Skip to content

Latest commit

 

History

History
131 lines (122 loc) · 22.3 KB

COVERAGE.md

File metadata and controls

131 lines (122 loc) · 22.3 KB
Raw

Coverage

Below tables represent the coverage of Auto Remediate. Automated testing of Auto Remediate is done using the Moto Python library.

Security Hub Rules

Development coverage: 24 of 24

Test coverage: 10 of 24

Rule Development Status Testing Status
securityhub-access-keys-rotated Done Done
securityhub-cloud-trail-cloud-watch-logs-enabled Done ​ No Moto support
securityhub-cloud-trail-encryption-enabled Done No Moto support
securityhub-cloud-trail-log-file-validation Done No Moto support
securityhub-cmk-backing-key-rotation-enabled Done Done
securityhub-iam-password-policy-ensure-expires Done No Moto support
securityhub-iam-password-policy-lowercase-letter-check Done No Moto support
securityhub-iam-password-policy-minimum-length-check Done No Moto support
securityhub-iam-password-policy-number-check Done No Moto support
securityhub-iam-password-policy-prevent-reuse-check Done No Moto support
securityhub-iam-password-policy-symbol-check Done No Moto support
securityhub-iam-password-policy-uppercase-letter-check Done No Moto support
securityhub-iam-policy-no-statements-with-admin-access Done Done
securityhub-iam-root-access-key-check Not possible N/A
securityhub-iam-user-no-policies-check Done Done
securityhub-iam-user-unused-credentials-check Done
securityhub-mfa-enabled-for-iam-console-access Done Done
securityhub-multi-region-cloud-trail-enabled Done No Moto support
securityhub-restricted-rdp Done Done
securityhub-restricted-ssh Done Done
securityhub-root-account-hardware-mfa-enabled Not possible N/A
securityhub-root-account-mfa-enabled Not possible N/A
securityhub-s3-bucket-logging-enabled Done No Moto support
securityhub-s3-bucket-public-read-prohibited Done Done
securityhub-s3-bucket-public-write-prohibited Done Done
securityhub-vpc-default-security-group-closed Done Done
securityhub-vpc-flow-logs-enabled Done No Moto support

AWS Config Managed Rules

Development coverage: 1 of 40

Test coverage: 0 of 40

Rule Priority Development Status Testing Status
access-keys-rotated Security Hub N/A
acm-certificate-expiration-check
approved-amis-by-id
approved-amis-by-tag
autoscaling-group-elb-healthcheck-required
cloud-trail-cloud-watch-logs-enabled Security Hub N/A
cloud-trail-encryption-enabled Security Hub N/A
cloud-trail-log-file-validation-enabled
cloudformation-stack-drift-detection-check
cloudformation-stack-notification-check
cloudtrail-enabled 1
cloudwatch-alarm-action-check
cloudwatch-alarm-resource-check
cloudwatch-alarm-settings-check
cmk-backing-key-rotation-enabled Security Hub N/A
codebuild-project-envvar-awscred-check
codebuild-project-source-repo-url-check
codepipeline-deployment-count-check
codepipeline-region-fanout-check
db-instance-backup-enabled 1
desired-instance-tenancy
desired-instance-type
dynamodb-autoscaling-enabled 2
dynamodb-table-encryption-enabled 1
dynamodb-throughput-limit-check
ebs-optimized-instance
ec2-instance-detailed-monitoring-enabled 2
ec2-instance-managed-by-systems-manager
ec2-instances-in-vpc 1
ec2-managedinstance-applications-blacklisted
ec2-managedinstance-applications-required
ec2-managedinstance-association-compliance-status-check
ec2-managedinstance-inventory-blacklisted
ec2-managedinstance-patch-compliance-status-check
ec2-managedinstance-platform-check
ec2-volume-inuse-check 2
eip-attached 2
elb-acm-certificate-required
elb-custom-security-policy-ssl-check
elb-logging-enabled 2
elb-predefined-security-policy-ssl-check
encrypted-volumes 1 Not feasible N/A
fms-shield-resource-policy-check
fms-webacl-resource-policy-check
fms-webacl-rulegroup-association-check
guardduty-enabled-centralized 1
iam-group-has-users-check
iam-password-policy Security Hub N/A
iam-policy-blacklisted-check
iam-policy-no-statements-with-admin-access Security Hub N/A
iam-role-managed-policy-check
iam-root-access-key-check Security Hub N/A
iam-user-group-membership-check
iam-user-mfa-enabled
iam-user-no-policies-check Security Hub N/A
iam-user-unused-credentials-check Security Hub N/A
lambda-function-public-access-prohibited 1
lambda-function-settings-check
mfa-enabled-for-iam-console-access Security Hub N/A
multi-region-cloud-trail-enabled Security Hub N/A
rds-instance-public-access-check 1 Done No Moto support
rds-multi-az-support 1
rds-snapshots-public-prohibited 1
rds-storage-encrypted 1
redshift-cluster-configuration-check
redshift-cluster-maintenancesettings-check
required-tags
restricted-common-ports
restricted-ssh Security Hub N/A
root-account-hardware-mfa-enabled Security Hub N/A
root-account-mfa-enabled Security Hub N/A
s3-blacklisted-actions-prohibited
s3-bucket-logging-enabled Security Hub N/A
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-permissive
s3-bucket-public-read-prohibited Security Hub N/A
s3-bucket-public-write-prohibited Security Hub N/A
s3-bucket-replication-enabled
s3-bucket-server-side-encryption-enabled 1 Done No Moto support
s3-bucket-ssl-requests-only 1 Done No Moto support
s3-bucket-versioning-enabled
vpc-default-security-group-closed Security Hub N/A
vpc-flow-logs-enabled Security Hub N/A