updated triggers for A and B

aquasecurity · Sep 19, 2023 · 89eb8bb · 89eb8bb
1 parent 784fd6e
commit 89eb8bb
Show file tree

Hide file tree

Showing 20 changed files with 20 additions and 21 deletions.
diff --git a/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js b/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js
@@ -11,7 +11,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-work-with-findings.html',
     recommended_action: 'Investigate into active findings in your account and do the needful until you have zero active findings.',
     apis: ['AccessAnalyzer:listAnalyzers', 'AccessAnalyzer:listFindings'],
-    realtime_triggers: ['accessanalyzer:CreateAnalyzer','accessanalyzer:CreateArchiveRule','accessanalyzer:UpdateArchiveRule'],
+    realtime_triggers: ['accessanalyzer:CreateAnalyzer','accessanalyzer:CreateArchiveRule','accessanalyzer:StartResourceScan'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/acm/acmCertificateHasTags.js b/plugins/aws/acm/acmCertificateHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/acm/latest/userguide/tags.html',
     recommended_action: 'Modify ACM certificate and add tags.',
     apis: ['ACM:listCertificates', 'ResourceGroupsTaggingAPI:getResources'],
-    realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate','acm:AddTagsToCertificate', 'acm:RemoveTagsFromCertificate'],
+    realtime_triggers: ['acm:RequestCertificate','acm:AddTagsToCertificate', 'acm:RemoveTagsFromCertificate'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/acm/acmSingleDomainNameCertificate.js b/plugins/aws/acm/acmSingleDomainNameCertificate.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html',
     recommended_action: 'Configure ACM managed certificates to use single name domain instead of wildcards.',
     apis: ['ACM:listCertificates', 'ACM:describeCertificate'],
-    realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate'],
+    realtime_triggers: ['acm:RequestCertificate'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/acm/acmValidation.js b/plugins/aws/acm/acmValidation.js
@@ -11,7 +11,7 @@ module.exports = {
     cs_link: 'https://cloudsploit.com/remediations/aws/acm/acm-certificate-validation',
     recommended_action: 'Configure ACM managed certificates to use DNS validation.',
     apis: ['ACM:listCertificates', 'ACM:describeCertificate'],
-    realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate'],
+    realtime_triggers: ['acm:RequestCertificate'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/apigateway/apigatewayAuthorization.js b/plugins/aws/apigateway/apigatewayAuthorization.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Modify API Gateway configuration and ensure that appropriate authorizers are set up for each API.',
     link: 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html',
     apis: ['APIGateway:getRestApis', 'APIGateway:getAuthorizers'],
-    realtime_triggers: ['apigateway:CreateRestApi','apigateway:CreateAuthorizer'],
+    realtime_triggers: ['apigateway:CreateRestApi','apigateway:ImportRestApi','apigateway:CreateAuthorizer'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/apigateway/apigatewayCertificateRotation.js b/plugins/aws/apigateway/apigatewayCertificateRotation.js
@@ -18,7 +18,7 @@ module.exports = {
             default: '30',
         }
     },
-    realtime_triggers: ['apigateway:CreateRestApi','apigateway:GenerateClientCertificate','apigateway:DeleteClientCertificate'],
+    realtime_triggers: ['apigateway:CreateRestApi','apigateway:GenerateClientCertificate'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/apigateway/apigatewayWafEnabled.js b/plugins/aws/apigateway/apigatewayWafEnabled.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Associate API Gateway API with Web Application Firewall',
     link: 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html',
     apis: ['APIGateway:getRestApis', 'APIGateway:getStages'],
-    realtime_triggers: ['apigateway:CreateRestApi','wafregional:AssociateWebACL'],
+    realtime_triggers: ['apigateway:CreateStage','wafregional:AssociateWebACL'],
 
 
     run: function(cache, settings, callback) {

diff --git a/plugins/aws/appflow/flowEncrypted.js b/plugins/aws/appflow/flowEncrypted.js
@@ -19,7 +19,7 @@ module.exports = {
             default: 'awscmk',
         }
     },
-    realtime_triggers: ['appflow:CreateFlow','appflow:UpdateFlow'],
+    realtime_triggers: ['appflow:CreateFlow'],
 
 
     run: function(cache, settings, callback) {

diff --git a/plugins/aws/apprunner/serviceEncrypted.js b/plugins/aws/apprunner/serviceEncrypted.js
@@ -19,7 +19,7 @@ module.exports = {
             default: 'awscmk'
         }
     },
-    realtime_triggers: ['apprunner:CreateService','apprunner:UpdateService'],
+    realtime_triggers: ['apprunner:CreateService'],
 
