Skip to content

Releases: epam/ecc-azure-rulepack

Release v5.6

23 Jan 15:24
@github-actions github-actions
v5.6
5065ba6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v5.6 Latest
Latest

✨ New Policies

  • 0696bfd - add policy ecc-azure-039-cis_log_create_policy
  • e668cfd - add policy ecc-azure-042-cis_log_create_upd_nsg
  • b0c58a9 - add policy ecc-azure-043-cis_log_del_nsg
  • f0987ca - add policy ecc-azure-044-cis_log_create_upd_solutions
  • b72dd9b - add policy ecc-azure-045-cis_log_del_solutions
  • 7308165 - add policy ecc-azure-046-cis_log_create_update_sql
  • 2b358da - add policy ecc-azure-066-cis_log_delete_policy
  • 0c19c0e - add policy ecc-azure-067-cis_log_create_upd_nsg_rule
  • 5fe5403 - add policy ecc-azure-068-cis_log_del_nsg_rule
  • 2ed3c33 - add policy ecc-azure-373-cis_activity_log_alert_create_or_update_pip
  • 6b0a7c1 - add policy ecc-azure-374-cis_activity_log_alert_delete_pip
  • 27b384c - add policy ecc-azure-172-asb_mysql_private_endpoint
  • 11ba3c3 - add policy ecc-azure-415-dep_depr_mysql_instance
  • 1387979 - add policy ecc-azure-414-dep_vmss_w_mma
  • 51b0702 - add policy ecc-azure-416-dep_depr_postgresql_instance
  • 13586f2 - add policy ecc-azure-413-dep_vm_w_mma
  • 14a69ac - add policy ecc-azure-417-cis_app_deprecated_java
  • 82e4f94 - add policy ecc-azure-420-asb_deprecated_java_funcapp
  • 263144d - add policy ecc-azure-418-cis_app_deprecated_python
  • c3d8941 - add policy ecc-azure-419-cis_app_deprecated_php
  • c3770c1 - add policy ecc-azure-421-asb_deprecated_python_funcapp
  • 61f21e2 - add policy ecc-azure-422-dep_depr_mariadb_instance
  • 09dfa3d - add policy ecc-azure-423-dep_retired_spring_instance
  • e522aec - add policy ecc-azure-424-dep_vm_w_diag_ext
  • 129e866 - add policy ecc-azure-427-dep_powershell_funcapp
  • 3116042 - add policy ecc-azure-429-dep_retired_vm_skus
  • 1b79dec - add policy ecc-azure-430-dep_dotNet_funcapp
  • 30bc7fe - add policy ecc-azure-431-dep_retired_frontdoor_classic
  • 4088a1b - add policy ecc-azure-425-dep_vmss_w_diag_ext
  • 6953ed6 - add policy ecc-azure-434-dep_retired_storage_classic
  • 934dd8b - add policy ecc-azure-426-dep_nsg_w_flow_logs
  • 90d25ee - add policy ecc-azure-435-dep_retired_appgw_conf
  • ff35b6d - add policy ecc-azure-436-dep_retired_unmanaged_disk
  • 7d11b05 - add policy ecc-azure-437-dep_redis_latest_tls
  • c522666 - add policy ecc-azure-428-dep_eventgrid_latest_tls
  • 842f369 - add policy ecc-azure-433-dep_appenv_latest_tls
  • 796b217 - add policy ecc-azure-441-delete_empty_vmss
  • c42cb6d - add policy ecc-azure-442-delete_unused_lb
  • c8371cf - add policy ecc-azure-445-delete_unattached_disk
  • b7b9b32 - add policy ecc-azure-439-disable_premium_ssd
  • ee8b6e6 - add policy ecc-azure-444-delete_old_snapshot
  • 1c1347c - add policy ecc-azure-446-delete_unused_ip
  • d6a27cc - add policy ecc-azure-451-delete_unused_waf
  • 430f8b5 - add policy ecc-azure-440-enable_lifecycle_sa
  • b5beee1 - add policy ecc-azure-448-vm_stopped_instance
  • 7f3cf95 - add policy ecc-azure-453-vm_deallocated_instance
  • e022c46 - add policy ecc-azure-449-vm_idle_cpu_utilization
  • b787236 - add ecc-azure-455_last_dotNet_funcapp
  • 7f9d659 - add ecc-azure-454_last_powershell_funcapp
  • 7b2e596 - add policy ecc-azure-432-dep_frontdoor_latest_tls

