diff --git a/installer/resources/pacbot_app/files/DB_Policy.sql b/installer/resources/pacbot_app/files/DB_Policy.sql
index f49113d8f1..24481726a1 100644
--- a/installer/resources/pacbot_app/files/DB_Policy.sql
+++ b/installer/resources/pacbot_app/files/DB_Policy.sql
@@ -241,7 +241,7 @@ INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_CMK_Encryption_For_Storage_Account_version-1_storageaccount','azure_enable_storage_account_customer_managed_key_encryption','EnableStorageAccountCMKEncryption','Enable Azure Storage Account Customer Managed Keys','Customer Managed Keys allow customers to control their own encryption keys for Azure Storage accounts, providing an extra layer of security and enabling greater regulatory compliance. This feature allows customers to generate, store, and revoke their own encryption keys in Azure Key Vault, ensuring that they have full control over who can access their data. Additionally, customers can rotate their encryption keys as needed to further enhance security. Using Customer Managed Keys is a best practice for ensuring the highest level of security for Azure Storage account data. ','create the Microsoft Azure Key Vault where the required Customer Managed Key and also create the Customer Managed Key (CMK), required to encrypt data within Microsoft Azure Storage account','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#use-cmk-to-encrypt-azure-storage','storageaccount','azure','EnableStorageAccountCMKEncryption','{\"params\":[{\"encrypt\":false,\"value\":\"check-customer-managed-keys-encryption-enabled-for-storage-account\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_CMK_Encryption_For_Storage_Account_version-1_storageaccount\",\"autofix\":false,\"alexaKeyword\":\"EnableStorageAccountCMKEncryption\",\"policyRestUrl\":\"\",\"targetType\":\"storageaccount\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_storage_account_customer_managed_key_encryption\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_storage_account_customer_managed_key_encryption','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-18','2022-05-18','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Database_Tier_Customer_Managed_Key','Azure_Enable_Database_Tier_Customer_Managed_Key','Azure_Enable_Database_Tier_Customer_Managed_Key','Create AWS KMS Customer Master Key for Database-Tier','Using your own AWS KMS Customer Master Key (CMK) for encryption of data in your database-tier provides you with complete control over encryption key ownership and usage. It\'s recommended to create an Amazon KMS Customer Master Key (CMK) for your database tier to protect data-at-rest in your AWS web stack and meet security and compliance requirements. You can easily rotate, audit, and disable the key with Amazon KMS. Additionally, it\'s advised to tag AWS resources in your database tier to better manage and organize your resources.','create and configure a dedicated Customer-Managed Key (CMK) for the Azure cloud resources provisioned within your Database tier','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#use-cmk-to-encrypt-azure-storage','vaults','azure','Enable_Database_Tier_Customer_Managed_Key','{\"assetGroup\":\"azure\",\"policyId\":\"Azure_Enable_Database_Tier_Customer_Managed_Key\",\"policyRestUrl\":\"\",\"environmentVariables\":[],\"policyUUID\":\"Azure_Enable_Database_Tier_Customer_Managed_Key\",\"policyType\":\"ManagePolicy\",\"pac_ds\":\"azure\",\"targetType\":\"vaults\",\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-keyvault-rule-alert\",\"key\":\"policyKey\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"selected Customer Master Key  is not an Database-tier resource\",\"key\":\"failure\"},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"selected Customer Master Key  is an Database-tier resource\",\"key\":\"SUCCESS\"},{\"isValueNew\":true,\"defaultVal\":\"cc-production-vault,cc-user-access-vault\",\"encrypt\":false,\"isEdit\":true,\"displayName\":\"Keyvault name\",\"description\":\"Keyvault name\",\"value\":\"cc-production-vault,cc-user-access-vault\",\"key\":\"keyValutName\",\"isMandatory\":true},{\"isValueNew\":true,\"defaultVal\":\"Owner\",\"encrypt\":false,\"isEdit\":true,\"displayName\":\"Keyvault key\",\"description\":\"Keyvault key\",\"value\":\"Owner\",\"key\":\"keyVaultKey\",\"isMandatory\":true},{\"isValueNew\":true,\"defaultVal\":\"AzSQLManager\",\"encrypt\":false,\"isEdit\":true,\"displayName\":\"Keyvault value\",\"description\":\"Keyvault value\",\"value\":\"AzSQLManager\",\"key\":\"keyVaultValue\",\"isMandatory\":true},{\"isValueNew\":true,\"encrypt\":false,\"value\":\"Ensure Database Tier Customer-Managed Key\",\"key\":\"policyName\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"autofix\":false,\"alexaKeyword\":\"Enable_Database_Tier_Customer_Managed_Key\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Azure_Enable_Database_Tier_Customer_Managed_Key','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-25','2022-05-25','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Email_Alerts_for_SQL_Threat_Detection_Service_version-1_sqldatabase','azure_sqldatabase_enable_email_alerts','EnableEmailAlerts','Enable Alert for Azure SQL Advanced Threat Detection','Enabling alerts for Azure SQL Advanced Threat Detection is important for detecting and preventing potential data breaches or unauthorized access to sensitive data. It is also necessary for compliance with security standards and regulations, including GDPR and HIPAA, which require regular monitoring and incident detection.','Provide one or more recepients emails','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-azure-sql-advanced-threat-detection-alerts','sqldatabase','azure','EnableEmailAlerts','{\"params\":[{\"encrypt\":false,\"value\":\"check-email-alerts-enabled-for-sql-threat-detection\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Email_Alerts_for_SQL_Threat_Detection_Service_version-1_sqldatabase\",\"autofix\":false,\"alexaKeyword\":\"EnableEmailAlerts\",\"policyRestUrl\":\"\",\"targetType\":\"sqldatabase\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_sqldatabase_enable_email_alerts\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/check-email-alerts-enabled-for-sql-threat-detection','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-10','2022-05-10','ENABLED');
-INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine','azure_enable_boot_disk_encryption_virtualmachine','EnableBootDiskVolumesEncryption','Encrypt VMs with Disk Encryption using Key Vault','Azure Disk Encryption uses DM-Crypt for Linux and BitLocker for Windows to provide volume encryption for OS and data disks of Azure virtual machines (VMs), integrated with Azure Key Vault for managing encryption keys and secrets. Enabling Azure Disk Encryption is recommended for production data to protect VM disks from unauthorized access and meet compliance requirements. Encrypting boot volumes ensures entire VM data is unrecoverable without a key, providing protection from unwarranted reads. It is essential to encrypt Microsoft Azure virtual machine (VM) boot volumes using Azure Disk Encryption and integrated Azure Key Vault to meet security and compliance requirements.','create the Microsoft Azure Key Vault where the disk encryption key will be placed and set encryption enabled as true','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-boot-disk','virtualmachine','azure','EnableBootDiskVolumesEncryption','{\"params\":[{\"encrypt\":false,\"value\":\"check-encryption-enabled-for-boot-disk-volumes\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"EnableBootDiskVolumesEncryption\",\"policyRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_boot_disk_encryption_virtualmachine\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_boot_disk_encryption_virtualmachine','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-12','2022-05-12','ENABLED');
+INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine','azure_enable_boot_disk_encryption_virtualmachine','EnableBootDiskVolumesEncryption','Encrypt VM Boot Disk using Key Vault','Azure Disk Encryption uses DM-Crypt for Linux and BitLocker for Windows to provide volume encryption for OS and data disks of Azure virtual machines (VMs), integrated with Azure Key Vault for managing encryption keys and secrets. Enabling Azure Disk Encryption is recommended for production data to protect VM disks from unauthorized access and meet compliance requirements. Encrypting boot volumes ensures entire VM data is unrecoverable without a key, providing protection from unwarranted reads. It is essential to encrypt Microsoft Azure virtual machine (VM) boot volumes using Azure Disk Encryption and integrated Azure Key Vault to meet security and compliance requirements.','create the Microsoft Azure Key Vault where the disk encryption key will be placed and set encryption enabled as true','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-boot-disk','virtualmachine','azure','EnableBootDiskVolumesEncryption','{\"params\":[{\"encrypt\":false,\"value\":\"check-encryption-enabled-for-boot-disk-volumes\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"Application,Environment,Stack,Role\",\"key\":\"mandatoryTags\",\"isMandatory\":true,\"description\":\"Assets should have these mandatory tags\",\"defaultVal\":\"Application,Environment,Stack,Role\",\"displayName\":\"Mandatory tags\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine\",\"autofix\":false,\"alexaKeyword\":\"EnableBootDiskVolumesEncryption\",\"policyRestUrl\":\"\",\"targetType\":\"virtualmachine\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_boot_disk_encryption_virtualmachine\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_boot_disk_encryption_virtualmachine','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-12','2022-05-12','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Network_Security_for_FTP','azure_enable_network_security_FTP','Enable_Network_Security_for_FTP','Deny Public Access to FTP Ports 20 and 21','It is crucial to secure your Azure virtual machines associated with these NSGs by ensuring that Microsoft Azure network security groups (NSGs) do not permit unrestricted access on TCP ports 20 and 21, which are used for data transfer and communication by the File Transfer Protocol (FTP) client-server applications. Attackers might use brute-force methods to gain access to your Azure virtual machines through these ports, underscoring the importance of securing them.','Ensure that no network security groups allow unrestricted inbound access on TCP port 20,21 (FTP).','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#deny-public-access-to-ftp-ports-20-and-21','nsg','azure','Enable_Network_Security_for_FTP','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-nsg-rule\",\"key\":\"policyKey\"},{\"key\":\"protocol\",\"value\":\"tcp\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"port\",\"value\":\"20,21\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Deny unresticted access to FTP port NNN\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Network_Security_for_FTP\",\"autofix\":false,\"alexaKeyword\":\"Enable Network Security for FTP\",\"policyRestUrl\":\"\",\"targetType\":\"nsg\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_network_security_FTP\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_network_security_FTP','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-05-02','2022-05-02','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Network_Security_for_RPC','azure_enable_network_security_RPc','Enable_Network_Security_for_RPC','Deny Public Access to RPC Port 135','The Microsoft Message Queuing (MSMQ) and other Microsoft Windows/Windows Server software use the Remote Procedure Call (RPC) TCP port 135 for client-server communications. Allowing unrestricted access to this port can lead to hacking, ransomware, and denial-of-service (DoS) attacks. To reduce the attack surface, it is essential to follow the principle of least privilege and ensure that Microsoft Azure network security groups (NSGs) do not allow unrestricted access on TCP port 135. ',' Access should be restricted for permissive Network Security Groups with Internet-facing RPC','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#deny-public-access-to-rpc-port-135','nsg','azure','RPC','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-nsg-rule\",\"key\":\"policyKey\"},{\"key\":\"protocol\",\"value\":\"tcp\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"port\",\"value\":\"135\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Deny public access to RPC port 135\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Network_Security_for_RPC\",\"autofix\":false,\"alexaKeyword\":\"Enable Network Security for RPC\",\"policyRestUrl\":\"\",\"targetType\":\"nsg\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_network_security_RPC\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_network_security_RPC','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-05-02','2022-05-02','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Azure_Enable_Network_Security_for_SQLSERVER','azure_enable_network_security_SQLSERVER','Enable_Network_Security_for_SQLSERVER','Deny