Skip to content

Latest commit

 

History

History
71 lines (66 loc) · 19.3 KB

README.md

File metadata and controls

71 lines (66 loc) · 19.3 KB

AWS Runbooks

The following table lists the policies that the AWS Lambda you deploy will auto-remediate out-of-the-box.

Note: The runbooks with no associated Prisma Cloud policy descriptor are generic runbooks you can associate a relevant custom policy to by modifying index_prisma.py.

Click on a runbook name to see more details, such as the IAM permissions required to run it as well as the script itself.

Runbook Prisma Cloud Policy Name Prisma Cloud Policy Descriptor CIS Prisma Cloud Policy ID
CloudFormation
AWS-CFM-003 Enable CloudFormation Stack termination protection N/A N/A
CloudTrail
AWS-CLT-002 AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs) PC-AWS-CT-5 2.7 c2b84f89-7ec8-473e-a6af-404feeeb96c5
AWS-CLT-004 CloudTrail trail is not integrated with CloudWatch Logs PC-AWS-CT-50 2.4 0d07ac51-fbfe-44fe-8edb-3314c9995ee0
AWS-CLT-005 AWS CloudTrail log validation is not enabled in all regions PC-AWS-CT-4 2.2 38e3d3cf-b694-46ec-8bd2-8f02194b5040
AWS-CLT-006 AWS CloudTrail bucket is publicly accessible PC-AWS-S3-1 2.3 b76ad441-e715-4fd0-bbc3-cd3b2bee34bf
Config
AWS-CONFIG-001 AWS Config disabled N/A 2.5 N/A
EC2
AWS-EC2-001 EBS snapshot doesn't exist or older than 15 days N/A N/A
AWS-EC2-002 AWS Security Groups allow internet traffic to SSH port (22) PC-AWS-VPC-23 4.1 617b9138-584b-4e8e-ad15-7fbabafbed1a
AWS-EC2-003 AWS Security Groups allow internet traffic from internet to Telnet port (23) PC-AWS-VPC-236 519456f2-f9eb-407b-b32d-064f1ac7f0ca
AWS-EC2-004 AWS Security Groups allow internet traffic from internet to RDP port (3389) PC-AWS-VPC-24 4.2 b82f90ce-ed8b-4b49-970c-2268b0a6c2e5
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to MYSQL port (3306) PC-AWS-VPC-229 65daa6a0-e040-434e-aca3-9d5765c96e7c
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to PostgreSQL port (5432) PC-AWS-VPC-230 3b642d25-4534-487a-9399-c2622754ecb5
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to SQLServer port (1433) PC-AWS-VPC-233 760f2823-997e-495f-a538-5fb073c0ee78
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to MSQL port (4333) PC-AWS-VPC-247 ab7f8eda-18ab-457c-b5d3-fd4f53c722bc
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to VNC Listener port (5500) PC-AWS-VPC-238 8dd9e369-0c09-4477-97a2-ff0d50507fe2
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to VNC Server port (5900) PC-AWS-VPC-232 89cbc2f1-fcb0-48b9-be71-4cbe2d18a5f7
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to FTP port (21) PC-AWS-VPC-245 14d10ad2-51df-4b07-be69-e94951cc7067
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to FTP-Data port (20) PC-AWS-VPC-248 cdcd663c-e9c9-4472-9779-e5f38751524a
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to SMTP port (25) PC-AWS-VPC-227 c2074d5a-aa28-4dde-90c1-82f528cec55e
AWS-EC2-010 AWS Security Groups allow internet traffic from internet to DNS port (53) PC-AWS-VPC-228 6eaf6455-1659-4c4b-bff5-c8c7b0fda201