🔧 Updates

  • 85d7dfb - update release job in .github/workflow/ci.yaml
  • 647c9a8 - update policy 160
  • 9cdc8f9 - add 'version-custodian' file
  • 185d486 - add action to generate rule list wiki page
  • c90837f - add terraforms for policy 207
  • 1bb83be - add ruleset release job
  • 462e3f2 - update policies 231, 232
  • beb89e4 - create copies for a number of policies to support both Security and Deprecation categories (see the list in the commit message)
  • 3904e86 - update policy 176 to be supported by open source Cloud Custodian
  • 7aa162d - update 'comment' in policies 053, 054, 139, 355
  • b4c5ba8 - create copies of policy 433 to support both Security and Deprecation categories
  • 75ae8fa - create copies of policy 437 to support both Security and Deprecation categories
  • 6a56d39 - create copies of policy 444 to support both FinOps and Security categories
  • [ff27ca2](https://github.com/epam/ecc-azure-r...
Read more
Assets 2
Loading

Release v6.0

13 Jun 11:42
@github-actions github-actions
v6.0
6b665e6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v6.0

✨ New Policies

  • aade2ee - add policy ecc-azure-412-cis_tpm_and_secure_boot

🔧 Updates

  • 50b3124 - update due to new source version of CIS Benchmarks
  • edb6d47 - update policy 036

➖ Deletions

  • 20c1c11 - deprecate policies 020, 021, 022, 023

📂 Other Changes

  • b8ee249 - update a number of policies (see the list in the commit message)

061, 069, 070, 071, 267, 270, 281

  • 1376488 - fix a number of terraform files for policies (see the list in the commit message)

061, 069, 071, 267, 270, 281, 300, 340

Assets 2
Loading

Release v5.0

29 May 17:56
@github-actions github-actions
v5.0
6661c21
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v5.0

✨ New Policies

  • fc68ff4 - add policy ecc-azure-111-cis_db_postgre_access
  • adf7785 - add policy ecc-azure-343-postgresql_threat_detection_policy
  • 0c9e0e8 - add policy ecc-azure-013-cis_db_auditing_on
  • b4dbf97 - add policy ecc-azure-015-cis_db_auditing_90d
  • 71835e6 - add policy ecc-azure-283-aks_reslogs_aks
  • 8280421 - add policy ecc-azure-005-cis_sec_email
  • d3ca03d - add policy ecc-azure-006-cis_sec_high_sev_notifications
  • 3fadc1e - add policy ecc-azure-007-cis_sec_owners_email_notifications
  • f841365 - add policy ecc-azure-362-vm_without_va_extension
  • 19ce563 - add policy ecc-azure-275-asb_vm_backup
  • 33798f3 - add policy ecc-azure-379-cis_appservice_http_logs
  • 96b5a2f - add policy ecc-azure-059-cis_app_auth_set
  • d796c02 - add policy ecc-azure-011-cis_sa_soft_del
  • c3987d4 - add policy ecc-azure-106-cis_sa_logging_queue
  • 7d63e52 - add policy ecc-azure-109-cis_sa_logging_blob
  • 30db9b7 - add policy ecc-azure-110-cis_sa_logging_table
  • cd44706 - add policy ecc-azure-105-cis_sa_keys_regen
  • de59a19 - add policy ecc-azure-036-cis_log_storage_cont_access
  • 7e33aa0 - add policy ecc-azure-364-resource_tag_activity_log_alert
  • 9060add - add policy ecc-azure-037-cis_log_sa_activ_logs

