AWS Compliance: WAF
The WAF Sightline sightline evaluates Web Application Firewall (WAF) configurations by focusing on two key areas: WAF Known Bad Inputs that monitors and flags inputs that are recognized as malicious, aiding in early threat detection and WAF Rule Groups that assesses the configuration and effectiveness of rule groups to ensure they are properly set up to block malicious traffic.
This sightline helps IT Ops and Sec Ops engineers enhance web application security and maintain compliance with industry best practices.
Widgets:
Alerts
Count of RDS Instances Associated with Public Subnets
The Count of RDS Instances Associated with Public Subnets alert identifies databases placed in public subnets. For Sec Ops, this highlights potential data exposure risks that need to be secured. IT Ops can use this alert to ensure proper network configurations for databases.
Count of RDS Database Instances with Last Restorable Time More Than a Week
The Count of RDS Database Instances with Last Restorable Time More Than a Week alert notifies IT Ops when database recovery points exceed a week. This helps enforce backup policies to maintain disaster recovery readiness.
Count of Publicly Accessible RDS Instances
The Count of Publicly Accessible RDS Instances alert highlights databases exposed to the internet. Sec Ops can use this alert to restrict public access and safeguard sensitive data.
Count of RDS Instances with Encryption Disabled
The Count of RDS Instances with Encryption Disabled alert flags databases that do not use encryption. This alert is critical for IT Ops to ensure compliance with data security policies and protect against unauthorized access.
Count of Postgres RDS Clusters with Local File Read Vulnerability
The Count of Postgres RDS Clusters with Local File Read Vulnerability alert identifies clusters susceptible to local file read exploits. Sec Ops teams can use this alert to prioritize patching and reduce vulnerabilities.
Count of Postgres RDS Instances with Local File Read Vulnerability
The Count of Postgres RDS Instances with Local File Read Vulnerability alert provides visibility into specific instances at risk. This helps Sec Ops implement targeted remediations to mitigate risks.
Count of S3 Buckets with ACL Allowing Global ‘Write’ Access
The Count of S3 Buckets with ACL Allowing Global ‘Write’ Access alert identifies buckets that permit unauthorized data modifications. This alert helps Sec Ops address security gaps and IT Ops ensure proper configurations.
Count of S3 Buckets with ACL Allowing Global ‘Write_ACP’ Access
The Count of S3 Buckets with ACL Allowing Global ‘Write_ACP’ Access alert flags buckets where ACLs permit modifications to bucket permissions globally. This helps Sec Ops prevent privilege escalations and unauthorized changes.
Count of S3 Buckets with ACL Allowing Global ‘Read’ Access
The Count of S3 Buckets with ACL Allowing Global ‘Read’ Access alert notifies Sec Ops of publicly readable buckets, reducing the risk of data exposure.
Count of S3 Buckets with ACL Allowing Global ‘Read_ACP’ Access
The Count of S3 Buckets with ACL Allowing Global ‘Read_ACP’ Access alert identifies buckets where permissions can be viewed globally. This helps Sec Ops address misconfigurations and protect sensitive data.
Count of Security Groups That Allow SQL Analysis Services Access
The Count of Security Groups That Allow SQL Analysis Services Access alert highlights unrestricted SQL service access. This helps Sec Ops limit access to prevent unauthorized queries and data leaks.
Count of Security Groups That Allow Solr Access
The Count of Security Groups That Allow Solr Access alert flags misconfigurations exposing Solr services. This helps Sec Ops prevent unauthorized data access.
Count of Security Groups That Allow SMTP Access
The Count of Security Groups That Allow SMTP Access alert identifies open email services that could be exploited for spam or phishing. IT Ops can use this to secure communication channels.
Count of Security Groups That Allow SMB Access
The Count of Security Groups That Allow SMB Access alert detects file-sharing vulnerabilities. This enables Sec Ops to secure access to SMB services and mitigate risks.
Count of Security Groups That Allow RPC Access
The Count of Security Groups That Allow RPC Access alert flags unrestricted remote procedure calls, helping Sec Ops secure remote access and prevent exploitation.
Count of Security Groups That Allow Riak Access
The Count of Security Groups That Allow Riak Access alert identifies misconfigurations exposing Riak services. This allows Sec Ops to secure the service and prevent unauthorized access.
Count of EC2 Security Groups Not Restricting VNC Server Access
The Count of EC2 Security Groups Not Restricting VNC Server Access alert highlights open VNC ports. Sec Ops can use this to secure remote management services.
Count of EC2 Security Groups Not Restricting VNC Listener Access
The Count of EC2 Security Groups Not Restricting VNC Listener Access alert flags VNC listener access vulnerabilities. This helps IT Ops ensure secure configurations.
Count of EC2 Security Groups Not Restricting Telnet Access
The Count of EC2 Security Groups Not Restricting Telnet Access alert identifies unsecured Telnet services, allowing Sec Ops to close potential attack vectors.
Count of EC2 Security Groups Not Restricting SSH Access
The Count of EC2 Security Groups Not Restricting SSH Access alert highlights misconfigurations in SSH access. Sec Ops can use this to strengthen access controls.
Count of EC2 Security Groups Not Restricting RethinkDB Access
The Count of EC2 Security Groups Not Restricting RethinkDB Access alert flags open RethinkDB access. This helps Sec Ops protect database integrity.
Count of EC2 Security Groups Not Restricting Redis Access
The Count of EC2 Security Groups Not Restricting Redis Access alert highlights Redis instances with unrestricted access, enabling Sec Ops to address security gaps.
Count of EC2 Security Groups Not Restricting RDP Access
The Count of EC2 Security Groups Not Restricting RDP Access alert flags unsecured remote desktop services, allowing IT Ops to enforce proper security measures.
Count of EC2 Security Groups Not Restricting PostgreSQL Access
The Count of EC2 Security Groups Not Restricting PostgreSQL Access alert identifies open PostgreSQL access points. This helps Sec Ops secure sensitive data.
Count of EC2 Security Groups Not Restricting POP3 Access
The Count of EC2 Security Groups Not Restricting POP3 Access alert flags misconfigurations exposing email retrieval services. This helps IT Ops secure communication protocols.
Count of EC2 Security Groups Not Restricting NFS Access
The Count of EC2 Security Groups Not Restricting NFS Access alert highlights vulnerabilities in file-sharing protocols, enabling Sec Ops to mitigate risks.