Revert "New Policies for Azure & Category Updates. (tenable#580)"

This reverts commit 02d312e.
kanchwala-yusuf · Mar 9, 2021 · a2d39ea · a2d39ea
1 parent 6bdcf0c
commit a2d39ea
Show file tree

Hide file tree

Showing 325 changed files with 1,700 additions and 1,412 deletions.
diff --git a/...plication_gateway/AC-AZ-IS-AG-M-0008.json → ...cation_gateway/accurics.azure.NS.147.json b/...plication_gateway/AC-AZ-IS-AG-M-0008.json → ...cation_gateway/accurics.azure.NS.147.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled",
-    "reference_id": "AC-AZ-IS-AG-M-0008",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.azure.NS.147",
+    "category": "Network Security",
     "version": 2
 }
diff --git a/...ontainer_registry/AC-AZ-RE-CR-H-0011.json → ...tainer_registry/accurics.azure.AKS.3.json b/...ontainer_registry/AC-AZ-RE-CR-H-0011.json → ...tainer_registry/accurics.azure.AKS.3.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure Container Registry has locks",
-    "reference_id": "AC-AZ-RE-CR-H-0011",
-    "category": "Resilience",
+    "reference_id": "accurics.azure.AKS.3",
+    "category": "Azure Container Services",
     "version": 2
 }
diff --git a/...ontainer_registry/AC-AZ-IA-CR-M-0010.json → ...iner_registry/accurics.azure.EKM.164.json b/...ontainer_registry/AC-AZ-IA-CR-M-0010.json → ...iner_registry/accurics.azure.EKM.164.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that admin user is disabled for Container Registry",
-    "reference_id": "AC-AZ-IA-CR-M-0010",
-    "category": "Identity and Access Management",
+    "reference_id": "accurics.azure.EKM.164",
+    "category": "Encryption and Key Management",
     "version": 2
 }
diff --git a/..._cosmosdb_account/AC-AZ-CV-CA-M-0013.json → ...mosdb_account/accurics.azure.CAM.162.json b/..._cosmosdb_account/AC-AZ-CV-CA-M-0013.json → ...mosdb_account/accurics.azure.CAM.162.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that Cosmos DB Account has an associated tag",
-    "reference_id": "AC-AZ-CV-CA-M-0013",
-    "category": "Compliance Validation",
+    "reference_id": "accurics.azure.CAM.162",
+    "category": "Cloud Assets Management",
     "version": 2
 }
diff --git a/..._cosmosdb_account/AC-AZ-IS-CA-H-0012.json → ...osmosdb_account/accurics.azure.NS.32.json b/..._cosmosdb_account/AC-AZ-IS-CA-H-0012.json → ...osmosdb_account/accurics.azure.NS.32.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure to filter source Ips for Cosmos DB Account",
-    "reference_id": "AC-AZ-IS-CA-H-0012",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.azure.NS.32",
+    "category": "Network Security",
     "version": 2
 }
diff --git a/...azurerm_key_vault/AC-AZ-DP-KV-M-0026.json → ...erm_key_vault/accurics.azure.EKM.164.json b/...azurerm_key_vault/AC-AZ-DP-KV-M-0026.json → ...erm_key_vault/accurics.azure.EKM.164.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault",
-    "reference_id": "AC-AZ-DP-KV-M-0026",
-    "category": "Data Protection",
+    "reference_id": "accurics.azure.EKM.164",
+    "category": "Encryption and Key Management",
     "version": 2
 }
diff --git a/...azurerm_key_vault/AC-AZ-LM-KV-H-0027.json → ...rerm_key_vault/accurics.azure.EKM.20.json b/...azurerm_key_vault/AC-AZ-LM-KV-H-0027.json → ...rerm_key_vault/accurics.azure.EKM.20.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that logging for Azure KeyVault is 'Enabled'",
-    "reference_id": "AC-AZ-LM-KV-H-0027",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.azure.EKM.20",
+    "category": "Encryption and Key Management",
     "version": 2
 }
diff --git a/...erm_key_vault_key/AC-AZ-DP-KK-H-0032.json → ..._key_vault_key/accurics.azure.EKM.25.json b/...erm_key_vault_key/AC-AZ-DP-KK-H-0032.json → ..._key_vault_key/accurics.azure.EKM.25.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all keys",
-    "reference_id": "AC-AZ-DP-KK-H-0032",
-    "category": "Data Protection",
+    "reference_id": "accurics.azure.EKM.25",
+    "category": "Key Management",
     "version": 2
 }
