Security Rules Audit
This bot inspects all configured Resource Access Lists such as AWS Security Groups, Azure Network Security Groups, and Google Compute Engine Firewalls for the presence of ports/protocols that are open to the world.
Examples of services which are inspected are SSH (TCP 22), Redis (TCP 6379), MySQL (3306) and Microsoft RDP (3339). The configuration of this bot can be fully customized.
Recommended Action
Leverage the built-in BotFactory “Delete Resource” action to automatically delete noncompliant rules to mitigate exposure to attacks from malicious users.
Severity
High
Resource Types Inspected
Resource Access Lists
Reactive Hookpoints
resource.created