fix(metadata): match type with check results (#7111)

This commit is contained in:
Andoni Alonso
2025-03-07 14:34:07 +01:00
committed by GitHub
parent 2276ffb1f6
commit d42406d765
9 changed files with 15 additions and 15 deletions
@@ -7,9 +7,9 @@
],
"ServiceName": "account",
"SubServiceName": "",
"ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "medium",
"ResourceType": "Other",
"ResourceType": "AwsAccount",
"Description": "Maintain current contact details.",
"Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
"RelatedUrl": "",
@@ -7,9 +7,9 @@
],
"ServiceName": "account",
"SubServiceName": "",
"ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "medium",
"ResourceType": "Other",
"ResourceType": "AwsAccount",
"Description": "Maintain different contact details to security, billing and operations.",
"Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
"RelatedUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html",
@@ -7,9 +7,9 @@
],
"ServiceName": "account",
"SubServiceName": "",
"ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "medium",
"ResourceType": "Other",
"ResourceType": "AwsAccount",
"Description": "Ensure security contact information is registered.",
"Risk": "AWS provides customers with the option of specifying the contact information for accounts security team. It is recommended that this information be provided. Specifying security-specific contact information will help ensure that security advisories sent by AWS reach the team in your organization that is best equipped to respond to them.",
"RelatedUrl": "",
@@ -7,9 +7,9 @@
],
"ServiceName": "account",
"SubServiceName": "",
"ResourceIdTemplate": "arn:partition:access-recorder:region:account-id:recorder/resource-id",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "medium",
"ResourceType": "Other",
"ResourceType": "AwsAccount",
"Description": "Ensure security questions are registered in the AWS account.",
"Risk": "The AWS support portal allows account owners to establish security questions that can be used to authenticate individuals calling AWS customer service for support. It is recommended that security questions be established. When creating a new AWS account a default super user is automatically created. This account is referred to as the root account. It is recommended that the use of this account be limited and highly controlled. During events in which the root password is no longer accessible or the MFA token associated with root is lost/destroyed it is possible through authentication using secret questions and associated answers to recover root login access.",
"RelatedUrl": "",
@@ -9,7 +9,7 @@
"SubServiceName": "snapshot",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "high",
"ResourceType": "Other",
"ResourceType": "AwsAccount",
"Description": "EBS snapshots can be shared with other AWS accounts or made public. By default, EBS snapshots are private and only the AWS account that created the snapshot can access it. If an EBS snapshot is shared with another AWS account or made public, the data in the snapshot can be accessed by the other account or by anyone on the internet. Ensure that public access to EBS snapshots is disabled.",
"Risk": "If public access to EBS snapshots is enabled, the data in the snapshot can be accessed by anyone on the internet.",
"RelatedUrl": "https://docs.aws.amazon.com/ebs/latest/userguide/block-public-access-snapshots-work.html#block-public-access-snapshots-enable",
@@ -9,7 +9,7 @@
"SubServiceName": "",
"ResourceIdTemplate": "arn:partition:service:region:account-id",
"Severity": "high",
"ResourceType": "AwsEc2Instance",
"ResourceType": "AwsAccount",
"Description": "Ensure Instance Metadata Service Version 2 (IMDSv2) is enforced for EC2 instances at the account level to protect against SSRF vulnerabilities.",
"Risk": "EC2 instances that use IMDSv1 are vulnerable to SSRF attacks.",
"RelatedUrl": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html#set-imdsv2-account-defaults",
@@ -9,7 +9,7 @@
"SubServiceName": "instance",
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
"Severity": "critical",
"ResourceType": "AwsEc2SecurityGroup",
"ResourceType": "AwsEc2Instance",
"Description": "Ensure no EC2 instances allow ingress from the internet to TCP port 11211 (Memcached).",
"Risk": "Memcached is an open-source, high-performance, distributed memory object caching system. It is often used to speed up dynamic database-driven websites by caching data and objects in RAM to reduce the number of times an external data source must be read. Memcached is designed to be used in trusted environments and should not be exposed to the internet. If Memcached is exposed to the internet, it can be exploited by attackers to perform distributed denial-of-service (DDoS) attacks, data exfiltration, and other malicious activities.",
"RelatedUrl": "",
@@ -7,9 +7,9 @@
],
"ServiceName": "rds",
"SubServiceName": "",
"ResourceIdTemplate": "arn:aws:rds:region:account-id:db-cluster",
"ResourceIdTemplate": "arn:aws:rds:region:account-id:account",
"Severity": "low",
"ResourceType": "AwsRdsDbCluster",
"ResourceType": "AwsAccount",
"Description": "Ensure that Amazon RDS event notification subscriptions are enabled for database cluster events, particularly maintenance and failure.",
"Risk": "Without event subscriptions for critical events, such as maintenance and failures, you may not be aware of issues affecting your RDS clusters, leading to downtime or security vulnerabilities.",
"RelatedUrl": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html",
@@ -5,9 +5,9 @@
"CheckType": [],
"ServiceName": "rds",
"SubServiceName": "",
"ResourceIdTemplate": "arn:aws:rds:region:account-id:db-instance",
"ResourceIdTemplate": "arn:aws:rds:region:account-id:account",
"Severity": "low",
"ResourceType": "AwsRdsEventSubscription",
"ResourceType": "AwsAccount",
"Description": "Ensure that Amazon RDS event notification subscriptions are enabled for database parameter groups events.",
"Risk": "Amazon RDS event subscriptions for database parameter groups are designed to provide incident notification of events that may affect the security, availability, and reliability of the RDS database instances associated with these parameter groups.",
"RelatedUrl": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html",