diff --git a/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml b/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml index 6db850001..12486ccec 100644 --- a/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml +++ b/compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml @@ -21,8 +21,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_account_part_of_organizations.yaml b/compliance/controls/aws/aws_account_part_of_organizations.yaml index ad25ba8c7..a115c943b 100644 --- a/compliance/controls/aws/aws_account_part_of_organizations.yaml +++ b/compliance/controls/aws/aws_account_part_of_organizations.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN organization_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml b/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml index 14c7f391f..2f035bce6 100644 --- a/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml +++ b/compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN renewal_eligibility = 'INELIGIBLE' THEN 'skip' WHEN DATE(not_after) - DATE(current_date) >= 30 THEN 'ok' diff --git a/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml b/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml index e307e4574..21d92b16a 100644 --- a/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml +++ b/compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status IN ('VALIDATION_TIMED_OUT', 'FAILED') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml b/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml index 51b2ab376..dce03fc52 100644 --- a/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml +++ b/compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status = 'PENDING_VALIDATION' THEN 'info' ELSE 'ok' diff --git a/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml b/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml index 31b875a41..b6f4df516 100644 --- a/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml +++ b/compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN domain_name LIKE '*%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_acm_certificate_not_expired.yaml b/compliance/controls/aws/aws_acm_certificate_not_expired.yaml index 642d8013c..9755e7322 100644 --- a/compliance/controls/aws/aws_acm_certificate_not_expired.yaml +++ b/compliance/controls/aws/aws_acm_certificate_not_expired.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN renewal_eligibility = 'INELIGIBLE' THEN 'skip' WHEN DATE(not_after) < (CURRENT_DATE - INTERVAL '1' minute) THEN 'alarm' diff --git a/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml b/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml index 98e24e323..a0f8dc849 100644 --- a/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml +++ b/compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT key_algorithm LIKE 'RSA-%' THEN 'skip' WHEN key_algorithm = 'RSA_1024' THEN 'alarm' diff --git a/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml b/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml index bd7af6b98..f75027961 100644 --- a/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml +++ b/compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type = 'IMPORTED' THEN 'skip' WHEN certificate_transparency_logging_preference = 'ENABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml b/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml index e558b5af7..a8b6be927 100644 --- a/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml +++ b/compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type <> 'ROOT' THEN 'skip' WHEN status = 'DISABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml b/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml index b915219b9..575ec21fe 100644 --- a/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml +++ b/compliance/controls/aws/aws_api_gateway_method_authorization_type_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT resource_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN authorization_type = 'NONE' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml b/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml index 7dd60d7fe..e2f3fbeb6 100644 --- a/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml +++ b/compliance/controls/aws/aws_api_gateway_method_request_parameter_validated.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT resource_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN request_validator_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml b/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml index 7acda1839..0f9b1d60e 100644 --- a/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml +++ b/compliance/controls/aws/aws_api_gateway_rest_api_public_endpoint_with_authorizer.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || p.partition || ':apigateway:' || p.region || '::/apis/' || p.api_id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN NOT (endpoint_configuration_types ? 'PRIVATE') AND (a.provider_arns IS NOT NULL AND jsonb_array_length(a.provider_arns) > 0) diff --git a/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml b/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml index 5323a6919..8de4a48fd 100644 --- a/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml +++ b/compliance/controls/aws/aws_api_gatewayv2_route_authorization_type_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN authorization_type IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml b/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml index 64a08ad54..b2c7ef6fd 100644 --- a/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml +++ b/compliance/controls/aws/aws_api_gatewayv2_route_authorizer_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN authorizer_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml b/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml index ab3e345c6..c6949682d 100644 --- a/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml +++ b/compliance/controls/aws/aws_apigateway_rest_api_authorizers_configured.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.name AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(a.provider_arns) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml b/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml index 448391576..8bb9e17c4 100644 --- a/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_apigateway_rest_api_endpoint_restrict_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN endpoint_configuration_types ? 'PRIVATE' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml b/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml index 14dfefd0c..c2b4a7135 100644 --- a/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml +++ b/compliance/controls/aws/aws_apigateway_rest_api_stage_use_ssl_certificate.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN client_certificate_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml b/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml index 3521c126f..045d43140 100644 --- a/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml +++ b/compliance/controls/aws/aws_apigateway_rest_api_stage_xray_tracing_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN tracing_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml index d6b7d08eb..c90973fe6 100644 --- a/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_apigateway_stage_cache_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || rest_api_id || '/stages/' || name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN method_settings -> '*/*' ->> 'CachingEnabled' = 'true' AND method_settings -> '*/*' ->> 'CacheDataEncrypted' = 'true' diff --git a/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml b/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml index 6801c715b..1f99cf7cb 100644 --- a/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml +++ b/compliance/controls/aws/aws_apigateway_stage_logging_enabled.yaml @@ -19,9 +19,9 @@ Query: region, account_id, tags, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_api_gateway_stage' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_api_gateway_stage' AS platform_table_name, _ctx FROM aws_api_gateway_stage @@ -34,18 +34,18 @@ Query: region, account_id, tags, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_api_gatewayv2_stage' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_api_gatewayv2_stage' AS platform_table_name, _ctx FROM aws_api_gatewayv2_stage ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - og_table_name AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + platform_table_name AS platform_table_name, CASE WHEN log_level IS NULL OR log_level = '' OR log_level = 'OFF' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml b/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml index 4150269fe..75daac547 100644 --- a/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml +++ b/compliance/controls/aws/aws_apigateway_stage_use_waf_web_acl.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN web_acl_arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml b/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml index 123c704eb..77909f4e0 100644 --- a/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml +++ b/compliance/controls/aws/aws_appstream_fleet_default_internet_access_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enable_default_internet_access THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml index 3ba6f4b71..8bbda7dff 100644 --- a/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml +++ b/compliance/controls/aws/aws_appstream_fleet_idle_disconnect_timeout_600_seconds.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN idle_disconnect_timeout_in_seconds <= 600 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml index 6e4f49bee..da884664f 100644 --- a/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml +++ b/compliance/controls/aws/aws_appstream_fleet_max_user_duration_36000_seconds.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN max_user_duration_in_seconds < 36000 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml b/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml index ee1adad3d..e23eca4bf 100644 --- a/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml +++ b/compliance/controls/aws/aws_appstream_fleet_session_disconnect_timeout_300_seconds.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN disconnect_timeout_in_seconds <= 300 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml b/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml index 3782fa8f8..11132900d 100644 --- a/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml +++ b/compliance/controls/aws/aws_appsync_graphql_api_field_level_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_config ->> 'FieldLogLevel' IN ('ERROR', 'ALL') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml index 4c5635b48..de133f294 100644 --- a/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_athena_workgroup_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_option IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml b/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml index 48804f45f..178991a64 100644 --- a/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml +++ b/compliance/controls/aws/aws_athena_workgroup_enforce_configuration_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enforce_workgroup_configuration THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml b/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml index a5f8246b2..d6692e433 100644 --- a/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml +++ b/compliance/controls/aws/aws_autoscaling_ec2_launch_configuration_no_sensitive_data.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_data LIKE ANY (ARRAY [ '%pass%', '%secret%', '%token%', '%key%' ]) diff --git a/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml b/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml index 932d52fff..baaa42d80 100644 --- a/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml +++ b/compliance/controls/aws/aws_autoscaling_group_multiple_az_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(availability_zones) > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml b/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml index a352a7a32..66259f4a0 100644 --- a/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml +++ b/compliance/controls/aws/aws_autoscaling_group_no_suspended_process.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN suspended_processes IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml b/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml index bfb15f9d7..340e6682b 100644 --- a/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml +++ b/compliance/controls/aws/aws_autoscaling_group_propagate_tags_to_ec2_instance_enabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT p.autoscaling_group_arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml b/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml index c215394cf..11897535b 100644 --- a/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml +++ b/compliance/controls/aws/aws_autoscaling_group_uses_ec2_launch_template.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN launch_template_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml b/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml index e69a86e97..88a1668d9 100644 --- a/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml +++ b/compliance/controls/aws/aws_autoscaling_group_with_lb_use_health_check.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_names IS NULL AND target_group_arns IS NULL THEN 'alarm' WHEN health_check_type != 'ELB' THEN 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml index 9297d58a0..27bdb5716 100644 --- a/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml +++ b/compliance/controls/aws/aws_autoscaling_launch_config_hop_limit.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options_put_response_hop_limit IS NULL THEN 'ok' WHEN metadata_options_put_response_hop_limit > 1 THEN 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml index 704f3c211..17c485174 100644 --- a/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml +++ b/compliance/controls/aws/aws_autoscaling_launch_config_public_ip_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN associate_public_ip_address THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml b/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml index 586410e9b..fdc70b75f 100644 --- a/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml +++ b/compliance/controls/aws/aws_autoscaling_launch_config_requires_imdsv2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options_http_tokens = 'required' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml b/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml index 0ab3e33fa..3cba8fb42 100644 --- a/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml +++ b/compliance/controls/aws/aws_autoscaling_use_multiple_instance_types_in_multiple_az.yaml @@ -16,8 +16,8 @@ Query: mixed_instances_policy_launch_template_overrides, region, tags, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, account_id FROM @@ -37,8 +37,8 @@ Query: ) SELECT a.autoscaling_group_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.distinct_instance_types > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml b/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml index 8f006af93..8cf770b0c 100644 --- a/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml +++ b/compliance/controls/aws/aws_backup_plan_min_retention_35_days.yaml @@ -16,8 +16,8 @@ Query: title, region, account_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx FROM aws_backup_plan, @@ -25,8 +25,8 @@ Query: ) SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.rules IS NULL THEN 'alarm' WHEN r.rules ->> 'Lifecycle' IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_backup_plan_region_configured.yaml b/compliance/controls/aws/aws_backup_plan_region_configured.yaml index b13ca93a0..0ff4c6289 100644 --- a/compliance/controls/aws/aws_backup_plan_region_configured.yaml +++ b/compliance/controls/aws/aws_backup_plan_region_configured.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN cp.count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml b/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml index 90aa6d2ed..4f6399e96 100644 --- a/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_backup_recovery_point_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT recovery_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN is_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml b/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml index 85045fcae..93173a520 100644 --- a/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml +++ b/compliance/controls/aws/aws_backup_recovery_point_manual_deletion_disabled.yaml @@ -24,8 +24,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN d.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml b/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml index 76b512afd..ef65c1e42 100644 --- a/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml +++ b/compliance/controls/aws/aws_backup_recovery_point_min_retention_35_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT recovery_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (lifecycle -> 'DeleteAfterDays') IS NULL THEN 'ok' WHEN (lifecycle -> 'DeleteAfterDays')::int >= 35 THEN 'ok' diff --git a/compliance/controls/aws/aws_backup_vault_region_configured.yaml b/compliance/controls/aws/aws_backup_vault_region_configured.yaml index c44f98abf..f521f7be2 100644 --- a/compliance/controls/aws/aws_backup_vault_region_configured.yaml +++ b/compliance/controls/aws/aws_backup_vault_region_configured.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN v.count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_10_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_10_1.yaml index 769fd5a31..9c130f58c 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_10_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_10_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_11_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_11_1.yaml index 30d7a23c9..6994f00ea 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_11_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_11_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_10.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_10.yaml index 8ab60cd41..02780d22a 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_10.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT network_interface_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status = 'available' AND attached_instance_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_11.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_11.yaml index eb6c5c076..ec2c667bf 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_11.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN instance_state NOT IN ('stopped', 'stopping') THEN 'skip' WHEN state_transition_time <= (current_date - INTERVAL '90' day) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_12.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_12.yaml index bac2ce277..9a8bd50bf 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_12.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_12.yaml @@ -23,8 +23,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN e.count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_13.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_13.yaml index 859cb454c..24f1ef833 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_13.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_13.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_data LIKE ANY (ARRAY ['%pass%', '%secret%', '%token%', '%key%']) OR user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_14.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_14.yaml index e37c3aaed..e5f594f62 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_14.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_14.yaml @@ -23,8 +23,8 @@ Query: ) SELECT p.autoscaling_group_arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_1.yaml index c53bfe6f8..b2b954d6d 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_2.yaml index b6dfd18c8..1188773d8 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_2.yaml @@ -14,8 +14,8 @@ Query: image_id AS resource, region, account_id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, tags, _ctx, BOOL_AND(COALESCE((mapping -> 'Ebs' ->> 'Encrypted')::text = 'true', FALSE)) AS all_encrypted @@ -28,13 +28,13 @@ Query: account_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN all_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_3.yaml index c2bde5e07..06da97532 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_4.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_4.yaml index 221eaa83d..dd1f025f4 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_4.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT image_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN creation_date >= (CURRENT_DATE - INTERVAL '90 days') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_5.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_5.yaml index e7f02d121..7f662adfb 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_1_5.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':image/' || image_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN public THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_1.yaml index 2fb0946b9..a8acfbe51 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_2.yaml index d4b4a6acb..339f96269 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':snapshot/' || snapshot_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_volume_permissions @> '[{"Group": "all", "UserId": null}]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_3.yaml index 1960abbe3..746970e59 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_4.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_4.yaml index d41832a83..6bdecd65e 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_2_4.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_2_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state = 'in-use' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_3.yaml index 50f5cef47..3165f35be 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_3.yaml @@ -26,8 +26,8 @@ Query: ) SELECT account_id AS resource, - _ctx.og_account_id AS og_account_id, - _ctx.og_resource_id AS og_resource_id, + _ctx.platform_account_id AS platform_account_id, + _ctx.platform_resource_id AS platform_resource_id, CASE WHEN count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_4.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_4.yaml index 95925710e..4f3654235 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_4.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_5.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_5.yaml index 718111327..8e2c64544 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_5.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, launch_time, CASE WHEN launch_time >= (CURRENT_DATE - INTERVAL '180 days') THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_6.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_6.yaml index 8e4e8264c..9c8e6bbae 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_6.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN monitoring_state = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_8.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_8.yaml index f91769d90..634535ae8 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_8.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_2_9.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_2_9.yaml index 53d9e97a6..22ae094d2 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_2_9.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_2_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN i.instance_state = 'stopped' THEN 'info' WHEN m.instance_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_1.yaml index 2f77b5241..465931f29 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_10.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_10.yaml index f97ab07ee..c4dae4769 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_10.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_11.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_11.yaml index b943b593f..0d7f5ce06 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_11.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_12.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_12.yaml index 474b040a2..c0f681ba8 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_12.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_2.yaml index ccb6dcbb9..a3fab47ca 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'INFO' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_3.yaml index ecef773c8..0c6684780 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT i.name AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_5.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_5.yaml index 29a0b2d01..1f3aefc16 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_5.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_5.yaml @@ -39,8 +39,8 @@ Query: ) SELECT i.name AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN urp.name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_6.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_6.yaml index 593801532..c335437bf 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_6.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ip_v6_addresses IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_7.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_7.yaml index 1ffa7c932..2af4d5bbd 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_7.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_8.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_8.yaml index ca14b9bb9..a827ad057 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_8.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_3_9.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_3_9.yaml index b8300cf42..c9e3d7ab6 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_3_9.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_3_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_1.yaml index 41d46891b..5bace652f 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_10.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_10.yaml index ffb6cb851..1fad011ce 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_10.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_11.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_11.yaml index f6b6a90cf..26359489b 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_11.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_12.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_12.yaml index 55d1ce820..b347a606c 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_12.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_2.yaml index 1547feb1a..796e737f5 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_3.yaml index 964c05a5a..541f9c470 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_4.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_4.yaml index 236e847bc..6e04fb5f4 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_4.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_5.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_5.yaml index 8d90e6566..a2adae001 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_5.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_6.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_6.yaml index 6821f9ed8..b64f4bfac 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_6.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_6.yaml @@ -27,8 +27,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_7.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_7.yaml index 0f41729a6..6dc377583 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_7.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_8.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_8.yaml index 2a6c04d49..e5fee9084 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_8.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_4_9.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_4_9.yaml index 62f40fd2c..7cfe8cb2c 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_4_9.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_4_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_5_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_5_1.yaml index dd9b0a5b7..792c6d273 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_5_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_5_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_5_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_5_2.yaml index c431b4fa6..4836f1ba9 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_5_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_5_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_6_1.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_6_1.yaml index 09b40f638..56a3a59eb 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_6_1.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_6_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_6_2.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_6_2.yaml index 54b83eb58..33683ac30 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_6_2.