Bot Templates
TRiA ships with over 100 bots focused on Security, Curation, Optimization, and Best Practices. You can use the bots as-is or use them as templates to simplify your bot creation and management. Listed below are the bots that ship with version 17.06 of our software.
Name |
Category |
Description |
|---|---|---|
Optimization |
Identify Big Data instances running unapproved instance types |
|
Security |
Identify Big Data instances that are accessible to the public |
|
Security |
Identify Big Data instances with a retention policy below a threshold (30 days by default) |
|
Security |
Identify Big Data instances that do not have encryption enabled |
|
Security |
Identify Big Data instances running noncompliant usernames for the master account |
|
Best Practices |
Identify inactive cloud service users who have not logged into the cloud provider console recently (45 days by default) |
|
Best Practices |
Identify cloud users with older API key credentials that should be rotated (90 days by default) |
|
Best Practices |
Identify cloud users running unauthorized policies |
|
Security |
Identify cloud users without two-factor (MFA) enabled |
|
Best Practices |
Identify accounts that have root login access active |
|
Best Practices |
Identify accounts with a weak or missing password policy |
|
Security |
Identify accounts with API accounting such as AWS CloudTrail inactive/disabled across all regions |
|
Best Practices |
Identify root login accounts that are not two-factor enabled |
|
Best Practices |
Identify accounts without any active service users |
|
Best Practices |
Audit compute instance types against select clouds |
|
Best Practices |
Identify unsupported/blacklisted database engines |
|
Optimization |
Backup database instances daily with snapshots |
|
Optimization |
Audit database instance types against select clouds |
|
Security |
Identify database instances that are not encrypted |
|
Security |
Identify database instances that are accessible to the public |
|
Best Practices |
Identify database instances with a recent manual snapshot |
|
Security |
Identify database instances running noncompliant usernames for the master account |
|
Optimization |
Identify database instances with zero connections over a period of time (14 days default) |
|
Security |
Identify database security groups that expose public access |
|
Best Practices |
Identify databases that are not configured across multiple availablity zones for resiliency |
|
Best Practices |
Identify database instances with a retention policy that is too low |
|
Optimization |
Identify hypervisors with high instance usage (90 percent by default) |
|
Optimization |
Identify hypervisors that are not in a functional state |
|
Optimization |
Identify hypervisors that contain zero instances |
|
Optimization |
Identify instances exceeding a defined number of CPU cores (default is 4 cores) |
|
Optimization |
Backup compute instances daily with private images |
|
Best Practice |
Identify instances in a particular lifecycle state, e.g., Running |
|
Best Practice |
This bot identifies instances by their lifecycle state, e.g., Running, and how long they have been in that state, e.g., 7 days. |
|
Optimization |
Identify instances exceeding a user-defined amount of GB in RAM (default is 32 GB) |
|
Security |
Identify instances associated with user-provided Security Groups (n.b., AWS only) |
|
Optimization |
Identify compute instances that have been averaging a high CPU over a period of time (n.b., AWS only) |
|
Optimization |
Identify compute instances that have been averaging a low CPU over a period of time (n.b., AWS only) |
|
Security |
Identify compute instances with an attached security group that exposes SSH access to the world (0.0.0.0/0) |
|
Optimization |
Identify compute instances that have been running 24x7 over a period of time (default is 1 day) |
|
Best Practices |
Identify instances that were created with an unauthorized image |
|
Optimization |
Schedule instance stop/start across one or more clouds/resource groups |
|
Security |
Identify instances created without specific SSH key pairs |
|
Optimization |
Identify instances with an ephemeral public-facing IP address |
|
Optimization |
Identify instances with an ephemeral root volume |
|
Best Practices |
Identify instances that fail the system/reachability status checks |
|
Best Practices |
Identify instances that are missing a name |
|
Optimization |
Identify compute instances with Time To Live (TTL) tags and schedule their deletion accordingly |
|
Best Practices |
Identify compute instances without any tag key/value pairs |
|
Security |
Identify whether a load balancer is internet-facing or internal |
|
Security |
Identify load balancers that have access logging disabled |
|
Best Practices |
Identify load balancers that have connection draining disabled |
|
Best Practices |
Identify load balancers that have cross zone balancing disabled |
|
Optimization |
Identify load balancers with no instance associations |
|
Optimization |
Identify load balancers with an SSL listener |
|
Security |
Identify load balancers without an SSL listener |
|
Optimization |
Audit memcache instance types against select clouds |
|
Security |
Identify network peering connections (n.b., AWS only) |
|
Security |
Identify network resources which have traffic logging such as AWS VPC Flow Log enabled |
|
Security |
Identify network resources which do not have traffic logging such as AWS VPC Flow Log enabled |
|
Security |
Identify unapproved networks with at least one instance |
|
Security |
Identify network resources having their flow log delivery impaired (n.b., AWS only) |
|
Security |
Identify networks with at least one instance |
