Custom Policy Updates
There is no change to the custom policy as a result of the new Trend Micro Cloud One™ – Conformity release and hence no user action is required. The current custom policy version is 1.20.
- AppService-011: Disable Remote Debugging
This Rule checks that your Azure App Services web applications have remote debugging disabled in order to enhance security and protect the applications from unauthorized access.
- AppService-012: Enable FTPS Only for Azure Web Apps
This Rule checks that your Azure App Services web applications enforce FTPS-only access to encrypt FTP traffic. FTPS (Secure FTP) is used to enhance security for your Azure web application as it adds an extra layer of security to the FTP protocol, and helps you to comply with the industry standards and regulations.
- ActivityLog-018: Create Alert for “Rename Azure SQL Database” Events
This Rule checks that an Azure activity log alert is fired whenever “Rename Azure SQL Database” events are triggered within your Microsoft Azure cloud account.
- ActivityLog-021: Create Alert for “Create/Update Azure SQL Database” Events
This Rule checks that an Azure activity log alert is fired whenever “Create/Update Azure SQL Database” events are triggered within your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs.
- ActivityLog-022: Create Alert for “Delete Azure SQL Database” Events
This Rule checks that a Microsoft Azure activity log alert is fired whenever a “Delete Azure SQL Database” event is triggered within your cloud account.
- StorageAccounts-016: Check for Publicly Accessible Web Containers
This Rule checks that the Microsoft Azure Storage web containers configured to host static websites within the Azure cloud are not publicly accessible in order to eliminate the direct exposure to the public Internet.
- VirtualMachines-021: Enable Just-In-Time Access to Azure VMs
This Rule checks that Just-in-Time (JIT) access is enabled for your Azure virtual machines (VMs) in order to allow you to lock down inbound traffic to your VMs and reduce exposure to attacks while providing easy SSH/RDP access when needed.
- GD-002: Rule Update: GuardDuty Findings
This Rule has been updated with Rule configuration to enable viewing of findings based on the risk level selection. All risk levels are selected by default.
- AG-006: Client Certificate
The Rule has been updated to generate no checks when API Gateway resources are Lambda endpoints as these are encrypted by default by AWS.
- Lambda-004: Function Exposed
Updated the knowledge base page, ‘Audit - AWS Console’ section to reflect the current Lambda console.
- S3-017: Secure Transport
Fixed a bug where S3-017 was generating an incorrect failure check if the policy contained multiple ‘Condition’ fields across multiple statements.
- RG-001: Tags
Will now skip its Rule execution, and retain existing checks, if there was an issue fetching any of your IAM roles.
- IAM-037: IAM Users Unauthorized to Edit Access Policies
This Rule no longer returns a failure with the message “No IAM ARNs have been configured” when the Rule is not configured. If no users are configured for the rule, the rule will now return failure with details of all IAM users who can edit access policies.
- SecurityCenter-016: Security Contact Emails In Use
Fixed a bug where the Rule generates FAILURE check even if the email has been set.
- SecurityCenter-017: Security Contact Phone Numbers In Use
Fixed a bug where the Rule generates FAILURE check even if the phone number has been set.
- SecurityCenter-018: Enable Email Notification for Alerts
Fixed a bug where the Rule generates FAILURE check even if email notification for alerts has been set.
- SecurityCenter-019: Enable Alert Notifications for Subscription Owners
Fixed a bug where the Rule generates FAILURE check even if the alerts to the owner have been set.
- EC2-026: Unused AMI
Fixed a bug where EC2-026 checks were reporting the wrong ‘Image Type’ value.