|   Trend Micro Cloud One™
Open menu

14 October 2020 - Rule Update Notice

Custom Policy Updates

There is no change to the custom policy as a result of the new Conformity release and hence no user action is required. The current custom policy version is 1.20.

New Rules

  1. AppService-011: Disable Remote Debugging
    This Rule checks that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access.
  2. AppService-012: Enable FTPS Only for Azure Web Apps
    This Rule checks that your Azure App Services web applications enforce FTPS-only access to encrypt FTP traffic. FTPS (Secure FTP) is used to enhance security for your Azure web application as it adds an extra layer of security to the FTP protocol, and helps you to comply with the industry standards and regulations.
  3. ActivityLog-018: Create Alert for “Rename Azure SQL Database” Events
    This Rule checks that an Azure activity log alert is fired whenever “Rename Azure SQL Database” events are triggered within your Microsoft Azure cloud account.
  4. ActivityLog-021: Create Alert for “Create/Update Azure SQL Database” Events
    This Rule checks that an Azure activity log alert is fired whenever “Create/Update Azure SQL Database” events are triggered within your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs.
  5. ActivityLog-022: Create Alert for “Delete Azure SQL Database” Events
    This Rule checks that a Microsoft Azure activity log alert is fired whenever a “Delete Azure SQL Database” event is triggered within your cloud account.
  6. StorageAccounts-016: Check for Publicly Accessible Web Containers
    This Rule checks that the Microsoft Azure Storage web containers configured to host static websites within the Azure cloud are not publicly accessible in order to eliminate the direct exposure to the public Internet.
  7. VirtualMachines-021: Enable Just-In-Time Access to Azure VMs
    This Rule checks that Just-in-Time (JIT) access is enabled for your Azure virtual machines (VMs) in order to allow you to lock down inbound traffic to your VMs and reduce exposure to attacks while providing easy SSH/RDP access when needed.

Rule Updates

  1. GD-002: Rule Update: GuardDuty Findings
    This Rule has been updated with Rule configuration to enable viewing of findings based on the risk level selection. All risk levels are selected by default.
  2. AG-006: Client Certificate
    The Rule has been updated to generate no checks when API Gateway resources are Lambda endpoints as these are encrypted by default by AWS.

Bug Fixes

  1. Lambda-004: Function Exposed
    Updated the knowledge base page, ‘Audit - AWS Console’ section to reflect the current Lambda console.
  2. S3-017: Secure Transport
    Fixed a bug where S3-017 was generating an incorrect failure check if the policy contained multiple ‘Condition’ fields across multiple statements.
  3. RG-001: Tags
    Will now skip its Rule execution, and retain existing checks, if there was an issue fetching any of your IAM roles.
  4. IAM-037: IAM Users Unauthorized to Edit Access Policies
    This Rule no longer returns a failure with the message “No IAM ARNs have been configured” when the Rule is not configured. If no users are configured for the rule, the rule will now return failure with details of all IAM users who can edit access policies.
  5. SecurityCenter-016: Security Contact Emails In Use
    Fixed a bug where the Rule generates FAILURE check even if the email has been set.
  6. SecurityCenter-017: Security Contact Phone Numbers In Use
    Fixed a bug where the Rule generates FAILURE check even if the phone number has been set.
  7. SecurityCenter-018: Enable Email Notification for Alerts
    Fixed a bug where the Rule generates FAILURE check even if email notification for alerts has been set.
  8. SecurityCenter-019: Enable Alert Notifications for Subscription Owners
    Fixed a bug where the Rule generates FAILURE check even if the alerts to the owner have been set.
  9. EC2-026: Unused AMI
    Fixed a bug where EC2-026 checks were reporting the wrong ‘Image Type’ value.