On June 10th, 2021, Aqua will release and activate the following new plugins. They can be tested ahead of time using the "Live Run" tool and optionally suppressed if required. If you have selected the "Suppress All New Plugins" option from the "Account Settings" page, then no action is required and they will be pre-suppressed in your account prior to release.


New Plugins


Azure

*In this release, we are enabling new risk notifications for Azure plugins for all customers who are opted in. This will include the "New" flag for scan reports.*


Web Apps Always On Enabled

Ensures that Azure Web Apps have Always On feature enabled.


Web Apps Remote Debugging Disabled

Ensures that Azure Web Apps have remote debugging disabled.


SQL Server Auto-Failover Groups Enabled

Ensures that auto-failover groups are configured for Azure SQL database servers.


Disk Volumes BYOK Encryption Enabled

Ensures that Azure virtual machine disks have BYOK (Customer-Managed Key) encryption enabled.


Old VM Disk Snapshots

Ensures that virtual machines do not have older disk snapshots.


Virtual Machine Performance Diagnostics Enabled

Ensures that performance diagnostics is enabled on virtual machines.


Premium SSD Disabled

Ensures that the Azure virtual machines are configured to use standard SSD disk volumes instead of premium SSD disk volumes for managed disks.


Scale Sets Health Monitoring Enabled

Ensures that health monitoring is enabled for virtual machine scale sets.


VM Active Directory (AD) Authentication Enabled

Ensures that Azure Active Directory (AD) authentication is enabled for virtual machines.


Virtual Machine Boot Diagnostics Enabled

Ensures that the VM boot diagnostics is enabled for virtual machines.


Managed NAT Gateway In Use

Ensure Azure Virtual Network Managed NAT (Network Address Translation) Gateway service is enabled for Virtual Network.


No Network Gateways Connections

Ensures that virtual network gateways do not have any established connections.


No Network Gateways In Use

Ensures that Virtual Networks are using subnets and network security groups instead of virtual network gateways.


Virtual Network Peering

Ensures that Virtual Network has peering connection only with a virtual network in whitelisted subscription.


VM Approved Extensions

Ensures that approved virtual machine extensions are installed.


Guest Level Diagnostics Enabled

Ensures that the guest level diagnostics are enabled


Scale Sets Autoscale Notifications Enabled

Ensures that Virtual Machine scale sets have autoscale notifications enabled.


VM Instant Restore Backup Retention Period

Ensures that VM instant restore backup retention policy is configured to retain backups for the desired number of days.


VM Backups Enabled

Ensures that Azure virtual machine backups are enabled.


VM Daily Backup Retention Period

Ensures that VM daily backup retention policy is configured to retain backups for the desired number of days.


VM Desired SKU Size

Ensures that virtual machines are using the desired SKU size.


Access Keys Regenerated Periodically

Ensures that storage account access keys are being regenerated periodically.


Google

PostgreSQL Log Min Duration Statement

Ensures SQL instances for PostgreSQL type have log min duration statement flag disabled.


PostgreSQL Log Min Error Statement

Ensures SQL instances for PostgreSQL type have log min error statement flag set to Error.


PostgreSQL Log Temp Files

Ensures SQL instances for PostgreSQL type have log temp files flag enabled.


SQLServer Contained Database Authentication

Ensures SQL instances for SQLServer type have Contained Database Authentication flag disabled.


SQLServer Cross Db Ownership Chaining

Ensures SQL instances for SQLServer type have cross db ownership chaining flag disabled.


SQL Public Access Disabled

Ensures SQL instances does not have public access enabled.


Bucket Uniform Level Access

Ensures uniform level access is enabled on storage buckets


Instance Public Access Disabled

Ensures that instances are not configured to allow public access


Default Service Account

Ensures that instances are not configured to use the default service account


Shielded VM Enabled

Ensures that instances are configured with the shielded VM enabled


RDS Public Access

Ensure that RDS DB instances are not publicly accessible.


RDS Auditing Enabled

Ensure that RDS DB instances events and activities are being logged to help fix any suspicious activities or security issues.


Oracle

Users Email Verified

Ensure all IAM user accounts have a valid and current email address.