diff --git a/plugins/aws/kms/kmsDefaultKeyUsage.js b/plugins/aws/kms/kmsDefaultKeyUsage.js index 1ae39f5955..dbf478b102 100644 --- a/plugins/aws/kms/kmsDefaultKeyUsage.js +++ b/plugins/aws/kms/kmsDefaultKeyUsage.js @@ -20,6 +20,7 @@ module.exports = { 'passwords, it is still strongly encouraged to use a ' + 'customer-provided CMK rather than the default KMS key.' }, + realtime_triggers: ['cloudtrail:CreateTrail', 'ec2:CreateVolume','elastictranscoder:CreatePipline', 'rds:CreateDBInstance', 'redshift:CreateCluster','redshift:ModifyCluster','s3:putBucketEncryption','ses:CreateEmailIdentity','ses:CreateEmailIdentity','ses:SetActiveReceiptRuleSet', 'workspace:CreateWorkSpaces', 'lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'cloudwatchlogs:CreateLogGroup', 'efs:CreateFileSystem'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/envVarsClientSideEncryption.js b/plugins/aws/lambda/envVarsClientSideEncryption.js index dfe36b0aa6..1c5a91fd0f 100644 --- a/plugins/aws/lambda/envVarsClientSideEncryption.js +++ b/plugins/aws/lambda/envVarsClientSideEncryption.js @@ -20,6 +20,7 @@ module.exports = { default: '' } }, + realtime_triggers: ['lambda:CreateFunction', 'lambda:UpdateFunctionConfiguration', 'lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaAdminPrivileges.js b/plugins/aws/lambda/lambdaAdminPrivileges.js index 3ff5f9c251..62e8d8ef99 100644 --- a/plugins/aws/lambda/lambdaAdminPrivileges.js +++ b/plugins/aws/lambda/lambdaAdminPrivileges.js @@ -11,7 +11,8 @@ module.exports = { recommended_action: 'Modify IAM role attached with Lambda function to provide the minimal amount of access required to perform its tasks', apis: ['Lambda:listFunctions', 'IAM:listRoles', 'IAM:listAttachedRolePolicies', 'IAM:listRolePolicies', 'IAM:listPolicies', 'IAM:getPolicy', 'IAM:getPolicyVersion', 'IAM:getRolePolicy'], - + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'lambda:DeleteFunction'], + run: function(cache, settings, callback) { var results = []; var source = {}; diff --git a/plugins/aws/lambda/lambdaHasTags.js b/plugins/aws/lambda/lambdaHasTags.js index 49e16a98d9..3c58d2ef68 100644 --- a/plugins/aws/lambda/lambdaHasTags.js +++ b/plugins/aws/lambda/lambdaHasTags.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html', recommended_action: 'Modify Lambda function configurations and add new tags', apis: ['Lambda:listFunctions', 'ResourceGroupsTaggingAPI:getResources'], - + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaLogGroups.js b/plugins/aws/lambda/lambdaLogGroups.js index ac2b2c0444..208af60503 100644 --- a/plugins/aws/lambda/lambdaLogGroups.js +++ b/plugins/aws/lambda/lambdaLogGroups.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs.html', recommended_action: 'Update the Lambda function permissions to allow CloudWatch logging.', apis: ['Lambda:listFunctions', 'CloudWatchLogs:describeLogGroups'], + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaOldRuntimes.js b/plugins/aws/lambda/lambdaOldRuntimes.js index 9ba49b5e22..bb06472305 100644 --- a/plugins/aws/lambda/lambdaOldRuntimes.js +++ b/plugins/aws/lambda/lambdaOldRuntimes.js @@ -18,6 +18,7 @@ module.exports = { default: 0 } }, + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaPublicAccess.js b/plugins/aws/lambda/lambdaPublicAccess.js index 4157d95d9b..351e2b1a90 100644 --- a/plugins/aws/lambda/lambdaPublicAccess.js +++ b/plugins/aws/lambda/lambdaPublicAccess.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html', recommended_action: 'Update the Lambda policy to prevent access from the public.', apis: ['Lambda:listFunctions', 'Lambda:getPolicy'], + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:AddPermission', 'lambda:RemovePermission','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaTracingEnabled.js b/plugins/aws/lambda/lambdaTracingEnabled.js index 0c8b197d27..5a6aa42e60 100644 --- a/plugins/aws/lambda/lambdaTracingEnabled.js +++ b/plugins/aws/lambda/lambdaTracingEnabled.js @@ -18,6 +18,7 @@ module.exports = { default: 'Aqua-CSPM-Token-Rotator-Function,-CreateCSPMKeyFunction-,-TriggerDiscoveryFunction-,-GenerateVolumeScanningEx-,-GenerateCSPMExternalIdFu-' } }, + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaUniqueExecutionRole.js b/plugins/aws/lambda/lambdaUniqueExecutionRole.js index b5fcb90aad..1122894a1f 100644 --- a/plugins/aws/lambda/lambdaUniqueExecutionRole.js +++ b/plugins/aws/lambda/lambdaUniqueExecutionRole.