diff --git a/controls/Applicationscredentialsinconfigurationfiles.json b/controls/Applicationscredentialsinconfigurationfiles.json index e41aca7a1..de543adb3 100644 --- a/controls/Applicationscredentialsinconfigurationfiles.json +++ b/controls/Applicationscredentialsinconfigurationfiles.json @@ -13,5 +13,5 @@ "rule-credentials-in-env-var", "rule-credentials-configmap" ], - "id": "c_0012" + "id": "C-0012" } \ No newline at end of file diff --git a/controls/ListKubernetessecrets.json b/controls/ListKubernetessecrets.json index 5f7cffefa..eb22ff377 100644 --- a/controls/ListKubernetessecrets.json +++ b/controls/ListKubernetessecrets.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-list-get-secrets" ], - "id": "c_0015" + "id": "C-0015" } \ No newline at end of file diff --git a/controls/SSHserverrunninginsidecontainer.json b/controls/SSHserverrunninginsidecontainer.json index 8281b2921..1eb51498a 100644 --- a/controls/SSHserverrunninginsidecontainer.json +++ b/controls/SSHserverrunninginsidecontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-ssh-to-pod" ], - "id": "c_0042" + "id": "C-0042" } \ No newline at end of file diff --git a/controls/accesscontainerserviceaccount.json b/controls/accesscontainerserviceaccount.json index 7c7522dd4..756eb257f 100644 --- a/controls/accesscontainerserviceaccount.json +++ b/controls/accesscontainerserviceaccount.json @@ -11,5 +11,5 @@ "rulesNames": [ "access-container-service-account" ], - "id": "c_0053" + "id": "C-0053" } \ No newline at end of file diff --git a/controls/accessk8sdashboard.json b/controls/accessk8sdashboard.json index eaca4d2b5..2c4a8bfbf 100644 --- a/controls/accessk8sdashboard.json +++ b/controls/accessk8sdashboard.json @@ -12,5 +12,5 @@ "rulesNames": [ "rule-access-dashboard" ], - "id": "c_0014" + "id": "C-0014" } \ No newline at end of file diff --git a/controls/accesskubeletAPI.json b/controls/accesskubeletAPI.json index a811aee6a..b8de12158 100644 --- a/controls/accesskubeletAPI.json +++ b/controls/accesskubeletAPI.json @@ -9,5 +9,5 @@ "description": "Kubelet is the Kubernetes agent that is installed on each node. Kubelet is responsible for the proper execution of pods that are assigned to the node. Kubelet exposes a read-only API service that does not require authentication (TCP port 10255). Attackers with network access to the host (for example, via running code on a compromised container) can send API requests to the Kubelet API. Specifically querying https://[NODE IP]:10255/pods/ retrieves the running pods on the node. https://[NODE IP]:10255/spec/ retrieves information about the node itself, such as CPU and memory consumption.", "remediation": "Define network policy (native kubernetes or using ARMO runtime protection). Use ARMO runtime protection capabilities to monitor network traffic.", "rulesNames": [], - "id": "c_0003" + "id": "C-0003" } \ No newline at end of file diff --git a/controls/accesstillerendpoint.json b/controls/accesstillerendpoint.json index 399e99235..3f85e3436 100644 --- a/controls/accesstillerendpoint.json +++ b/controls/accesstillerendpoint.json @@ -11,5 +11,5 @@ "rulesNames": [ "access-tiller-endpoint" ], - "id": "c_0033" + "id": "C-0033" } \ No newline at end of file diff --git a/controls/allowedhostpath.json b/controls/allowedhostpath.json index fe68616f2..44f03c452 100644 --- a/controls/allowedhostpath.json +++ b/controls/allowedhostpath.json @@ -8,5 +8,5 @@ "rulesNames": [ "alert-rw-hostpath" ], - "id": "c_0006" + "id": "C-0006" } \ No newline at end of file diff --git a/controls/allowprivilegeescalation.json b/controls/allowprivilegeescalation.json index e720824bf..d5336b34b 100644 --- a/controls/allowprivilegeescalation.json +++ b/controls/allowprivilegeescalation.json @@ -8,5 +8,5 @@ "rulesNames": [ "rule-allow-privilege-escalation" ], - "id": "c_0016" + "id": "C-0016" } \ No newline at end of file diff --git a/controls/anonymousrequests.json b/controls/anonymousrequests.json