Public Access to SQL Server Port 1433','\nAllowing unrestricted access to TCP port 1433 can lead to malicious activities such as hacking, denial-of-service (DoS) attacks, and SQL injection attacks. To minimize the attack surface and adhere to the principle of least privilege, it is essential to ensure that all Microsoft Azure network security groups (NSGs) limit inbound access to TCP port 1433 to only trusted IP addresses. ',' Access should be restricted for permissive Network Security Groups with Internet-facing SQLSERVER','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#deny-public-access-to-sql-server-port-1433','nsg','azure','SQLSERVER','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-nsg-rule\",\"key\":\"policyKey\"},{\"key\":\"protocol\",\"value\":\"tcp\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"port\",\"value\":\"1433\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Deny public access to SQL Server port 1433\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Azure_Enable_Network_Security_for_SQLSERVER\",\"autofix\":false,\"alexaKeyword\":\"Enable Network Security for SQLSERVER\",\"policyRestUrl\":\"\",\"targetType\":\"nsg\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_enable_network_security_SQLSERVER\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_enable_network_security_SQLSERVER','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'','2022-05-02','2022-05-02','ENABLED');
@@ -380,7 +380,7 @@ INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Create_or_Update_SQL_Database_Log_Alert','Enable_Create_or_Update_SQL_Database_Log_Alert','Enable log Alert for Create/Update SQL DB','Enable Log Alert for Create/Update SQL DB','Ensure that an activity log alert is created for Create/Update SQL Database Rule events.',NULL,'https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Enable_Create_or_Update_SQL_Database_Log_Alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect create or update SQL Database events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to detect create or update SQL Database Rule  events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/write\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Create or Update SQL Database Log Alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"autofix\":false,\"alexaKeyword\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Create_or_Update_SQL_Database_Log_Alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Create_or_Update_SQL_Database_Log_Alert','high','operations','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-07','2022-07-07','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Delete_SQL_Database_Log_Alert','Enable_Delete_SQL_Database_Log_Alert','Enable log Alert for Delete SQL DB','Enable Log Alert for Delete SQL DB','To improve security and availability of Azure SQL databases and reduce the impact of accidental or intentional deletions, monitor for \"Delete Azure SQL Database\"\" events using Microsoft Azure Monitor service and an Azure activity log alert. This alert triggers notifications whenever events matching the conditions of \"\"Administrative\"\" category and \"\"Delete Azure SQL Database (Microsoft.Sql/servers/databases)\"\" signal name in the Activity Log occur.\"',NULL,'https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-log-alert','subscription','azure','Enable_Delete_SQL_Database_Log_Alert','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-activity-log-alert\",\"key\":\"policyKey\"},{\"key\":\"failure\",\"value\":\"selected alert rule is not  configured to detect delete SQL Database events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"selected alert rule is  configured to detect delete SQL Database Rule  events\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"field\",\"value\":\"operationName\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"equals\",\"value\":\"Microsoft.Sql/servers/databases/delete\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable Delete SQL Database Log Alert\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Delete_SQL_Database_Log_Alert\",\"autofix\":false,\"alexaKeyword\":\"Enable_Delete_SQL_Database_Log_Alert\",\"policyRestUrl\":\"\",\"targetType\":\"subscription\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Delete_SQL_Database_Log_Alert\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Delete_SQL_Database_Log_Alert','high','operations','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-07','2022-07-07','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Email_Subscription_Admin','Enable_Email_Subscription_Admin','Enable Also send email notifications to admins and subscription owners','Enable Vulnerability Assessment (VA) Setting \'Also Send email Notifications to Admins and Subscripti','Enabling the \"Also Send email Notifications to Admins and Subscription Owners\"\" setting in Vulnerability Assessment promotes timely remediation, improved security awareness, shared accountability, centralized communication, and comprehensive reporting. This helps maintain a proactive security posture and fosters a security-aware culture within the organization.\"','1.Go to SQL servers \n2.Select a server instance \n3.Click on Security Center \n4.Select Configure next to Enabled at subscription-level \n5.In Section Vulnerability Assessment Settings , configure Storage Accounts if not already \n6. Check/enable Also send email notifications to admins and subscription owners \n7. Click Save','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#Enable-send-email-notifications-to-admins-and-subscription-owners-in-vulnerability-settings-for-sql-server','sqlserver','azure','EmailSubscriptionAdminSQLServer','{\"params\":[{\"encrypt\":false,\"value\":\"check-if-emailSubscriptionAdmins-is-enabled\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\",\",\"key\":\"splitterChar\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Email_Subscription_Admin\",\"autofix\":false,\"alexaKeyword\":\"EmailSubscriptionAdminSQLServer\",\"policyRestUrl\":\"\",\"targetType\":\"sqlserver\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_Email_Subscription_Admin\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Email_Subscription_Admin','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-20','2022-10-20','ENABLED');
-INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Encryption_for_Unattached_Disk_Volumes','azure_Enable_Encryption_for_Unattached_Disk_Volumes','Enable_Encryption_for_Unattached_Disk_Volumes','Encrypt Unattached Disk Volumes','Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine. We recommend encrypting all disk volumes attached to Azure virtual machines within the application tier to ensure confidentiality and meet compliance and security requirements. It is also important to encrypt detached disk volumes using Azure Disk Encryption, which uses BitLocker for Windows and DM-Crypt for Linux to encrypt the OS and data disks of Azure virtual machines. Integration with Azure Key Vault allows for control and management of disk encryption keys and secrets. Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine.','enable encryption for your unattached Microsoft Azure VM disk volumes','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-unattached-disk-volumes','disk','azure','Enable_Encryption_for_Unattached_Disk_Volumes','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-postgree-ssl-enforcement\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable Encryption for Unattached Disk Volumes\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"autofix\":false,\"alexaKeyword\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyRestUrl\":\"\",\"targetType\":\"disk\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_Enable_Encryption_for_Unattached_Disk_Volumes','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-19','2022-05-19','ENABLED');
+INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Encryption_for_Unattached_Disk_Volumes','azure_Enable_Encryption_for_Unattached_Disk_Volumes','Enable_Encryption_for_Unattached_Disk_Volumes','Encrypt Unattached Disk Volumes with CMK','Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine. We recommend encrypting all disk volumes attached to Azure virtual machines within the application tier to ensure confidentiality and meet compliance and security requirements. It is also important to encrypt detached disk volumes using Azure Disk Encryption, which uses BitLocker for Windows and DM-Crypt for Linux to encrypt the OS and data disks of Azure virtual machines. Integration with Azure Key Vault allows for control and management of disk encryption keys and secrets. Unencrypted detached disk volumes pose a risk of sensitive information disclosure, even if they are not mounted to any virtual machine.','enable encryption for your unattached Microsoft Azure VM disk volumes','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#encrypt-unattached-disk-volumes','disk','azure','Enable_Encryption_for_Unattached_Disk_Volumes','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-azure-postgree-ssl-enforcement\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable Encryption for Unattached Disk Volumes\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"autofix\":false,\"alexaKeyword\":\"Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyRestUrl\":\"\",\"targetType\":\"disk\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"azure_Enable_Encryption_for_Unattached_Disk_Volumes\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/azure_Enable_Encryption_for_Unattached_Disk_Volumes','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-05-19','2022-05-19','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_HTTPS_For_LoadBalancer','Enable_HTTPS_For_LoadBalancer','Enable https for load balancer','Enable HTTPS for Google Cloud Load Balancers','It is crucial to enforce HTTPS for your Google Cloud load balancers to protect the communication between clients and load balancers from eavesdropping and MITM attacks. This is especially important when sensitive data is involved. Configuring valid SSL/TLS certificates on GCP load balancers is essential to ensure encrypted web traffic between clients and load balancers.','1. Navigate to Cloud Load Balancing dashboard at https://console.cloud.google.com/net-services/loadbalancing.\n2. On the Load balancing page, select Load balancers to access the list with the Google Cloud load balancers created for the selected project\n3. Choose the HTTP load balancer that you want to reconfigure , click on the 3-dot button to access the options menu, then select Edit\n4. On the Edit HTTP(S) load balancer page, select Frontend configuration tab, and choose Add Frontend IP and port to create a new, secure frontend configuration for the selected load balancer\n5. On the Edit HTTP(S) load balancer page, click Update to associate the newly created HTTPS frontend configuration with the selected Google Cloud load balancer','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#Enable-HTTPS-for-Google-Cloud-Load-Balancers','gcploadbalancer','gcp','Enable_HTTPS_For_LoadBalancer','{\"params\":[{\"encrypt\":false,\"value\":\"enable-https-for-loadbalancer\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_HTTPS_For_LoadBalancer\",\"autofix\":false,\"alexaKeyword\":\"Enable_HTTPS_For_LoadBalancer\",\"policyRestUrl\":\"\",\"targetType\":\"gcploadbalancer\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_HTTPS_For_LoadBalancer\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_HTTPS_For_LoadBalancer','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-12-08','2022-12-08','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Https_For_Cloudfunc','Enable_Https_For_Cloudfunc','Enable_Https_For_Cloudfunc','Enable https for Cloud Functions','This policy identifies GCP Cloud Functions for which the HTTP trigger is not secured. When you configure HTTP functions to be triggered only with HTTPS, user requests will be redirected to use the HTTPS protocol, which is more secure. It is recommended to set the \'Require HTTPS\' for configuring HTTP triggers while deploying your function.','1. Login to GCP console\n2. Navigate to \'Cloud Functions\' service (Left Panel)\n3. Click on the alerting function\n4. Click on \'EDIT\'\n5. Under section \'Trigger\', click on \'EDIT\'\n6. Select the checkbox against the field \'Require HTTPS\'\n7. Click on \'SAVE\'\n8. Click on \'NEXT\'\n9. Click on \'DEPLOY\'','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#gcp-cloud-function-http-trigger-is-not-secured','cloudfunctiongen1','gcp','cloudfunctionhttps','{\"params\":[{\"encrypt\":false,\"value\":\"Enable-Https-For-Cloudfunc\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Https_For_Cloudfunc\",\"autofix\":false,\"policyRestUrl\":\"\",\"targetType\":\"cloudfunctiongen1\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_Https_For_Cloudfunc\",\"policyType\":\"ManagePolicy\"}','0 