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html', recommended_action: 'Modify Lambda function and add new execution role.', apis: ['Lambda:listFunctions'], - + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration', 'lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lambda/lambdaVpcConfig.js b/plugins/aws/lambda/lambdaVpcConfig.js index d0528130f5..42253793ea 100644 --- a/plugins/aws/lambda/lambdaVpcConfig.js +++ b/plugins/aws/lambda/lambdaVpcConfig.js @@ -18,6 +18,7 @@ module.exports = { default: 'Aqua-CSPM-Token-Rotator-Function,-CreateCSPMKeyFunction-,-TriggerDiscoveryFunction-,-GenerateVolumeScanningEx-,-GenerateCSPMExternalIdFu-' } }, + realtime_triggers: ['lambda:CreateFunction','lambda:UpdateFunctionConfiguration','lambda:DeleteFunction'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lex/lexAudioLogsEncrypted.js b/plugins/aws/lex/lexAudioLogsEncrypted.js index bcce83a295..fe50cb0e6b 100644 --- a/plugins/aws/lex/lexAudioLogsEncrypted.js +++ b/plugins/aws/lex/lexAudioLogsEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['lexmodelsV2:CreateBotAlias', 'lexmodelsV2:UpdateBotAlias', 'lexmodelsV2:DeleteBotAlias'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/location/geoCollectionDataEncrypted.js b/plugins/aws/location/geoCollectionDataEncrypted.js index 4ccc08d85c..c469e86672 100644 --- a/plugins/aws/location/geoCollectionDataEncrypted.js +++ b/plugins/aws/location/geoCollectionDataEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['location:CreateGeofenceCollection', 'location:DeleteGeofenceCollection'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/location/trackerDataEncrypted.js b/plugins/aws/location/trackerDataEncrypted.js index daf490c9b7..1380bc1779 100644 --- a/plugins/aws/location/trackerDataEncrypted.js +++ b/plugins/aws/location/trackerDataEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['location:CreateTracker', 'location:UpdateTracker', 'location:DeleteTracker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lookout/anomalyDetectorEncrypted.js b/plugins/aws/lookout/anomalyDetectorEncrypted.js index 41235b54c7..4eb6527a77 100644 --- a/plugins/aws/lookout/anomalyDetectorEncrypted.js +++ b/plugins/aws/lookout/anomalyDetectorEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['lookoutmetrics:CreateAnomalyDetector', 'lookoutmetrics:UpdateAnomalyDetector', 'lookoutmetrics:DeleteAnomalyDetector'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lookout/equipmentdatasetEncrypted.js b/plugins/aws/lookout/equipmentdatasetEncrypted.js index aa82b5cf7f..a3dd7329c3 100644 --- a/plugins/aws/lookout/equipmentdatasetEncrypted.js +++ b/plugins/aws/lookout/equipmentdatasetEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['lookoutequipment:CreateDataset', 'lookoutequipment:DeleteDataset'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/lookout/modelDataEncrypted.js b/plugins/aws/lookout/modelDataEncrypted.js index 4f5b08f04f..77615e634b 100644 --- a/plugins/aws/lookout/modelDataEncrypted.js +++ b/plugins/aws/lookout/modelDataEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['lookoutvision:CreateModel', 'lookoutvision:DeleteModel'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/managedblockchain/networkMemberDataEncrypted.js b/plugins/aws/managedblockchain/networkMemberDataEncrypted.js index a6833a7178..147565fdf9 100644 --- a/plugins/aws/managedblockchain/networkMemberDataEncrypted.js +++ b/plugins/aws/managedblockchain/networkMemberDataEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk', } }, + realtime_triggers: ['managedblockchain:CreateNetwork', 