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_6_2.yaml @@ -24,8 +24,8 @@ Query: ) SELECT e.arn AS resource, - e.og_account_id AS og_account_id, - e.og_resource_id AS og_resource_id, + e.platform_account_id AS platform_account_id, + e.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_6_3.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_6_3.yaml index 9f52d89cd..6873ecabb 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_6_3.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_6_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_compute_service_v100_6_4.yaml b/compliance/controls/aws/aws_cis_compute_service_v100_6_4.yaml index 88d4919ba..17c171fb2 100644 --- a/compliance/controls/aws/aws_cis_compute_service_v100_6_4.yaml +++ b/compliance/controls/aws/aws_cis_compute_service_v100_6_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v120_1_1.yaml b/compliance/controls/aws/aws_cis_v120_1_1.yaml index bb367ce2f..63dc6f5e6 100644 --- a/compliance/controls/aws/aws_cis_v120_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v120_1_11.yaml b/compliance/controls/aws/aws_cis_v120_1_11.yaml index a5b501621..9528a02fa 100644 --- a/compliance/controls/aws/aws_cis_v120_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN max_password_age <= 90 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_1_12.yaml b/compliance/controls/aws/aws_cis_v120_1_12.yaml index f60396c61..af20f4246 100644 --- a/compliance/controls/aws/aws_cis_v120_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_1_13.yaml b/compliance/controls/aws/aws_cis_v120_1_13.yaml index 404c1b261..2e67c512f 100644 --- a/compliance/controls/aws/aws_cis_v120_1_13.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_13.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_1_15.yaml b/compliance/controls/aws/aws_cis_v120_1_15.yaml index d1ac35525..948563b57 100644 --- a/compliance/controls/aws/aws_cis_v120_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v120_1_16.yaml b/compliance/controls/aws/aws_cis_v120_1_16.yaml index 245155005..0ba90376d 100644 --- a/compliance/controls/aws/aws_cis_v120_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_16.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_1_17.yaml b/compliance/controls/aws/aws_cis_v120_1_17.yaml index af8b1d346..e795407ce 100644 --- a/compliance/controls/aws/aws_cis_v120_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_17.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v120_1_18.yaml b/compliance/controls/aws/aws_cis_v120_1_18.yaml index cb94979d1..d1ec5541b 100644 --- a/compliance/controls/aws/aws_cis_v120_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_18.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_1_19.yaml b/compliance/controls/aws/aws_cis_v120_1_19.yaml index 44fe08b29..9afcad74b 100644 --- a/compliance/controls/aws/aws_cis_v120_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v120_1_2.yaml b/compliance/controls/aws/aws_cis_v120_1_2.yaml index 871017566..b18324726 100644 --- a/compliance/controls/aws/aws_cis_v120_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_1_20.yaml b/compliance/controls/aws/aws_cis_v120_1_20.yaml index 0b1147877..cf8f885de 100644 --- a/compliance/controls/aws/aws_cis_v120_1_20.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_20.yaml @@ -32,8 +32,8 @@ Query: ) SELECT resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_1_21.yaml b/compliance/controls/aws/aws_cis_v120_1_21.yaml index fbdb1f152..9a2793645 100644 --- a/compliance/controls/aws/aws_cis_v120_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND extract(epoch FROM (access_key_1_last_rotated - user_creation_time)) < 10 diff --git a/compliance/controls/aws/aws_cis_v120_1_22.yaml b/compliance/controls/aws/aws_cis_v120_1_22.yaml index 444bdd44a..b3c31f4e2 100644 --- a/compliance/controls/aws/aws_cis_v120_1_22.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_22.yaml @@ -33,8 +33,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_1_3.yaml b/compliance/controls/aws/aws_cis_v120_1_3.yaml index fdb55c6e7..28b5e6a4d 100644 --- a/compliance/controls/aws/aws_cis_v120_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_cis_v120_1_4.yaml b/compliance/controls/aws/aws_cis_v120_1_4.yaml index 092f64403..5963e97a6 100644 --- a/compliance/controls/aws/aws_cis_v120_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (current_date - interval '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_1_8.yaml b/compliance/controls/aws/aws_cis_v120_1_8.yaml index df4df2839..b0b1d6e39 100644 --- a/compliance/controls/aws/aws_cis_v120_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v120_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN require_numbers THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_2_2.yaml b/compliance/controls/aws/aws_cis_v120_2_2.yaml index a8307a252..9cc18569b 100644 --- a/compliance/controls/aws/aws_cis_v120_2_2.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_2_3.yaml b/compliance/controls/aws/aws_cis_v120_2_3.yaml index b49b2a932..31c86f420 100644 --- a/compliance/controls/aws/aws_cis_v120_2_3.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_3.yaml @@ -40,8 +40,8 @@ Query: WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn END AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'skip' WHEN all_user_grants > 0 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_2_4.yaml b/compliance/controls/aws/aws_cis_v120_2_4.yaml index 4911ecff9..4c86af2e7 100644 --- a/compliance/controls/aws/aws_cis_v120_2_4.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > current_date - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_2_5.yaml b/compliance/controls/aws/aws_cis_v120_2_5.yaml index 1612069d7..21e24e06c 100644 --- a/compliance/controls/aws/aws_cis_v120_2_5.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_5.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 AND status ->> 'Recording' = 'true' diff --git a/compliance/controls/aws/aws_cis_v120_2_6.yaml b/compliance/controls/aws/aws_cis_v120_2_6.yaml index 57d8f4aa8..0755e7f23 100644 --- a/compliance/controls/aws/aws_cis_v120_2_6.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_2_7.yaml b/compliance/controls/aws/aws_cis_v120_2_7.yaml index f2aea79b2..3d4ba5ffa 100644 --- a/compliance/controls/aws/aws_cis_v120_2_7.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_2_8.yaml b/compliance/controls/aws/aws_cis_v120_2_8.yaml index f2e8f033d..1df412dc9 100644 --- a/compliance/controls/aws/aws_cis_v120_2_8.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v120_2_9.yaml b/compliance/controls/aws/aws_cis_v120_2_9.yaml index 1d64b4250..42e5855bc 100644 --- a/compliance/controls/aws/aws_cis_v120_2_9.yaml +++ b/compliance/controls/aws/aws_cis_v120_2_9.yaml @@ -14,8 +14,8 @@ Query: SELECT arn, account_id, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, region, owner_id, vpc_id, @@ -38,8 +38,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_3_11.yaml b/compliance/controls/aws/aws_cis_v120_3_11.yaml index 1df08f795..33d0ada76 100644 --- a/compliance/controls/aws/aws_cis_v120_3_11.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_11.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_3_12.yaml b/compliance/controls/aws/aws_cis_v120_3_12.yaml index 55381b540..fa3bc5edb 100644 --- a/compliance/controls/aws/aws_cis_v120_3_12.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_12.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_3_13.yaml b/compliance/controls/aws/aws_cis_v120_3_13.yaml index 820669c57..904b07ef6 100644 --- a/compliance/controls/aws/aws_cis_v120_3_13.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_13.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_3_14.yaml b/compliance/controls/aws/aws_cis_v120_3_14.yaml index 18e90224b..b01d59fcc 100644 --- a/compliance/controls/aws/aws_cis_v120_3_14.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_14.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_3_5.yaml b/compliance/controls/aws/aws_cis_v120_3_5.yaml index a0958a379..f6020fe8a 100644 --- a/compliance/controls/aws/aws_cis_v120_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v120_3_5.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v120_4_1.yaml b/compliance/controls/aws/aws_cis_v120_4_1.yaml index 268666beb..58c778628 100644 --- a/compliance/controls/aws/aws_cis_v120_4_1.yaml +++ b/compliance/controls/aws/aws_cis_v120_4_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_4_2.yaml b/compliance/controls/aws/aws_cis_v120_4_2.yaml index d20fd03bf..55b9b24a7 100644 --- a/compliance/controls/aws/aws_cis_v120_4_2.yaml +++ b/compliance/controls/aws/aws_cis_v120_4_2.yaml @@ -28,8 +28,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_rdp_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v120_4_4.yaml b/compliance/controls/aws/aws_cis_v120_4_4.yaml index ea99c783e..91d825d72 100644 --- a/compliance/controls/aws/aws_cis_v120_4_4.yaml +++ b/compliance/controls/aws/aws_cis_v120_4_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v130_1_1.yaml b/compliance/controls/aws/aws_cis_v130_1_1.yaml index 72c99843a..365e954b3 100644 --- a/compliance/controls/aws/aws_cis_v130_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v130_1_10.yaml b/compliance/controls/aws/aws_cis_v130_1_10.yaml index fcb2fc356..56412b563 100644 --- a/compliance/controls/aws/aws_cis_v130_1_10.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_11.yaml b/compliance/controls/aws/aws_cis_v130_1_11.yaml index e6d53015f..ffe1f1243 100644 --- a/compliance/controls/aws/aws_cis_v130_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND (EXTRACT(EPOCH FROM (access_key_1_last_rotated - user_creation_time)) < 10) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_12.yaml b/compliance/controls/aws/aws_cis_v130_1_12.yaml index f97c51e97..5828e088a 100644 --- a/compliance/controls/aws/aws_cis_v130_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_12.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_cis_v130_1_13.yaml b/compliance/controls/aws/aws_cis_v130_1_13.yaml index 1ec0c392b..961e3339b 100644 --- a/compliance/controls/aws/aws_cis_v130_1_13.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(k.*) > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_14.yaml b/compliance/controls/aws/aws_cis_v130_1_14.yaml index b0b24dba9..87b004945 100644 --- a/compliance/controls/aws/aws_cis_v130_1_14.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_15.yaml b/compliance/controls/aws/aws_cis_v130_1_15.yaml index 564f9778c..a48efc99a 100644 --- a/compliance/controls/aws/aws_cis_v130_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_1_16.yaml b/compliance/controls/aws/aws_cis_v130_1_16.yaml index 7bf69ab34..b065c8e15 100644 --- a/compliance/controls/aws/aws_cis_v130_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_16.yaml @@ -33,8 +33,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_17.yaml b/compliance/controls/aws/aws_cis_v130_1_17.yaml index 22f0938f4..56af3bce3 100644 --- a/compliance/controls/aws/aws_cis_v130_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_17.yaml @@ -30,8 +30,8 @@ Query: ) SELECT resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_1_18.yaml b/compliance/controls/aws/aws_cis_v130_1_18.yaml index 3666e8db5..79ead0b11 100644 --- a/compliance/controls/aws/aws_cis_v130_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v130_1_19.yaml b/compliance/controls/aws/aws_cis_v130_1_19.yaml index 699d5e6d9..bdfcfdfeb 100644 --- a/compliance/controls/aws/aws_cis_v130_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (CURRENT_DATE - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_2.yaml b/compliance/controls/aws/aws_cis_v130_1_2.yaml index ce075eb6d..1d2f2a94b 100644 --- a/compliance/controls/aws/aws_cis_v130_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_2.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_20.yaml b/compliance/controls/aws/aws_cis_v130_1_20.yaml index 6b8d2154c..82a24a3af 100644 --- a/compliance/controls/aws/aws_cis_v130_1_20.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_20.yaml @@ -18,8 +18,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - bucket.og_account_id AS og_account_id, - bucket.og_resource_id AS og_resource_id, + bucket.platform_account_id AS platform_account_id, + bucket.platform_resource_id AS platform_resource_id, CASE WHEN (bucket.block_public_acls OR s3account.block_public_acls) AND (bucket.block_public_policy OR s3account.block_public_policy) diff --git a/compliance/controls/aws/aws_cis_v130_1_21.yaml b/compliance/controls/aws/aws_cis_v130_1_21.yaml index 3b7dcf104..3138c249f 100644 --- a/compliance/controls/aws/aws_cis_v130_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_21.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' WHEN aa.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_22.yaml b/compliance/controls/aws/aws_cis_v130_1_22.yaml index 2c00e8469..47617a93d 100644 --- a/compliance/controls/aws/aws_cis_v130_1_22.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_22.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v130_1_3.yaml b/compliance/controls/aws/aws_cis_v130_1_3.yaml index a114cd0ec..e4371dc67 100644 --- a/compliance/controls/aws/aws_cis_v130_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v130_1_4.yaml b/compliance/controls/aws/aws_cis_v130_1_4.yaml index f5e26496f..a6765295d 100644 --- a/compliance/controls/aws/aws_cis_v130_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_1_5.yaml b/compliance/controls/aws/aws_cis_v130_1_5.yaml index 39650f5de..7b2c71666 100644 --- a/compliance/controls/aws/aws_cis_v130_1_5.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_1_7.yaml b/compliance/controls/aws/aws_cis_v130_1_7.yaml index 111f47abe..c905522a0 100644 --- a/compliance/controls/aws/aws_cis_v130_1_7.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' WHEN access_key_1_last_used_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_1_8.yaml b/compliance/controls/aws/aws_cis_v130_1_8.yaml index 0bccc07a1..027ee1b8a 100644 --- a/compliance/controls/aws/aws_cis_v130_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v130_1_8.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_2_1_1.yaml b/compliance/controls/aws/aws_cis_v130_2_1_1.yaml index 9ddd36be8..7f2179eb9 100644 --- a/compliance/controls/aws/aws_cis_v130_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v130_2_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN server_side_encryption_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_2_1_2.yaml b/compliance/controls/aws/aws_cis_v130_2_1_2.yaml index 239210851..4c33903e6 100644 --- a/compliance/controls/aws/aws_cis_v130_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v130_2_1_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_2_2_1.yaml b/compliance/controls/aws/aws_cis_v130_2_2_1.yaml index c4c5cd67d..2aece3e28 100644 --- a/compliance/controls/aws/aws_cis_v130_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_v130_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_10.yaml b/compliance/controls/aws/aws_cis_v130_3_10.yaml index 1af2d60b9..54bb3633f 100644 --- a/compliance/controls/aws/aws_cis_v130_3_10.