0 ? * MON *','','','ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Https_For_Cloudfunc','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'admin@paladincloud.io','2023-01-18','2023-01-18','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_Integrity_Monitoring_For_Node_Pool','Enable_Integrity_Monitoring_For_Node_Pool','Integrity Monitoring should be enabled','Enable Integrity Monitoring for Shielded GKE Nodes','Enabling integrity monitoring for Shielded Google Kubernetes Engine (GKE) nodes is important for ensuring the security and integrity of your Kubernetes clusters. Shielded GKE nodes use advanced security features to protect the nodes from potential attacks or tampering, and integrity monitoring ensures that the nodes have not been modified in an unauthorized way. Enabling integrity monitoring can help detect potential security breaches, configure alerts and notifications, and respond to potential threats in a timely manner. This is a best practice for maintaining the security and integrity of your Kubernetes clusters.','Once a Node pool is provisioned, it cannot be updated to enable Integrity Monitoring. You must create new Node pools within the cluster with Integrity Monitoring enabled Using Google Cloud Console \n1. Go to Kubernetes Engine by visiting https://console.cloud.google.com/kubernetes/list \n2. From the list of clusters, click on the cluster requiring the update and click ADD NODE POOL \n3. Ensure that the Integrity monitoring checkbox is checked under the Shielded options Heading. \n4. Click SAVE.','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#Enable-Integrity-Monitoring-for-Shielded-GKE-Nodes','gkecluster','gcp','IntegrityMonitoringForNodePool','{\"params\":[{\"encrypt\":false,\"value\":\"enable-node-pool-managements\",\"key\":\"policyKey\"},{\"key\":\"nodePoolKey\",\"value\":\"enableIntegrityMonitoring\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"description\",\"value\":\"Ensure Integrity monitoring for GKE nodes enabled\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"Integrity monitoring for GKE nodes disabled\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_Integrity_Monitoring_For_Node_Pool\",\"autofix\":false,\"alexaKeyword\":\"IntegrityMonitoringForNodePool\",\"policyRestUrl\":\"\",\"targetType\":\"gkecluster\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_Integrity_Monitoring_For_Node_Pool\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_Integrity_Monitoring_For_Node_Pool','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-27','2022-10-27','ENABLED');
@@ -406,7 +406,6 @@ INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisp
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_rbac_for_azure_kubernetes','Enable_rbac_for_azure_kubernetes','Enable RBAC for Azure Kubernetes Services','Enable RBAC for Azure Kubernetes Services','Enabling Role-Based Access Control (RBAC) for Azure Kubernetes Services (AKS) is crucial for maintaining a secure and compliant environment. It provides granular control over access to AKS resources, limits the attack surface, ensures compliance with regulatory frameworks, enables audit trails, and provides flexibility in managing access to AKS resources.','1. Login to Azure and navigate to Kubernetes Services.\n2. For each Kubernetes Services instance, click on Automation Script. \n3. Ensure that each variable enableRBAC is set to true.','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-role-based-access-control-rbac-within-azure-kubernetes-services','kubernetes','azure','EnableRbacForAzureKubernetes','{\"params\":[{\"encrypt\":false,\"value\":\"enable-rbac-role-for-kubernetes\",\"key\":\"policyKey\"},{\"key\":\"description\",\"value\":\"Enable RBAC for Azure Kubernetes Services.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"SUCCESS\",\"value\":\"In Azure kubernetes services, role-based access control is enabled.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"In Azure kubernetes services, role-based access control is not enabled.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable RBAC for Azure Kubernetes Services\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_rbac_for_azure_kubernetes\",\"autofix\":false,\"alexaKeyword\":\"EnableRbacForAzureKubernetes\",\"policyRestUrl\":\"\",\"targetType\":\"kubernetes\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_rbac_for_azure_kubernetes\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_rbac_for_azure_kubernetes','medium','operations','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-27','2022-10-27','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_skip_show_database_for_MySQL_Server_DB_Instances','Enable_skip_show_database_for_MySQL_Server_DB_Instances','Enable skip_show_database Flag for Cloud SQL','Enable skip_show_database Flag for Cloud SQL','Enabling the skip_show_database flag for Cloud SQL can hide the names of databases from users who do not have the necessary privileges to view them, which can provide some additional security benefits. However, it may not be appropriate for all use cases, such as multi-tenant applications or cases where specific users or groups require access to specific databases. It\'s important to carefully consider whether this flag is appropriate for your specific use case and to use other methods to restrict access to specific databases if needed.',' Set skip_show_database database flag for Cloud SQL Mysql instance to on','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#enable-skip_show_database-flag-for-cloud-sql','cloudsql_mysqlserver','gcp','mysqlserver','{\"params\":[{\"encrypt\":false,\"value\":\"disable-enable-database-flags-for-cloudsql-server\",\"key\":\"policyKey\"},{\"key\":\"dataBaseType\",\"value\":\"gcp_cloudsql_mysqlserver\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"dbFlagName\",\"value\":\"skip_show_database\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"dbFlagValue\",\"value\":\"on\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Enable skip_show_database Flag for Cloud SQL\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"description\",\"value\":\"Ensure that the skip_show_database database flag is enabled for your Google Cloud MySQL database instances in order to prevent users from using the SHOW DATABASES statement if they dont have this privilege.