'managedblockchain:DeleteMember'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/memorydb/memorydbClusterEncrypted.js b/plugins/aws/memorydb/memorydbClusterEncrypted.js index c24201fc69..be159fbfb4 100644 --- a/plugins/aws/memorydb/memorydbClusterEncrypted.js +++ b/plugins/aws/memorydb/memorydbClusterEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk', } }, + realtime_triggers: ['MemoryDB:CreateCluster', 'MemoryDB:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqAutoMinorVersionUpgrade.js b/plugins/aws/mq/mqAutoMinorVersionUpgrade.js index 5cee02e62f..5c9e6169ef 100644 --- a/plugins/aws/mq/mqAutoMinorVersionUpgrade.js +++ b/plugins/aws/mq/mqAutoMinorVersionUpgrade.js @@ -10,6 +10,7 @@ module.exports = { recommended_action: 'Enabled Auto Minor Version Upgrade feature for MQ brokers', link: 'https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker.html', apis: ['MQ:listBrokers', 'MQ:describeBroker'], + realtime_triggers: ['mq:CreateBrocker', 'mq:UpdateBrocker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqBrokerEncrypted.js b/plugins/aws/mq/mqBrokerEncrypted.js index 8d6e63c2ce..c48418a245 100644 --- a/plugins/aws/mq/mqBrokerEncrypted.js +++ b/plugins/aws/mq/mqBrokerEncrypted.js @@ -18,6 +18,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['mq:CreateBrocker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqBrokerPublicAccess.js b/plugins/aws/mq/mqBrokerPublicAccess.js index 85252797f4..41731262ee 100644 --- a/plugins/aws/mq/mqBrokerPublicAccess.js +++ b/plugins/aws/mq/mqBrokerPublicAccess.js @@ -10,6 +10,7 @@ module.exports = { recommended_action: 'Review and update the security group settings to restrict public access to Amazon MQ brokers.', link: 'https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/using-amazon-mq-securely.html', apis: ['MQ:listBrokers', 'MQ:describeBroker', 'EC2:describeSecurityGroups'], + realtime_triggers: ['mq:CreateBrocker', 'mq:UpdateBroker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqDeploymentMode.js b/plugins/aws/mq/mqDeploymentMode.js index 03c4401ddf..b7dc226187 100644 --- a/plugins/aws/mq/mqDeploymentMode.js +++ b/plugins/aws/mq/mqDeploymentMode.js @@ -10,6 +10,7 @@ module.exports = { recommended_action: 'Enabled Deployment Mode feature for MQ brokers', link: 'https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/active-standby-broker-deployment.html', apis: ['MQ:listBrokers'], + realtime_triggers: ['mq:CreateBrocker', 'mq:UpdateBroker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqDesiredInstanceType.js b/plugins/aws/mq/mqDesiredInstanceType.js index 243270dd32..a89260b78a 100644 --- a/plugins/aws/mq/mqDesiredInstanceType.js +++ b/plugins/aws/mq/mqDesiredInstanceType.js @@ -18,6 +18,7 @@ module.exports = { default:'' } }, + realtime_triggers: ['mq:CreateBrocker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqLatestEngineVersion.js b/plugins/aws/mq/mqLatestEngineVersion.js index 17c171c69d..169b342f7d 100644 --- a/plugins/aws/mq/mqLatestEngineVersion.js +++ b/plugins/aws/mq/mqLatestEngineVersion.js @@ -10,6 +10,7 @@ module.exports = { recommended_action: 'Update Amazon MQ brokers to the latest version of Apache ActiveMQ broker engine.', link: 'https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/activemq-version-management.html', apis: ['MQ:listBrokers', 'MQ:describeBroker'], + realtime_triggers: ['mq:CreateBrocker','mq:UpdateBrocker', 'mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mq/mqLogExports.js b/plugins/aws/mq/mqLogExports.js index d6872417a5..fb5808f8e1 100644 --- a/plugins/aws/mq/mqLogExports.js +++ b/plugins/aws/mq/mqLogExports.js @@ -10,6 +10,7 @@ module.exports = { recommended_action: 'Enable Log Exports feature for MQ brokers', link: 'https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/security-logging-monitoring.html', apis: ['MQ:listBrokers', 'MQ:describeBroker'], + realtime_triggers: ['mq:CreateBroker', 'mq:UpdateBroker','mq:DeleteBrocker'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/msk/mskClusterCBEncryption.js