Bot Templates

TRiA ships with over 100 bots focused on Security, Curation, Optimization, and Best Practices. You can use the bots as-is or use them as templates to simplify your bot creation and management. Listed below are the bots that ship with version 17.06 of our software.

Name

Category

Description

Big Data Instance Type Audit

Optimization

Identify Big Data instances running unapproved instance types

Big Data Instances Publicly Accessible

Security

Identify Big Data instances that are accessible to the public

Big Data Instances With Low Retention Policy

Security

Identify Big Data instances with a retention policy below a threshold (30 days by default)

Big Data Instances Without Encryption Enabled

Security

Identify Big Data instances that do not have encryption enabled

Big Data Username Audit

Security

Identify Big Data instances running noncompliant usernames for the master account

Cloud Users With Inactive Accounts

Best Practices

Identify inactive cloud service users who have not logged into the cloud provider console recently (45 days by default)

Cloud Users With Older API Keys

Best Practices

Identify cloud users with older API key credentials that should be rotated (90 days by default)

Cloud Users With Unauthorized Policies

Best Practices

Identify cloud users running unauthorized policies

Cloud Users Without MFA Enabled

Security

Identify cloud users without two-factor (MFA) enabled

Clouds With Active Root Account

Best Practices

Identify accounts that have root login access active

Clouds With Weak Password Policy

Best Practices

Identify accounts with a weak or missing password policy

Clouds Without Global API Accounting

Security

Identify accounts with API accounting such as AWS CloudTrail inactive/disabled across all regions

Clouds Without Protected Root Account

Best Practices

Identify root login accounts that are not two-factor enabled

Clouds Without Service Users

Best Practices

Identify accounts without any active service users

Compute Instance Type Audit

Best Practices

Audit compute instance types against select clouds

Database Engine Types

Best Practices

Identify unsupported/blacklisted database engines

Database Instance Daily Backup

Optimization

Backup database instances daily with snapshots

Database Instance Type Audit

Optimization

Audit database instance types against select clouds

Database Instances Not Encrypted

Security

Identify database instances that are not encrypted

Database Instances Publicly Accessible

Security

Identify database instances that are accessible to the public

Database Instances Recently Snapshot

Best Practices

Identify database instances with a recent manual snapshot

Database Instances Username Audit

Security

Identify database instances running noncompliant usernames for the master account

Database Instances With Zero Connections

Optimization

Identify database instances with zero connections over a period of time (14 days default)

Database Security Groups Exposing Public Access

Security

Identify database security groups that expose public access

Databases Not Multi-AZ

Best Practices

Identify databases that are not configured across multiple availablity zones for resiliency

Databases With Low Retention Policy

Best Practices

Identify database instances with a retention policy that is too low

Hypervisors Nearing Saturation

Optimization

Identify hypervisors with high instance usage (90 percent by default)

Hypervisors Not In Service

Optimization

Identify hypervisors that are not in a functional state

Hypervisors With No Instances

Optimization

Identify hypervisors that contain zero instances

Instance Cores Exceed

Optimization

Identify instances exceeding a defined number of CPU cores (default is 4 cores)

Instance Daily Backup

Optimization

Backup compute instances daily with private images

Instance Lifecycle State

Best Practice

Identify instances in a particular lifecycle state, e.g., Running

Instance Lifecycle State Exceeds Threshold

Best Practice

This bot identifies instances by their lifecycle state, e.g., Running, and how long they have been in that state, e.g., 7 days.

Instance Memory Exceeds

Optimization

Identify instances exceeding a user-defined amount of GB in RAM (default is 32 GB)

Instance Security Group Associations

Security

Identify instances associated with user-provided Security Groups (n.b., AWS only)

Instances Averaging High CPU

Optimization

Identify compute instances that have been averaging a high CPU over a period of time (n.b., AWS only)

Instances Averaging Low CPU

Optimization

Identify compute instances that have been averaging a low CPU over a period of time (n.b., AWS only)

Instances Exposing Public SSH

Security

Identify compute instances with an attached security group that exposes SSH access to the world (0.0.0.0/0)

Instances Running 24x7

Optimization

Identify compute instances that have been running 24x7 over a period of time (default is 1 day)