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"Skip_show_database flag is not enabled for your Google Cloud MySQL Server database instances\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_skip_show_database_for_MySQL_Server_DB_Instances\",\"autofix\":false,\"alexaKeyword\":\"mysqlserver\",\"policyRestUrl\":\"\",\"targetType\":\"cloudsql_mysqlserver\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enable_skip_show_database_for_MySQL_Server_DB_Instances\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_skip_show_database_for_MySQL_Server_DB_Instances','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-10-06','2022-10-06','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_soft_delete_for_Blob_storage','Enable_soft_delete_for_Blob_storage','Enable soft delete for  Blob storage','Enable Soft Delete for Blob Storage','Enabling Soft Delete for Blob Storage is crucial for protecting against accidental or malicious data deletion, ensuring compliance, simplifying data recovery, providing a cost-effective solution for data protection, and maintaining data integrity.','enable soft delete for blob service','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-soft-delete-for-blob-storage','blobservice','azure','Enable_soft_delete_for_Blob_storage','{\"params\":[{\"encrypt\":false,\"value\":\"enable-soft-delete-for-blob-storage-account\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable soft delete for  Blob storage\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_soft_delete_for_Blob_storage\",\"autofix\":false,\"alexaKeyword\":\"Enforce_cloud_SQL_incoming_Connections_To_Use_SSL\",\"policyRestUrl\":\"\",\"targetType\":\"blobservice\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_soft_delete_for_Blob_storage\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enforce_cloud_SQL_incoming_Connections_To_Use_SSL','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-09-15','2022-09-15','ENABLED');
-INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enable_transparent_data_encryption_for_sql_db','Enable_transparent_data_encryption_for_sql_db','Enable Transparent Data Encryption for SQL Database','Enable Transparent Data Encryption for SQL Database','Enabling Transparent Data Encryption (TDE) for SQL Database is crucial for protecting sensitive data at rest, ensuring compliance, protecting data privacy, minimizing performance impact, and simplifying management of encrypted databases and backups. TDE encrypts the data stored in the database and associated backups, making it unreadable without the appropriate encryption keys, and has minimal performance impact on SQL Database.','set transparent data encryption  to On.','https://github.com/PaladinCloud/CE/wiki/Azure-Policy#enable-transparent-data-encryption-for-sql-database','sqldatabase','azure','Enable_transparent_data_encryption_for_sql_db','{\"params\":[{\"encrypt\":false,\"value\":\"check-for-transparent-data-encryption\",\"key\":\"policyKey\"},{\"key\":\"policyName\",\"value\":\"Enable transparent data encryption for sql database\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"medium\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"operations\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enable_transparent_data_encryption_for_sql_db\",\"autofix\":false,\"alexaKeyword\":\"Enable_transparent_data_encryption_for_sql_db\",\"policyRestUrl\":\"\",\"targetType\":\"sqldatabase\",\"pac_ds\":\"azure\",\"assetGroup\":\"azure\",\"policyUUID\":\"Enable_transparent_data_encryption_for_sql_db\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enable_transparent_data_encryption_for_sql_db','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-09-19','2022-09-19','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Encrypt_App_Layer_secrets_for_GKE_Cluster','Encrypt_App_Layer_secrets_for_GKE_Cluster','Encrypt App layer secret in GKE Cluster','Encrypt Application Layer Secrets for GKE Cluster','Google Kubernetes Engine (GKE) automatically encrypts all customer content, including Secrets, when it\'s at rest without requiring additional input. Application-layer secrets encryption is another security measure for sensitive data kept in etcd by allowing data encryption at the application level with a Cloud KMS key. This provides added protection against offline attacks. To use this encryption method, it is necessary to first create a Cloud KMS key and give GKE service account access. The Cloud KMS key should be situated in the same location as the cluster to decrease latency and prevent problems with multiple failure domains. When the encryption feature is enabled, both new and existing Secrets are encrypted utilizing the designated encryption key.','update GKE cluster configuration to enable App-layer secrets encryption.','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#encrypt-application-layer-secrets-for-gke-cluster','gkecluster','gcp','Kubernate_Engine_cluster','{\"params\":[{\"encrypt\":false,\"value\":\"encrypt-App-layer-secret-in-GKE-Cluster\",\"key\":\"policyKey\"},{\"key\":\"description\",\"value\":\"Use CMK to encrypt App layer secrets for GKE cluster\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"App-Layer secrets encryption is not enable using cmk.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"esSgRulesUrl\",\"value\":\"/gcp_gkecluster/_search\",\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Encrypt App layer secret in GKE Cluster\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"critical\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Encrypt_App_Layer_secrets_for_GKE_Cluster\",\"autofix\":false,\"alexaKeyword\":\"Kubernate_Engine_cluster\",\"policyRestUrl\":\"\",\"targetType\":\"gkecluster\",\"pac_ds\":\"azure\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Encrypt_App_Layer_secrets_for_GKE_Cluster\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Encrypt_App_Layer_secrets_for_GKE_Cluster','critical','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-19','2022-07-19','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Encrypt_GKE_Cluster_Node_with_CMK','Encrypt_GKE_Cluster_Node_with_CMK','Encrypt GKE Cluster Node using CMK','Encrypt GKE Cluster Node using CMK','To gain finer control over your GKE data encryption/decryption process, use Customer-Managed Keys (CMKs) to encrypt cluster nodes. Cloud KMS allows you to create and manage your own CMKs, offering secure encryption key management. Although GKE automatically encrypts data at rest, using your own CMKs is recommended for meeting strict compliance requirements and protecting sensitive GKE data.','To enable encryption with Customer-Managed Keys (CMKs) for your Google Kubernetes Engine (GKE) cluster nodes, you have to re-create the existing GKE cluster node pools with the appropriate encryption configuration ','https://github.com/PaladinCloud/CE/wiki/GCP-Policy#encrypt-gke-cluster-node-using-cmk','gkecluster','gcp','Kubernate_Engine_cluster','{\"params\":[{\"encrypt\":false,\"value\":\"check-node-encryption-access-for-gke-cluster\",\"key\":\"policyKey\"},{\"key\":\"description\",\"value\":\"Use CMK to encrypt GKE Cluster Node\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"violationReason\",\"value\":\"GKE Cluster node encryption is not enable using cmk.