b/plugins/aws/msk/mskClusterCBEncryption.js index ed43b8f3d9..c302e0c501 100644 --- a/plugins/aws/msk/mskClusterCBEncryption.js +++ b/plugins/aws/msk/mskClusterCBEncryption.js @@ -11,6 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html', recommended_action: 'Enable only TLS encryption between the client and broker for all MSK clusters', apis: ['Kafka:listClusters'], + realtime_triggers: ['kafka:CreateCluster','kafka:UpdateClusterConfiguration', 'kafka:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/msk/mskClusterEncryptionAtRest.js b/plugins/aws/msk/mskClusterEncryptionAtRest.js index c5be837c95..c6d1dd238e 100644 --- a/plugins/aws/msk/mskClusterEncryptionAtRest.js +++ b/plugins/aws/msk/mskClusterEncryptionAtRest.js @@ -18,6 +18,8 @@ module.exports = { default: 'awscmk', } }, + realtime_triggers: ['kafka:CreateCluster', 'kafka:DeleteCluster'], + run: function(cache, settings, callback) { var results = []; var source = {}; diff --git a/plugins/aws/msk/mskClusterEncryptionInTransit.js b/plugins/aws/msk/mskClusterEncryptionInTransit.js index fd71dd15d3..275952b1aa 100644 --- a/plugins/aws/msk/mskClusterEncryptionInTransit.js +++ b/plugins/aws/msk/mskClusterEncryptionInTransit.js @@ -11,6 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html', recommended_action: 'Enable TLS encryption within the cluster for all MSK clusters', apis: ['Kafka:listClusters'], + realtime_triggers: ['kafka:CreateCluster','kafka:UpdateClusterConfiguration','kafka:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/msk/mskClusterPublicAccess.js b/plugins/aws/msk/mskClusterPublicAccess.js index ac5301b4ac..c9aa02ad65 100644 --- a/plugins/aws/msk/mskClusterPublicAccess.js +++ b/plugins/aws/msk/mskClusterPublicAccess.js @@ -11,6 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/msk/latest/developerguide/public-access.html', recommended_action: 'Check for public access feature within the cluster for all MSK clusters', apis: ['Kafka:listClusters'], + realtime_triggers: ['kafka:CreateCluster', 'kafka:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/msk/mskClusterUnauthAccess.js b/plugins/aws/msk/mskClusterUnauthAccess.js index e8725e6799..39d89407b9 100644 --- a/plugins/aws/msk/mskClusterUnauthAccess.js +++ b/plugins/aws/msk/mskClusterUnauthAccess.js @@ -11,6 +11,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html', recommended_action: 'Ensure that MSK clusters does not have unauthenticated access enabled.', apis: ['Kafka:listClusters'], + realtime_triggers: ['kafka:CreateCluster','kafka:UpdateSecurity', 'kafka:DeleteCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mwaa/environmentAdminPrivileges.js b/plugins/aws/mwaa/environmentAdminPrivileges.js index 12c8c397e5..bfe179d612 100644 --- a/plugins/aws/mwaa/environmentAdminPrivileges.js +++ b/plugins/aws/mwaa/environmentAdminPrivileges.js @@ -11,6 +11,7 @@ module.exports = { recommended_action: 'Modify IAM role attached with MWAA environment to provide the minimal amount of access required to perform its tasks', apis: ['MWAA:listEnvironments', 'MWAA:getEnvironment', 'IAM:listRoles', 'IAM:listAttachedRolePolicies', 'IAM:listRolePolicies', 'IAM:listPolicies', 'IAM:getPolicy', 'IAM:getPolicyVersion', 'IAM:getRolePolicy', 'STS:getCallerIdentity'], + realtime_triggers: ['mwaa:CreateEnvironment','mwaa:UpdateEnviroment', 'mwaa:DeleteEnvironment'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mwaa/environmentDataEncrypted.js b/plugins/aws/mwaa/environmentDataEncrypted.js index 582cf5b3d2..9fe621624a 100644 --- a/plugins/aws/mwaa/environmentDataEncrypted.js +++ b/plugins/aws/mwaa/environmentDataEncrypted.js @@ -19,6 +19,7 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['mwaa:CreateEnvironment', 'mwaa:DeleteEnvironment'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/mwaa/webServerPublicAccess.js b/plugins/aws/mwaa/webServerPublicAccess.js index 52d1ca99b5..c49e7e48bb 100644 --- a/plugins/aws/mwaa/webServerPublicAccess.js +++ b/plugins/aws/mwaa/webServerPublicAccess.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-create.html', recommended_action: 'Modify Amazon MWAA environments to set web server access mode to be private only', apis: ['MWAA:listEnvironments', 'MWAA:getEnvironment', 'STS:getCallerIdentity'], + realtime_triggers: ['mwaa:CreateEnvironment','mwaa:UpdateEnviroment', 'mwaa:DeleteEnvironment'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/neptune/neptuneDBInstanceEncrypted.js b/plugins/aws/neptune/neptuneDBInstanceEncrypted.js index 8c03a0d0d8..3d16098a54 100644 --- a/plugins/aws/neptune/neptuneDBInstanceEncrypted.js +++ b/plugins/aws/neptune/neptuneDBInstanceEncrypted.js @@ -20,6 +20,7 @@ module.exports = { default: 'awscmk', } }, + realtime_triggers: ['neptune:CreateDBCluster', 'neptune:DeleteDBCluster'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js b/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js index 2ecf47f671..4abe1dc6cb 100644 --- a/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js +++ b/plugins/aws/openSearchServerless/opensearchCollectionCmkEncrypted.js @@ -19,6 +19,8 @@ module.exports = { default: 'awscmk' } }, + realtime_triggers: ['opensearchserverless:CreateCollection', 'opensearchserverless:DeleteCollection'], + run: function(cache, settings, callback) { var results = []; var source = {}; diff --git a/plugins/aws/openSearchServerless/opensearchCollectionPublicAccess.js b/plugins/aws/openSearchServerless/opensearchCollectionPublicAccess.js index a9abc1f1d5..fd825b8515 100644 --- a/plugins/aws/openSearchServerless/opensearchCollectionPublicAccess.js +++ b/plugins/aws/openSearchServerless/opensearchCollectionPublicAccess.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html', recommended_action: 'Update the network policy and remove the public access to the collection.', apis: ['OpenSearchServerless:listNetworkSecurityPolicies', 'OpenSearchServerless:getNetworkSecurityPolicy', 'OpenSearchServerless:listCollections'], + realtime_triggers: ['opensearchserverless:CreateCollection', 'opensearserverless:UpdateCollection', 'opensearchserverless:DeleteCollection'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchAccessFromIps.js b/plugins/aws/opensearch/opensearchAccessFromIps.js index 3e8edb310d..fb832995b8 100644 --- a/plugins/aws/opensearch/opensearchAccessFromIps.js +++ b/plugins/aws/opensearch/opensearchAccessFromIps.js @@ -18,6 +18,7 @@ module.exports = { default: '' } }, + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchClusterStatus.js b/plugins/aws/opensearch/opensearchClusterStatus.js index 20e953044d..c66b7b2951 100644 --- a/plugins/aws/opensearch/opensearchClusterStatus.js +++ b/plugins/aws/opensearch/opensearchClusterStatus.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cloudwatch-alarms.html', recommended_action: 'Configure alarms to send notification if cluster status remains red for more than a minute.', apis: ['OpenSearch:listDomainNames', 'CloudWatch:getEsMetricStatistics', 'STS:getCallerIdentity'], + realtime_triggers: ['openSearch:CreateDomain', 'opensearch:UpdateDomainConfig','opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchCrossAccountAccess.js b/plugins/aws/opensearch/opensearchCrossAccountAccess.js index 85b3af9ea3..00b181fa11 100644 --- a/plugins/aws/opensearch/opensearchCrossAccountAccess.js +++ b/plugins/aws/opensearch/opensearchCrossAccountAccess.js @@ -37,6 +37,8 @@ module.exports = { default: 'aws:PrincipalArn,aws:PrincipalAccount,aws:PrincipalOrgID,aws:SourceAccount,aws:SourceArn,aws:SourceOwner' }, }, + realtime_triggers: ['opensearch:CreateDomain','opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], + run: function(cache, settings, callback) { var config= { os_whitelisted_aws_account_principals : settings.os_whitelisted_aws_account_principals || this.settings.os_whitelisted_aws_account_principals.default, diff --git a/plugins/aws/opensearch/opensearchDedicatedMasterEnabled.js b/plugins/aws/opensearch/opensearchDedicatedMasterEnabled.js index 350c2e61c6..43de0e7762 100644 --- a/plugins/aws/opensearch/opensearchDedicatedMasterEnabled.js +++ b/plugins/aws/opensearch/opensearchDedicatedMasterEnabled.