➖ Deletions

  • a0b2549 - deprecate policies 156, 171, 217, 276
Assets 2
Loading

Release v4.0

15 May 14:18
@github-actions github-actions
v4.0
1b51975
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v4.0

✨ New Policies

  • cf69136 - add policy ecc-azure-165-asb_ml_workspaces_private_link
  • dda0490 - add policy ecc-azure-202-asb_AZL_encrypt_cmk
  • f2644a4 - add policy ecc-azure-355-ml_min_cluster_nodes
  • 614a0ea - add policy ecc-azure-161-asb_appconfig_private_link
  • 7d18ab4 - add policy ecc-azure-200-asb_auto_acc_encrypted
  • 15a965d - add policy ecc-azure-225-asb_reslogs_search
  • c1dbb73 - add policy ecc-azure-224-asb_reslogs_logicapps
  • 72c9783 - add policy ecc-azure-166-asb_signalr_private_link
  • 6111c45 - add policy ecc-azure-167-asb_spring_cloud_net_injection
  • b890377 - add policy ecc-azure-341-front_door_waf_log4j
  • addb7fa - add policy ecc-azure-219-asb_reslogs_batch
  • e7c8b5b - add policy ecc-azure-356-api_mgmt_client_cert
  • 541d03e - add policy ecc-azure-038-cis_log_keyvaults
  • 21b8045 - add policy ecc-azure-057-cis_key_recoverable
  • 67984bf - add policy ecc-azure-146-asb_keyvault_disable_public_access
  • 510ee7c - add policy ecc-azure-170-asb_keyvault_private_endpoint
  • 19cb09b - add policy ecc-azure-301-redis_cache_fw_rules
  • c538187 - add policy ecc-azure-222-asb_reslogs_iot
  • 80d4e5c - add policy ecc-azure-168-asb_acs_private_link
  • 03b7273 - add policy ecc-azure-026-cis_db_postgresql_log_checkpoints
  • 2a08c67 - add policy ecc-azure-027-cis_db_postgresql_log_connections
  • 8cd6726 - add policy ecc-azure-028-cis_db_postgresql_log_disconnections
  • 2e749bf - add policy ecc-azure-030-cis_db_postgresql_connection_throttling
  • 8a5086f - add policy ecc-azure-031-cis_db_postgresql_log_retention_days
  • 31459ab - add policy ecc-azure-311-cis_postgresql_logging_collector
  • 312f5fe - add policy ecc-azure-313-cis_postgresql_log_min_messages
  • 56ce97c - add policy ecc-azure-314-cis_postgresql_debug_print_plan_disabled
  • d5ee70e - add policy ecc-azure-317-cis_postgresql_log_error_verbosity_set_correctly
  • 2cd43c0 - add policy ecc-azure-318-cis_postgresql_log_line_prefix_set_correctly
  • c02575e - add policy ecc-azure-319-cis_postgresql_log_min_error_statement
  • c3d6028 - add policy ecc-azure-321-cis_postgresql_log_statement_set_correctly
  • 4c1fcaa - add policy ecc-azure-218-asb_reslogs_stream
  • 02a4a8b - add policy ecc-azure-226-asb_reslogs_servicebus
  • 0420e1d - add policy ecc-azure-220-asb_reslogs_synapseanalytics
  • f220d0a - add policy ecc-azure-293-sql_data_replication_failover_groups
  • 7561199 - add policy ecc-azure-016-cis_db_sql_ads_atp
  • 58c8da4 - add policy ecc-azure-033-cis_db_sql_tde_protector
Assets 2
Loading

