From 89eb8bbed38f6ce206b0f74d795bda3ba3d450b9 Mon Sep 17 00:00:00 2001 From: muzzamilinovaqo Date: Tue, 19 Sep 2023 17:42:40 +0500 Subject: [PATCH] updated triggers for A and B --- plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js | 2 +- plugins/aws/acm/acmCertificateHasTags.js | 2 +- plugins/aws/acm/acmSingleDomainNameCertificate.js | 2 +- plugins/aws/acm/acmValidation.js | 2 +- plugins/aws/apigateway/apigatewayAuthorization.js | 2 +- plugins/aws/apigateway/apigatewayCertificateRotation.js | 2 +- plugins/aws/apigateway/apigatewayWafEnabled.js | 2 +- plugins/aws/appflow/flowEncrypted.js | 2 +- plugins/aws/apprunner/serviceEncrypted.js | 2 +- plugins/aws/auditmanager/auditmanagerDataEncrypted.js | 2 +- plugins/aws/autoscaling/appTierAsgApprovedAmi.js | 2 +- plugins/aws/autoscaling/appTierIamRole.js | 2 +- plugins/aws/autoscaling/asgMissingELB.js | 2 +- plugins/aws/autoscaling/asgMissingSecurityGroups.js | 2 +- plugins/aws/autoscaling/sameAzElb.js | 2 +- plugins/aws/autoscaling/webTierAsgApprovedAmi.js | 3 +-- plugins/aws/autoscaling/webTierIamRole.js | 2 +- plugins/aws/backup/backupDeletionProtection.js | 2 +- plugins/aws/backup/backupVaultHasTags.js | 2 +- plugins/aws/backup/backupVaultPolicies.js | 2 +- 20 files changed, 20 insertions(+), 21 deletions(-) diff --git a/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js b/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js index c570878e3f..1f4708524e 100644 --- a/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js +++ b/plugins/aws/accessanalyzer/accessAnalyzerActiveFindings.js @@ -11,7 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-work-with-findings.html', recommended_action: 'Investigate into active findings in your account and do the needful until you have zero active findings.', apis: ['AccessAnalyzer:listAnalyzers', 'AccessAnalyzer:listFindings'], - realtime_triggers: ['accessanalyzer:CreateAnalyzer','accessanalyzer:CreateArchiveRule','accessanalyzer:UpdateArchiveRule'], + realtime_triggers: ['accessanalyzer:CreateAnalyzer','accessanalyzer:CreateArchiveRule','accessanalyzer:StartResourceScan'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/acm/acmCertificateHasTags.js b/plugins/aws/acm/acmCertificateHasTags.js index 51bbb92767..397bd057d8 100644 --- a/plugins/aws/acm/acmCertificateHasTags.js +++ b/plugins/aws/acm/acmCertificateHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/acm/latest/userguide/tags.html', recommended_action: 'Modify ACM certificate and add tags.', apis: ['ACM:listCertificates', 'ResourceGroupsTaggingAPI:getResources'], - realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate','acm:AddTagsToCertificate', 'acm:RemoveTagsFromCertificate'], + realtime_triggers: ['acm:RequestCertificate','acm:AddTagsToCertificate', 'acm:RemoveTagsFromCertificate'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/acm/acmSingleDomainNameCertificate.js b/plugins/aws/acm/acmSingleDomainNameCertificate.js index a649c1628d..6e56ea80c5 100644 --- a/plugins/aws/acm/acmSingleDomainNameCertificate.js +++ b/plugins/aws/acm/acmSingleDomainNameCertificate.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html', recommended_action: 'Configure ACM managed certificates to use single name domain instead of wildcards.', apis: ['ACM:listCertificates', 'ACM:describeCertificate'], - realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate'], + realtime_triggers: ['acm:RequestCertificate'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/acm/acmValidation.js b/plugins/aws/acm/acmValidation.js index a1668e57bf..ea246e68ca 100644 --- a/plugins/aws/acm/acmValidation.js +++ b/plugins/aws/acm/acmValidation.js @@ -11,7 +11,7 @@ module.exports = { cs_link: 'https://cloudsploit.com/remediations/aws/acm/acm-certificate-validation', recommended_action: 'Configure ACM managed certificates to use DNS validation.', apis: ['ACM:listCertificates', 'ACM:describeCertificate'], - realtime_triggers: ['acm:RequestCertificate','acm:ImportCertificate'], + realtime_triggers: ['acm:RequestCertificate'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/apigateway/apigatewayAuthorization.js b/plugins/aws/apigateway/apigatewayAuthorization.js index 7bde9401aa..01aa078557 100644 --- a/plugins/aws/apigateway/apigatewayAuthorization.js +++ b/plugins/aws/apigateway/apigatewayAuthorization.