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-dedicatedmasternodes.html', recommended_action: 'Update the domain to use dedicated master nodes.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain', 'STS:getCallerIdentity'], + realtime_triggers: ['opensearch:CreateDomain','opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchDesiredInstanceTypes.js b/plugins/aws/opensearch/opensearchDesiredInstanceTypes.js index 825151da71..d4a6406a32 100644 --- a/plugins/aws/opensearch/opensearchDesiredInstanceTypes.js +++ b/plugins/aws/opensearch/opensearchDesiredInstanceTypes.js @@ -24,6 +24,7 @@ module.exports = { default: '' } }, + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { const results = []; diff --git a/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js b/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js index b1e1041368..3aa4f70fc0 100644 --- a/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js +++ b/plugins/aws/opensearch/opensearchDomainEncryptionEnabled.js @@ -18,6 +18,7 @@ module.exports = { default: 'awscmk', } }, + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var config = { diff --git a/plugins/aws/opensearch/opensearchEncryptedDomain.js b/plugins/aws/opensearch/opensearchEncryptedDomain.js index da385d931f..c35b8a3eec 100644 --- a/plugins/aws/opensearch/opensearchEncryptedDomain.js +++ b/plugins/aws/opensearch/opensearchEncryptedDomain.js @@ -29,7 +29,7 @@ module.exports = { remediate: ['opensearch:UpdateDomainConfig'], rollback: ['opensearch:UpdateDomainConfig'] }, - realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchExposedDomain.js b/plugins/aws/opensearch/opensearchExposedDomain.js index d6495cef4c..245e375757 100644 --- a/plugins/aws/opensearch/opensearchExposedDomain.js +++ b/plugins/aws/opensearch/opensearchExposedDomain.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html', recommended_action: 'Update OpenSearch domain to set access control.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain', 'STS:getCallerIdentity'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchHttpsOnly.js b/plugins/aws/opensearch/opensearchHttpsOnly.js index 95f9bb914d..2b54ac0147 100644 --- a/plugins/aws/opensearch/opensearchHttpsOnly.js +++ b/plugins/aws/opensearch/opensearchHttpsOnly.js @@ -29,7 +29,7 @@ module.exports = { remediate: ['opensearch:UpdateDomainConfig'], rollback: ['opensearch:UpdateDomainConfig'] }, - realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchLoggingEnabled.js b/plugins/aws/opensearch/opensearchLoggingEnabled.js index 32b21bbb23..2c7b971ea2 100644 --- a/plugins/aws/opensearch/opensearchLoggingEnabled.js +++ b/plugins/aws/opensearch/opensearchLoggingEnabled.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/createdomain-configure-slow-logs.html', recommended_action: 'Ensure logging is enabled and a CloudWatch log group is specified for each OpenSearch domain.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchNodeToNodeEncryption.js b/plugins/aws/opensearch/opensearchNodeToNodeEncryption.js index 2b185c9759..a3d5a2aacb 100644 --- a/plugins/aws/opensearch/opensearchNodeToNodeEncryption.js +++ b/plugins/aws/opensearch/opensearchNodeToNodeEncryption.js @@ -21,7 +21,7 @@ module.exports = { remediate: ['opensearch:UpdateDomainConfig'], rollback: ['opensearch:UpdateDomainConfig'] }, - realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchPublicEndpoint.js b/plugins/aws/opensearch/opensearchPublicEndpoint.js index 645a3db149..81483aa106 100644 --- a/plugins/aws/opensearch/opensearchPublicEndpoint.js +++ b/plugins/aws/opensearch/opensearchPublicEndpoint.js @@ -18,6 +18,7 @@ module.exports = { default: 'false' }, }, + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchRequireIAMAuth.js b/plugins/aws/opensearch/opensearchRequireIAMAuth.js index 767219c01d..8a3f4b8104 100644 --- a/plugins/aws/opensearch/opensearchRequireIAMAuth.js +++ b/plugins/aws/opensearch/opensearchRequireIAMAuth.