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_10.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_11.yaml b/compliance/controls/aws/aws_cis_v130_3_11.yaml index eff8176a4..ccbda034d 100644 --- a/compliance/controls/aws/aws_cis_v130_3_11.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_11.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_2.yaml b/compliance/controls/aws/aws_cis_v130_3_2.yaml index 386f1e8cf..89e7cb895 100644 --- a/compliance/controls/aws/aws_cis_v130_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_3.yaml b/compliance/controls/aws/aws_cis_v130_3_3.yaml index fb8bb424d..6f3cc69b5 100644 --- a/compliance/controls/aws/aws_cis_v130_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_3.yaml @@ -44,8 +44,8 @@ Query: WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn END AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'skip' WHEN all_user_grants > 0 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_4.yaml b/compliance/controls/aws/aws_cis_v130_3_4.yaml index db5b503fc..5f1195ed8 100644 --- a/compliance/controls/aws/aws_cis_v130_3_4.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > CURRENT_DATE - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_5.yaml b/compliance/controls/aws/aws_cis_v130_3_5.yaml index 31b6d58a9..33f5d4d43 100644 --- a/compliance/controls/aws/aws_cis_v130_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_5.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 AND status ->> 'Recording' = 'true' diff --git a/compliance/controls/aws/aws_cis_v130_3_6.yaml b/compliance/controls/aws/aws_cis_v130_3_6.yaml index 65d2b4416..1704445c5 100644 --- a/compliance/controls/aws/aws_cis_v130_3_6.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_3_7.yaml b/compliance/controls/aws/aws_cis_v130_3_7.yaml index 73957e87b..6181c8807 100644 --- a/compliance/controls/aws/aws_cis_v130_3_7.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_3_8.yaml b/compliance/controls/aws/aws_cis_v130_3_8.yaml index a476ddcb6..781e412eb 100644 --- a/compliance/controls/aws/aws_cis_v130_3_8.yaml +++ b/compliance/controls/aws/aws_cis_v130_3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v130_4_13.yaml b/compliance/controls/aws/aws_cis_v130_4_13.yaml index 8f56eb7dc..98cda59b4 100644 --- a/compliance/controls/aws/aws_cis_v130_4_13.yaml +++ b/compliance/controls/aws/aws_cis_v130_4_13.yaml @@ -84,8 +84,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_4_3.yaml b/compliance/controls/aws/aws_cis_v130_4_3.yaml index 9c98ce57a..29ed8b567 100644 --- a/compliance/controls/aws/aws_cis_v130_4_3.yaml +++ b/compliance/controls/aws/aws_cis_v130_4_3.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_4_8.yaml b/compliance/controls/aws/aws_cis_v130_4_8.yaml index 8b09aabe0..733bd2e14 100644 --- a/compliance/controls/aws/aws_cis_v130_4_8.yaml +++ b/compliance/controls/aws/aws_cis_v130_4_8.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v130_5_2.yaml b/compliance/controls/aws/aws_cis_v130_5_2.yaml index 3216ba90a..38b3d77b6 100644 --- a/compliance/controls/aws/aws_cis_v130_5_2.yaml +++ b/compliance/controls/aws/aws_cis_v130_5_2.yaml @@ -39,8 +39,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v130_5_4.yaml b/compliance/controls/aws/aws_cis_v130_5_4.yaml index 4fd833a8d..676eec557 100644 --- a/compliance/controls/aws/aws_cis_v130_5_4.yaml +++ b/compliance/controls/aws/aws_cis_v130_5_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v140_1_1.yaml b/compliance/controls/aws/aws_cis_v140_1_1.yaml index 763ba7c02..adaedd77a 100644 --- a/compliance/controls/aws/aws_cis_v140_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v140_1_10.yaml b/compliance/controls/aws/aws_cis_v140_1_10.yaml index d69ca81bf..c21fe78cc 100644 --- a/compliance/controls/aws/aws_cis_v140_1_10.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_11.yaml b/compliance/controls/aws/aws_cis_v140_1_11.yaml index 1c933dd14..6a962645a 100644 --- a/compliance/controls/aws/aws_cis_v140_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND (EXTRACT(EPOCH FROM (access_key_1_last_rotated - user_creation_time)) < 10) diff --git a/compliance/controls/aws/aws_cis_v140_1_12.yaml b/compliance/controls/aws/aws_cis_v140_1_12.yaml index bcdb7312b..ed74ddb67 100644 --- a/compliance/controls/aws/aws_cis_v140_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' WHEN password_enabled AND password_last_used IS NULL AND password_last_changed < (CURRENT_DATE - INTERVAL '45' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_1_13.yaml b/compliance/controls/aws/aws_cis_v140_1_13.yaml index 9b2c2f025..87f42f6c8 100644 --- a/compliance/controls/aws/aws_cis_v140_1_13.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(k.*) > 1 THEN 'alarm' ELSE 'ok' @@ -33,8 +33,8 @@ Query: u.account_id, u.tags, u._ctx, - u.og_account_id, - u.og_resource_id; + u.platform_account_id, + u.platform_resource_id; Severity: low Tags: {} Title: 1.13 Ensure there is only one active access key available for any single IAM user \ No newline at end of file diff --git a/compliance/controls/aws/aws_cis_v140_1_14.yaml b/compliance/controls/aws/aws_cis_v140_1_14.yaml index 71f52ddb7..053238fb9 100644 --- a/compliance/controls/aws/aws_cis_v140_1_14.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_15.yaml b/compliance/controls/aws/aws_cis_v140_1_15.yaml index 20ada386f..01d97839f 100644 --- a/compliance/controls/aws/aws_cis_v140_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_1_16.yaml b/compliance/controls/aws/aws_cis_v140_1_16.yaml index e0140ba06..7000946ff 100644 --- a/compliance/controls/aws/aws_cis_v140_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_16.yaml @@ -33,8 +33,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_17.yaml b/compliance/controls/aws/aws_cis_v140_1_17.yaml index 549b83799..69cf2e029 100644 --- a/compliance/controls/aws/aws_cis_v140_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_17.yaml @@ -16,8 +16,8 @@ Query: COUNT(policy_arn), a.account_id, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id FROM aws_account AS a LEFT JOIN aws_iam_role AS r ON r.account_id = a.account_id @@ -29,13 +29,13 @@ Query: a.account_id, a.partition, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id ) SELECT resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_1_18.yaml b/compliance/controls/aws/aws_cis_v140_1_18.yaml index 74e1325e9..b90ac7297 100644 --- a/compliance/controls/aws/aws_cis_v140_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v140_1_19.yaml b/compliance/controls/aws/aws_cis_v140_1_19.yaml index a1b966020..2ad9731fb 100644 --- a/compliance/controls/aws/aws_cis_v140_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (current_date - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_2.yaml b/compliance/controls/aws/aws_cis_v140_1_2.yaml index 1c4b6a67a..81fc4aa99 100644 --- a/compliance/controls/aws/aws_cis_v140_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_2.yaml @@ -26,15 +26,15 @@ Query: title, account_id, _ctx, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id FROM aws_account ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' -- Name is a required field if setting a security contact diff --git a/compliance/controls/aws/aws_cis_v140_1_20.yaml b/compliance/controls/aws/aws_cis_v140_1_20.yaml index f7446dc10..eeaf4b157 100644 --- a/compliance/controls/aws/aws_cis_v140_1_20.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_20.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' WHEN aa.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_21.yaml b/compliance/controls/aws/aws_cis_v140_1_21.yaml index 7c2f997d5..688fc9329 100644 --- a/compliance/controls/aws/aws_cis_v140_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v140_1_3.yaml b/compliance/controls/aws/aws_cis_v140_1_3.yaml index 81d0e7548..d7a56e96e 100644 --- a/compliance/controls/aws/aws_cis_v140_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v140_1_4.yaml b/compliance/controls/aws/aws_cis_v140_1_4.yaml index 6186f4553..10a07022e 100644 --- a/compliance/controls/aws/aws_cis_v140_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_1_5.yaml b/compliance/controls/aws/aws_cis_v140_1_5.yaml index 8dd8c33d4..ffe1ad0af 100644 --- a/compliance/controls/aws/aws_cis_v140_1_5.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_1_7.yaml b/compliance/controls/aws/aws_cis_v140_1_7.yaml index dddfbaf85..4092c565c 100644 --- a/compliance/controls/aws/aws_cis_v140_1_7.yaml +++ b/compliance/controls/aws/aws_cis_v140_1_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (current_date - INTERVAL '90' day) THEN 'alarm' WHEN access_key_1_last_used_date <= (current_date - INTERVAL '90' day) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_2_1_1.yaml b/compliance/controls/aws/aws_cis_v140_2_1_1.yaml index f1861bf21..678d17d00 100644 --- a/compliance/controls/aws/aws_cis_v140_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN server_side_encryption_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_2_1_2.yaml b/compliance/controls/aws/aws_cis_v140_2_1_2.yaml index 171c7999c..dc4da2d9f 100644 --- a/compliance/controls/aws/aws_cis_v140_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_1_2.yaml @@ -31,8 +31,8 @@ Query: SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_2_1_3.yaml b/compliance/controls/aws/aws_cis_v140_2_1_3.yaml index 89dbb21b3..5ad660bfe 100644 --- a/compliance/controls/aws/aws_cis_v140_2_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_mfa_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_2_1_4.yaml b/compliance/controls/aws/aws_cis_v140_2_1_4.yaml index bea45f848..05bd308aa 100644 --- a/compliance/controls/aws/aws_cis_v140_2_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_1_4.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.region = ANY(ARRAY['us-gov-east-1', 'us-gov-west-1']) THEN 'skip' WHEN l.bucket_name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_2_2_1.yaml b/compliance/controls/aws/aws_cis_v140_2_2_1.yaml index 9630679e7..753c25b8a 100644 --- a/compliance/controls/aws/aws_cis_v140_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_2_3_1.yaml b/compliance/controls/aws/aws_cis_v140_2_3_1.yaml index d631f0127..45a6f0c7a 100644 --- a/compliance/controls/aws/aws_cis_v140_2_3_1.yaml +++ b/compliance/controls/aws/aws_cis_v140_2_3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_10.yaml b/compliance/controls/aws/aws_cis_v140_3_10.yaml index eb85f70ea..20c9b1451 100644 --- a/compliance/controls/aws/aws_cis_v140_3_10.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_10.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_11.yaml b/compliance/controls/aws/aws_cis_v140_3_11.yaml index 4ec159816..1e799b425 100644 --- a/compliance/controls/aws/aws_cis_v140_3_11.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_11.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_2.yaml b/compliance/controls/aws/aws_cis_v140_3_2.yaml index a593aa288..1691ca5bc 100644 --- a/compliance/controls/aws/aws_cis_v140_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_3.yaml b/compliance/controls/aws/aws_cis_v140_3_3.yaml index 4b415aad8..fd937b301 100644 --- a/compliance/controls/aws/aws_cis_v140_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_3.yaml @@ -18,8 +18,8 @@ Query: t.account_id, t.tags, t._ctx, - t.og_account_id, - t.og_resource_id, + t.platform_account_id, + t.platform_resource_id, COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AllUsers') AS all_user_grants, COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AuthenticatedUsers') AS auth_user_grants, COUNT(s) FILTER (WHERE s ->> 'Effect' = 'Allow' AND p = '*') AS anon_statements @@ -36,16 +36,16 @@ Query: t.account_id, t.tags, t._ctx, - t.og_account_id, - t.og_resource_id + t.platform_account_id, + t.platform_resource_id ) SELECT CASE WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn END AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'skip' WHEN all_user_grants > 0 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_4.yaml b/compliance/controls/aws/aws_cis_v140_3_4.yaml index adb855309..7d50390e5 100644 --- a/compliance/controls/aws/aws_cis_v140_3_4.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > CURRENT_DATE - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_5.yaml b/compliance/controls/aws/aws_cis_v140_3_5.yaml index 7a849ac17..c88d6ef8a 100644 --- a/compliance/controls/aws/aws_cis_v140_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_5.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 diff --git a/compliance/controls/aws/aws_cis_v140_3_6.yaml b/compliance/controls/aws/aws_cis_v140_3_6.yaml index 0422e7c00..65d089cd0 100644 --- a/compliance/controls/aws/aws_cis_v140_3_6.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_3_7.yaml b/compliance/controls/aws/aws_cis_v140_3_7.yaml index f6e07fd07..51b64d43c 100644 --- a/compliance/controls/aws/aws_cis_v140_3_7.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_3_8.yaml b/compliance/controls/aws/aws_cis_v140_3_8.yaml index 19e855820..bfd10f362 100644 --- a/compliance/controls/aws/aws_cis_v140_3_8.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v140_3_9.yaml b/compliance/controls/aws/aws_cis_v140_3_9.yaml index 9e6a2ad9f..3be00f245 100644 --- a/compliance/controls/aws/aws_cis_v140_3_9.yaml +++ b/compliance/controls/aws/aws_cis_v140_3_9.yaml @@ -19,8 +19,8 @@ Query: vpc_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_vpc ORDER BY @@ -38,8 +38,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_4_14.yaml b/compliance/controls/aws/aws_cis_v140_4_14.yaml index 69a21fa48..7f845b15b 100644 --- a/compliance/controls/aws/aws_cis_v140_4_14.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_14.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_4_5.yaml b/compliance/controls/aws/aws_cis_v140_4_5.yaml index 2390a3d59..8e0b84d25 100644 --- a/compliance/controls/aws/aws_cis_v140_4_5.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_5.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_4_7.yaml b/compliance/controls/aws/aws_cis_v140_4_7.yaml index f4df6397b..ca431d243 100644 --- a/compliance/controls/aws/aws_cis_v140_4_7.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_7.yaml @@ -79,8 +79,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_4_8.yaml b/compliance/controls/aws/aws_cis_v140_4_8.yaml index 2331705fb..30e1e9522 100644 --- a/compliance/controls/aws/aws_cis_v140_4_8.yaml +++ b/compliance/controls/aws/aws_cis_v140_4_8.