On Wednesday, July 1, 2020, Aqua CSPM will enable the following plugins for all infrastructure scans.


If you do not want these plugins to be added to your scan reports, please suppress them ahead of time.


AWS:

Open Docker - Determine if Docker port 2375 or 2376 is open to the public.

ELBv2 WAF Enabled - Ensure that all Application Load Balancers have WAF enabled.

ELBv2 No Instances - Detects ELBs that have no target groups attached.

ELBv2 HTTPS Only - Ensures ELBs are configured to only accept connections on HTTPS ports.

ELBv2 Logging Enabled - Ensures load balancers have request logging enabled.

DMS Encryption Enabled - Ensures DMS encryption is enabled using CMK.

DynamoDB KMS Encryption - Ensures DynamoDB tables are encrypted using a customer-owned KMS key.


Azure:

Open Docker - Determine if Docker port 2375 or 2376 is open to the public.


GCP:

Open Docker - Determine if Docker port 2375 or 2376 is open to the public.


Oracle:

Open Docker - Determine if TCP port 2375 or 2376 for Docker is open to the public.

Open Salt - Determine if TCP ports 4505 or 4506 for the Salt master are open to the public.