 
     run: function(cache, settings, callback) {

diff --git a/plugins/aws/auditmanager/auditmanagerDataEncrypted.js b/plugins/aws/auditmanager/auditmanagerDataEncrypted.js
@@ -19,7 +19,7 @@ module.exports = {
             default: 'awscmk',
         }
     },
-    realtime_triggers: ['auditmanager:UpdateSettings'],
+    realtime_triggers: ['auditmanager:registerAccount','auditmanager:UpdateSettings'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/appTierAsgApprovedAmi.js b/plugins/aws/autoscaling/appTierAsgApprovedAmi.js
@@ -24,7 +24,7 @@ module.exports = {
             default: ''
         }
     },
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
+    realtime_triggers: ['autoscaling:createLaunchConfiguration'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/appTierIamRole.js b/plugins/aws/autoscaling/appTierIamRole.js
@@ -18,7 +18,7 @@ module.exports = {
             default: ''
         }
     },
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
+    realtime_triggers: ['autoscaling:createLaunchConfiguration'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/asgMissingELB.js b/plugins/aws/autoscaling/asgMissingELB.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html',
     recommended_action: 'Ensure that the Auto Scaling group load balancer has not been deleted. If so, remove it from the ASG.',
     apis: ['AutoScaling:describeAutoScalingGroups', 'ELB:describeLoadBalancers', 'ELBv2:describeLoadBalancers'],
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:AttachLoadBalancers'],
+    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:AttachLoadBalancers','autoscaling:DetachLoadBalancers'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/asgMissingSecurityGroups.js b/plugins/aws/autoscaling/asgMissingSecurityGroups.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html',
     recommended_action: 'Ensure that the launch configuration security group has not been deleted. If so, remove it from launch configurations',
     apis: ['AutoScaling:describeLaunchConfigurations', 'EC2:describeSecurityGroups'],
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
+    realtime_triggers: ['autoscaling:CreateLaunchConfiguration'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/sameAzElb.js b/plugins/aws/autoscaling/sameAzElb.js
@@ -10,7 +10,7 @@ module.exports = {
     link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html',
     recommended_action: 'Update the ELB to use the same availability zones as the autoscaling group.',
     apis: ['AutoScaling:describeAutoScalingGroups', 'ELB:describeLoadBalancers', 'ELBv2:describeLoadBalancers'],
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
+    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup','ec2:CreateNetworkInterface'],
 
 
 

diff --git a/plugins/aws/autoscaling/webTierAsgApprovedAmi.js b/plugins/aws/autoscaling/webTierAsgApprovedAmi.js
@@ -24,8 +24,7 @@ module.exports = {
             default: ''
         }
     },
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
-
+    realtime_triggers: ['autoscaling:createLaunchConfiguration'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/autoscaling/webTierIamRole.js b/plugins/aws/autoscaling/webTierIamRole.js
@@ -18,7 +18,7 @@ module.exports = {
             default: ''
         }
     },
-    realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'],
+    realtime_triggers: ['autoscaling:createLaunchConfiguration'],
 
     run: function(cache, settings, callback) {
         var results = [];

diff --git a/plugins/aws/backup/backupDeletionProtection.js b/plugins/aws/backup/backupDeletionProtection.js
@@ -11,7 +11,7 @@ module.exports = {
     recommended_action: 'Add a statement in Backup vault access policy which denies global access to action: backup:DeleteRecoveryPoint',
     link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault-access-policy.html',
     apis: ['Backup:listBackupVaults', 'Backup:getBackupVaultAccessPolicy'],
-    realtime_triggers: ['backup:CreateBackupVault','backup:PutBackupVaultAccessPolicy'],
+    realtime_triggers: ['backup:PutBackupVaultAccessPolicy'],
 
 
     run: function(cache, settings, callback) {

diff --git a/plugins/aws/backup/backupVaultHasTags.js b/plugins/aws/backup/backupVaultHasTags.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Modify Backup Vault and add tags.', 
     link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault.html',
     apis: ['Backup:listBackupVaults', 'ResourceGroupsTaggingAPI:getResources'],
-    realtime_triggers: ['backup:CreateBackupVault','backup:TagResource'],
+    realtime_triggers: ['backup:CreateBackupVault','backup:TagResource','backup:UntagResource'],
 
 
     run: function(cache, settings, callback) {

diff --git a/plugins/aws/backup/backupVaultPolicies.js b/plugins/aws/backup/backupVaultPolicies.js
@@ -10,7 +10,7 @@ module.exports = {
     recommended_action: 'Ensure that all Backup Vault policies are scoped to specific services and API calls.',
     link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault-access-policy.html',
     apis: ['Backup:listBackupVaults', 'Backup:getBackupVaultAccessPolicy', 'STS:getCallerIdentity'],
-    realtime_triggers: ['backup:CreateBackupVault','backup:PutBackupVaultAccessPolicy'],
+    realtime_triggers: ['backup:PutBackupVaultAccessPolicy'],
 
     run: function(cache, settings, callback) {
         var results = [];