diff --git a/..._key_vault_secret/AC-AZ-DP-VS-H-0033.json → ...y_vault_secret/accurics.azure.EKM.26.json b/..._key_vault_secret/AC-AZ-DP-VS-H-0033.json → ...y_vault_secret/accurics.azure.EKM.26.json
@@ -6,7 +6,7 @@
     },
     "severity": "HIGH",
     "description": "Ensure that the expiration date is set on all secrets",
-    "reference_id": "AC-AZ-DP-VS-H-0033",
-    "category": "Data Protection",
+    "reference_id": "accurics.azure.EKM.26",
+    "category": "Key Management",
     "version": 2
 }
diff --git a/...ubernetes_cluster/AC-AZ-IS-KC-M-0038.json → ...rnetes_cluster/accurics.azure.NS.382.json b/...ubernetes_cluster/AC-AZ-IS-KC-M-0038.json → ...rnetes_cluster/accurics.azure.NS.382.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure AKS cluster has Network Policy configured.",
-    "reference_id": "AC-AZ-IS-KC-M-0038",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.azure.NS.382",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...ubernetes_cluster/AC-AZ-IS-KC-M-0037.json → ...rnetes_cluster/accurics.azure.NS.383.json b/...ubernetes_cluster/AC-AZ-IS-KC-M-0037.json → ...rnetes_cluster/accurics.azure.NS.383.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "MEDIUM",
     "description": "Ensure Kube Dashboard is disabled",
-    "reference_id": "AC-AZ-IS-KC-M-0037",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.azure.NS.383",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/...rerm_managed_disk/AC-AZ-DP-MD-M-0050.json → ..._managed_disk/accurics.azure.EKM.156.json b/...rerm_managed_disk/AC-AZ-DP-MD-M-0050.json → ..._managed_disk/accurics.azure.EKM.156.json
@@ -6,7 +6,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'OS disk' are encrypted",
-    "reference_id": "AC-AZ-DP-MD-M-0050",
-    "category": "Data Protection",
+    "reference_id": "accurics.azure.EKM.156",
+    "category": "Encryption and Key Management",
     "version": 2
 }
diff --git a/...rerm_mssql_server/AC-AZ-LM-MS-M-0056.json → ..._mssql_server/accurics.azure.LOG.357.json b/...rerm_mssql_server/AC-AZ-LM-MS-M-0056.json → ..._mssql_server/accurics.azure.LOG.357.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for MSSQL servers.",
-    "reference_id": "AC-AZ-LM-MS-M-0056",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.azure.LOG.357",
+    "category": "Monitoring",
     "version": 1
 }
diff --git a/...rerm_mssql_server/AC-AZ-LM-MS-M-0055.json → ..._mssql_server/accurics.azure.MON.355.json b/...rerm_mssql_server/AC-AZ-LM-MS-M-0055.json → ..._mssql_server/accurics.azure.MON.355.json
@@ -7,7 +7,7 @@
     },
     "severity": "MEDIUM",
     "description": "Ensure that 'Auditing' is set to 'On' for MSSQL servers",
-    "reference_id": "AC-AZ-LM-MS-M-0055",
-    "category": "Logging and Monitoring",
+    "reference_id": "accurics.azure.MON.355",
+    "category": "Monitoring",
     "version": 1
 }
diff --git a/...rerm_mysql_server/AC-AZ-IS-MY-H-0061.json → ...m_mysql_server/accurics.azure.NS.361.json b/...rerm_mysql_server/AC-AZ-IS-MY-H-0061.json → ...m_mysql_server/accurics.azure.NS.361.json
@@ -4,7 +4,7 @@
     "template_args": null,
     "severity": "HIGH",
     "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server.",
-    "reference_id": "AC-AZ-IS-MY-H-0061",
-    "category": "Infrastructure Security",
+    "reference_id": "accurics.azure.NS.361",
+    "category": "Network Security",
     "version": 1
 }
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0069.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0072.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0075.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0078.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0081.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0084.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0087.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0090.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0096.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0099.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0102.json
diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/AC-AZ-IS-NS-H-0111.json