-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(DocumentDB): New DocumentDB checks #4247
feat(DocumentDB): New DocumentDB checks #4247
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4247 +/- ##
==========================================
+ Coverage 86.65% 86.78% +0.12%
==========================================
Files 818 833 +15
Lines 25703 26114 +411
==========================================
+ Hits 22272 22662 +390
- Misses 3431 3452 +21 ☔ View full report in Codecov by Sentry. |
"CLI": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#", | ||
"NativeIaC": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#", | ||
"Other": "", | ||
"Terraform": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Terraform": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#" | |
"Terraform": "https://docs.prowler.com/checks/aws/general-policies/bc_aws_general_28/" |
"RelatedUrl": "https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-1", | ||
"Remediation": { | ||
"Code": { | ||
"CLI": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"CLI": "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/encryption-enabled.html#", | |
"CLI": "https://docs.prowler.com/checks/aws/general-policies/bc_aws_general_28/", |
@@ -0,0 +1,30 @@ | |||
{ | |||
"Provider": "aws", | |||
"CheckID": "documentdb_cluster_c_log_export", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"CheckID": "documentdb_cluster_c_log_export", | |
"CheckID": "documentdb_cluster_cloudwatch_log_export", |
cluster.backup_retention_period > 0 | ||
and cluster.backup_retention_period < 7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you put this as a configurable variable, please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @sansns ! Please, check my comments.
Addressed all the comments. |
Context
New Checks
Modified Checks
Description
Trend Conformity: https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DocumentDB/
AWS Security Hub: https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.