index 523ac050b..fdad41cb4 100644 --- a/controls/anonymousrequests.json +++ b/controls/anonymousrequests.json @@ -8,5 +8,5 @@ "rulesNames": [ "anonymous-requests" ], - "id": "c_0051" + "id": "C-0051" } \ No newline at end of file diff --git a/controls/applicationexploitRCE.json b/controls/applicationexploitRCE.json index caa28a7bc..d0aee8dd4 100644 --- a/controls/applicationexploitRCE.json +++ b/controls/applicationexploitRCE.json @@ -11,5 +11,5 @@ "rulesNames": [ "deny-RCE-vuln-image-pods" ], - "id": "c_0025" + "id": "C-0025" } \ No newline at end of file diff --git a/controls/automaticmappingserviceaccount.json b/controls/automaticmappingserviceaccount.json index 3714f5272..ac9c6bf05 100644 --- a/controls/automaticmappingserviceaccount.json +++ b/controls/automaticmappingserviceaccount.json @@ -8,5 +8,5 @@ "rulesNames": [ "automount-service-account" ], - "id": "c_0034" + "id": "C-0034" } \ No newline at end of file diff --git a/controls/backdoorcontainer.json b/controls/backdoorcontainer.json index 454f62f75..fd04aab15 100644 --- a/controls/backdoorcontainer.json +++ b/controls/backdoorcontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-create-modify-pod" ], - "id": "c_0027" + "id": "C-0027" } \ No newline at end of file diff --git a/controls/bash-cmdinsidecontainer.json b/controls/bash-cmdinsidecontainer.json index be06a672d..67679a0c5 100644 --- a/controls/bash-cmdinsidecontainer.json +++ b/controls/bash-cmdinsidecontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-bash-cmd-inside-container" ], - "id": "c_0019" + "id": "C-0019" } \ No newline at end of file diff --git a/controls/clearcontainerlogs.json b/controls/clearcontainerlogs.json index e2d971377..27ad4b680 100644 --- a/controls/clearcontainerlogs.json +++ b/controls/clearcontainerlogs.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-delete-logs" ], - "id": "c_0029" + "id": "C-0029" } \ No newline at end of file diff --git a/controls/cluster-adminbinding.json b/controls/cluster-adminbinding.json index ca9cd9087..016cba226 100644 --- a/controls/cluster-adminbinding.json +++ b/controls/cluster-adminbinding.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-list-all-cluster-admins" ], - "id": "c_0035" + "id": "C-0035" } \ No newline at end of file diff --git a/controls/clusterInternalnetworking.json b/controls/clusterInternalnetworking.json index 8f70d701c..fcc26b7fa 100644 --- a/controls/clusterInternalnetworking.json +++ b/controls/clusterInternalnetworking.json @@ -11,5 +11,5 @@ "rulesNames": [ "internal-networking" ], - "id": "c_0054" + "id": "C-0054" } \ No newline at end of file diff --git a/controls/compromisedimagesinregistry.json b/controls/compromisedimagesinregistry.json index 1aa2c3873..b26a71926 100644 --- a/controls/compromisedimagesinregistry.json +++ b/controls/compromisedimagesinregistry.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-identify-blacklisted-image-registries" ], - "id": "c_0001" + "id": "C-0001" } \ No newline at end of file diff --git a/controls/configuredlivenessprobe.json b/controls/configuredlivenessprobe.json index 620b03318..295cf93f8 100644 --- a/controls/configuredlivenessprobe.json +++ b/controls/configuredlivenessprobe.json @@ -8,5 +8,5 @@ "rulesNames": [ "configured-liveness-probe" ], - "id": "c_0056" + "id": "C-0056" } \ No newline at end of file diff --git a/controls/configuredreadinessprobe.json b/controls/configuredreadinessprobe.json index 62bcdb870..ee029614b 100644 --- a/controls/configuredreadinessprobe.json +++ b/controls/configuredreadinessprobe.json @@ -8,5 +8,5 @@ "rulesNames": [ "configured-readiness-probe" ], - "id": "c_0018" + "id": "C-0018" } \ No newline at end of file diff --git a/controls/containerhostport.json b/controls/containerhostport.json index c956b88e5..f50f3c304 100644 --- a/controls/containerhostport.json +++ b/controls/containerhostport.json @@ -8,5 +8,5 @@ "rulesNames": [ "container-hostPort" ], - "id": "c_0044" + "id": "C-0044" } \ No newline at end of file diff --git a/controls/controlplanehardening.json b/controls/controlplanehardening.json index 6846274d3..b0ed381b4 100644 --- a/controls/controlplanehardening.json +++ b/controls/controlplanehardening.json @@ -8,5 +8,5 @@ "rulesNames": [ "insecure-port-flag" ], - "id": "c_0005" + "id": "C-0005" } \ No newline at end of file diff --git a/controls/coreDNSpoisoning.json b/controls/coreDNSpoisoning.json index 0b7943c11..06614d21b 100644 --- a/controls/coreDNSpoisoning.json +++ b/controls/coreDNSpoisoning.