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify API Gateway configuration and ensure that appropriate authorizers are set up for each API.', link: 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html', apis: ['APIGateway:getRestApis', 'APIGateway:getAuthorizers'], - realtime_triggers: ['apigateway:CreateRestApi','apigateway:CreateAuthorizer'], + realtime_triggers: ['apigateway:CreateRestApi','apigateway:ImportRestApi','apigateway:CreateAuthorizer'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/apigateway/apigatewayCertificateRotation.js b/plugins/aws/apigateway/apigatewayCertificateRotation.js index 6aa81501e3..edd4ce6c92 100644 --- a/plugins/aws/apigateway/apigatewayCertificateRotation.js +++ b/plugins/aws/apigateway/apigatewayCertificateRotation.js @@ -18,7 +18,7 @@ module.exports = { default: '30', } }, - realtime_triggers: ['apigateway:CreateRestApi','apigateway:GenerateClientCertificate','apigateway:DeleteClientCertificate'], + realtime_triggers: ['apigateway:CreateRestApi','apigateway:GenerateClientCertificate'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/apigateway/apigatewayWafEnabled.js b/plugins/aws/apigateway/apigatewayWafEnabled.js index 8d6be873fb..8901726250 100644 --- a/plugins/aws/apigateway/apigatewayWafEnabled.js +++ b/plugins/aws/apigateway/apigatewayWafEnabled.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Associate API Gateway API with Web Application Firewall', link: 'https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html', apis: ['APIGateway:getRestApis', 'APIGateway:getStages'], - realtime_triggers: ['apigateway:CreateRestApi','wafregional:AssociateWebACL'], + realtime_triggers: ['apigateway:CreateStage','wafregional:AssociateWebACL'], run: function(cache, settings, callback) { diff --git a/plugins/aws/appflow/flowEncrypted.js b/plugins/aws/appflow/flowEncrypted.js index 62dae9d518..969b4d1fdb 100644 --- a/plugins/aws/appflow/flowEncrypted.js +++ b/plugins/aws/appflow/flowEncrypted.js @@ -19,7 +19,7 @@ module.exports = { default: 'awscmk', } }, - realtime_triggers: ['appflow:CreateFlow','appflow:UpdateFlow'], + realtime_triggers: ['appflow:CreateFlow'], run: function(cache, settings, callback) { diff --git a/plugins/aws/apprunner/serviceEncrypted.js b/plugins/aws/apprunner/serviceEncrypted.js index ef5ac901c9..fdf37170cc 100644 --- a/plugins/aws/apprunner/serviceEncrypted.js +++ b/plugins/aws/apprunner/serviceEncrypted.js @@ -19,7 +19,7 @@ module.exports = { default: 'awscmk' } }, - realtime_triggers: ['apprunner:CreateService','apprunner:UpdateService'], + realtime_triggers: ['apprunner:CreateService'], run: function(cache, settings, callback) { diff --git a/plugins/aws/auditmanager/auditmanagerDataEncrypted.js b/plugins/aws/auditmanager/auditmanagerDataEncrypted.js index 0d2f2086f1..e579d9caef 100644 --- a/plugins/aws/auditmanager/auditmanagerDataEncrypted.js +++ b/plugins/aws/auditmanager/auditmanagerDataEncrypted.js @@ -19,7 +19,7 @@ module.exports = { default: 'awscmk', } }, - realtime_triggers: ['auditmanager:UpdateSettings'], + realtime_triggers: ['auditmanager:registerAccount','auditmanager:UpdateSettings'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/appTierAsgApprovedAmi.js b/plugins/aws/autoscaling/appTierAsgApprovedAmi.js index 27e607d5d1..3e56b1c029 100644 --- a/plugins/aws/autoscaling/appTierAsgApprovedAmi.js +++ b/plugins/aws/autoscaling/appTierAsgApprovedAmi.js @@ -24,7 +24,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], + realtime_triggers: ['autoscaling:createLaunchConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/appTierIamRole.js b/plugins/aws/autoscaling/appTierIamRole.js index 1e36a6a5ee..c3ba123a49 100644 --- a/plugins/aws/autoscaling/appTierIamRole.js +++ b/plugins/aws/autoscaling/appTierIamRole.js @@ -18,7 +18,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], + realtime_triggers: ['autoscaling:createLaunchConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/asgMissingELB.js b/plugins/aws/autoscaling/asgMissingELB.js index 44973d905f..12a3eb1b08 100644 --- a/plugins/aws/autoscaling/asgMissingELB.js +++ b/plugins/aws/autoscaling/asgMissingELB.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/attach-load-balancer-asg.html', recommended_action: 'Ensure that the Auto Scaling group load balancer has not been deleted. If so, remove it from the ASG.', apis: ['AutoScaling:describeAutoScalingGroups', 'ELB:describeLoadBalancers', 'ELBv2:describeLoadBalancers'], - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:AttachLoadBalancers'], + realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:AttachLoadBalancers','autoscaling:DetachLoadBalancers'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/asgMissingSecurityGroups.js b/plugins/aws/autoscaling/asgMissingSecurityGroups.js index 3b8b5da7e7..269caba0eb 100644 --- a/plugins/aws/autoscaling/asgMissingSecurityGroups.js +++ b/plugins/aws/autoscaling/asgMissingSecurityGroups.