Security Rules Audit

This bot inspects all configured Resource Access Lists such as AWS Security Groups, Azure Network Security Groups, and Google Compute Engine Firewalls for the presence of ports/protocols that are open to the world.

Examples of services which are inspected are SSH (TCP 22), Redis (TCP 6379), MySQL (3306) and Microsoft RDP (3339). The configuration of this bot can be fully customized.

Recommended Action

Leverage the built-in BotFactory “Delete Resource” action to automatically delete noncompliant rules to mitigate exposure to attacks from malicious users.

Severity

High

Resource Types Inspected

Resource Access Lists

Reactive Hookpoints

resource.created