Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update 0350-amazon_rules.xml #775

Merged
merged 5 commits into from
Nov 11, 2020
Merged

Update 0350-amazon_rules.xml #775

merged 5 commits into from
Nov 11, 2020

Conversation

odintree
Copy link
Contributor

Hi team,

The purpose of this PR is to update the ConfigHistory rules. The rule 80453 can flood the Wazuh if the AWS Config is enabled. For this reason, I have silent this rule when the aws.configurationItemStatus field has the value OK. And created 4 new child rules that will be triggered once the specific status appears.

The valid values for aws.configurationItemStatus are:
OK – The resource configuration has been updated
ResourceDiscovered – The resource was newly discovered
ResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type
ResourceDeleted – The resource was deleted
ResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type

As I have mentioned above when it is OK the rule will be silenced (level = 0) for the rest I have set the level to 3 as of now.

Kind regards,
Bin.

Update ConfigHistory rules
@MiguelCasaresRobles
Copy link
Member

I checked the AWS config rule that generates the alerts were addressing in this PR get-resource-config-history and there is no mapping compliance for them. For that reason, we did not add the mapping to these new rules.

References: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configservice/get-resource-config-history.html
https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss.html

@MiguelCasaresRobles MiguelCasaresRobles merged commit bc2ffab into master Nov 11, 2020
@MiguelCasaresRobles MiguelCasaresRobles deleted the bin-confighistory branch November 11, 2020 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants