📄️ lacework-global-100
Ensure the attached S3 bucket policy does not grant global 'List' permission
📄️ lacework-global-101
Ensure the attached S3 bucket policy does not grant global 'Put' permission
📄️ lacework-global-102
Redshift Cluster should not be Publicly Accessible
📄️ lacework-global-103
EC2 instance should be deployed in EC2-VPC platform
📄️ lacework-global-104
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 3306 (MySQL)
📄️ lacework-global-105
No IAM users with password-based console access should exist
📄️ lacework-global-106
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5432 (PostgreSQL)
📄️ lacework-global-107
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 1433 (SQLServer)
📄️ lacework-global-108
Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 1434 (SQLServer)
📄️ lacework-global-109
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 4333 (MSQL)
📄️ lacework-global-110
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5500 (VNC Listener)
📄️ lacework-global-111
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 5900 (VNC Server)
📄️ lacework-global-112
Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 137 (NetBIOS)
📄️ lacework-global-113
Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 138 (NetBIOS)
📄️ lacework-global-114
Security group attached to EC2 instance should not allow inbound traffic from all to UDP port 445 (CIFS)
📄️ lacework-global-115
Ensure access keys are rotated every 30 days or less
📄️ lacework-global-116
Ensure access keys are rotated every 45 days or less
📄️ lacework-global-117
Ensure public ssh keys are rotated every 30 days or less
📄️ lacework-global-118
Ensure public ssh keys are rotated every 45 days or less
📄️ lacework-global-119
Ensure public ssh keys are rotated every 90 days or less
📄️ lacework-global-120
Ensure active access keys are used every 90 days or less
📄️ lacework-global-121
IAM user should not be inactive for more than 30 days
📄️ lacework-global-122
OpenSearch Domain should not be exposed
📄️ lacework-global-123
OpenSearch Domain should be in Virtual Private Cloud (VPC)
📄️ lacework-global-124
OpenSearch Domain should have Encryption At Rest enabled
📄️ lacework-global-125
CloudFront Origin Protocol Policy should use https-only
📄️ lacework-global-126
CloudFront Origin SSL Protocols should not use insecure Cipher(s)
📄️ lacework-global-127
Security group should not allow inbound traffic from all to all ICMP
📄️ lacework-global-128
EC2 instances should not have a Public IP address attached
📄️ lacework-global-129
CloudFront Viewer Protocol Policy should use https-only
📄️ lacework-global-130
Ensure the bucket ACL does not grant 'Everyone' READ permission [list S3 objects]
📄️ lacework-global-131
Ensure the bucket ACL does not grant 'Everyone' WRITE permission [create, overwrite, and delete S3 objects]
📄️ lacework-global-132
Ensure the bucket ACL does not grant 'Everyone' READ_ACP permission [read bucket ACL]
📄️ lacework-global-133
Ensure the bucket ACL does not grant 'Everyone' WRITE_ACP permission [modify bucket ACL]
📄️ lacework-global-134
Ensure the bucket ACL does not grant 'Everyone' FULLCONTROL [READ, WRITE, READACP, WRITE_ACP]
📄️ lacework-global-135
Ensure the bucket ACL does not grant AWS users READ permission [list S3 objects]
📄️ lacework-global-136
Ensure the bucket ACL does not grant AWS users WRITE permission [create, overwrite, and delete S3 objects]
📄️ lacework-global-137
Ensure the bucket ACL does not grant AWS users READ_ACP permission [read bucket ACL]
📄️ lacework-global-138
Ensure the bucket ACL does not grant AWS users WRITE_ACP permission [modify bucket ACL]
📄️ lacework-global-139
Ensure the bucket ACL does not grant AWS users FULLCONTROL [READ, WRITE, READACP, WRITE_ACP]
📄️ lacework-global-140
Ensure the attached S3 bucket policy does not grant 'Allow' permission to everyone
📄️ lacework-global-141
Ensure access keys are rotated every 180 days or less
📄️ lacework-global-142
Ensure access keys are rotated every 350 days or less
📄️ lacework-global-143
Lambda Function should have tracing enabled
📄️ lacework-global-144
Lambda Function should not have VPC access
📄️ lacework-global-145
Network ACLs do not allow unrestricted inbound traffic
📄️ lacework-global-146
Network ACLs do not allow unrestricted outbound traffic
📄️ lacework-global-147
AWS VPC endpoints should not be exposed
📄️ lacework-global-148
Security group inbound traffic should not allow inbound traffic from all
📄️ lacework-global-149
Security group inbound traffic should not allow traffic except port 80 and 443
