Hot Fixes/Enhancements:

AWS

EC2 Open Port Plugin

Modified plugin remediations to trigger on “ModifySecurityGroupRules” event as well.

EKS Latest Platform Version

Modified plugin to reflect changes from AWS with regards to Kubernetes platform version.

EKS Kubernetes Version

Modified plugin to reflect deprecated Kubernetes version 1.18. 

Lambda Old Runtimes

Modified plugin to reflect changes from AWS with regards to lambda runtimes.

RDS Restorable

Fixed a logical error in the plugin where logic is compared based on number of days instead of hours.


Azure

Network Watcher Enabled

Fixed false-negative issue in the plugin which was happening because of how metadata is being returned from Azure now. 


Regions

AWS

Added newly added regions for few of the services such as EKS, Devopsguru, SSM and more.

New plugins:

AWS

IAM Role Policy Unused Services

Ensure that IAM role policies are scoped properly as to not provide access to unused AWS services.

AZURE 

RSA Certificate Allowed Key Size

Ensures that Microsoft Azure Key Vault RSA certificates are using the allowed minimum key size..

Key Vault Secret Expiry

Proactively check for Key Vault secrets expiry date and rotate them before expiry date is reached.

Key Vault Key Expiry

Proactively check for Key Vault keys expiry date and rotate them before expiry date is reached.

Database Tier CMK In Use

Ensure that a Customer-Managed Key (CMK) is created and configured for your Microsoft Azure application tier.

Allowed Certificates Key Types

Ensures that Microsoft Azure Key Vault SSL certificates are using the allowed key types..

Manage Key Access and Permissions

Ensures that no Microsoft Azure user, group or application has administrator privileges to the Key Vaults.

App Tier CMK In Use

Ensure that a Customer-Managed Key (CMK) is created and configured for your Microsoft Azure application tier.

Active Advisor Recommendations

Ensure that all Microsoft Azure Advisor recommendations found are implemented to optimise your cloud deployments, increase security, and reduce costs.

Web Apps Azure Active Directory Enabled

Ensures that Azure Web Apps have Registration with Azure Active Directory is Enabled.

FTPS Only Access Enabled

Ensures that Azure Web Apps have FTPS only access enabled.

Web Apps Backup Enabled

Ensures that Azure Web Apps have automated backups enabled.

Web Apps Insights Enabled

Ensures that Application Insights feature is enabled.

Web Apps Backup Retention Period

Ensures that Azure Web Apps have recommended backup retention period.

SSL Certificate Auto Renewal

Ensures that Microsoft Azure Key Vault SSL certificates have auto renewal enabled.

Advanced Threat Protection Enabled

Ensures that Advanced Threat Protection is enabled for SQL Servers.

Enable Recurring Scans

Ensures that Period Recurring Scans is enabled for SQL Servers.

SQL Server Send Scan Reports

Ensures that Send Scan Reports is enabled for SQL Servers.

Send Emails to Admin and Owners Enabled

Ensures that Send Emails to admins and owners is enabled for SQL Servers.

Enable Defender For Containers

Ensures that Microsoft Defender is enabled for all containers.

Enable Defender For SQL Servers

Ensures that Microsoft Defender is enabled for Azure SQL Server Databases.

Enable Defender For Storage

Ensures that Microsoft Defender is enabled for Storage.

Enable Defender Endpoint Integration 

Ensures that Microsoft Defender for Endpoint integration is enabled.

Open UDP Ports    

Ensures that Internet exposed UDP ports on network security groups are disabled.


ORACLE

OKE Private Endpoint

Ensures the private endpoint setting is enabled for OKE clusters.

Users Password Last Used

Detect users that have not logged in for a period of time and should be deactivated

GOOGLE

API Key Application Restriction

Ensure there are no unrestricted API keys available within your GCP project.

PostgreSQL Latest Version

Ensure that PostgreSQL database servers are using the latest major version of PostgreSQL database.

MySQL Latest Version

Ensure that MySQL database servers are using the latest major version of MySQL database.

API Key Rotation

Ensure that your Google Cloud API Keys are periodically regenerated.

Restricted API Keys

Ensure that your Google Cloud API Keys are restricted to only those APIs that your application needs access to.

Disable Service Account Creation

Determine if "Disable Service Account Creation" policy is enforced at the GCP organisation level.

KMS Public Access

Ensures cryptographic keys are not publicly accessible.

Public Disk Images

Ensure that your disk images are not being shared publicly.

Instance Group Auto Healing Enabled

Ensures instance groups have auto-healing enabled for high availability.




Remediations:

AWS


CloudFormation Stack Termination Protection

Open Oracle Auto Data Warehouse