Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat:[PLG-621] Update severity for CMK policies #2305

Merged
merged 3 commits into from
Jul 29, 2024
Merged

feat:[PLG-621] Update severity for CMK policies #2305

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f23cbe9
feat:[PLG-621] Update severity for CMK policies
ershad-paladin Jul 26, 2024
b88ba4e
fix:dont update severity for EKS
ershad-paladin Jul 29, 2024
cc7823e
fix:changed severity in insert stmnts
ershad-paladin Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions installer/resources/pacbot_app/files/DB_Policy.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3638,17 +3638,13 @@ INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `def
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('cs_workstation_vulnerability_low','severityMatchCriteria','low','','false','false','false','','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('cs_workstation_vulnerability_low','asset_lookup_key','externalId','','false','false','false','','');

INSERT IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('encrypt_os_and_data_disk','encrypt_os_and_data_disk','Encrypt OS and Data Disk','Encrypt OS and Data Disk','Encrypting OS and data disks provides data protection, auditing and monitoring capabilities, key rotation, and compliance with industry regulations. Using services like Azure Disk Encryption and following best practices for key management helps maintain a secure environment and protect sensitive data.','Ensure that the OS disk and data disks have encryption enabled.','https://paladincloud.io/docs/azure-policy/#encrypt-os-and-data-disk','disk','azure','encrypt_os_and_data_disk','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-os-data-disks\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Encrypt OS and Data Disk\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"encrypt_os_and_data_disk\",\"autofix\":false,\"alexaKeyword\":\"encrypt_os_and_data_disk\",\"policyRestUrl\":\"\",\"targetType\":\"disk\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"encrypt_os_and_data_disk\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/encrypt_os_and_data_disk','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-08-23','2022-08-23','DISABLED');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('encrypt_os_and_data_disk','policyKey','check-for-os-data-disks','','false','false','false','','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('encrypt_os_and_data_disk','policyName','Encrypt OS and Data disk','','false','false','false','','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('encrypt_os_and_data_disk','policyOwner','','','false','false','false','','');
INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('encrypt_os_and_data_disk','isBasicEncryptionCheck','true','','false','false','false','','');

UPDATE cf_PolicyTable SET severity = 'medium' WHERE policyId = 'Use_CMK_to_encrypt_OS_and_Data_disk';
/* Remove entry for exiting customer */
Delete from cf_PolicyTable where policyId= 'TaggingRule_version-1_SecuritycenterTaggingRule_securitycenter';

UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found Critical Vulnerabilities' where policyId in ('ec2_cs_Vulnerability_critical','gcp_vm_cs_vulnerability_critical','azure_vm_cs_vulnerability_critical','cs_workstation_vulnerability_critical');
UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found High Vulnerabilities' where policyId in ('ec2_cs_Vulnerability_high','gcp_vm_cs_vulnerability_high','azure_vm_cs_vulnerability_high','cs_workstation_vulnerability_high');
UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found Medium Vulnerabilities' where policyId in ('ec2_cs_Vulnerability_medium','gcp_vm_cs_vulnerability_medium','azure_vm_cs_vulnerability_medium','cs_workstation_vulnerability_medium');
UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found Low Vulnerabilities' where policyId in ('ec2_cs_Vulnerability_low','gcp_vm_cs_vulnerability_low','azure_vm_cs_vulnerability_low','cs_workstation_vulnerability_low');
UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found Low Vulnerabilities' where policyId in ('ec2_cs_Vulnerability_low','gcp_vm_cs_vulnerability_low','azure_vm_cs_vulnerability_low','cs_workstation_vulnerability_low');

UPDATE cf_PolicyTable SET severity='medium' WHERE policyId in ('GCP_Virtual_Machine_Disk_Encryption_CMK_Rule','GCP_Virtual_Machine_Disk_Encryption_CSEK_Rule','GCP_DataProc_CMK_Encryption','GCP_bigquery_table_encryption_cmks_rule','Cloud_Storage_should_be_encrypted_with_CMK','Aws_EKS_secrets_should_be_encrypted_version-1_aws_enable_secret_encryption_eks','Use_CMK_to_encrypt_OS_and_Data_disk','Aws_appflow_encryption_using_KMS_CMKs_version-1_aws_KMS_CMKs_Encryption_appflow','Encrypt_GKE_Cluster_Node_with_CMK','GCP_PubSub_CMK_Encryption','Enable_Virtual_Machine_Disk_Volume_Customer_Managed_Key','Aws_dms_encryption_using_KMS_CMKs_version-1_aws_KMS_CMKs_Encryption_dms','Use_CMK_to_encrypt_Storage_Account_for_Activity_logs','AWS_ElasticSearch_Domain_Encryption_Using_CMK_KMS_Key_version-1_Enable_CloudTrail_Global_Services_cloudtrail');
DELETE IGNORE FROM cf_PolicyTable WHERE policyId='encrypt_os_and_data_disk';
Loading