📄️ lacework-global-150
Security Group should not allow inbound traffic from all to TCP port 9200 or 9300 (Opensearch/Elasticsearch)
📄️ lacework-global-151
Security Group should not allow inbound traffic from all to TCP port 5601 (Kibana)
📄️ lacework-global-152
Security Group should not allow inbound traffic from all to TCP port 6379 (Redis)
📄️ lacework-global-153
Security Group should not allow inbound traffic from all to TCP port 2379 (etcd)
📄️ lacework-global-154
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 23 (Telnet)
📄️ lacework-global-155
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 135 (Windows RPC)
📄️ lacework-global-156
Security group attached to EC2 instance should not allow inbound traffic from all to TCP port 445 (Windows SMB)
📄️ lacework-global-157
No Default VPC should be present in an AWS account
📄️ lacework-global-159
Load Balancers should have Access Logs enabled
📄️ lacework-global-160
Ensure No Public EBS Snapshots
📄️ lacework-global-161
OpenSearch Domain should have Encryption with KMS (Customer Managed Keys)
📄️ lacework-global-171
Ensure RDS database is encrypted with customer managed KMS key
📄️ lacework-global-179
Lambda Function should not have Admin Privileges
📄️ lacework-global-180
Lambda Function should not have Cross Account Access
📄️ lacework-global-181
Ensure non-root user exists in the account
📄️ lacework-global-182
Ensure ELB has latest Secure Cipher policies Configured for Session Encryption
📄️ lacework-global-183
Ensure ELB is not affected by POODLE Vulnerability (CVE-2014-3566)
📄️ lacework-global-184
ELB should not use insecure Cipher(s)
📄️ lacework-global-196
EC2 instance should not allow inbound traffic from all to TCP port 27017 or 27018 (MongoDB)
📄️ lacework-global-197
Elastic Load Balancer instance should not allow inbound traffic from all to TCP port 27017 or 27018 (MongoDB)
📄️ lacework-global-198
Application Load Balancer instance should not allow inbound traffic from all to TCP port 27017 or 27018 (MongoDB)
📄️ lacework-global-199
Security group attached to Application Load Balancer should not allow inbound traffic from all
📄️ lacework-global-217
Ensure the S3 bucket has default server-side encryption enabled
📄️ lacework-global-218
EC2 instance should not allow inbound traffic from all to TCP port 21
📄️ lacework-global-219
EC2 instance should not allow inbound traffic from all to TCP port 20
📄️ lacework-global-220
EC2 instance should not allow inbound traffic from all to TCP port 25
📄️ lacework-global-221
EC2 instance should not allow inbound traffic from all to TCP port 53
📄️ lacework-global-222
EC2 instance should not allow inbound traffic from all to UDP port 53
📄️ lacework-global-223
ELB Security Group should have Outbound Rules attached to it
📄️ lacework-global-224
Ensure ELBv2 has latest Secure Cipher policies Configured for Session Encryption
📄️ lacework-global-225
ELB SSL Certificate expires in 5 Days
📄️ lacework-global-226
ELB SSL Certificate expires in 45 Days
📄️ lacework-global-227
Security groups are not attached to an in-use network interface
📄️ lacework-global-228
Security group attached to EC2 instance should not allow inbound traffic from all ports
📄️ lacework-global-229
Security group attached to RDS DB instance should not allow inbound traffic from all ports
📄️ lacework-global-230
Security group attached to Network Interface should not allow inbound traffic from all ports
📄️ lacework-global-231
Security group attached to Elastic Load Balancer should not allow inbound traffic from all ports
📄️ lacework-global-482
Classic LBs should have a valid and secure security group
📄️ lacework-global-483
ELBs should have a valid and secure security group
📄️ lacework-global-89
EC2 instance does not have any tags
📄️ lacework-global-90
Ensure EBS Volumes are Encrypted
📄️ lacework-global-91
Ensure Redshift Cluster is encrypted
📄️ lacework-global-92
Ensure no server certificate has been uploaded before Heartbleed vulnerability
📄️ lacework-global-93
RDS should not have a Public Interface
📄️ lacework-global-94
Ensure the S3 bucket requires MFA to delete objects
📄️ lacework-global-95
Ensure the S3 bucket has access logging enabled
📄️ lacework-global-96
Ensure all data is transported from the S3 bucket securely
📄️ lacework-global-97
Ensure the S3 bucket has versioning enabled
📄️ lacework-global-98
Ensure the attached S3 bucket policy does not grant global 'Get' permission
📄️ lacework-global-99
Ensure the attached S3 bucket policy does not grant global 'Delete' permission