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-update-configmap" ], - "id": "c_0037" + "id": "C-0037" } \ No newline at end of file diff --git a/controls/dangerouscapabilities.json b/controls/dangerouscapabilities.json index e9ab50765..e473c0316 100644 --- a/controls/dangerouscapabilities.json +++ b/controls/dangerouscapabilities.json @@ -8,5 +8,5 @@ "rulesNames": [ "dangerous-capabilities" ], - "id": "c_0028" + "id": "C-0028" } \ No newline at end of file diff --git a/controls/datadestruction.json b/controls/datadestruction.json index e0800a7eb..6ae20e948 100644 --- a/controls/datadestruction.json +++ b/controls/datadestruction.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-excessive-delete-rights" ], - "id": "c_0007" + "id": "C-0007" } \ No newline at end of file diff --git a/controls/deleteKubernetesevents.json b/controls/deleteKubernetesevents.json index fc67a396b..5cbffef10 100644 --- a/controls/deleteKubernetesevents.json +++ b/controls/deleteKubernetesevents.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-delete-k8s-events" ], - "id": "c_0031" + "id": "C-0031" } \ No newline at end of file diff --git a/controls/execintocontainer.json b/controls/execintocontainer.json index 529a428c6..e908e321f 100644 --- a/controls/execintocontainer.json +++ b/controls/execintocontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "exec-into-container" ], - "id": "c_0002" + "id": "C-0002" } \ No newline at end of file diff --git a/controls/exposeddashboard.json b/controls/exposeddashboard.json index 1cd76e300..6d321e0a2 100644 --- a/controls/exposeddashboard.json +++ b/controls/exposeddashboard.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-exposed-dashboard" ], - "id": "c_0047" + "id": "C-0047" } \ No newline at end of file diff --git a/controls/exposedsensitiveinterfaces.json b/controls/exposedsensitiveinterfaces.json index 5385aa7cf..45da4cb75 100644 --- a/controls/exposedsensitiveinterfaces.json +++ b/controls/exposedsensitiveinterfaces.json @@ -11,5 +11,5 @@ "rulesNames": [ "exposed-sensitive-interfaces" ], - "id": "c_0021" + "id": "C-0021" } \ No newline at end of file diff --git a/controls/hostPathmount.json b/controls/hostPathmount.json index 5c546e892..b6caaa5ba 100644 --- a/controls/hostPathmount.json +++ b/controls/hostPathmount.json @@ -11,5 +11,5 @@ "rulesNames": [ "alert-any-hostpath" ], - "id": "c_0048" + "id": "C-0048" } \ No newline at end of file diff --git a/controls/hostnetworkaccess.json b/controls/hostnetworkaccess.json index 1cd1363bf..d3c9963fd 100644 --- a/controls/hostnetworkaccess.json +++ b/controls/hostnetworkaccess.json @@ -8,5 +8,5 @@ "rulesNames": [ "host-network-access" ], - "id": "c_0041" + "id": "C-0041" } \ No newline at end of file diff --git a/controls/hostpidipcprivileges.json b/controls/hostpidipcprivileges.json index f27935035..f611bfa6f 100644 --- a/controls/hostpidipcprivileges.json +++ b/controls/hostpidipcprivileges.json @@ -8,5 +8,5 @@ "rulesNames": [ "host-pid-ipc-privileges" ], - "id": "c_0038" + "id": "C-0038" } \ No newline at end of file diff --git a/controls/immutablecontainerfilesystem.json b/controls/immutablecontainerfilesystem.json index e3c9c7d09..fdc7068a4 100644 --- a/controls/immutablecontainerfilesystem.json +++ b/controls/immutablecontainerfilesystem.json @@ -8,5 +8,5 @@ "rulesNames": [ "immutable-container-filesystem" ], - "id": "c_0017" + "id": "C-0017" } \ No newline at end of file diff --git a/controls/ingressandegressblocked.json b/controls/ingressandegressblocked.json index b4e94de3c..d03722284 100644 --- a/controls/ingressandegressblocked.json +++ b/controls/ingressandegressblocked.json @@ -8,5 +8,5 @@ "rulesNames": [ "ingress-and-egress-blocked" ], - "id": "c_0030" + "id": "C-0030" } \ No newline at end of file diff --git a/controls/insecurecapabilities.json b/controls/insecurecapabilities.json index a866700b8..a1f139cb3 100644 --- a/controls/insecurecapabilities.json +++ b/controls/insecurecapabilities.json @@ -8,5 +8,5 @@ "rulesNames": [ "insecure-capabilities" ], - "id": "c_0046" + "id": "C-0046" } \ No newline at end of file diff --git a/controls/instancemetadataAPI..json b/controls/instancemetadataAPI..json index 37a3c23bc..f693e3605 100644 --- a/controls/instancemetadataAPI..json +++ b/controls/instancemetadataAPI..json @@ -11,5 +11,5 @@ "rulesNames": [ "instance-metadata-api-access" ], - "id": "c_0052" + "id": "C-0052" } \ No newline at end of file diff --git a/controls/kubernetescronJob.json b/controls/kubernetescronJob.json index 0739f170c..b6ae1e3cf 100644 --- a/controls/kubernetescronJob.json +++ b/controls/kubernetescronJob.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-deny-cronjobs" ], - "id": "c_0026" + "id": "C-0026" } \ No newline at end of file diff --git a/controls/linuxhardening.json b/controls/linuxhardening.json index 279492c9c..fe64e5211 100644 --- a/controls/linuxhardening.json +++ b/controls/linuxhardening.json @@ -8,5 +8,5 @@ "rulesNames": [ "linux-hardening" ], - "id": "c_0055" + "id": "C-0055" } \ No newline at end of file diff --git a/controls/maliciousadmissioncontroller-mutating.json b/controls/maliciousadmissioncontroller-mutating.json index 0d4fceaf1..1b72987b2 100644 --- a/controls/maliciousadmissioncontroller-mutating.json +++ b/controls/maliciousadmissioncontroller-mutating.json @@ -11,5 +11,5 @@ "rulesNames": [ "list-all-mutating-webhooks" ], - "id": "c_0039" + "id": "C-0039" } \ No newline at end of file diff --git a/controls/maliciousadmissioncontroller-validating.json b/controls/maliciousadmissioncontroller-validating.json index f6709a079..6779e5b04 100644 --- a/controls/maliciousadmissioncontroller-validating.json +++ b/controls/maliciousadmissioncontroller-validating.json @@ -11,5 +11,5 @@ "rulesNames": [ "list-all-validating-webhooks" ], - "id": "c_0036" + "id": "C-0036" } \ No newline at end of file diff --git a/controls/morethanonereplicas.json b/controls/morethanonereplicas.json index e4f567653..db2e585c4 100644 --- a/controls/morethanonereplicas.json +++ b/controls/morethanonereplicas.json @@ -8,5 +8,5 @@ "rulesNames": [ "more-than-one-replicas" ], - "id": "c_0032" + "id": "C-0032" } \ No newline at end of file diff --git a/controls/mountserviceprincipal.json b/controls/mountserviceprincipal.json index d58949e0b..258a59ce2 100644 --- a/controls/mountserviceprincipal.json +++ b/controls/mountserviceprincipal.json @@ -11,5 +11,5 @@ "rulesNames": [ "alert-any-hostpath" ], - "id": "c_0020" + "id": "C-0020" } \ No newline at end of file diff --git a/controls/namesimilarity.json b/controls/namesimilarity.json index 88c682bc9..c3065b1a0 100644 --- a/controls/namesimilarity.json +++ b/controls/namesimilarity.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-name-similarity" ], - "id": "c_0043" + "id": "C-0043" } \ No newline at end of file diff --git a/controls/networkmapping.json b/controls/networkmapping.json index ae41e5ab1..9970dfa93 100644 --- a/controls/networkmapping.json +++ b/controls/networkmapping.json @@ -11,5 +11,5 @@ "rulesNames": [ "internal-networking" ], - "id": "c_0049" + "id": "C-0049" } \ No newline at end of file diff --git a/controls/networkpolicies.json b/controls/networkpolicies.json index 22e143dea..797489f9b 100644 --- a/controls/networkpolicies.json +++ b/controls/networkpolicies.json @@ -8,5 +8,5 @@ "rulesNames": [ "internal-networking" ], - "id": "c_0011" + "id": "C-0011" } \ No newline at end of file diff --git a/controls/newcontainer.json b/controls/newcontainer.json index ab14c48b6..8e8597b41 100644 --- a/controls/newcontainer.json +++ b/controls/newcontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-create-modify-pod" ], - "id": "c_0010" + "id": "C-0010" } \ No newline at end of file diff --git a/controls/nonrootcontainers.json b/controls/nonrootcontainers.json index 52d98f57c..18aa024de 100644 --- a/controls/nonrootcontainers.json +++ b/controls/nonrootcontainers.json @@ -8,5 +8,5 @@ "rulesNames": [ "non-root-containers" ], - "id": "c_0013" + "id": "C-0013" } \ No newline at end of file diff --git a/controls/podspecificversiontag.json b/controls/podspecificversiontag.json index b458596b8..2835968b9 100644 --- a/controls/podspecificversiontag.json +++ b/controls/podspecificversiontag.json @@ -8,5 +8,5 @@ "rulesNames": [ "pod-specific-version-tag" ], - "id": "c_0040" + "id": "C-0040" } \ No newline at end of file diff --git a/controls/privilegedcontainer.json b/controls/privilegedcontainer.json index fcf875c87..c7622b265 100644 --- a/controls/privilegedcontainer.json +++ b/controls/privilegedcontainer.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-privilege-escalation" ], - "id": "c_0057" + "id": "C-0057" } \ No newline at end of file diff --git a/controls/resourcehijacking.json b/controls/resourcehijacking.json index 276d96087..4ff2b06d6 100644 --- a/controls/resourcehijacking.json +++ b/controls/resourcehijacking.json @@ -11,5 +11,5 @@ "rulesNames": [ "rule-can-create-modify-pod" ], - "id": "c_0023" + "id": "C-0023" } \ No newline at end of file diff --git a/controls/resourcepolicies.json b/controls/resourcepolicies.json index 0575faaf5..99c6184c4 100644 --- a/controls/resourcepolicies.json +++ b/controls/resourcepolicies.json @@ -8,5 +8,5 @@ "rulesNames": [ "resource-policies" ], - "id": "c_0009" + "id": "C-0009" } \ No newline at end of file diff --git a/controls/resourcescpulimit.json b/controls/resourcescpulimit.json index 7458e2006..0af5c06d9 100644 --- a/controls/resourcescpulimit.json +++ b/controls/resourcescpulimit.json @@ -8,5 +8,5 @@ "rulesNames": [ "resources-cpu-limit" ], - "id": "c_0050" + "id": "C-0050" } \ No newline at end of file diff --git a/controls/resourcesmemorylimit.json b/controls/resourcesmemorylimit.json index f953043f2..610da3625 100644 --- a/controls/resourcesmemorylimit.json +++ b/controls/resourcesmemorylimit.json @@ -8,5 +8,5 @@ "rulesNames": [ "resources-memory-limit" ], - "id": "c_0004" + "id": "C-0004" } \ No newline at end of file diff --git a/controls/sidecarinjection.json b/controls/sidecarinjection.json index d88407c4a..b12a3a790 100644 --- a/controls/sidecarinjection.json +++ b/controls/sidecarinjection.json @@ -11,5 +11,5 @@ "rulesNames": [ "sidecar-injection" ], - "id": "c_0008" + "id": "C-0008" } \ No newline at end of file diff --git a/controls/useridlessthanthousand.json b/controls/useridlessthanthousand.json index 3381b7467..a30657be1 100644 --- a/controls/useridlessthanthousand.json +++ b/controls/useridlessthanthousand.json @@ -8,5 +8,5 @@ "rulesNames": [ "user-id-less-than-thousands" ], - "id": "c_0022" + "id": "C-0022" } \ No newline at end of file diff --git a/controls/vulnerableapplication.json b/controls/vulnerableapplication.json index e457b0fe1..bc1ca15ab 100644 --- a/controls/vulnerableapplication.json +++ b/controls/vulnerableapplication.json @@ -11,5 +11,5 @@ "rulesNames": [ "deny-vuln-image-pods" ], - "id": "c_0024" + "id": "C-0024" } \ No newline at end of file diff --git a/controls/writablehostPathmount.json b/controls/writablehostPathmount.json index 06412f790..6175c9800 100644 --- a/controls/writablehostPathmount.json +++ b/controls/writablehostPathmount.json @@ -12,5 +12,5 @@ "rulesNames": [ "alert-rw-hostpath" ], - "id": "c_0045" + "id": "C-0045" } \ No newline at end of file