CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

azhurbilo · 2020-04-28T21:57:30Z

CIS-3.10-SecurityGroupChanges failed in AWS but passed here

previously when I set pattern which described in guide - CIS Score PASSED

pattern        = "{ $.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup }"

but when I add additional filter by terraform user CIS Score FAILED in AWS console.

pattern        = "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) && ($.userIdentity.userName NOT EXISTS || $.userIdentity.userName != \"terraform\") }"

But running "python aws-cis-foundation-benchmark-checklist.py" show that 3.10 Passed.

Where I can find real CIS score algorithms?
Can I extend rule pattern to filter false positives?

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

azhurbilo commented Apr 28, 2020

CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

CIS-3.10-SecurityGroupChanges failed in AWS but passed here #96

Comments

azhurbilo commented Apr 28, 2020