2021-06-10 New CSPM Plugin Release
On June 10th, 2021, Aqua will release and activate the following new plugins. They can be tested ahead of time using the "Live Run" tool and optionally suppressed if required. If you have selected the "Suppress All New Plugins" option from the "Account Settings" page, then no action is required and they will be pre-suppressed in your account prior to release.
New Plugins
Azure
*In this release, we are enabling new risk notifications for Azure plugins for all customers who are opted in. This will include the "New" flag for scan reports.*
Web Apps Always On Enabled
Ensures that Azure Web Apps have Always On feature enabled.
Web Apps Remote Debugging Disabled
Ensures that Azure Web Apps have remote debugging disabled.
SQL Server Auto-Failover Groups Enabled
Ensures that auto-failover groups are configured for Azure SQL database servers.
Disk Volumes BYOK Encryption Enabled
Ensures that Azure virtual machine disks have BYOK (Customer-Managed Key) encryption enabled.
Old VM Disk Snapshots
Ensures that virtual machines do not have older disk snapshots.
Virtual Machine Performance Diagnostics Enabled
Ensures that performance diagnostics is enabled on virtual machines.
Premium SSD Disabled
Ensures that the Azure virtual machines are configured to use standard SSD disk volumes instead of premium SSD disk volumes for managed disks.
Scale Sets Health Monitoring Enabled
Ensures that health monitoring is enabled for virtual machine scale sets.
VM Active Directory (AD) Authentication Enabled
Ensures that Azure Active Directory (AD) authentication is enabled for virtual machines.
Virtual Machine Boot Diagnostics Enabled
Ensures that the VM boot diagnostics is enabled for virtual machines.
Managed NAT Gateway In Use
Ensure Azure Virtual Network Managed NAT (Network Address Translation) Gateway service is enabled for Virtual Network.
No Network Gateways Connections
Ensures that virtual network gateways do not have any established connections.
No Network Gateways In Use
Ensures that Virtual Networks are using subnets and network security groups instead of virtual network gateways.
Virtual Network Peering
Ensures that Virtual Network has peering connection only with a virtual network in whitelisted subscription.
VM Approved Extensions
Ensures that approved virtual machine extensions are installed.
Guest Level Diagnostics Enabled
Ensures that the guest level diagnostics are enabled
Scale Sets Autoscale Notifications Enabled
Ensures that Virtual Machine scale sets have autoscale notifications enabled.
VM Instant Restore Backup Retention Period
Ensures that VM instant restore backup retention policy is configured to retain backups for the desired number of days.
VM Backups Enabled
Ensures that Azure virtual machine backups are enabled.
VM Daily Backup Retention Period
Ensures that VM daily backup retention policy is configured to retain backups for the desired number of days.
VM Desired SKU Size
Ensures that virtual machines are using the desired SKU size.
Access Keys Regenerated Periodically
Ensures that storage account access keys are being regenerated periodically.
PostgreSQL Log Min Duration Statement
Ensures SQL instances for PostgreSQL type have log min duration statement flag disabled.
PostgreSQL Log Min Error Statement
Ensures SQL instances for PostgreSQL type have log min error statement flag set to Error.
PostgreSQL Log Temp Files
Ensures SQL instances for PostgreSQL type have log temp files flag enabled.
SQLServer Contained Database Authentication
Ensures SQL instances for SQLServer type have Contained Database Authentication flag disabled.
SQLServer Cross Db Ownership Chaining
Ensures SQL instances for SQLServer type have cross db ownership chaining flag disabled.
SQL Public Access Disabled
Ensures SQL instances does not have public access enabled.
Bucket Uniform Level Access
Ensures uniform level access is enabled on storage buckets
Instance Public Access Disabled
Ensures that instances are not configured to allow public access
Default Service Account
Ensures that instances are not configured to use the default service account
Shielded VM Enabled
Ensures that instances are configured with the shielded VM enabled
RDS Public Access
Ensure that RDS DB instances are not publicly accessible.
RDS Auditing Enabled
Ensure that RDS DB instances events and activities are being logged to help fix any suspicious activities or security issues.
Oracle
Users Email Verified
Ensure all IAM user accounts have a valid and current email address.
Did you find it helpful? Yes No
Send feedback