chore(compliance): add missing configrequirements (#11717)

This commit is contained in:
Pedro Martín
2026-06-29 13:01:52 +02:00
committed by GitHub
parent ed04257e6c
commit 0c5ceb7e72
2 changed files with 158 additions and 8 deletions
+80 -8
View File
@@ -173,7 +173,16 @@
"gcp": [
"iam_cloud_asset_inventory_enabled"
]
}
},
"config_requirements": [
{
"Check": "config_recorder_all_regions_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "1.2",
@@ -1929,7 +1938,16 @@
"vercel": [
"team_member_role_least_privilege"
]
}
},
"config_requirements": [
{
"Check": "accessanalyzer_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "7.1",
@@ -2226,7 +2244,16 @@
"network_vcn_subnet_flow_logs_enabled",
"objectstorage_bucket_logging_enabled"
]
}
},
"config_requirements": [
{
"Check": "config_recorder_all_regions_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "8.3",
@@ -2865,7 +2892,16 @@
"defender_ensure_defender_for_containers_is_on",
"defender_ensure_defender_for_storage_is_on"
]
}
},
"config_requirements": [
{
"Check": "guardduty_delegated_admin_enabled_all_regions",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "10.7",
@@ -2900,7 +2936,16 @@
"defender_safe_attachments_policy_enabled",
"defender_zap_for_teams_enabled"
]
}
},
"config_requirements": [
{
"Check": "guardduty_is_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "11.1",
@@ -2980,7 +3025,16 @@
"oraclecloud": [
"objectstorage_bucket_versioning_enabled"
]
}
},
"config_requirements": [
{
"Check": "drs_job_exist",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "11.3",
@@ -3373,7 +3427,16 @@
"events_rule_user_changes",
"events_rule_vcn_changes"
]
}
},
"config_requirements": [
{
"Check": "securityhub_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "13.2",
@@ -3424,7 +3487,16 @@
"oraclecloud": [
"cloudguard_enabled"
]
}
},
"config_requirements": [
{
"Check": "guardduty_is_enabled",
"Provider": "aws",
"ConfigKey": "mute_non_default_regions",
"Operator": "eq",
"Value": false
}
]
},
{
"id": "13.4",
+78
View File
@@ -588,6 +588,68 @@
"DefaultValue": "The following extensions are blocked by default: ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z",
"References": "https://learn.microsoft.com/en-us/powershell/module/exchange/get-malwarefilterpolicy?view=exchange-ps:https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide:https://learn.microsoft.com/en-us/office/compatibility/office-file-format-reference"
}
],
"ConfigRequirements": [
{
"Check": "defender_malware_policy_comprehensive_attachments_filter_applied",
"ConfigKey": "recommended_blocked_file_types",
"Operator": "superset",
"Value": [
"ace",
"ani",
"apk",
"app",
"appx",
"arj",
"bat",
"cab",
"cmd",
"com",
"deb",
"dex",
"dll",
"docm",
"elf",
"exe",
"hta",
"img",
"iso",
"jar",
"jnlp",
"kext",
"lha",
"lib",
"library",
"lnk",
"lzh",
"macho",
"msc",
"msi",
"msix",
"msp",
"mst",
"pif",
"ppa",
"ppam",
"reg",
"rev",
"scf",
"scr",
"sct",
"sys",
"uif",
"vb",
"vbe",
"vbs",
"vxd",
"wsc",
"wsf",
"wsh",
"xll",
"xz",
"z"
]
}
]
},
{
@@ -2380,6 +2442,14 @@
"DefaultValue": "AuditEnabled: True for all mailboxes except below: - Resource Mailboxes - Public Folder Mailboxes - DiscoverySearch Mailbox AuditAdmin: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SendAs, SendOnBehalf, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules AuditDelegate: ApplyRecord, Create, HardDelete, MailItemsAccessed, MoveToDeletedItems, SendAs, SendOnBehalf, SoftDelete, Update, UpdateFolderPermissions, UpdateInboxRules AuditOwner: ApplyRecord, HardDelete, MailItemsAccessed, MoveToDeletedItems, Send, SoftDelete, Update, UpdateCalendarDelegation, UpdateFolderPermissions, UpdateInboxRules",
"References": "https://learn.microsoft.com/en-us/purview/audit-mailboxes?view=o365-worldwide"
}
],
"ConfigRequirements": [
{
"Check": "exchange_user_mailbox_auditing_enabled",
"ConfigKey": "audit_log_age",
"Operator": "gte",
"Value": 90
}
]
},
{
@@ -2563,6 +2633,14 @@
"DefaultValue": "MailTipsAllTipsEnabled: True MailTipsExternalRecipientsTipsEnabled: False MailTipsGroupMetricsEnabled: True MailTipsLargeAudienceThreshold: 25",
"References": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips:https://learn.microsoft.com/en-us/powershell/module/exchange/set-organizationconfig?view=exchange-ps"
}
],
"ConfigRequirements": [
{
"Check": "exchange_organization_mailtips_enabled",
"ConfigKey": "recommended_mailtips_large_audience_threshold",
"Operator": "lte",
"Value": 25
}
]
},
{