\",\"isValueNew\":true,\"encrypt\":false},{\"key\":\"esSgRulesUrl\",\"value\":\"/gcp_gkecluster/_search\",\"encrypt\":false},{\"key\":\"policyName\",\"value\":\"Use CMK to encrypt GKE Cluster Node\",\"isValueNew\":true,\"encrypt\":false},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Encrypt_GKE_Cluster_Node_with_CMK\",\"autofix\":false,\"alexaKeyword\":\"Kubernate_Engine_cluster\",\"policyRestUrl\":\"\",\"targetType\":\"gkecluster\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Encrypt_GKE_Cluster_Node_with_CMK\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Use CMK to encrypt GKE Cluster Node','medium','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-07-19','2022-07-19','ENABLED');
 INSERT  IGNORE INTO cf_PolicyTable (policyId, policyUUID, policyName, policyDisplayName, policyDesc, resolution, resolutionUrl, targetType, assetGroup, alexaKeyword, policyParams, policyFrequency, policyExecutable, policyRestUrl, policyType, policyArn, severity, category, autoFixAvailable, autoFixEnabled, allowList, waitingTime, maxEmailNotification, templateName, templateColumns, fixType, warningMailSubject, fixMailSubject, warningMessage, fixMessage, violationMessage, elapsedTime, userId, createdDate, modifiedDate, status) VALUES ('Enforce_Separate_Service_Account_Duties_for_Users','Enforce_Separate_Service_Account_Duties_for_Users','Enforce Separate Service Account Duties for Users','Enforce Separate Service Account Duties for Users','Ensure that the principle of separation of duties (SoD) is applied to all Google Cloud Platform (GCP) service-account related roles. SoD, aimed at preventing fraud and human error, distributes tasks and associated privileges for a specific business process among multiple users/members. Adhering to security best practices, GCP service accounts should not concurrently have the Service Account Admin and Service Account User roles assigned. Enforcing SoD helps eliminate the need for high-privileged IAM members, reducing the risk of malicious or unwanted actions.',NULL,'https://github.com/PaladinCloud/CE/wiki/GCP-Policy#enforce-separate-service-account-duties-for-users','iamusers','gcp','Enforce_Separate_Service_Account_Duties_for_Users','{\"params\":[{\"encrypt\":false,\"value\":\"enforce-Separate-Service-Account-Duties-for-Users\",\"key\":\"policyKey\"},{\"encrypt\":false,\"value\":\"high\",\"key\":\"severity\"},{\"encrypt\":false,\"value\":\"security\",\"key\":\"policyCategory\"},{\"encrypt\":false,\"value\":\"\",\"key\":\"policyOwner\"}],\"environmentVariables\":[],\"policyId\":\"Enforce_Separate_Service_Account_Duties_for_Users\",\"autofix\":false,\"alexaKeyword\":\"Enforce_Separate_Service_Account_Duties_for_Users\",\"policyRestUrl\":\"\",\"targetType\":\"iamusers\",\"pac_ds\":\"gcp\",\"assetGroup\":\"gcp\",\"policyUUID\":\"Enforce_Separate_Service_Account_Duties_for_Users\",\"policyType\":\"ManagePolicy\"}','0 0/6 * * ? *',NULL,NULL,'ManagePolicy','arn:aws:events:us-east-1:***REMOVED***:rule/Enforce_Separate_Service_Account_Duties_for_Users','high','security','false','false',NULL,24,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,24,'ASGC','2022-11-01','2022-11-01','ENABLED');
@@ -1675,9 +1674,6 @@ INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `def
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_soft_delete_for_Blob_storage','policyKey','enable-soft-delete-for-blob-storage-account','','false','false','false','','');
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_soft_delete_for_Blob_storage','policyName','Enable soft delete for  Blob storage','','false','false','false','','');
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_soft_delete_for_Blob_storage','policyOwner','','','false','false','false','','');
-INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_transparent_data_encryption_for_sql_db','policyKey','check-for-transparent-data-encryption','','false','false','false','','');
-INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_transparent_data_encryption_for_sql_db','policyName','Enable transparent data encryption for sql database','','false','false','false','','');
-INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Enable_transparent_data_encryption_for_sql_db','policyOwner','','','false','false','false','','');
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Encrypt_App_Layer_secrets_for_GKE_Cluster','policyKey','encrypt-App-layer-secret-in-GKE-Cluster','','false','false','false','','');
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Encrypt_App_Layer_secrets_for_GKE_Cluster','description','Use CMK to encrypt App layer secrets for GKE cluster','','false','false','false','','');
 INSERT IGNORE INTO `cf_PolicyParams` (`policyID`, `paramKey`, `paramValue`, `defaultVal`, `isEdit`, `isMandatory`, `encrypt`, `displayName`, `description`) VALUES ('Encrypt_App_Layer_secrets_for_GKE_Cluster','violationReason','App-Layer secrets encryption is not enable using cmk.','','false','false','false','','');
@@ -2939,7 +2935,6 @@ UPDATE cf_PolicyTable SET policyDisplayName ='Enable Log Alert for Delete Securi
 UPDATE cf_PolicyTable SET policyDisplayName ='Enable Log Alert for Delete Policy Assignment' WHERE policyId ='Enable_Azure_Account_Delete_Policy_Assignment_Event_log_alert';
 UPDATE cf_PolicyTable SET policyDisplayName ='Enable Auto-Repair for GKE Nodes' WHERE policyId ='Enable_Auto_Repair_for_GKE_nodes';
 UPDATE cf_PolicyTable SET policyDisplayName ='Secure Your Google Cloud Load Balancers with HTTPS and SSL/TLS Certificates' WHERE policyId ='Enable_HTTPS_For_LoadBalancer';
-UPDATE cf_PolicyTable SET policyDisplayName ='Secure Your SQL Database with Transparent Data Encryption (TDE)' WHERE policyId ='Enable_transparent_data_encryption_for_sql_db';