Instances Running Unauthorized Image

Best Practices

Identify instances that were created with an unauthorized image

Instances Scheduler

Optimization

Schedule instance stop/start across one or more clouds/resource groups

Instances Using Unauthorized Root Key Pair

Security

Identify instances created without specific SSH key pairs

Instances With Ephemeral Public IP

Optimization

Identify instances with an ephemeral public-facing IP address

Instances With Ephemeral Root Volume

Optimization

Identify instances with an ephemeral root volume

Instances With Failed Status Checks

Best Practices

Identify instances that fail the system/reachability status checks

Instances With No Name

Best Practices

Identify instances that are missing a name

Instances With TTL

Optimization

Identify compute instances with Time To Live (TTL) tags and schedule their deletion accordingly

Instances Without Tags

Best Practices

Identify compute instances without any tag key/value pairs

Load Balancer Scheme

Security

Identify whether a load balancer is internet-facing or internal

Load Balancers With Access Logging Disabled

Security

Identify load balancers that have access logging disabled

Load Balancers With Connection Draining Disabled

Best Practices

Identify load balancers that have connection draining disabled

Load Balancers With Cross Zone Balancing Disabled

Best Practices

Identify load balancers that have cross zone balancing disabled

Load Balancers With No Instances

Optimization

Identify load balancers with no instance associations

Load Balancers With SSL Listener

Optimization

Identify load balancers with an SSL listener

Load Balancers Without SSL Listener

Security

Identify load balancers without an SSL listener

Memcache Instance Type Audit

Optimization

Audit memcache instance types against select clouds

Network Peering Connections

Security

Identify network peering connections (n.b., AWS only)

Network Resources With Traffic Logging Configured

Security

Identify network resources which have traffic logging such as AWS VPC Flow Log enabled

Network Resources Without Traffic Logging Configured

Security

Identify network resources which do not have traffic logging such as AWS VPC Flow Log enabled

Networks Not On Whitelist With Instances

Security

Identify unapproved networks with at least one instance

Networks With Impaired Flow Logs

Security

Identify network resources having their flow log delivery impaired (n.b., AWS only)

