compute firewall-rules update default-allow-rdp --source-ranges=<trusted_source_ips>;https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/CloudVPC/unrestricted-rdp-access.html;MITRE-ATTACK: T1190, T1199, T1048, T1498, T1046 | CIS-2.0: 3.7 | ENS-RD2022: mp.com.1.gcp.fw.1 | CIS-3.0: 3.7;internet-exposed;;;;1.0.0""")
2025-02-01 10:00:00.000000;2025-02-01 10:10:00.000000;k8s-cluster;kubernetes;;;;;"k8s-cluster-bc_k8s_pod_security_1-543";kubernetes;bc_k8s_pod_security_1;Ensure that admission control plugin AlwaysPullImages is set;;FAIL;The admission control plugin AlwaysPullImages is not set.;False;cluster-security;;medium;kubernetes-cluster;k8s-cluster;apiserver-01;;;;;"The AlwaysPullImages admission controller forces every new pod to pull the required images every time they are instantiated. In a multitenant or untrusted environment, this reduces the chance for a malicious user to use pre-pulled images.";Without AlwaysPullImages, once an image is pulled to a node, any pod can use it without any authorization check, potentially leading to security risks.;https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages;Configure the API server to use the AlwaysPullImages admission control plugin to ensure image security and integrity.;https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers;https://docs.prowler.com/checks/kubernetes/kubernetes-policy-index/ensure-that-the-admission-control-plugin-alwayspullimages-is-set#kubernetes;;--enable-admission-plugins=...,AlwaysPullImages,...;;CIS-1.10: 1.2.11 | CIS-1.8: 1.2.11;cluster-security;;;Enabling AlwaysPullImages can increase network and registry load and decrease container startup speed. It may not be suitable for all environments.;1.0.0""")
0 commit comments