 UPDATE cf_PolicyTable SET policyDisplayName ='Enhance Security with Specific API Restrictions for Google Cloud API Keys',policyDesc ='Enhance security by restricting Google Cloud API keys to specific APIs like Cloud Key Management Service (KMS), Cloud Storage, Cloud Monitoring, and Cloud Logging. Applying API restrictions for production applications is essential to follow cloud security best practices and minimize potential risks. By doing so, you protect your application and data from unauthorized access and potential attacks.' WHERE policyId ='Enable_API_Key_Restrictions';
 UPDATE cf_PolicyTable SET policyDisplayName ='Secure Google Cloud API Keys with Application Restrictions',policyDesc ='Secure Google Cloud API keys with application restrictions to limit access to trusted hosts, HTTP referrers, and specific Android/iOS applications. This prevents unauthorized usage and reduces the risk of compromising sensitive data. Implementing these restrictions is essential for following cloud security best practices and protecting your applications effectively.' WHERE policyId ='Enable_API_Key_Application_Restrictions';
 UPDATE cf_PolicyTable SET policyDisplayName ='Enable Automatic CMK Rotation' WHERE policyId ='AWSKMSKeyRotationEnabled_version-1_KeyRotationEnabled_kms';
@@ -3074,7 +3069,6 @@ update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-poli
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Configure-Latest-Minimum-TLS-Version-for-Storage-Account' where policyId='Enable_latest_TLS_version';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-RBAC-for-Azure-Kubernetes-Services' where policyId='Enable_rbac_for_azure_kubernetes';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-Soft-Delete-for-Blob-Storage' where policyId='Enable_soft_delete_for_Blob_storage';
-update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-Transparent-Data-Encryption-for-SQL-Database' where policyId='Enable_transparent_data_encryption_for_sql_db';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Enable-Active-Directory-on-Application-Services' where policyId='Ensure_Active_Directory_Web_App';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Redirect-All-Web-Application-Traffic-from-HTTP-to-HTTPS' where policyId='Ensure_Web_App_Redirects_All_HTTP_traffic_to_HTTPS';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Configure-the-Latest-TLS-Version-for-WebApp' where policyId='Ensure_Web_App_latest_TLS_version';
@@ -3088,7 +3082,6 @@ update cf_PolicyTable set resolutionUrl="https://paladincloud.io/docs/azure-poli
 update cf_PolicyTable set resolutionUrl="https://paladincloud.io/docs/azure-policy/#Enable-Azure-Defender-for-SQL-Database" where policyId="Enable_Azure_Defender_for_SQL_Database_version-1_SecurityPricing";
 update cf_PolicyTable set resolutionUrl="https://paladincloud.io/docs/azure-policy/#Enable-log-Alert-for-Delete-Policy-Assignment" where policyId="Enable_Azure_Account_Delete_Policy_Assignment_Event_log_alert";
 update cf_PolicyTable set resolutionUrl="https://paladincloud.io/docs/azure-policy/#Enable-log-Alert-for-Create/Update-Security-Solution" where policyId="Enable_Azure_Account_Security_Solution_log_alert";
-update cf_PolicyTable set resolutionUrl="https://paladincloud.io/docs/azure-policy/#Secure-Your-SQL-Database-with-Transparent-Data-Encryption-(TDE)" where policyId="Enable_transparent_data_encryption_for_sql_db";
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Delete-Unused-Scale-Set' where policyId='remove_unused_scale_set';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Delete-Unused-VM-Disk' where policyId='remove_unused_vm_disk';
 update cf_PolicyTable set resolutionUrl='https://paladincloud.io/docs/azure-policy/#Delete-Unused-Load-Balancer' where policyId='remove_unused_load_balancer';
@@ -3159,7 +3152,6 @@ UPDATE cf_PolicyTable SET policyDisplayName = 'Enable Vulnerability Assessment (
 UPDATE cf_PolicyTable SET policyDisplayName = 'Remove Inactive IAM users after n days' WHERE policyId ='CheckInactiveIamUser_version-1_CheckInactiveIamUser_iamuser_inNDays';
 
 UPDATE cf_PolicyParams SET paramValue = 'check-for-disk-encryption' WHERE policyID='Enable_Encryption_for_Unattached_Disk_Volumes' and paramKey='policyKey';
-UPDATE cf_PolicyTable SET policyDisplayName = 'Enable Transparent Data Encryption for SQL Database' WHERE policyId ='Enable_transparent_data_encryption_for_sql_db';
 UPDATE cf_PolicyTable SET policyDisplayName = 'Enable HTTPS for Google Cloud Load Balancers' WHERE policyId ='Enable_HTTPS_For_LoadBalancer';
 
 /* Updating target types for policies related to azure_kubernetes and gcp_gkecluster since targetName has changed */
@@ -3592,4 +3584,12 @@ UPDATE cf_PolicyTable SET policyDisplayName='CrowdStrike Found Low Vulnerabiliti
 
 UPDATE cf_PolicyTable SET severity='medium' WHERE policyId in ('GCP_Virtual_Machine_Disk_Encryption_CMK_Rule','GCP_Virtual_Machine_Disk_Encryption_CSEK_Rule','GCP_DataProc_CMK_Encryption','GCP_bigquery_table_encryption_cmks_rule','Cloud_Storage_should_be_encrypted_with_CMK','Use_CMK_to_encrypt_OS_and_Data_disk','Aws_appflow_encryption_using_KMS_CMKs_version-1_aws_KMS_CMKs_Encryption_appflow','Encrypt_GKE_Cluster_Node_with_CMK','GCP_PubSub_CMK_Encryption','Enable_Virtual_Machine_Disk_Volume_Customer_Managed_Key','Aws_dms_encryption_using_KMS_CMKs_version-1_aws_KMS_CMKs_Encryption_dms','Use_CMK_to_encrypt_Storage_Account_for_Activity_logs','AWS_ElasticSearch_Domain_Encryption_Using_CMK_KMS_Key_version-1_Enable_CloudTrail_Global_Services_cloudtrail');
 DELETE IGNORE FROM  cf_PolicyParams WHERE policyId='encrypt_os_and_data_disk';
-DELETE IGNORE FROM  cf_PolicyTable WHERE policyId='encrypt_os_and_data_disk';
\ No newline at end of file
+DELETE IGNORE FROM  cf_PolicyTable WHERE policyId='encrypt_os_and_data_disk';
+
+UPDATE cf_PolicyTable SET policyDisplayName='Encrypt VM Boot Disk using Key Vault' where policyId='Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine';
+UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes with CMK' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes';
+DELETE IGNORE FROM cf_PolicyParams WHERE policyId='Enable_transparent_data_encryption_for_sql_db';
+DELETE IGNORE FROM cf_PolicyTable WHERE policyId='Enable_transparent_data_encryption_for_sql_db';
+
+UPDATE cf_PolicyTable SET policyDisplayName='Encrypt VM Boot Disk using Key Vault' where policyId='Azure_Enable_Encryption_for_Boot_Disk_Volumes_version-1_virtualmachine';
+UPDATE cf_PolicyTable SET policyDisplayName='Encrypt Unattached Disk Volumes with CMK' where policyId='Enable_Encryption_for_Unattached_Disk_Volumes';
\ No newline at end of file