Release v3.0

24 Apr 11:00
@github-actions github-actions
v3.0
4cec161
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v3.0

✨ New Policies

  • 65922af - add policy ecc-azure-277-asb_geo_mysql
  • 3fd2dc4 - add policy ecc-azure-345-mysql_infrastructure_encryption
  • 7a08a84 - add policy ecc-azure-378-cis_nsg_flow_log_analytics
  • 4659b1b - add policy ecc-azure-112-cis_net_netwatcher
  • c6ee283 - add policy ecc-azure-324-data_explorer_double_encryption
  • 2238438 - add policy ecc-azure-325-data_explorer_disc_encryption
  • 3488379 - add policy ecc-azure-326-data_explorer_cmk
  • e1c31b0 - add policy ecc-azure-348-mysql_harden_usage_for_local_infile
  • 12e91d8 - add policy ecc-azure-349-mysql_max_user_connections
  • 74c202b - add policy ecc-azure-350-mysql_slow_query_log_permissions
  • b6897a5 - add policy ecc-azure-351-sql_mode
  • 4f24f63 - add policy ecc-azure-371-cis_mysql_audit_log_enabled
  • 738efdd - add policy ecc-azure-372-cis_mysql_audit_log_events
  • d8ac021 - add policy ecc-azure-358-synapse_workspace_managed_vnet
  • 3fab28a - add policy ecc-azure-359-synapse_workspace_data_exfiltration_protection
  • 264a021 - add policy ecc-azure-163-asb_eg_domains_private_link
  • e8c41aa - add policy ecc-azure-164-asb_eg_topics_private_link

🔧 Updates

  • ae8ed31 - update policy ecc-azure-347-mysql_cmk
  • 2489469 - update iam for policy ecc-azure-346-mysql_latest_tls
  • a22adff - update iam for policy ecc-azure-025-cis_db_mysql_ssl
Assets 2
Loading

Release v2.0

17 Apr 17:57
@github-actions github-actions
v2.0
15b9d2f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.0

✨ New Policies

  • f0dfd42 - add policy ecc-azure-020-cis_db_sql_va
  • 4d85d8c - add policy ecc-azure-021-cis_db_sql_va_periodic_scan
  • 6045130 - add policy ecc-azure-022-cis_db_sql_va_send_scan_report
  • 89143c4 - add policy ecc-azure-023-cis_db_sql_va_email_notifications
  • 51ca133 - add policy ecc-azure-344-mysql_threat_detection_policy
  • c880a97 - add policy ecc-azure-025-cis_db_mysql_ssl
  • 3d12fe1 - add policy ecc-azure-157-asb_mysql_public_access_disabled
  • 5db29d1 - add policy ecc-azure-347-mysql_cmk
  • d9858a0 - add policy ecc-azure-346-mysql_latest_tls
  • a567351 - add policy ecc-azure-048-cis_net_rdp
  • ce87f0a - add policy ecc-azure-049-cis_net_ssh
  • e20e222 - add policy ecc-azure-052-cis_net_udp
  • e5ae111 - add policy ecc-azure-119-nsg_all
  • ec5c455 - add policy ecc-azure-120-nsg_dns
  • d176e7e - add policy ecc-azure-121-nsg_ftp
  • 2b6de64 - add policy ecc-azure-122-cis_nsg_http
  • 23e01da - add policy ecc-azure-123-nsg_microsoft_ds
  • 429b53f - add policy ecc-azure-124-nsg_mongo_db
  • 2fa2517 - add policy ecc-azure-125-nsg_mysql
  • 2b4e76e - add policy ecc-azure-126-nsg_netbios
  • 57eb633 - add policy ecc-azure-127-nsg_oracle_db
  • b625830 - add policy ecc-azure-128-nsg_pop3
  • 3205eb2 - add policy ecc-azure-129-nsg_postgresql
  • c5e820b - add policy ecc-azure-130-nsg_smtp
  • d96331f - add policy ecc-azure-131-nsg_telnet
  • 741b501 - add policy ecc-azure-142-asb_vm_net_ports_restrict

🔧 Updates

  • 67d1b9f - updated policy 070
  • 4f80aa2 - updated policies 069, 071
  • 0495698 - update ci to support releases instead of CHANGELOG.md

➖ Deletions

  • 817e37e - delete terraform for policy 344

📂 Other Changes

  • 0ddc6ef - updates to 'iam' folder in the root directory of the ecc-azure-rulepack
Assets 2
Loading

Release v1.1

17 Apr 17:49
@anna-shcherbak anna-shcherbak
v1.1
0c85d0b
Compare
Choose a tag to compare
Release v1.1

🔧 Updates

  • 5df0de6 - added 'comment' field
  • 9c33035 - updated comment field for all policies
Assets 2
Loading

Release v1.0

17 Apr 17:48
@anna-shcherbak anna-shcherbak
v1.0
fb068b2
Compare
Choose a tag to compare
Release v1.0

Initial Release

Assets 2
Loading