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v140_5_1.yaml b/compliance/controls/aws/aws_cis_v140_5_1.yaml index 6f137d28d..bfe93e21d 100644 --- a/compliance/controls/aws/aws_cis_v140_5_1.yaml +++ b/compliance/controls/aws/aws_cis_v140_5_1.yaml @@ -69,8 +69,8 @@ Query: ) SELECT 'arn:' || acl.partition || ':ec2:' || acl.region || ':' || acl.account_id || ':network-acl/' || acl.network_acl_id AS resource, - acl.og_account_id AS og_account_id, - acl.og_resource_id AS og_resource_id, + acl.platform_account_id AS platform_account_id, + acl.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.network_acl_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_5_2.yaml b/compliance/controls/aws/aws_cis_v140_5_2.yaml index a2818b3b1..7df539128 100644 --- a/compliance/controls/aws/aws_cis_v140_5_2.yaml +++ b/compliance/controls/aws/aws_cis_v140_5_2.yaml @@ -39,8 +39,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v140_5_4.yaml b/compliance/controls/aws/aws_cis_v140_5_4.yaml index 8a25ecd30..25a868791 100644 --- a/compliance/controls/aws/aws_cis_v140_5_4.yaml +++ b/compliance/controls/aws/aws_cis_v140_5_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v150_1_1.yaml b/compliance/controls/aws/aws_cis_v150_1_1.yaml index eb725566a..ad2061e6a 100644 --- a/compliance/controls/aws/aws_cis_v150_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v150_1_10.yaml b/compliance/controls/aws/aws_cis_v150_1_10.yaml index ae2da1b77..e7b6a6c8e 100644 --- a/compliance/controls/aws/aws_cis_v150_1_10.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_11.yaml b/compliance/controls/aws/aws_cis_v150_1_11.yaml index 7faef747d..0c0b5c47b 100644 --- a/compliance/controls/aws/aws_cis_v150_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND extract(epoch FROM (access_key_1_last_rotated - user_creation_time)) < 10 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_12.yaml b/compliance/controls/aws/aws_cis_v150_1_12.yaml index 6a9d02930..1f90c1bd7 100644 --- a/compliance/controls/aws/aws_cis_v150_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_cis_v150_1_13.yaml b/compliance/controls/aws/aws_cis_v150_1_13.yaml index 088a1b142..1ec355b02 100644 --- a/compliance/controls/aws/aws_cis_v150_1_13.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(k.*) > 1 THEN 'alarm' ELSE 'ok' @@ -33,8 +33,8 @@ Query: u.account_id, u.tags, u._ctx, - u.og_account_id, - u.og_resource_id; + u.platform_account_id, + u.platform_resource_id; Severity: low Tags: {} Title: 1.13 Ensure there is only one active access key available for any single IAM user \ No newline at end of file diff --git a/compliance/controls/aws/aws_cis_v150_1_14.yaml b/compliance/controls/aws/aws_cis_v150_1_14.yaml index 413d9c74f..1949ba724 100644 --- a/compliance/controls/aws/aws_cis_v150_1_14.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_15.yaml b/compliance/controls/aws/aws_cis_v150_1_15.yaml index 8284cf85d..b59a84a34 100644 --- a/compliance/controls/aws/aws_cis_v150_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_16.yaml b/compliance/controls/aws/aws_cis_v150_1_16.yaml index a98c361f0..617dee34f 100644 --- a/compliance/controls/aws/aws_cis_v150_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_16.yaml @@ -33,8 +33,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_17.yaml b/compliance/controls/aws/aws_cis_v150_1_17.yaml index e0f2e4df9..4ed6f3a58 100644 --- a/compliance/controls/aws/aws_cis_v150_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_17.yaml @@ -16,8 +16,8 @@ Query: COUNT(policy_arn), a.account_id, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id FROM aws_account AS a LEFT JOIN @@ -31,13 +31,13 @@ Query: a.account_id, a.partition, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id ) SELECT resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_18.yaml b/compliance/controls/aws/aws_cis_v150_1_18.yaml index 4ed32dcea..171ca4387 100644 --- a/compliance/controls/aws/aws_cis_v150_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v150_1_19.yaml b/compliance/controls/aws/aws_cis_v150_1_19.yaml index e048a11c1..c616a7ef8 100644 --- a/compliance/controls/aws/aws_cis_v150_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (current_date - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_2.yaml b/compliance/controls/aws/aws_cis_v150_1_2.yaml index 6c9556fe4..7d4ac9e73 100644 --- a/compliance/controls/aws/aws_cis_v150_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_2.yaml @@ -26,15 +26,15 @@ Query: title, account_id, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_account ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_21.yaml b/compliance/controls/aws/aws_cis_v150_1_21.yaml index b231be686..3fecadecb 100644 --- a/compliance/controls/aws/aws_cis_v150_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v150_1_3.yaml b/compliance/controls/aws/aws_cis_v150_1_3.yaml index bbfe0cbc1..552467d77 100644 --- a/compliance/controls/aws/aws_cis_v150_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v150_1_4.yaml b/compliance/controls/aws/aws_cis_v150_1_4.yaml index 245b444d0..11b26b220 100644 --- a/compliance/controls/aws/aws_cis_v150_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_1_5.yaml b/compliance/controls/aws/aws_cis_v150_1_5.yaml index 7a60f196c..d84dd466b 100644 --- a/compliance/controls/aws/aws_cis_v150_1_5.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_7.yaml b/compliance/controls/aws/aws_cis_v150_1_7.yaml index f529339d4..43786a4ba 100644 --- a/compliance/controls/aws/aws_cis_v150_1_7.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (current_date - INTERVAL '90' day) THEN 'alarm' WHEN access_key_1_last_used_date <= (current_date - INTERVAL '90' day) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_8.yaml b/compliance/controls/aws/aws_cis_v150_1_8.yaml index 9d6b936e1..12fdfbdb7 100644 --- a/compliance/controls/aws/aws_cis_v150_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_1_9.yaml b/compliance/controls/aws/aws_cis_v150_1_9.yaml index 853666866..3fa6acdd9 100644 --- a/compliance/controls/aws/aws_cis_v150_1_9.yaml +++ b/compliance/controls/aws/aws_cis_v150_1_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN password_reuse_prevention >= 24 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_1_1.yaml b/compliance/controls/aws/aws_cis_v150_2_1_1.yaml index bf7dd7240..8546543da 100644 --- a/compliance/controls/aws/aws_cis_v150_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN server_side_encryption_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_1_2.yaml b/compliance/controls/aws/aws_cis_v150_2_1_2.yaml index bcfa684b3..adce9e331 100644 --- a/compliance/controls/aws/aws_cis_v150_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_1_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_1_3.yaml b/compliance/controls/aws/aws_cis_v150_2_1_3.yaml index 1e64b6c39..ad7725f55 100644 --- a/compliance/controls/aws/aws_cis_v150_2_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_mfa_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_1_4.yaml b/compliance/controls/aws/aws_cis_v150_2_1_4.yaml index aefb6b9f3..d6ff771cc 100644 --- a/compliance/controls/aws/aws_cis_v150_2_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_1_4.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.region = ANY(ARRAY['us-gov-east-1', 'us-gov-west-1']) THEN 'skip' WHEN l.bucket_name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_2_2_1.yaml b/compliance/controls/aws/aws_cis_v150_2_2_1.yaml index 69d0f0c89..006d25d77 100644 --- a/compliance/controls/aws/aws_cis_v150_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_3_1.yaml b/compliance/controls/aws/aws_cis_v150_2_3_1.yaml index 7e4fb112e..2c20f62b3 100644 --- a/compliance/controls/aws/aws_cis_v150_2_3_1.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_3_2.yaml b/compliance/controls/aws/aws_cis_v150_2_3_2.yaml index 868bdbf0c..67941476f 100644 --- a/compliance/controls/aws/aws_cis_v150_2_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_2_3_3.yaml b/compliance/controls/aws/aws_cis_v150_2_3_3.yaml index a42fb691c..373202250 100644 --- a/compliance/controls/aws/aws_cis_v150_2_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_3_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_2_4_1.yaml b/compliance/controls/aws/aws_cis_v150_2_4_1.yaml index 630022f16..f478226c9 100644 --- a/compliance/controls/aws/aws_cis_v150_2_4_1.yaml +++ b/compliance/controls/aws/aws_cis_v150_2_4_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_10.yaml b/compliance/controls/aws/aws_cis_v150_3_10.yaml index 8650e1cb8..8669d7ef3 100644 --- a/compliance/controls/aws/aws_cis_v150_3_10.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_10.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_11.yaml b/compliance/controls/aws/aws_cis_v150_3_11.yaml index cbd491109..93ce49d4d 100644 --- a/compliance/controls/aws/aws_cis_v150_3_11.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_11.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_2.yaml b/compliance/controls/aws/aws_cis_v150_3_2.yaml index c0d3beed0..1e1762d40 100644 --- a/compliance/controls/aws/aws_cis_v150_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_3.yaml b/compliance/controls/aws/aws_cis_v150_3_3.yaml index 0ec111ab6..98e689299 100644 --- a/compliance/controls/aws/aws_cis_v150_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_3.yaml @@ -21,8 +21,8 @@ Query: COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AllUsers') AS all_user_grants, COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AuthenticatedUsers') AS auth_user_grants, COUNT(s) FILTER (WHERE s ->> 'Effect' = 'Allow' AND p = '*' ) AS anon_statements, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id FROM aws_cloudtrail_trail AS t LEFT JOIN aws_s3_bucket AS b ON t.s3_bucket_name = b.name @@ -36,16 +36,16 @@ Query: t.account_id, t.tags, t._ctx, - t.og_account_id, - t.og_resource_id + t.platform_account_id, + t.platform_resource_id ) SELECT CASE WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn END AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'skip' WHEN all_user_grants > 0 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_4.yaml b/compliance/controls/aws/aws_cis_v150_3_4.yaml index baa81007b..e3bba5d71 100644 --- a/compliance/controls/aws/aws_cis_v150_3_4.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > current_date - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_5.yaml b/compliance/controls/aws/aws_cis_v150_3_5.yaml index d8530243c..7a901d09a 100644 --- a/compliance/controls/aws/aws_cis_v150_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_5.yaml @@ -24,8 +24,8 @@ Query: SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 diff --git a/compliance/controls/aws/aws_cis_v150_3_6.yaml b/compliance/controls/aws/aws_cis_v150_3_6.yaml index 69019dc37..372eec7bb 100644 --- a/compliance/controls/aws/aws_cis_v150_3_6.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_3_7.yaml b/compliance/controls/aws/aws_cis_v150_3_7.yaml index 11346c686..d69559147 100644 --- a/compliance/controls/aws/aws_cis_v150_3_7.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_3_8.yaml b/compliance/controls/aws/aws_cis_v150_3_8.yaml index 10afaec39..946629a11 100644 --- a/compliance/controls/aws/aws_cis_v150_3_8.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v150_3_9.yaml b/compliance/controls/aws/aws_cis_v150_3_9.yaml index 94d9b36e2..da7f52fd7 100644 --- a/compliance/controls/aws/aws_cis_v150_3_9.yaml +++ b/compliance/controls/aws/aws_cis_v150_3_9.yaml @@ -19,8 +19,8 @@ Query: vpc_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_vpc ORDER BY @@ -38,8 +38,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_10.yaml b/compliance/controls/aws/aws_cis_v150_4_10.yaml index 702e339f5..d654dd9a1 100644 --- a/compliance/controls/aws/aws_cis_v150_4_10.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_10.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_14.yaml b/compliance/controls/aws/aws_cis_v150_4_14.yaml index 14dd9ca0a..a13df93b6 100644 --- a/compliance/controls/aws/aws_cis_v150_4_14.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_14.yaml @@ -82,8 +82,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_16.yaml b/compliance/controls/aws/aws_cis_v150_4_16.yaml index 1dd89b38a..158a241cf 100644 --- a/compliance/controls/aws/aws_cis_v150_4_16.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_16.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1', 'ap-northeast-3']) THEN 'skip' WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v150_4_3.yaml b/compliance/controls/aws/aws_cis_v150_4_3.yaml index 96341a88f..924002cb9 100644 --- a/compliance/controls/aws/aws_cis_v150_4_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_3.yaml @@ -72,8 +72,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_5.yaml b/compliance/controls/aws/aws_cis_v150_4_5.yaml index 3c8e5ea1b..cb90b81c4 100644 --- a/compliance/controls/aws/aws_cis_v150_4_5.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_5.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_7.yaml b/compliance/controls/aws/aws_cis_v150_4_7.yaml index 251c3e490..d9de28a71 100644 --- a/compliance/controls/aws/aws_cis_v150_4_7.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_7.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_4_8.yaml b/compliance/controls/aws/aws_cis_v150_4_8.yaml index f990bf301..de3ad97cf 100644 --- a/compliance/controls/aws/aws_cis_v150_4_8.yaml +++ b/compliance/controls/aws/aws_cis_v150_4_8.yaml @@ -80,8 +80,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v150_5_2.yaml b/compliance/controls/aws/aws_cis_v150_5_2.yaml index 1458623db..3e233e3e9 100644 --- a/compliance/controls/aws/aws_cis_v150_5_2.yaml +++ b/compliance/controls/aws/aws_cis_v150_5_2.yaml @@ -46,8 +46,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_5_3.yaml b/compliance/controls/aws/aws_cis_v150_5_3.yaml index ea45ec73d..e2be2bfe6 100644 --- a/compliance/controls/aws/aws_cis_v150_5_3.yaml +++ b/compliance/controls/aws/aws_cis_v150_5_3.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_5_4.yaml b/compliance/controls/aws/aws_cis_v150_5_4.yaml index 5da26c04a..761b1df64 100644 --- a/compliance/controls/aws/aws_cis_v150_5_4.yaml +++ b/compliance/controls/aws/aws_cis_v150_5_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN jsonb_array_length(ip_permissions) = 0 AND jsonb_array_length(ip_permissions_egress) = 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v150_5_5.yaml b/compliance/controls/aws/aws_cis_v150_5_5.yaml index e1ba5ac36..cb145387f 100644 --- a/compliance/controls/aws/aws_cis_v150_5_5.yaml +++ b/compliance/controls/aws/aws_cis_v150_5_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_1_1.yaml b/compliance/controls/aws/aws_cis_v200_1_1.yaml index 36752c4a8..1dc393cf2 100644 --- a/compliance/controls/aws/aws_cis_v200_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_1_10.yaml b/compliance/controls/aws/aws_cis_v200_1_10.yaml index 2d1defcd5..f93d33cd7 100644 --- a/compliance/controls/aws/aws_cis_v200_1_10.