|
Security |
Identify networks with an attached Internet gateway |
|
Optimization |
Identify networks with zero instances |
|
Best Practices |
Identify networks without an attached Internet gateway |
|
Security |
Identify TCP port 21 open to the world |
|
Security |
Identify TCP port 22 open to the world |
|
Security |
Identify TCP port 23 open to the world |
|
Security |
Identify TCP port 25 open to the world |
|
Security |
Identify TCP/UDP port 53 open to the world |
|
Security |
Identify TCP port 135 open to the world |
|
Security |
Identify UDP 137/138 open to the world |
|
Security |
Identify TCP/UDP port 445 open to the world |
|
Security |
Identify TCP port 445 open to the world |
|
Security |
Identify TCP port 1433/1434 open to the world |
|
Security |
Identify TCP port 1443 open to the world |
|
Security |
Identify TCP port 3306 open to the world |
|
Security |
Identify TCP port 3389 open to the world |
|
Security |
Identify TCP port 5432 open to the world |
|
Security |
Identify TCP port 5500 open to the world |
|
Security |
Identify TCP port 5900 open to the world |
|
Security |
Identify TCP ports other than 80/443 open to the world |
|
Security |
Identify ICMP open to the world |
|
Optimization |
Identify unattached IP addresses |
|
Security |
Audit select resource types across specific cloud regions |
|
Optimization |
Identify regions within 80% or more of the threshold for any resource type |
|
Optimization |
Identify regions within 80% or more of the cache instance threshold |
|
Optimization |
Identify regions within 80% or more of the compute instance threshold |
|
Optimization |
Identify regions within 80% or more of the database instance threshold |
|
Optimization |
Identify regions within 80% or more of the Internet gateway threshold |
|
Optimization |
Identify regions within 80% or more of the private network threshold |
|
Optimization |
Identify regions within 80% or more of the public IP threshold |
|
Optimization |
Identify regions within 80% or more of the security group threshold |
|
Optimization |
Identify regions within 80% or more of the snapshot threshold |
|
Optimization |
Identify regions within 80% or more of the storage container threshold |
|
Optimization |
Identify regions within 80% or more of the volume threshold |
|
Best Practices |
Identify regions with one or more zones in an impaired state |
|
Best Practices |
Identify regions without a default network |
|
Optimization |
Identify reserved instances set to expire within a set number of days (default is 30 days) |
|
Best Practices |
Identify resources based on their age/creation date |
|
Optimization |
Identify resources whose monthly cost exceeds a user-defined value (default $100) |
|
Curation |
Curate target resources into one or more resource groups |
|
Best Practices |
This bot identifies resources that do not have an owner, which is a basic requirement for effective management of a cloud environment. |
|
Optimization |
Identify resources with Time To Live (TTL) tags and schedule their deletion accordingly |
|
Security |
Identify security groups unattached to instances |
|
Security |
Identify access lists with ports open to the world (SSH as default) |
|
Security |
Identify encryption keys that are disabled |
|
Security |
Identify encryption keys that are expired or are expiring within user-defined number of days (default is 14 days) |
|
Security |
Identify encryption keys that have key rotation disabled |
|
Best Practices |
Identify database or memcache snapshots based upon their type, e.g., manual or automated |
|
Optimization |
Identify snapshots that are older than X days, e.g., 30, 60, or 90 |
|
Security |
Identify snapshots that are accessible to the public |
|
Security |
Identify SSL certificates that have expired or will expire soon (14 days by default) |
|
Security |
Identify SSL certificates that may be vulnerable to SSL Heartbleed |
|
Optimization |
Identify storage containers that exceed a total number of objects (10,000 objects by default) |
|
Optimization |
Identify storage containers that exceed a total size (1TB by default) |
|
Security |
Identify storage containers exposing data with permissive access lists |
|
Security |
Identify storage containers exposing access list permissions to the world |
|
Security |
Identify storage containers exposing delete permissions to the world |
|
Security |
Identify storage containers exposing read permissions to the world |
|
Security |
Identify storage containers exposing write permissions to the world |
|
Security |
Identify storage containers without any permission sets |
|
Security |
Identify storage containers without logging enabled |
|
Security |
Identify storage containers without object versioning enabled |
|
Optimization |
Identify subnets where the number of IPs exceeds a defined limit |
|
Best Practices |
Identify subnets with limited IP block available for use |
|
Best Practices |
Enforce tagging standards and policy across select resource types |
|
Optimization |
Identify volumes that have been in a user-selected state for a user-defined period of time (defaults are ‘available’ and 1 day) |
|
Best Practices |
Identify volumes running unapproved types |
|
Best Practices |
Identify unhealthy volumes that are not functional |
|
Optimization |
Identify unattached volumes |
|
Best Practices |
Volumes With Auto-Termination Identify volumes set to automatically delete when the parent instance is terminated |
|
Optimization |
Identify volumes with an excessively high number of IOPS |
|
Optimization |
Identify volumes without a snapshot in the past fourteen days |
|
Optimization |
Identify volumes without encryption enabled |