AWS-EC2-031 AWS delete unused EC2 Security Groups N/A N/A
AWS-EC2-036 AWS Amazon Machine Image (AMI) is publicly accessible PC-AWS-EC2-35 81a2200a-c63e-4860-85a0-b54eaa581135
AWS-EC2-038 AWS Default Security Group does not restrict all traffic PC-AWS-VPC-22 4.3 2378dbf4-b104-4bda-9b05-7417affbba3f
AWS-EC2-039 AWS Security Groups with Inbound rule overly permissive to All Traffic PC-AWS-VPC-222 566686e8-0581-4df5-ae22-5a901ed37b58
AWS-EC2-042 AWS EBS snapshots are accessible to public PC-AWS-EC2-31 7c714cb4-3d47-4c32-98d4-c13f92ce4ec5
ELB
AWS-ELB-009 AWS Elastic Load Balancer (Classic) with connection draining disabled PC-AWS-ELB-267 7eb7f61e-df59-42d4-8236-7d012f278fa6
AWS-ELB-012 AWS Elastic Load Balancer (Classic) with cross-zone load balancing disabled PC-AWS-ELB-266 551ee7ba-edb6-468e-a018-8774da9b1e85
AWS-ELB-013 AWS Elastic Load Balancer (Classic) with access log disabled PC-AWS-ELB-265 b675c604-e886-43aa-a60f-a9ad1f3742d3
AWS-ELB-015 AWS Elastic Load Balancer v2 (ELBv2) Application Load Balancer (ALB) with access log disabled PC-AWS-ELB-242 f2a2bcf1-2966-4cb5-9230-bd39c9903a02
IAM
AWS-IAM-002 Enforce AWS account best practices password policy N/A 1.5 - 1.11 N/A
AWS-IAM-015 AWS access keys not used for more than 90 days PC-AWS-IAM-48 1.3 7ca5af2c-d18d-4004-9ad4-9c1fbfcab218
AWS-IAM-016 AWS IAM policy allows full administrative privileges PC-AWS-IAM-46 1.22 d9b86448-11a2-f9d4-74a5-f6fc590caeef
AWS-IAM-018 Create an IAM Support Role to manage incidents with AWS Support N/A 1.20 N/A
KMS
AWS-KMS-001 AWS Customer Master Key (CMK) rotation is not enabled PC-AWS-KMS-20 2.8 497f7e2c-b702-47c7-9a07-f0f6404ac896
RDS
AWS-RDS-005 AWS RDS database instance is publicly accessible PC-AWS-RDS-99 1bb6005a-dca6-40e2-b0a6-24da968c0808
AWS-RDS-007 AWS RDS snapshots are accessible to public PC-AWS-RDS-32 a707de6a-11b7-478a-b636-5e21ee1f6162
AWS-RDS-010 AWS RDS instance with Multi-Availability Zone disabled PC-AWS-RDS-218 c5305272-a732-4e8e-8427-6a9701cd2a6f
AWS-RDS-011 AWS RDS minor upgrades not enabled PC-AWS-RDS-260 9dd6cc35-1855-48c8-86ba-0e1818ce11e2
Redshift
AWS-REDSHIFT-001 AWS Redshift clusters should not be publicly accessible PC-AWS-RED-79 d65fd313-1c5c-42a1-98b2-a73bdeda19a6
S3
AWS-SSS-001 AWS S3 Object Versioning is disabled PC-AWS-S3-259 89ea62c1-3845-4134-b337-cc82203b8ff9
AWS-SSS-008 AWS S3 bucket has global view ACL permissions enabled PC-AWS-S3-251 43c42760-5283-4bc4-ac43-a80e58c4139f
AWS-SSS-009 AWS Access logging not enabled on S3 buckets PC-AWS-S3-30 2.6 4daa435b-fa46-457a-9359-6a4b4a43a442
AWS-SSS-014 AWS S3 buckets do not have server side encryption PC-AWS-S3-64 7913fcbf-b679-5aac-d979-1b6817becb22
PC-AWS-S3-29 AWS S3 buckets are accessible to public PC-AWS-S3-29 630d3779-d932-4fbf-9cce-6e8d793c6916
VPC
AWS-VPC-013 Release unassociated (unused) Elastic IP addresses N/A N/A
AWS-VPC-020 AWS VPC has flow logs disabled PC-AWS-VPC-25 2.9 49f4760d-c951-40e4-bfe1-08acaa17672a
AWS-VPC-Default Delete AWS default VPC N/A N/A
Misc
AWS-TEST-001 Example runbook N/A N/A