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_11.yaml b/compliance/controls/aws/aws_cis_v200_1_11.yaml index 0220aab89..4a37e9a34 100644 --- a/compliance/controls/aws/aws_cis_v200_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND (EXTRACT(epoch FROM (access_key_1_last_rotated - user_creation_time)) < 10) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_12.yaml b/compliance/controls/aws/aws_cis_v200_1_12.yaml index bfe159414..159c6722e 100644 --- a/compliance/controls/aws/aws_cis_v200_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_cis_v200_1_13.yaml b/compliance/controls/aws/aws_cis_v200_1_13.yaml index 2da8e426d..16bc982bb 100644 --- a/compliance/controls/aws/aws_cis_v200_1_13.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(k.*) > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_14.yaml b/compliance/controls/aws/aws_cis_v200_1_14.yaml index dd6b8137a..63ce4309e 100644 --- a/compliance/controls/aws/aws_cis_v200_1_14.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_15.yaml b/compliance/controls/aws/aws_cis_v200_1_15.yaml index 406aff295..4b8198dde 100644 --- a/compliance/controls/aws/aws_cis_v200_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_1_16.yaml b/compliance/controls/aws/aws_cis_v200_1_16.yaml index c60e2ea86..6c32bcd8b 100644 --- a/compliance/controls/aws/aws_cis_v200_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_16.yaml @@ -33,8 +33,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_17.yaml b/compliance/controls/aws/aws_cis_v200_1_17.yaml index ac80e9c9a..1908a4416 100644 --- a/compliance/controls/aws/aws_cis_v200_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_17.yaml @@ -32,8 +32,8 @@ Query: ) SELECT resource, - (SELECT og_account_id FROM aws_account WHERE account_id = support_role_count.account_id) AS og_account_id, - (SELECT og_resource_id FROM aws_account WHERE account_id = support_role_count.account_id) AS og_resource_id, + (SELECT platform_account_id FROM aws_account WHERE account_id = support_role_count.account_id) AS platform_account_id, + (SELECT platform_resource_id FROM aws_account WHERE account_id = support_role_count.account_id) AS platform_resource_id, CASE WHEN count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_1_18.yaml b/compliance/controls/aws/aws_cis_v200_1_18.yaml index e136b8a0a..4c3923ccd 100644 --- a/compliance/controls/aws/aws_cis_v200_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_1_19.yaml b/compliance/controls/aws/aws_cis_v200_1_19.yaml index ae2a00d08..c5e38222d 100644 --- a/compliance/controls/aws/aws_cis_v200_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (CURRENT_DATE - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_2.yaml b/compliance/controls/aws/aws_cis_v200_1_2.yaml index 7de44e9de..eb0539768 100644 --- a/compliance/controls/aws/aws_cis_v200_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_2.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' -- Name is a required field if setting a security contact diff --git a/compliance/controls/aws/aws_cis_v200_1_20.yaml b/compliance/controls/aws/aws_cis_v200_1_20.yaml index bda3ecea5..e755db837 100644 --- a/compliance/controls/aws/aws_cis_v200_1_20.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_20.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' WHEN aa.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_21.yaml b/compliance/controls/aws/aws_cis_v200_1_21.yaml index 8d38d2f2a..5de44dac2 100644 --- a/compliance/controls/aws/aws_cis_v200_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_1_3.yaml b/compliance/controls/aws/aws_cis_v200_1_3.yaml index b1ba99e97..ec23b57e2 100644 --- a/compliance/controls/aws/aws_cis_v200_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_1_4.yaml b/compliance/controls/aws/aws_cis_v200_1_4.yaml index 4118b493a..cdb495383 100644 --- a/compliance/controls/aws/aws_cis_v200_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_1_5.yaml b/compliance/controls/aws/aws_cis_v200_1_5.yaml index 3c5590b56..d790dcdf2 100644 --- a/compliance/controls/aws/aws_cis_v200_1_5.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_1_7.yaml b/compliance/controls/aws/aws_cis_v200_1_7.yaml index 4cdfa3c90..753ec6ee9 100644 --- a/compliance/controls/aws/aws_cis_v200_1_7.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' WHEN access_key_1_last_used_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_1_8.yaml b/compliance/controls/aws/aws_cis_v200_1_8.yaml index b7f4ab4f5..b00aab4b3 100644 --- a/compliance/controls/aws/aws_cis_v200_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v200_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_1_1.yaml b/compliance/controls/aws/aws_cis_v200_2_1_1.yaml index bf4b4bb0e..4f6a7461c 100644 --- a/compliance/controls/aws/aws_cis_v200_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_1_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_1_2.yaml b/compliance/controls/aws/aws_cis_v200_2_1_2.yaml index aca7b59b3..866f68965 100644 --- a/compliance/controls/aws/aws_cis_v200_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_1_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_mfa_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_1_3.yaml b/compliance/controls/aws/aws_cis_v200_2_1_3.yaml index 546bbcc7f..a3e596c01 100644 --- a/compliance/controls/aws/aws_cis_v200_2_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_1_3.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.region = ANY(ARRAY['us-gov-east-1', 'us-gov-west-1']) THEN 'skip' WHEN l.bucket_name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_2_1_4.yaml b/compliance/controls/aws/aws_cis_v200_2_1_4.yaml index 651707d7c..e223e9cf0 100644 --- a/compliance/controls/aws/aws_cis_v200_2_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - bucket.og_account_id AS og_account_id, - bucket.og_resource_id AS og_resource_id, + bucket.platform_account_id AS platform_account_id, + bucket.platform_resource_id AS platform_resource_id, CASE WHEN (bucket.block_public_acls OR s3account.block_public_acls) AND (bucket.block_public_policy OR s3account.block_public_policy) diff --git a/compliance/controls/aws/aws_cis_v200_2_2_1.yaml b/compliance/controls/aws/aws_cis_v200_2_2_1.yaml index 3a86365f7..c31459379 100644 --- a/compliance/controls/aws/aws_cis_v200_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_3_1.yaml b/compliance/controls/aws/aws_cis_v200_2_3_1.yaml index 58dc45460..b8cc59b2e 100644 --- a/compliance/controls/aws/aws_cis_v200_2_3_1.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_3_2.yaml b/compliance/controls/aws/aws_cis_v200_2_3_2.yaml index 16e0ae9bb..ff67802a3 100644 --- a/compliance/controls/aws/aws_cis_v200_2_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_2_3_3.yaml b/compliance/controls/aws/aws_cis_v200_2_3_3.yaml index 8f9418aa0..372082018 100644 --- a/compliance/controls/aws/aws_cis_v200_2_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_3_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_2_4_1.yaml b/compliance/controls/aws/aws_cis_v200_2_4_1.yaml index 6e843a400..3631023e3 100644 --- a/compliance/controls/aws/aws_cis_v200_2_4_1.yaml +++ b/compliance/controls/aws/aws_cis_v200_2_4_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_10.yaml b/compliance/controls/aws/aws_cis_v200_3_10.yaml index 9c3521bbc..9e89940ea 100644 --- a/compliance/controls/aws/aws_cis_v200_3_10.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_10.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_11.yaml b/compliance/controls/aws/aws_cis_v200_3_11.yaml index e2cec0375..29078012f 100644 --- a/compliance/controls/aws/aws_cis_v200_3_11.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_11.yaml @@ -32,8 +32,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_2.yaml b/compliance/controls/aws/aws_cis_v200_3_2.yaml index 913e18ce4..b5b2c77e4 100644 --- a/compliance/controls/aws/aws_cis_v200_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_3.yaml b/compliance/controls/aws/aws_cis_v200_3_3.yaml index e1b8ef496..df35d2ddc 100644 --- a/compliance/controls/aws/aws_cis_v200_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_3.yaml @@ -42,8 +42,8 @@ Query: WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn END AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'skip' WHEN all_user_grants > 0 THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_4.yaml b/compliance/controls/aws/aws_cis_v200_3_4.yaml index 4b868a6f4..f21a9abd3 100644 --- a/compliance/controls/aws/aws_cis_v200_3_4.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > current_date - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_5.yaml b/compliance/controls/aws/aws_cis_v200_3_5.yaml index 7f45689f0..e0dd193ec 100644 --- a/compliance/controls/aws/aws_cis_v200_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_5.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 AND status ->> 'Recording' = 'true' diff --git a/compliance/controls/aws/aws_cis_v200_3_6.yaml b/compliance/controls/aws/aws_cis_v200_3_6.yaml index 24aaf2721..3808aad2e 100644 --- a/compliance/controls/aws/aws_cis_v200_3_6.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_3_7.yaml b/compliance/controls/aws/aws_cis_v200_3_7.yaml index fb6987045..23304911f 100644 --- a/compliance/controls/aws/aws_cis_v200_3_7.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_3_8.yaml b/compliance/controls/aws/aws_cis_v200_3_8.yaml index e451ddfc4..c5f8e5a97 100644 --- a/compliance/controls/aws/aws_cis_v200_3_8.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v200_3_9.yaml b/compliance/controls/aws/aws_cis_v200_3_9.yaml index 0d36be1fe..580cf649c 100644 --- a/compliance/controls/aws/aws_cis_v200_3_9.yaml +++ b/compliance/controls/aws/aws_cis_v200_3_9.yaml @@ -14,8 +14,8 @@ Query: SELECT arn, account_id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, region, owner_id, vpc_id, @@ -38,8 +38,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_4_12.yaml b/compliance/controls/aws/aws_cis_v200_4_12.yaml index 557249005..668c5137b 100644 --- a/compliance/controls/aws/aws_cis_v200_4_12.yaml +++ b/compliance/controls/aws/aws_cis_v200_4_12.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_4_3.yaml b/compliance/controls/aws/aws_cis_v200_4_3.yaml index 7a1ff5028..6290149f8 100644 --- a/compliance/controls/aws/aws_cis_v200_4_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_4_3.yaml @@ -80,8 +80,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_4_6.yaml b/compliance/controls/aws/aws_cis_v200_4_6.yaml index a57787eb2..5a3e03c3b 100644 --- a/compliance/controls/aws/aws_cis_v200_4_6.yaml +++ b/compliance/controls/aws/aws_cis_v200_4_6.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.account_id AS og_account_id, - f.trail_name AS og_resource_id, + f.account_id AS platform_account_id, + f.trail_name AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_5_2.yaml b/compliance/controls/aws/aws_cis_v200_5_2.yaml index f2e896da6..5a22cb672 100644 --- a/compliance/controls/aws/aws_cis_v200_5_2.yaml +++ b/compliance/controls/aws/aws_cis_v200_5_2.yaml @@ -52,8 +52,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_5_3.yaml b/compliance/controls/aws/aws_cis_v200_5_3.yaml index a7be1e15a..16469ccf2 100644 --- a/compliance/controls/aws/aws_cis_v200_5_3.yaml +++ b/compliance/controls/aws/aws_cis_v200_5_3.yaml @@ -38,8 +38,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v200_5_4.yaml b/compliance/controls/aws/aws_cis_v200_5_4.yaml index 68c49e827..0a41064ec 100644 --- a/compliance/controls/aws/aws_cis_v200_5_4.yaml +++ b/compliance/controls/aws/aws_cis_v200_5_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(ip_permissions) = 0 AND jsonb_array_length(ip_permissions_egress) = 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v200_5_5.yaml b/compliance/controls/aws/aws_cis_v200_5_5.yaml index e4499292f..95e061536 100644 --- a/compliance/controls/aws/aws_cis_v200_5_5.yaml +++ b/compliance/controls/aws/aws_cis_v200_5_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v200_5_6.yaml b/compliance/controls/aws/aws_cis_v200_5_6.yaml index 320a44a00..d9b129e31 100644 --- a/compliance/controls/aws/aws_cis_v200_5_6.yaml +++ b/compliance/controls/aws/aws_cis_v200_5_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_1.yaml b/compliance/controls/aws/aws_cis_v300_1_1.yaml index abe17b598..8a44b405f 100644 --- a/compliance/controls/aws/aws_cis_v300_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v300_1_10.yaml b/compliance/controls/aws/aws_cis_v300_1_10.yaml index 75bcdc78a..d7e409cf7 100644 --- a/compliance/controls/aws/aws_cis_v300_1_10.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_11.yaml b/compliance/controls/aws/aws_cis_v300_1_11.yaml index d6dcb9a4f..9b3505b48 100644 --- a/compliance/controls/aws/aws_cis_v300_1_11.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND (EXTRACT(EPOCH FROM (access_key_1_last_rotated - user_creation_time)) < 10) diff --git a/compliance/controls/aws/aws_cis_v300_1_12.yaml b/compliance/controls/aws/aws_cis_v300_1_12.yaml index 542d2b8ef..eec5da17f 100644 --- a/compliance/controls/aws/aws_cis_v300_1_12.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_cis_v300_1_14.yaml b/compliance/controls/aws/aws_cis_v300_1_14.yaml index 2827e2344..1f5bde9c7 100644 --- a/compliance/controls/aws/aws_cis_v300_1_14.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (current_date - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_15.yaml b/compliance/controls/aws/aws_cis_v300_1_15.yaml index 0d5cf9023..a2ac56d36 100644 --- a/compliance/controls/aws/aws_cis_v300_1_15.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_1_16.yaml b/compliance/controls/aws/aws_cis_v300_1_16.yaml index c29588b9f..8373bfc9b 100644 --- a/compliance/controls/aws/aws_cis_v300_1_16.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_16.yaml @@ -32,8 +32,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_17.yaml b/compliance/controls/aws/aws_cis_v300_1_17.yaml index 08c30cffa..5e4fba463 100644 --- a/compliance/controls/aws/aws_cis_v300_1_17.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_17.yaml @@ -15,8 +15,8 @@ Query: 'arn:' || a.partition || ':::' || a.account_id AS resource, COUNT(policy_arn), a.account_id, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, a._ctx FROM aws_account AS a @@ -28,14 +28,14 @@ Query: GROUP BY a.account_id, a.partition, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, a._ctx ) SELECT resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_1_18.yaml b/compliance/controls/aws/aws_cis_v300_1_18.yaml index d7d1047c9..72b36715a 100644 --- a/compliance/controls/aws/aws_cis_v300_1_18.