-
Notifications
You must be signed in to change notification settings - Fork 66
/
sample_bundle.json
11 lines (11 loc) · 1.26 KB
/
sample_bundle.json
1
2
3
4
5
6
7
8
9
10
11
[
{
"name": "Ensure the default security group restricts all traffic (Scored)",
"description": "A VPC comes with a default security group whose initial settings deny all inbound traffic, allow all outbound traffic, and allow all traffic between instances assigned to the security group. If you don't specify a security group when you launch an instance, the instance is automatically assigned to this default security group. Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that the default security group restrict all traffic.\nConfiguring the default security group to restrict all traffic will encourage least privilege security group development and mindful placement of AWS resource into security groups which will in-turn reduce the exposure of those resources.",
"severity": "High",
"logic": "SecurityGroup where (name like 'default' and networkAssetsStats contain-all [ count = 0 ]) should have inboundRules isEmpty() and outboundRules isEmpty()",
"remediation": "Follow AWS CIS Web Services Foundations Benchmark guidelines at https://benchmarks.cisecurity.org/tools2/amazon/CIS_Amazon_Web_Services_Foundations_Benchmark_v1.0.0.pdf",
"complianceTag": "AUTO: sg_rules_delete",
"id": 1
}
]