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/GettingStartedTutorial.html', recommended_action: 'Ensure that the launch configuration security group has not been deleted. If so, remove it from launch configurations', apis: ['AutoScaling:describeLaunchConfigurations', 'EC2:describeSecurityGroups'], - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], + realtime_triggers: ['autoscaling:CreateLaunchConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/sameAzElb.js b/plugins/aws/autoscaling/sameAzElb.js index 0389398a3b..6f8112a622 100644 --- a/plugins/aws/autoscaling/sameAzElb.js +++ b/plugins/aws/autoscaling/sameAzElb.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html', recommended_action: 'Update the ELB to use the same availability zones as the autoscaling group.', apis: ['AutoScaling:describeAutoScalingGroups', 'ELB:describeLoadBalancers', 'ELBv2:describeLoadBalancers'], - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], + realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup','ec2:CreateNetworkInterface'], diff --git a/plugins/aws/autoscaling/webTierAsgApprovedAmi.js b/plugins/aws/autoscaling/webTierAsgApprovedAmi.js index 88e16c9f62..fef285aa3a 100644 --- a/plugins/aws/autoscaling/webTierAsgApprovedAmi.js +++ b/plugins/aws/autoscaling/webTierAsgApprovedAmi.js @@ -24,8 +24,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], - + realtime_triggers: ['autoscaling:createLaunchConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/autoscaling/webTierIamRole.js b/plugins/aws/autoscaling/webTierIamRole.js index ec48122145..7b786cfe5f 100644 --- a/plugins/aws/autoscaling/webTierIamRole.js +++ b/plugins/aws/autoscaling/webTierIamRole.js @@ -18,7 +18,7 @@ module.exports = { default: '' } }, - realtime_triggers: ['autoscaling:CreateAutoScalingGroup','autoscaling:UpdateAutoScalingGroup'], + realtime_triggers: ['autoscaling:createLaunchConfiguration'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/backup/backupDeletionProtection.js b/plugins/aws/backup/backupDeletionProtection.js index d0bcfd5e07..6d1bbae594 100644 --- a/plugins/aws/backup/backupDeletionProtection.js +++ b/plugins/aws/backup/backupDeletionProtection.js @@ -11,7 +11,7 @@ module.exports = { recommended_action: 'Add a statement in Backup vault access policy which denies global access to action: backup:DeleteRecoveryPoint', link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault-access-policy.html', apis: ['Backup:listBackupVaults', 'Backup:getBackupVaultAccessPolicy'], - realtime_triggers: ['backup:CreateBackupVault','backup:PutBackupVaultAccessPolicy'], + realtime_triggers: ['backup:PutBackupVaultAccessPolicy'], run: function(cache, settings, callback) { diff --git a/plugins/aws/backup/backupVaultHasTags.js b/plugins/aws/backup/backupVaultHasTags.js index 6bc7556f01..b17a84ca71 100644 --- a/plugins/aws/backup/backupVaultHasTags.js +++ b/plugins/aws/backup/backupVaultHasTags.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Modify Backup Vault and add tags.', link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault.html', apis: ['Backup:listBackupVaults', 'ResourceGroupsTaggingAPI:getResources'], - realtime_triggers: ['backup:CreateBackupVault','backup:TagResource'], + realtime_triggers: ['backup:CreateBackupVault','backup:TagResource','backup:UntagResource'], run: function(cache, settings, callback) { diff --git a/plugins/aws/backup/backupVaultPolicies.js b/plugins/aws/backup/backupVaultPolicies.js index 106a7534ea..32733f75d8 100644 --- a/plugins/aws/backup/backupVaultPolicies.js +++ b/plugins/aws/backup/backupVaultPolicies.js @@ -10,7 +10,7 @@ module.exports = { recommended_action: 'Ensure that all Backup Vault policies are scoped to specific services and API calls.', link: 'https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault-access-policy.html', apis: ['Backup:listBackupVaults', 'Backup:getBackupVaultAccessPolicy', 'STS:getCallerIdentity'], - realtime_triggers: ['backup:CreateBackupVault','backup:PutBackupVaultAccessPolicy'], + realtime_triggers: ['backup:PutBackupVaultAccessPolicy'], run: function(cache, settings, callback) { var results = [];