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v300_1_19.yaml b/compliance/controls/aws/aws_cis_v300_1_19.yaml index da3956a28..fff9ce5fe 100644 --- a/compliance/controls/aws/aws_cis_v300_1_19.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (current_date - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_2.yaml b/compliance/controls/aws/aws_cis_v300_1_2.yaml index a8b10e658..6c0318a31 100644 --- a/compliance/controls/aws/aws_cis_v300_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_2.yaml @@ -25,16 +25,16 @@ Query: partition, title, account_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx FROM aws_account ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_20.yaml b/compliance/controls/aws/aws_cis_v300_1_20.yaml index ce37149d1..3b8c7b9e6 100644 --- a/compliance/controls/aws/aws_cis_v300_1_20.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_20.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' WHEN aa.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_21.yaml b/compliance/controls/aws/aws_cis_v300_1_21.yaml index bcd81ff98..748d8cbd6 100644 --- a/compliance/controls/aws/aws_cis_v300_1_21.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v300_1_3.yaml b/compliance/controls/aws/aws_cis_v300_1_3.yaml index 89dfc1bd9..fdbfe60b1 100644 --- a/compliance/controls/aws/aws_cis_v300_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v300_1_4.yaml b/compliance/controls/aws/aws_cis_v300_1_4.yaml index bb7d7ce01..0ba4af1f7 100644 --- a/compliance/controls/aws/aws_cis_v300_1_4.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_1_5.yaml b/compliance/controls/aws/aws_cis_v300_1_5.yaml index d597685c1..e076d6e96 100644 --- a/compliance/controls/aws/aws_cis_v300_1_5.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_1_6.yaml b/compliance/controls/aws/aws_cis_v300_1_6.yaml index 2acc874df..5e751ab25 100644 --- a/compliance/controls/aws/aws_cis_v300_1_6.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || s.partition || ':::' || s.account_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN s.account_mfa_enabled AND d.serial_number IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_1_7.yaml b/compliance/controls/aws/aws_cis_v300_1_7.yaml index a068c7267..9c7baa6b0 100644 --- a/compliance/controls/aws/aws_cis_v300_1_7.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' WHEN access_key_1_last_used_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_1_8.yaml b/compliance/controls/aws/aws_cis_v300_1_8.yaml index 28cd4760e..a67ae3100 100644 --- a/compliance/controls/aws/aws_cis_v300_1_8.yaml +++ b/compliance/controls/aws/aws_cis_v300_1_8.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_1_1.yaml b/compliance/controls/aws/aws_cis_v300_2_1_1.yaml index bf1deb02c..8920ae32c 100644 --- a/compliance/controls/aws/aws_cis_v300_2_1_1.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_1_1.yaml @@ -29,8 +29,8 @@ Query: SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_1_2.yaml b/compliance/controls/aws/aws_cis_v300_2_1_2.yaml index fb48d4d1e..ec8e64aaa 100644 --- a/compliance/controls/aws/aws_cis_v300_2_1_2.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_1_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_mfa_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_1_3.yaml b/compliance/controls/aws/aws_cis_v300_2_1_3.yaml index db8450c0f..0ec7d7c71 100644 --- a/compliance/controls/aws/aws_cis_v300_2_1_3.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_1_3.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.region = ANY(ARRAY['us-gov-east-1', 'us-gov-west-1']) THEN 'skip' WHEN l.bucket_name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_2_2_1.yaml b/compliance/controls/aws/aws_cis_v300_2_2_1.yaml index bc1c8019d..0f0c2b9d0 100644 --- a/compliance/controls/aws/aws_cis_v300_2_2_1.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_3_1.yaml b/compliance/controls/aws/aws_cis_v300_2_3_1.yaml index 86410e152..e35db527c 100644 --- a/compliance/controls/aws/aws_cis_v300_2_3_1.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_3_2.yaml b/compliance/controls/aws/aws_cis_v300_2_3_2.yaml index 99c154e1c..f0ad82b80 100644 --- a/compliance/controls/aws/aws_cis_v300_2_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_2_3_3.yaml b/compliance/controls/aws/aws_cis_v300_2_3_3.yaml index 136bb06cc..39cd63355 100644 --- a/compliance/controls/aws/aws_cis_v300_2_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_3_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_2_4_1.yaml b/compliance/controls/aws/aws_cis_v300_2_4_1.yaml index 4d533fd85..277fe3789 100644 --- a/compliance/controls/aws/aws_cis_v300_2_4_1.yaml +++ b/compliance/controls/aws/aws_cis_v300_2_4_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_3_2.yaml b/compliance/controls/aws/aws_cis_v300_3_2.yaml index 4c700b943..6fd3aa44c 100644 --- a/compliance/controls/aws/aws_cis_v300_3_2.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_3_3.yaml b/compliance/controls/aws/aws_cis_v300_3_3.yaml index bfe59de08..9bbd2ce90 100644 --- a/compliance/controls/aws/aws_cis_v300_3_3.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_3.yaml @@ -24,8 +24,8 @@ Query: SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 AND status ->> 'Recording' = 'true' diff --git a/compliance/controls/aws/aws_cis_v300_3_4.yaml b/compliance/controls/aws/aws_cis_v300_3_4.yaml index ad8eb63a1..caf0ba16f 100644 --- a/compliance/controls/aws/aws_cis_v300_3_4.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_3_5.yaml b/compliance/controls/aws/aws_cis_v300_3_5.yaml index 1a485f9db..a78cf288a 100644 --- a/compliance/controls/aws/aws_cis_v300_3_5.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_3_6.yaml b/compliance/controls/aws/aws_cis_v300_3_6.yaml index ac7b170cc..cfd173b85 100644 --- a/compliance/controls/aws/aws_cis_v300_3_6.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_cis_v300_3_8.yaml b/compliance/controls/aws/aws_cis_v300_3_8.yaml index e153406af..a73a479c4 100644 --- a/compliance/controls/aws/aws_cis_v300_3_8.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_8.yaml @@ -15,8 +15,8 @@ Query: name AS trail_name, is_multi_region_trail, bucket_selector, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_cloudtrail_trail, jsonb_array_elements(event_selectors) AS event_selector, @@ -29,8 +29,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' @@ -48,8 +48,8 @@ Query: OR bucket_selector = 'arn:aws:s3' GROUP BY b.account_id, - b.og_account_id, - b.og_resource_id, + b.platform_account_id, + b.platform_resource_id, b.region, b.arn, b.name, diff --git a/compliance/controls/aws/aws_cis_v300_3_9.yaml b/compliance/controls/aws/aws_cis_v300_3_9.yaml index 98763d9be..9dff286a1 100644 --- a/compliance/controls/aws/aws_cis_v300_3_9.yaml +++ b/compliance/controls/aws/aws_cis_v300_3_9.yaml @@ -16,8 +16,8 @@ Query: name AS trail_name, is_multi_region_trail, bucket_selector, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_cloudtrail_trail, jsonb_array_elements(event_selectors) AS event_selector, @@ -34,8 +34,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' @@ -51,7 +51,7 @@ Query: ON bucket_selector LIKE (b.arn || '%') OR bucket_selector = 'arn:aws:s3' GROUP BY - b.account_id, b.og_account_id, b.og_resource_id, b.region, b.arn, b.name, b.tags, b._ctx; + b.account_id, b.platform_account_id, b.platform_resource_id, b.region, b.arn, b.name, b.tags, b._ctx; Severity: low Tags: {} Title: 3.9 Ensure that Object-level logging for read events is enabled for S3 bucket \ No newline at end of file diff --git a/compliance/controls/aws/aws_cis_v300_4_11.yaml b/compliance/controls/aws/aws_cis_v300_4_11.yaml index a83d2d688..7ccd0dbc8 100644 --- a/compliance/controls/aws/aws_cis_v300_4_11.yaml +++ b/compliance/controls/aws/aws_cis_v300_4_11.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_4_12.yaml b/compliance/controls/aws/aws_cis_v300_4_12.yaml index 2b98ca7f7..f3600d40f 100644 --- a/compliance/controls/aws/aws_cis_v300_4_12.yaml +++ b/compliance/controls/aws/aws_cis_v300_4_12.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_4_14.yaml b/compliance/controls/aws/aws_cis_v300_4_14.yaml index bd07ad1c5..8e4d417c1 100644 --- a/compliance/controls/aws/aws_cis_v300_4_14.yaml +++ b/compliance/controls/aws/aws_cis_v300_4_14.yaml @@ -78,8 +78,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - f.account_id AS og_account_id, - f.trail_name AS og_resource_id, + f.account_id AS platform_account_id, + f.trail_name AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cis_v300_5_2.yaml b/compliance/controls/aws/aws_cis_v300_5_2.yaml index 79c69b437..653589e77 100644 --- a/compliance/controls/aws/aws_cis_v300_5_2.yaml +++ b/compliance/controls/aws/aws_cis_v300_5_2.yaml @@ -44,8 +44,8 @@ Query: region, account_id, group_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx FROM aws_vpc_security_group @@ -54,8 +54,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_5_3.yaml b/compliance/controls/aws/aws_cis_v300_5_3.yaml index f29ef43db..b05b1e299 100644 --- a/compliance/controls/aws/aws_cis_v300_5_3.yaml +++ b/compliance/controls/aws/aws_cis_v300_5_3.yaml @@ -39,8 +39,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cis_v300_5_5.yaml b/compliance/controls/aws/aws_cis_v300_5_5.yaml index e09e79388..2e1ee4735 100644 --- a/compliance/controls/aws/aws_cis_v300_5_5.yaml +++ b/compliance/controls/aws/aws_cis_v300_5_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason FROM diff --git a/compliance/controls/aws/aws_cis_v300_5_6.yaml b/compliance/controls/aws/aws_cis_v300_5_6.yaml index 72842b48d..c1fe1ac49 100644 --- a/compliance/controls/aws/aws_cis_v300_5_6.yaml +++ b/compliance/controls/aws/aws_cis_v300_5_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudformation_stack_drift_detection_check.yaml b/compliance/controls/aws/aws_cloudformation_stack_drift_detection_check.yaml index 14ffc2808..faec740fc 100644 --- a/compliance/controls/aws/aws_cloudformation_stack_drift_detection_check.yaml +++ b/compliance/controls/aws/aws_cloudformation_stack_drift_detection_check.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN stack_drift_status = 'IN_SYNC' THEN 'ok' WHEN stack_drift_status = 'DRIFTED' THEN 'alarm' diff --git a/compliance/controls/aws/aws_cloudformation_stack_notifications_enabled.yaml b/compliance/controls/aws/aws_cloudformation_stack_notifications_enabled.yaml index 9b402d25e..70e1ae853 100644 --- a/compliance/controls/aws/aws_cloudformation_stack_notifications_enabled.yaml +++ b/compliance/controls/aws/aws_cloudformation_stack_notifications_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(notification_arns) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudformation_stack_output_no_secrets.yaml b/compliance/controls/aws/aws_cloudformation_stack_output_no_secrets.yaml index 3b16d324f..979c78d78 100644 --- a/compliance/controls/aws/aws_cloudformation_stack_output_no_secrets.yaml +++ b/compliance/controls/aws/aws_cloudformation_stack_output_no_secrets.yaml @@ -20,8 +20,8 @@ Query: _ctx, outputs, title, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_cloudformation_stack ), @@ -38,8 +38,8 @@ Query: ) SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.outputs IS NULL THEN 'ok' WHEN s.id IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudformation_stack_rollback_enabled.yaml b/compliance/controls/aws/aws_cloudformation_stack_rollback_enabled.yaml index 56a18d0f2..693d47052 100644 --- a/compliance/controls/aws/aws_cloudformation_stack_rollback_enabled.yaml +++ b/compliance/controls/aws/aws_cloudformation_stack_rollback_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT disable_rollback THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudformation_stack_termination_protection_enabled.yaml b/compliance/controls/aws/aws_cloudformation_stack_termination_protection_enabled.yaml index 8878aa521..29e49d8dd 100644 --- a/compliance/controls/aws/aws_cloudformation_stack_termination_protection_enabled.yaml +++ b/compliance/controls/aws/aws_cloudformation_stack_termination_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enable_termination_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_configured_with_origin_failover.yaml b/compliance/controls/aws/aws_cloudfront_distribution_configured_with_origin_failover.yaml index 09aba9b88..224bb4da4 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_configured_with_origin_failover.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_configured_with_origin_failover.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin_groups ->> 'Items' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled.yaml index 88a81e647..b97cf7a36 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_custom_origins_encryption_in_transit_enabled.yaml @@ -35,8 +35,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN o.arn IS NOT NULL AND o.origin_protocol_policy = 'http-only' THEN 'alarm' WHEN o.arn IS NOT NULL AND o.origin_protocol_policy = 'match-viewer' AND diff --git a/compliance/controls/aws/aws_cloudfront_distribution_default_root_object_configured.yaml b/compliance/controls/aws/aws_cloudfront_distribution_default_root_object_configured.yaml index 4898c36c7..c0e3b85d6 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_default_root_object_configured.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_default_root_object_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN default_root_object = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_encryption_in_transit_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_encryption_in_transit_enabled.yaml index 5c606d54f..34425342f 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_encryption_in_transit_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_encryption_in_transit_enabled.yaml @@ -25,8 +25,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN d.arn IS NOT NULL OR (default_cache_behavior ->> 'ViewerProtocolPolicy' = 'allow-all') diff --git a/compliance/controls/aws/aws_cloudfront_distribution_field_level_encryption_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_field_level_encryption_enabled.yaml index 95adaaee2..e51565a7a 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_field_level_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_field_level_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN default_cache_behavior ->> 'FieldLevelEncryptionId' = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_geo_restrictions_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_geo_restrictions_enabled.yaml index 8b291258a..7854e8a6e 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_geo_restrictions_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_geo_restrictions_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN restrictions -> 'GeoRestriction' ->> 'RestrictionType' = 'none' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_latest_tls_version.yaml b/compliance/controls/aws/aws_cloudfront_distribution_latest_tls_version.yaml index bfb4cb9d5..0242589e4 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_latest_tls_version.