Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3 azure tagging rules ported #348

Merged
merged 1 commit into from
Nov 1, 2019
Merged

3 azure tagging rules ported #348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 azure tagging rules ported
  • Loading branch information
@KanchanaAradhya
KanchanaAradhya committed Oct 25, 2019
commit a855eb9274180cff317df86b9195a2c36fc2bf8a
66 changes: 66 additions & 0 deletions installer/resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2462,6 +2462,72 @@
"modifiedDate": "2019-09-18",
"severity": "high",
"category": "security"
},
{
"ruleId": "PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine",
"ruleUUID": "azure_virtualmachine_should_be_tagged_with_mandatory_tags",
"policyId": "PacMan_TaggingRule_version-1",
"ruleName": "VirtualmachineTaggingRule",
"targetType": "virtualmachine",
"assetGroup": "azure",
"alexaKeyword": "VirtualmachineTaggingRule",
"ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"VirtualmachineTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_virtualmachine_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}",
"ruleFrequency": "0 * * * ? *",
"ruleExecutable": "",
"ruleRestUrl": "",
"ruleType": "ManageRule",
"ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_virtualmachine_should_be_tagged_with_mandatory_tags",
"status": "ENABLED",
"userId": "ASGC",
"displayName": "Virtualmachine should be tagged with mandatory tags",
"createdDate": "2019-10-25",
"modifiedDate": "2019-10-25",
"severity": "high",
"category": "tagging"
},
{
"ruleId": "PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver",
"ruleUUID": "azure_sqlserver_should_be_tagged_with_mandatory_tags",
"policyId": "PacMan_TaggingRule_version-1",
"ruleName": "SqlserverTaggingRule",
"targetType": "sqlserver",
"assetGroup": "azure",
"alexaKeyword": "SqlserverTaggingRule",
"ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver\",\"autofix\":false,\"alexaKeyword\":\"SqlserverTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_sqlserver_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}",
"ruleFrequency": "0 * * * ? *",
"ruleExecutable": "",
"ruleRestUrl": "",
"ruleType": "ManageRule",
"ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_sqlserver_should_be_tagged_with_mandatory_tags",
"status": "ENABLED",
"userId": "ASGC",
"displayName": "Sqlserver should be tagged with mandatory tags",
"createdDate": "2019-10-25",
"modifiedDate": "2019-10-25",
"severity": "high",
"category": "tagging"
},
{
"ruleId": "PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase",
"ruleUUID": "azure_sqldatabase_should_be_tagged_with_mandatory_tags",
"policyId": "PacMan_TaggingRule_version-1",
"ruleName": "SqldatabaseserverTaggingRule",
"targetType": "sqldatabase",
"assetGroup": "azure",
"alexaKeyword": "SqldatabaseserverTaggingRule",
"ruleParams": "{\"params\":[{\"encrypt\":false,\"value\":\"check-for-missing-mandatory-tags\",\"key\":\"ruleKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"tagging\",\"key\":\"ruleCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"ruleOwner\"}],\"environmentVariables\":[],\"ruleId\":\"PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase\",\"autofix\":false,\"alexaKeyword\":\"SqldatabaseTaggingRule\",\"ruleRestUrl\":\"\",\"targetType\":\"sqldatabase\",\"pac_ds\":\"azure\",\"policyId\":\"PacMan_TaggingRule_version-1\",\"assetGroup\":\"azure\",\"ruleUUID\":\"azure_sqldatabase_should_be_tagged_with_mandatory_tags\",\"ruleType\":\"ManageRule\"}",
"ruleFrequency": "0 * * * ? *",
"ruleExecutable": "",
"ruleRestUrl": "",
"ruleType": "ManageRule",
"ruleArn": "arn:aws:events:us-east-1:***REMOVED***:rule/azure_sqldatabase_should_be_tagged_with_mandatory_tags",
"status": "ENABLED",
"userId": "ASGC",
"displayName": "Sqldatabase should be tagged with mandatory tags",
"createdDate": "2019-10-25",
"modifiedDate": "2019-10-25",
"severity": "high",
"category": "tagging"
}

