prowler-cloud · jfagoagas · Apr 30, 2024 · Apr 22, 2024 · Apr 30, 2024
@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "Other",
  "Description": "Maintain current contact details.",
- "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
+ "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "Other",
  "Description": "Maintain different contact details to security, billing and operations.",
- "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
+ "Risk": "Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact.html",
  "Remediation": {
  "Code": {

@@ -21,7 +21,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.",
+ "Text": "Monitor certificate expiration and take automated action to renew, replace or remove. Having shorter TTL for any security artifact is a general recommendation, but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.",
  "Url": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html"
  }
  },

@@ -9,7 +9,7 @@
  "Severity": "low",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Check if Lambda functions invoke API operations are being recorded by CloudTrail.",
- "Risk": "If logs are not enabled; monitoring of service use and threat analysis is not possible.",
+ "Risk": "If logs are not enabled, monitoring of service use and threat analysis is not possible.",
  "RelatedUrl": "https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html",
  "Remediation": {
  "Code": {

@@ -9,7 +9,7 @@
  "Severity": "critical",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find secrets in Lambda functions code.",
- "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.",
+ "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html",
  "Remediation": {
  "Code": {

@@ -9,7 +9,7 @@
  "Severity": "critical",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find secrets in Lambda functions variables.",
- "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.",
+ "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "https://docs.aws.amazon.com/secretsmanager/latest/userguide/lambda-functions.html",
  "Remediation": {
  "Code": {

@@ -9,7 +9,7 @@
  "Severity": "medium",
  "ResourceType": "AwsLambdaFunction",
  "Description": "Find obsolete Lambda runtimes.",
- "Risk": "If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.",
+ "Risk": "If you have functions running on a runtime that will be deprecated in the next 60 days, Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases, such as security issues that require a backwards-incompatible update, or software that does not support a long-term support (LTS) schedule, advance notice might not be possible. After a runtime is deprecated, Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.",
  "RelatedUrl": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html",
  "Remediation": {
  "Code": {

@@ -9,7 +9,7 @@
  "Severity": "medium",
  "ResourceType": "AwsCloudFormationStack",
  "Description": "Enable termination protection for Cloudformation Stacks",
- "Risk": "Without termination protection enabled; a critical cloudformation stack can be accidently deleted.",
+ "Risk": "Without termination protection enabled, a critical cloudformation stack can be accidently deleted.",
  "RelatedUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html",
  "Remediation": {
  "Code": {

@@ -9,7 +9,7 @@
  "Severity": "low",
  "ResourceType": "AwsCloudFrontDistribution",
  "Description": "Check if Geo restrictions are enabled in CloudFront distributions.",
- "Risk": "Consider countries where service should not be accessed; by legal or compliance requirements. Additionally if not restricted the attack vector is increased.",
+ "Risk": "Consider countries where service should not be accessed, by legal or compliance requirements. Additionally if not restricted the attack vector is increased.",
  "RelatedUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html",
  "Remediation": {
  "Code": {
@@ -19,7 +19,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "If possible; define and enable Geo restrictions for this service.",
+ "Text": "If possible, define and enable Geo restrictions for this service.",
  "Url": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html"
  }
  },

@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "AwsCloudFrontDistribution",
  "Description": "Check if CloudFront distributions are using WAF.",
- "Risk": "Potential attacks and / or abuse of service; more even for even for internet reachable services.",
+ "Risk": "Potential attacks and / or abuse of service, more even for even for internet reachable services.",
  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html",
  "Remediation": {
  "Code": {
@@ -21,7 +21,7 @@
  "Terraform": "https://docs.prowler.com/checks/aws/general-policies/bc_aws_general_27#terraform"
  },
  "Recommendation": {
- "Text": "Use AWS WAF to protect your service from common web exploits. These could affect availability and performance; compromise security; or consume excessive resources.",
+ "Text": "Use AWS WAF to protect your service from common web exploits. These could affect availability and performance, compromise security, or consume excessive resources.",
  "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html"
  }
  },

@@ -13,7 +13,7 @@
  "Severity": "low",
  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure CloudTrail trails are integrated with CloudWatch Logs",
- "Risk": "Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.",
+ "Risk": "Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user, API, resource, and IP address, and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -13,7 +13,7 @@
  "Severity": "medium",
  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure CloudTrail logs are encrypted at rest using KMS CMKs",
- "Risk": "By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.",
+ "Risk": "By default, the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable, you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -13,7 +13,7 @@
  "Severity": "medium",
  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket",
- "Risk": "Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.",
+ "Risk": "Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {
@@ -23,7 +23,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.",
+ "Text": "Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.",
  "Url": "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html"
  }
  },

@@ -13,7 +13,7 @@
  "Severity": "high",
  "ResourceType": "AwsCloudTrailTrail",
  "Description": "Ensure CloudTrail is enabled in all regions",
- "Risk": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.",
+ "Risk": "AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -21,7 +21,7 @@
  "Terraform": "https://docs.prowler.com/checks/aws/general-policies/general_3-encrypt-ebs-volume#terraform"
  },
  "Recommendation": {
- "Text": "Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.",
+ "Text": "Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example, Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.",
  "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default"
  }
  },

@@ -21,7 +21,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.",
+ "Text": "Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example, Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.",
  "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"
  }
  },

@@ -21,7 +21,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "Check Identified IPs; consider changing them to private ones and delete them from Shodan.",
+ "Text": "Check Identified IPs, consider changing them to private ones and delete them from Shodan.",
  "Url": "https://www.shodan.io/"
  }
  },

@@ -13,7 +13,7 @@
  "Severity": "critical",
  "ResourceType": "AwsEcsTaskDefinition",
  "Description": "Check if secrets exists in ECS task definitions environment variables. If a secret is detected, the line number shown in the finding matches with the environment variable \"Name\" attribute starting to count at the \"environment\" key from the ECS Task Definition in JSON format.",
- "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.",
+ "Risk": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "AwsEksCluster",
  "Description": "Restrict Access to the EKS Control Plane Endpoint",
- "Risk": "By default; this API server endpoint is public to the internet; and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC).",
+ "Risk": "By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC).",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {
@@ -21,7 +21,7 @@
  "Terraform": ""
  },
  "Recommendation": {
- "Text": "You should enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet; or completely disable internet access to the API server.",
+ "Text": "You should enable private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.",
  "Url": "https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html"
  }
  },

@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "AwsEksCluster",
  "Description": "Ensure EKS Control Plane Audit Logging is enabled for all log types",
- "Risk": "If logs are not enabled; monitoring of service use and threat analysis is not possible.",
+ "Risk": "If logs are not enabled, monitoring of service use and threat analysis is not possible.",
  "RelatedUrl": "",
  "Remediation": {
  "Code": {

@@ -11,7 +11,7 @@
  "Severity": "medium",
  "ResourceType": "AwsElasticLoadBalancingV2LoadBalancer",
  "Description": "Check whether the Application Load Balancer is configured with strictest desync mitigation mode, if not check if at least is configured with the drop_invalid_header_fields attribute",
- "Risk": "HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.",
+ "Risk": "HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning, which could lead to credential hijacking or execution of unauthorized commands.",
  "RelatedUrl": "https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#desync-mitigation-mode",
  "Remediation": {
  "Code": {