Networks With Instances

Security

Identify networks with at least one instance

Networks With Internet Access

Security

Identify networks with an attached Internet gateway

Networks With No Instances

Optimization

Identify networks with zero instances

Networks Without Internet Access

Best Practices

Identify networks without an attached Internet gateway

Port 21 (FTP) Open to the World

Security

Identify TCP port 21 open to the world

Port 22 (SSH) Open to the World

Security

Identify TCP port 22 open to the world

Port 23 (Telnet) Open to the World

Security

Identify TCP port 23 open to the world

Port 25 (SMTP) Open to the World

Security

Identify TCP port 25 open to the world

Port 53 (DNS) Open to the World

Security

Identify TCP/UDP port 53 open to the world

Port 135 (Windows RPC) Open to the World

Security

Identify TCP port 135 open to the world

Port 137/138 (NetBIOS) Open to the World

Security

Identify UDP 137/138 open to the world

Port 445 (CIFS) Open to the World

Security

Identify TCP/UDP port 445 open to the world

Port 445 (SMB) Open to the World

Security

Identify TCP port 445 open to the world

Port 1433/1434 (SQL Server) Open to the World

Security

Identify TCP port 1433/1434 open to the world

Port 1443 (Microsoft SQL) Open to the World

Security

Identify TCP port 1443 open to the world

Port 3306 (MySQL) Open to the World

Security

Identify TCP port 3306 open to the world

Port 3389 (Windows RDP) Open to the World

Security

Identify TCP port 3389 open to the world

Port 5432 (PostgresSQL) Open to the World

Security

Identify TCP port 5432 open to the world

Port 5500 (VNC Listener) Open to the World

Security

Identify TCP port 5500 open to the world

Port 5900 (VNC Server) Open to the World

Security

Identify TCP port 5900 open to the world

Ports other than 80/443 (HTTP/HTTPS) Open to the World

Security

Identify TCP ports other than 80/443 open to the world

Protocol (ICMP) Open to the World

Security

Identify ICMP open to the world

Public IP Addresses Orphaned

Optimization

Identify unattached IP addresses

Region Audit

Security

Audit select resource types across specific cloud regions

Region Limits

Optimization

Identify regions within 80% or more of the threshold for any resource type

Region Limits – Cache Instances

Optimization

Identify regions within 80% or more of the cache instance threshold

Region Limits – Compute Instances

Optimization

Identify regions within 80% or more of the compute instance threshold

Region Limits – Database Instances

Optimization

Identify regions within 80% or more of the database instance threshold

Region Limits – Internet Gateways

Optimization

Identify regions within 80% or more of the Internet gateway threshold

Region Limits – Private Networks

Optimization

Identify regions within 80% or more of the private network threshold

Region Limits – Public IPs

Optimization

Identify regions within 80% or more of the public IP threshold

Region Limits – Security Groups

Optimization

Identify regions within 80% or more of the security group threshold

Region Limits – Snapshots

Optimization

Identify regions within 80% or more of the snapshot threshold

Region Limits – Storage Containers

Optimization

Identify regions within 80% or more of the storage container threshold

Region Limits – Volumes

Optimization

Identify regions within 80% or more of the volume threshold

Regions With Impaired Availability Zone

Best Practices

Identify regions with one or more zones in an impaired state

Regions Without Default Network

Best Practices

Identify regions without a default network

Reserved Instances Expiring Soon

Optimization

Identify reserved instances set to expire within a set number of days (default is 30 days)

Resource Age Check

Best Practices

Identify resources based on their age/creation date

Resource Cost Exceeds

Optimization

Identify resources whose monthly cost exceeds a user-defined value (default $100)

Resource Group Curation

Curation

Curate target resources into one or more resource groups

Resource Has No Owner

Best Practices

This bot identifies resources that do not have an owner, which is a basic requirement for effective management of a cloud environment.

Resources With TTL

Optimization

Identify resources with Time To Live (TTL) tags and schedule their deletion accordingly

Security Groups Orphaned

Security

Identify security groups unattached to instances

Security Rules Audit

Security

Identify access lists with ports open to the world (SSH as default)

Service Encryption Key Disabled

Security

Identify encryption keys that are disabled

Service Encryption Key Expired or Expiring Soon

Security

Identify encryption keys that are expired or are expiring within user-defined number of days (default is 14 days)

Service Encryption Key Rotation Disabled

Security

Identify encryption keys that have key rotation disabled

Snapshots of Type

Best Practices

Identify database or memcache snapshots based upon their type, e.g., manual or automated

Snapshots Older Than X Days

Optimization

Identify snapshots that are older than X days, e.g., 30, 60, or 90

Snapshots Publicly Available

Security

Identify snapshots that are accessible to the public

SSL Certificates Expired

Security

Identify SSL certificates that have expired or will expire soon (14 days by default)

SSL Certificates With Heartbleed Vulnerability

Security

Identify SSL certificates that may be vulnerable to SSL Heartbleed

Storage Containers Exceeding Max Objects

Optimization

Identify storage containers that exceed a total number of objects (10,000 objects by default)

Storage Containers Exceeding Max Size

Optimization

Identify storage containers that exceed a total size (1TB by default)

Storage Containers Permissions Check

Security

Identify storage containers exposing data with permissive access lists

Storage Containers Permissions Check – ACL

Security

Identify storage containers exposing access list permissions to the world

Storage Containers Permissions Check – Delete

Security

Identify storage containers exposing delete permissions to the world

Storage Containers Permissions Check – Read (GET)

Security

Identify storage containers exposing read permissions to the world

Storage Containers Permissions Check – Write (PUT)

Security

Identify storage containers exposing write permissions to the world

Storage Containers With No Permissions

Security

Identify storage containers without any permission sets

Storage Containers Without Logging

Security

Identify storage containers without logging enabled

Storage Containers Without Versioning

Security

Identify storage containers without object versioning enabled

Subnet CIDR Exceeds Maximum Netblock

Optimization

Identify subnets where the number of IPs exceeds a defined limit

Subnets Running Out Of Space

Best Practices

Identify subnets with limited IP block available for use

Tag Audit

Best Practices

Enforce tagging standards and policy across select resource types

Volume State Time Threshold

Optimization

Identify volumes that have been in a user-selected state for a user-defined period of time (defaults are ‘available’ and 1 day)

Volume Type Audit

Best Practices

Identify volumes running unapproved types

Volumes In Error State

Best Practices

Identify unhealthy volumes that are not functional

Volumes Unattached

Optimization

Identify unattached volumes

Volumes With Auto-Termination

Best Practices

Volumes With Auto-Termination Identify volumes set to automatically delete when the parent instance is terminated

Volumes With Excessive IOPS

Optimization

Identify volumes with an excessively high number of IOPS

Volumes Without A Recent Snapshot

Optimization

Identify volumes without a snapshot in the past fourteen days

Volumes Without Encryption Enabled

Optimization

Identify volumes without encryption enabled