]
5 changes: 4 additions & 1 deletion installer/resources/pacbot_app/files/DB.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1345,7 +1345,9 @@ INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`t
INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`targetType`,`assetGroup`,`alexaKeyword`,`ruleParams`,`ruleFrequency`,`ruleExecutable`,`ruleRestUrl`,`ruleType`,`ruleArn`,`status`,`userId`,`displayName`,`createdDate`,`modifiedDate`,`severity`,`category`) VALUES ('PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1_Ec2PublicAccessPortWithS5Vulnerability_ec2','aws_ec2_pub_vuln_s5_rule','PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1','Ec2PublicAccessPortWithS5Vuln','ec2','aws','Ec2PublicAccessPortWithS5Vuln','{"params":[{"encrypt":false,"value":"check-for-ec2-public-access-port-with-s5-vulnerabilities","key":"ruleKey"},{"encrypt":false,"value":"S5","key":"severityVulnValue"},{"encrypt":false,"value":"PacMan_EC2WithPublicIPAccess_version-1_Ec2WithPublicAccess_ec2","key":"ec2PortRuleId"},{"key":"esEc2WithVulnInfoForS5Url","value":"/aws_ec2/vulninfo/_search","isValueNew":true,"encrypt":false},{"key":"esEc2PubAccessPortUrl","value":"/aws/issue_ec2/_search","isValueNew":true,"encrypt":false},{"key":"esAppElbWithInstanceUrl","value":"/aws_appelb/appelb_instances/_search","isValueNew":true,"encrypt":false},{"key":"esClassicElbWithInstanceUrl","value":"/aws_classicelb/classicelb_instances/_search","isValueNew":true,"encrypt":false},{"key":"esAppElbPubAccessPortUrl","value":"/aws_appelb/issue_appelb/_search","isValueNew":true,"encrypt":false},{"key":"esClassicElbPubAccessPortUrl","value":"/aws_classicelb/issue_classicelb/_search","isValueNew":true,"encrypt":false},{"key":"appElbPortRuleId","value":"PacMan_ElbWithPublicAccess_version-1_ApplicationElbWithPublicAccess_appelb","isValueNew":true,"encrypt":false},{"key":"classicElbPortRuleId","value":"PacMan_ElbWithPublicAccess_version-1_ClassicElbWithPublicAccess_classicelb","isValueNew":true,"encrypt":false},{"encrypt":false,"value":"critical","key":"severity"},{"encrypt":false,"value":"security","key":"ruleCategory"}],"environmentVariables":[],"ruleId":"PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1_Ec2PublicAccessPortWithS5Vulnerability_ec2","autofix":false,"alexaKeyword":"Ec2PublicAccessPortWithS5Vulnerability","ruleRestUrl":"","targetType":"ec2","pac_ds":"aws","policyId":"PacMan_Ec2PublicAccessPortWithS5Vulnerability_version-1","assetGroup":"aws","ruleUUID":"aws_ec2_pub_vuln_s5_rule","ruleType":"ManageRule"}','0 0 ? * MON *','','','Manage Rule',concat('arn:aws:events:',@region,':',@account,':rule/aws_ec2_pub_vuln_s5_rule'),'ENABLED','ASGC','An Ec2 instance with remotely exploitable vulnerability (S5) should not be open to internet','2019-08-05','2019-08-05','high','governance');
INSERT IGNORE INTO cf_RuleInstance (`ruleId`,`ruleUUID`,`policyId`,`ruleName`,`targetType`,`assetGroup`,`alexaKeyword`,`ruleParams`,`ruleFrequency`,`ruleExecutable`,`ruleRestUrl`,`ruleType`,`ruleArn`,`status`,`userId`,`displayName`,`createdDate`,`modifiedDate`,`severity`,`category`) VALUES ('PacMan_Ec2InstanceScannedByQualys_version-1_Ec2-instance-scanned-by-qualys-API_ec2','aws_ec2_qualys_scanned_rule','PacMan_Ec2InstanceScannedByQualys_version-1','Ec2InstanceScannedByQualysAPI','ec2','aws','Ec2InstanceScannedByQualysAPI','{"params":[{"encrypt":false,"value":"30","key":"target"},{"key":"esQualysUrl","value":"/aws_ec2/qualysinfo/_search","isValueNew":true,"encrypt":false},{"key":"discoveredDaysRange","value":"7","isValueNew":true,"encrypt":false},{"key":"ruleKey","value":"check-for-resource-scanned-by-qualys","isValueNew":true,"encrypt":false},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"security","key":"ruleCategory"}],"environmentVariables":[],"ruleId":"PacMan_Ec2InstanceScannedByQualys_version-1_Ec2-instance-scanned-by-qualys-API_ec2","autofix":false,"alexaKeyword":"Ec2InstanceScannedByQualysAPI","ruleRestUrl":"","targetType":"ec2","pac_ds":"aws","policyId":"PacMan_Ec2InstanceScannedByQualys_version-1","assetGroup":"aws","ruleUUID":"aws_ec2_qualys_scanned_rule","ruleType":"ManageRule"}','0 0 ? * MON *','','','Manage Rule',concat('arn:aws:events:',@region,':',@account,':rule/aws_ec2_qualys_scanned_rule'),'ENABLED','ASGC','Every EC2 instance should be scanned by Qualys vulnerability assessment tool atleast once a month','2019-09-18','2019-09-18','high','security');


INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine','azure_virtualmachine_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','VirtualmachineTaggingRule','virtualmachine','azure','VirtualmachineTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_VirtualmachineTaggingRule_virtualmachine","autofix":false,"alexaKeyword":"VirtualmachineTaggingRule","ruleRestUrl":"","targetType":"virtualmachine","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_virtualmachine_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_virtualmachine_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Virtualmachine should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null);
INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver','azure_sqlserver_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','SqlserverTaggingRule','sqlserver','azure','SqlserverTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_SqlserverTaggingRule_sqlserver","autofix":false,"alexaKeyword":"SqlserverTaggingRule","ruleRestUrl":"","targetType":"sqlserver","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_sqlserver_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_sqlserver_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Sqlserver should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null);
INSERT IGNORE INTO cf_RuleInstance (ruleId,ruleUUID,policyId,ruleName,targetType,assetGroup,alexaKeyword,ruleParams,ruleFrequency,ruleExecutable,ruleRestUrl,ruleType,ruleArn,status,userId,displayName,createdDate,modifiedDate,severity,category) VALUES ('PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase','azure_sqldatabase_should_be_tagged_with_mandatory_tags','PacMan_TaggingRule_version-1','SqldatabaseTaggingRule','sqldatabase','azure','SqldatabaseTaggingRule','{"params":[{"encrypt":false,"value":"check-for-missing-mandatory-tags","key":"ruleKey"},{"encrypt":false,"value":",","key":"splitterChar"},{"encrypt":false,"value":"Application,Environment,Stack,Role","key":"mandatoryTags"},{"encrypt":false,"value":"high","key":"severity"},{"encrypt":false,"value":"tagging","key":"ruleCategory"},{"encrypt":false,"value":"","key":"ruleOwner"}],"environmentVariables":[],"ruleId":"PacMan_TaggingRule_version-1_SqldatabaseTaggingRule_sqldatabase","autofix":false,"alexaKeyword":"SqldatabaseTaggingRule","ruleRestUrl":"","targetType":"sqldatabase","pac_ds":"azure","policyId":"PacMan_TaggingRule_version-1","assetGroup":"azure","ruleUUID":"azure_sqldatabase_should_be_tagged_with_mandatory_tags","ruleType":"ManageRule"}','0 0/12 * * ? *','','','ManageRule',concat('arn:aws:events:',@region,':',@account,':rule/azure_sqldatabase_should_be_tagged_with_mandatory_tags'),'ENABLED','ASGC','Sqldatabase should be tagged with mandatory tags',{d '2019-10-25'},{d '2019-10-25'},null,null);

/* Omni Seach Configuration */

Expand Down Expand Up @@ -2523,6 +2525,7 @@ UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability
UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability application resource details both' WHERE `cfkey` = 'vulnerability.application.resourcedetailsboth';
UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability severity summary' WHERE `cfkey` = 'vulnerability.summary.severity';
UPDATE `pacmandata`.`pac_config_key_metadata` SET `description` = 'Vulnerability types' WHERE `cfkey` = 'vulnerability.types';
UPDATE `cf_Policy` SET policyDesc = 'All cloud assets should be tagged with following mandatory tags. Application, Environment, Role and Stack. Assets without these mandatory tags will be marked as non-complaint. Below is an example for the tag value pairs.\n\nTag name: Application\nExample value: Rebellion\n\nNotes\nThis value for the application tag should be the approved application name give for the project during the cloud on-boarding process. Unknown applications will be marked for review and possible termination.\n\nTag name: Environment\nExample value: Production or Non Production or Non Production::qat1 or Non Production::dit1 (Refer Naming guide)\n\nNotes\nThe value for environment should distinguish the asset as a Production or Non Production class. You can further qualify Non Production assets using the :: separator. Look at the examples 3 and 4.\n\nTag name: Stack\nExample Value: Apache Httpd\n\nTag name: Role\nExample value: Webserver\n\n \nEach asset should at least have these 4 mandatory tags. You can have additional tags as well' WHERE policyId = 'PacMan_TaggingRule_version-1';

DELETE FROM `pac_config_properties` WHERE cfkey='features.vulnerability.enabled';
INSERT IGNORE INTO pac_config_properties(`cfkey`,`value`,`application`,`profile`,`label`,`createdBy`,`createdDate`,`modifiedBy`,`modifiedDate`) VALUES ('features.vulnerability.enabled',concat(@VULNERABILITY_FEATURE_ENABLED,''),'api','prd','latest',NULL,NULL,NULL,NULL);
Expand Down