Security Policies

Note:Click the link in the Policy Name column to access the corresponding policy template.

Gain visibility and control across all your public and/or private cloud environments with our security policies. Improve security across your applications, data, and associated infrastructure by finding security vulnerabilities before your customers do.

Policy Name

Description

AWS Internet-facing ELBs & ALBs 

Reports and remediates any Classic Load Balancers (ELBs) and Application load Balancers (ALBs) that are Internet-facing.

AWS Open Buckets 

Checks for buckets that are open to everyone.

AWS Publicly Accessible RDS Instances 

Checks for database services that are publicly accessible and terminate them after approval.

AWS S3 Buckets without Server Access Logging 

Checks for buckets that do not have server_access_logging enabled.

AWS Unencrypted ELB Listeners (ALB/NLB) 

Reports any AWS App/Network Load Balancers w/Internet-facing Unencrypted Listeners.

AWS Unencrypted ELB Listeners (CLB) 

Reports any AWS Classic Load Balancers w/Internet-facing Unencrypted Listeners.

AWS Unencrypted RDS Instances 

Reports any Relational Database Service (RDS) instances that are unencrypted.

AWS Unencrypted S3 Buckets 

Reports any S3 buckets in AWS that are unencrypted and provide the option to set the default encryption after approval.

AWS Unencrypted Volumes 

Reports any Elastic Block Store (EBS) volumes in AWS that are unencrypted.

Azure Publicly Accessible Managed SQL Instance 

Checks for database services that are publicly accessible and terminate them after approval.

Google Open Buckets 

Checks for buckets that are open to the public.

Security Group Rules with ports open to the world 

Sends email notifications when a security group has ports open to the world.

Security Group Rules without Descriptions 

Sends email notifications when a security group has no description.

Security Group with High Open Ports 

Sends email notifications when a security group has unapproved open ports.

Security Groups with ICMP Enabled 

Sends email notifications a security group has icmp enabled.