Implementing Posture Anomaly Checks in AWS

Print Friendly, PDF & Email

Rule ID	Title	Affected Services
CSPA-AWS-2024-0001	Anomalous Public Exposure of Image Files	EC2
CSPA-AWS-2024-0002	Finds Instances associated with more security groups	EC2
CSPA-AWS-2024-0003	Finds Cloudformation Stacks without termination protection	CloudFormation
CSPA-AWS-2024-0004	Finds EC2 Instances with autorecovery disabled	EC2
CSPA-AWS-2024-0005	Finds EC2 Instances with Monitoring disabled	EC2
CSPA-AWS-2024-0006	Identify EC2 Security Groups with Open Outbound Rules Across All Ports	EC2
CSPA-AWS-2024-0007	Identifies EC2 Security Groups with Open Incoming Configurations on All Ports	EC2
CSPA-AWS-2024-0008	Identifies EC2 Security Group Rules with Open Access to Critical Ports	EC2
CSPA-AWS-2024-0009	Identifies CloudFront Distributions Lacking Viewer Certificate Policy Configuration	CloudFront
CSPA-AWS-2024-0010	Identifies Outdated Viewer Certificate Security	CloudFront
CSPA-AWS-2024-0011	Identify CloudTrail Logs with Delayed CloudWatch Delivery	CloudTrail
CSPA-AWS-2024-0012	Identify Users with Outdated Access Keys	IAM
CSPA-AWS-2024-0013	Finds unconfigured cloudtrail data logging	CloudTrail
CSPA-AWS-2024-0015	Log file validation Disabled	CloudTrail
CSPA-AWS-2024-0016	Finds Cloudtrail trails with logging disabled	CloudTrail
CSPA-AWS-2024-0017	Finds Cloudtrail unconfigured	CloudTrail
CSPA-AWS-2024-0018	Finds cloudwatch alarm without action	CloudWatch
CSPA-AWS-2024-0019	Finds AWS Config Recorders Not Enabled	ConfigService
CSPA-AWS-2024-0020	Finds AWS Security Groups Allowing Specific CIDR Traffic	EC2
CSPA-AWS-2024-0021	Finds Unencrypted EBS Snapshots	EC2
CSPA-AWS-2024-0022	Finds Publicly Accessible EC2 Snapshots	EC2
CSPA-AWS-2024-0023	Finds unencrypted volumes.	EC2
CSPA-AWS-2024-0024	Finds EC2 Instances associated with a public IP	EC2
CSPA-AWS-2024-0025	Finds IAM User with passwords not enabled	IAM
CSPA-AWS-2024-0026	Finds IAM User with outdated passwords	IAM
CSPA-AWS-2024-0027	Finds IAM User with unused password	IAM
CSPA-AWS-2024-0028	Finds IAM User with active password but no MFA	IAM
CSPA-AWS-2024-0030	Finds IAM User with outdated access key 1	IAM
CSPA-AWS-2024-0031	Finds IAM User with unused access key 1	IAM
CSPA-AWS-2024-0032	Finds IAM User with access key 1 but no access key 2	IAM
CSPA-AWS-2024-0033	Finds IAM User with unused access key 2	IAM
CSPA-AWS-2024-0034	Finds IAM User with outdated access key 2	IAM
CSPA-AWS-2024-0035	Finds Cloudtrail Failed Console Login Events	CloudTrail
CSPA-AWS-2024-0036	Finds Cloudtrail Events with source IP	CloudTrail
CSPA-AWS-2024-0037	Finds Too frequent Cloudtrail Consolelogin event	CloudTrail
CSPA-AWS-2024-0038	Finds unique UserIdentity ARNs in critical event logs	CloudTrail
CSPA-AWS-2024-0039	Finds unique source IP Addresses in critical event logs	CloudTrail
CSPA-AWS-2024-0040	Finds Too frequent Cloudtrail GetPasswordData event	CloudTrail
CSPA-AWS-2024-0042	Find number of resources used	CloudTrail
CSPA-AWS-2024-0043	Find number of newly added services	CloudTrail
CSPA-AWS-2024-0044	Find newly added regions	CloudTrail
CSPA-AWS-2024-0045	Newly added service types	CloudTrail
CSPA-AWS-2024-0046	Newly added resource types	CloudTrail
CSPA-AWS-2024-0047	Unusual types of Instances	EC2
CSPA-AWS-2024-0048	Finds unusual count of cores among instance types	EC2
CSPA-AWS-2024-0049	Finds unusual types of Availability Zone of Instances	EC2
CSPA-AWS-2024-0050	Finds Security Groups with lesser number of instances	EC2
CSPA-AWS-2024-0051	Finds Managed Policies with unusual users	IAM
CSPA-AWS-2024-0052	Finds unusual allowed Resource Actions associated with roles	IAM
CSPA-AWS-2024-0053	Roles with Excessive Attached Managed Policies	IAM
CSPA-AWS-2024-0054	Roles with Excessive Policy Assignments	IAM
CSPA-AWS-2024-0055	Finds AWS Config Recorder Status Not Enabled	ConfigService
CSPA-AWS-2024-0056	Finds recently updated Managed Policies	IAM

Still stuck? How can we help?