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html', recommended_action: 'Configure the OpenSearch domain to have an access policy without a global principal or no principal', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchTlsVersion.js b/plugins/aws/opensearch/opensearchTlsVersion.js index 10678f12d6..7c7fb6b13f 100644 --- a/plugins/aws/opensearch/opensearchTlsVersion.js +++ b/plugins/aws/opensearch/opensearchTlsVersion.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html', recommended_action: 'Update OpenSearch domain to set TLSSecurityPolicy to contain TLS version 1.2.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain', 'STS:getCallerIdentity'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { const results = []; diff --git a/plugins/aws/opensearch/opensearchUpgradeAvailable.js b/plugins/aws/opensearch/opensearchUpgradeAvailable.js index b1a6d0d3da..921344ef65 100644 --- a/plugins/aws/opensearch/opensearchUpgradeAvailable.js +++ b/plugins/aws/opensearch/opensearchUpgradeAvailable.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/version-migration.html', recommended_action: 'Ensure each OpenSearch domain is running the latest service software and update out-of-date domains.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchVersion.js b/plugins/aws/opensearch/opensearchVersion.js index d67c0a53fe..8055d23077 100644 --- a/plugins/aws/opensearch/opensearchVersion.js +++ b/plugins/aws/opensearch/opensearchVersion.js @@ -10,6 +10,7 @@ module.exports = { link: 'https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html', recommended_action: 'Update OpenSearch domain to set to latest engine version.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain'], + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run:function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/opensearch/opensearchZoneAwarenessEnabled.js b/plugins/aws/opensearch/opensearchZoneAwarenessEnabled.js index 7263710ea9..c9a606c93c 100644 --- a/plugins/aws/opensearch/opensearchZoneAwarenessEnabled.js +++ b/plugins/aws/opensearch/opensearchZoneAwarenessEnabled.js @@ -10,7 +10,7 @@ module.exports = { link: 'https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/', recommended_action: 'Modify OpenSearch domain configuration and enable domain zone awareness.', apis: ['OpenSearch:listDomainNames', 'OpenSearch:describeDomain', 'STS:getCallerIdentity'], - + realtime_triggers: ['opensearch:CreateDomain', 'opensearch:UpdateDomainConfig', 'opensearch:DeleteDomain'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/organizations/enableAllFeatures.js b/plugins/aws/organizations/enableAllFeatures.js index 6d24df8faf..a20b6aaa8b 100644 --- a/plugins/aws/organizations/enableAllFeatures.js +++ b/plugins/aws/organizations/enableAllFeatures.js @@ -9,6 +9,7 @@ module.exports = { recommended_action: 'Enable all AWS Organizations features.', link: 'https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html?icmpid=docs_orgs_console', apis: ['Organizations:describeOrganization'], + realtime_triggers: ['organizations:CreateOrganization', 'organizations:EnableAllFeatures', 'organizations:DeleteOrganization'], run: function(cache, settings, callback) { var results = []; diff --git a/plugins/aws/organizations/organizationInvite.js b/plugins/aws/organizations/organizationInvite.js index 842c80564f..35fe368ba0 100644 --- a/plugins/aws/organizations/organizationInvite.js +++ b/plugins/aws/organizations/organizationInvite.js @@ -9,6 +9,7 @@ module.exports = { recommended_action: 'Enable all AWS Organizations features', link: 'https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html?icmpid=docs_orgs_console', apis: ['Organizations:listHandshakesForAccount'], + realtime_triggers: ['organizations:CreateOrganization', 'organizations:AcceptHandshake' ,'organizations:DeclineHandshake', 'organizations:CancleHandshake', 'organizations:DeleteOrganization'], run: function(cache, settings, callback) { var results = [];