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_latest_tls_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN viewer_certificate ->> 'CertificateSource' = 'cloudfront' AND viewer_certificate ->> 'MinimumProtocolVersion' = 'TLSv1.2_2021' THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_logging_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_logging_enabled.yaml index 1915b588d..d3727ef51 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_logging_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_no_deprecated_ssl_protocol.yaml b/compliance/controls/aws/aws_cloudfront_distribution_no_deprecated_ssl_protocol.yaml index 89237b757..5634b50d4 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_no_deprecated_ssl_protocol.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_no_deprecated_ssl_protocol.yaml @@ -21,8 +21,8 @@ Query: ) SELECT b.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN o.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_no_non_existent_s3_origin.yaml b/compliance/controls/aws/aws_cloudfront_distribution_no_non_existent_s3_origin.yaml index d01eec497..b4cbf54cd 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_no_non_existent_s3_origin.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_no_non_existent_s3_origin.yaml @@ -26,8 +26,8 @@ Query: ) SELECT DISTINCT b.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_origin_access_identity_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_origin_access_identity_enabled.yaml index 0cb455f96..e7a630056 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_origin_access_identity_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_origin_access_identity_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN o ->> 'DomainName' NOT LIKE '%s3.amazonaws.com' THEN 'skip' WHEN o ->> 'DomainName' LIKE '%s3.amazonaws.com' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_sni_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_sni_enabled.yaml index b4f9ebddf..c63ae1396 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_sni_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_sni_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN viewer_certificate ->> 'SSLSupportMethod' = 'sni-only' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_use_custom_ssl_certificate.yaml b/compliance/controls/aws/aws_cloudfront_distribution_use_custom_ssl_certificate.yaml index ba3cc33dc..03aac1982 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_use_custom_ssl_certificate.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_use_custom_ssl_certificate.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN viewer_certificate ->> 'ACMCertificateArn' IS NOT NULL AND viewer_certificate ->> 'Certificate' IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_use_secure_cipher.yaml b/compliance/controls/aws/aws_cloudfront_distribution_use_secure_cipher.yaml index e39a9575a..c2169b5b3 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_use_secure_cipher.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_use_secure_cipher.yaml @@ -21,8 +21,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN o.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudfront_distribution_waf_enabled.yaml b/compliance/controls/aws/aws_cloudfront_distribution_waf_enabled.yaml index c68ffc33b..87ca55e06 100644 --- a/compliance/controls/aws/aws_cloudfront_distribution_waf_enabled.yaml +++ b/compliance/controls/aws/aws_cloudfront_distribution_waf_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN web_acl_id <> '' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_bucket_not_public.yaml b/compliance/controls/aws/aws_cloudtrail_bucket_not_public.yaml index 455bdf960..64be1d97d 100644 --- a/compliance/controls/aws/aws_cloudtrail_bucket_not_public.yaml +++ b/compliance/controls/aws/aws_cloudtrail_bucket_not_public.yaml @@ -17,8 +17,8 @@ Query: t.region, t.account_id, t.tags, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, t._ctx, COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AllUsers') AS all_user_grants, COUNT(acl_grant) FILTER (WHERE acl_grant -> 'Grantee' ->> 'URI' LIKE '%acs.amazonaws.com/groups/global/AuthenticatedUsers') AS auth_user_grants, @@ -35,13 +35,13 @@ Query: t.region, t.account_id, t.tags, - t.og_account_id, - t.og_resource_id, + t.platform_account_id, + t.platform_resource_id, t._ctx ) SELECT - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN arn IS NULL THEN 'arn:aws:s3::' || name ELSE arn diff --git a/compliance/controls/aws/aws_cloudtrail_multi_region_read_write_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_multi_region_read_write_enabled.yaml index 941d3bb80..d4a8852ed 100644 --- a/compliance/controls/aws/aws_cloudtrail_multi_region_read_write_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_multi_region_read_write_enabled.yaml @@ -28,8 +28,8 @@ Query: AND (NOT a LIKE '%readOnly%') ) SELECT a.title AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN d.account_id IS NULL AND ad.account_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_multi_region_trail_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_multi_region_trail_enabled.yaml index e9fdce494..cbf9a7384 100644 --- a/compliance/controls/aws/aws_cloudtrail_multi_region_trail_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_multi_region_trail_enabled.yaml @@ -36,8 +36,8 @@ Query: ) SELECT DISTINCT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COALESCE(num_multregion_trails, 0) >= 1 THEN 'ok' WHEN o.is_organization_trail AND o.is_logging AND o.is_multi_region_trail THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_multi_region_trail_integrated_with_logs.yaml b/compliance/controls/aws/aws_cloudtrail_multi_region_trail_integrated_with_logs.yaml index 35ee47c98..0d0fe20f4 100644 --- a/compliance/controls/aws/aws_cloudtrail_multi_region_trail_integrated_with_logs.yaml +++ b/compliance/controls/aws/aws_cloudtrail_multi_region_trail_integrated_with_logs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND ((latest_delivery_time) > CURRENT_DATE - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_s3_data_events_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_s3_data_events_enabled.yaml index d0e43711a..ec43bda21 100644 --- a/compliance/controls/aws/aws_cloudtrail_s3_data_events_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_s3_data_events_enabled.yaml @@ -27,8 +27,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' @@ -51,8 +51,8 @@ Query: b.arn, b.name, b.tags, - b.og_account_id, - b.og_resource_id, + b.platform_account_id, + b.platform_resource_id, b._ctx; Severity: medium Tags: diff --git a/compliance/controls/aws/aws_cloudtrail_s3_logging_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_s3_logging_enabled.yaml index 7acda7e05..a532fbeed 100644 --- a/compliance/controls/aws/aws_cloudtrail_s3_logging_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_s3_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.logging IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_s3_object_read_events_audit_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_s3_object_read_events_audit_enabled.yaml index 5c27a6f98..3be3d7a21 100644 --- a/compliance/controls/aws/aws_cloudtrail_s3_object_read_events_audit_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_s3_object_read_events_audit_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: ON bucket_selector::json::text LIKE ('%' || b.arn || '%') OR bucket_selector::json::text = '\"arn:aws:s3\"' GROUP BY - b.og_account_id, - b.og_resource_id, + b.platform_account_id, + b.platform_resource_id, b.account_id, b.region, b.arn, diff --git a/compliance/controls/aws/aws_cloudtrail_s3_object_write_events_audit_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_s3_object_write_events_audit_enabled.yaml index 0c269c0b6..6e82bea65 100644 --- a/compliance/controls/aws/aws_cloudtrail_s3_object_write_events_audit_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_s3_object_write_events_audit_enabled.yaml @@ -36,8 +36,8 @@ Query: ) SELECT b.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN COUNT(bucket_selector) > 0 THEN 'ok' ELSE 'alarm' @@ -54,7 +54,7 @@ Query: ON bucket_selector::json::text LIKE ('%' || b.arn || '%') OR bucket_selector::json::text = '\"arn:aws:s3\"' GROUP BY - b.og_account_id, b.og_resource_id, b.account_id, b.region, b.arn, b.name, b.tags, b._ctx; + b.platform_account_id, b.platform_resource_id, b.account_id, b.region, b.arn, b.name, b.tags, b._ctx; Severity: high Tags: category: diff --git a/compliance/controls/aws/aws_cloudtrail_security_trail_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_security_trail_enabled.yaml index 52a53b03d..780faa802 100644 --- a/compliance/controls/aws/aws_cloudtrail_security_trail_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_security_trail_enabled.yaml @@ -46,8 +46,8 @@ Query: a.kms_key_id, a.region, a.account_id, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, a.title FROM aws_cloudtrail_trail AS a @@ -55,8 +55,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT is_logging THEN 'alarm' WHEN NOT include_global_service_events THEN 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_bucket_mfa_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_trail_bucket_mfa_enabled.yaml index 06ec9422d..7caa4f543 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_bucket_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_bucket_mfa_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN t.s3_bucket_name IS NULL THEN 'alarm' WHEN b.versioning_mfa_delete THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_trail_enabled.yaml index 5305e86fc..53f0e75d5 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.is_logging IS NULL AND a.is_logging THEN 'ok' WHEN b.is_logging THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_enabled_account.yaml b/compliance/controls/aws/aws_cloudtrail_trail_enabled_account.yaml index 97418db08..cb428ed87 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_enabled_account.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_enabled_account.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.num > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_insight_selectors_and_logging_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_trail_insight_selectors_and_logging_enabled.yaml index 9405a668f..fb5474eb4 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_insight_selectors_and_logging_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_insight_selectors_and_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT is_logging THEN 'alarm' WHEN is_logging AND has_insight_selectors THEN 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_integrated_with_logs.yaml b/compliance/controls/aws/aws_cloudtrail_trail_integrated_with_logs.yaml index ec3f8405d..6ab3c18c8 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_integrated_with_logs.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_integrated_with_logs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > current_date - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_logs_encrypted_with_kms_cmk.yaml b/compliance/controls/aws/aws_cloudtrail_trail_logs_encrypted_with_kms_cmk.yaml index d89d76fa0..286363bef 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_logs_encrypted_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_logs_encrypted_with_kms_cmk.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_cloudtrail_trail_validation_enabled.yaml b/compliance/controls/aws/aws_cloudtrail_trail_validation_enabled.yaml index d37ec3671..47c36dc8d 100644 --- a/compliance/controls/aws/aws_cloudtrail_trail_validation_enabled.yaml +++ b/compliance/controls/aws/aws_cloudtrail_trail_validation_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled.yaml b/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled.yaml index 6c6186e1f..5ffa6dcca 100644 --- a/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled.yaml +++ b/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(alarm_actions) = 0 AND jsonb_array_length(insufficient_data_actions) = 0 diff --git a/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled_check.yaml b/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled_check.yaml index 4366a1203..3dc35ef77 100644 --- a/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled_check.yaml +++ b/compliance/controls/aws/aws_cloudwatch_alarm_action_enabled_check.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN actions_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml b/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml index d3f3d6592..4774bb124 100644 --- a/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml +++ b/compliance/controls/aws/aws_cloudwatch_cross_account_sharing.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.arn IS NULL THEN 'ok' ELSE 'info' diff --git a/compliance/controls/aws/aws_cloudwatch_log_group_retention_period_365.yaml b/compliance/controls/aws/aws_cloudwatch_log_group_retention_period_365.yaml index 03e85e9e8..a1d6d58e2 100644 --- a/compliance/controls/aws/aws_cloudwatch_log_group_retention_period_365.yaml +++ b/compliance/controls/aws/aws_cloudwatch_log_group_retention_period_365.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN retention_in_days IS NULL OR retention_in_days < 365 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_codebuild_project_artifact_encryption_enabled.yaml b/compliance/controls/aws/aws_codebuild_project_artifact_encryption_enabled.yaml index 54c4405be..b7309d197 100644 --- a/compliance/controls/aws/aws_codebuild_project_artifact_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_codebuild_project_artifact_encryption_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.artifacts ->> 'EncryptionDisabled' = 'false' AND (p.secondary_artifacts IS NULL OR a.arn IS NULL) diff --git a/compliance/controls/aws/aws_codebuild_project_build_greater_then_90_days.yaml b/compliance/controls/aws/aws_codebuild_project_build_greater_then_90_days.yaml index 256e87690..c6bd643f3 100644 --- a/compliance/controls/aws/aws_codebuild_project_build_greater_then_90_days.yaml +++ b/compliance/controls/aws/aws_codebuild_project_build_greater_then_90_days.yaml @@ -32,8 +32,8 @@ Query: title, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_codebuild_project GROUP BY @@ -44,13 +44,13 @@ Query: region, account_id, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN b.build_time IS NULL THEN 'alarm' WHEN b.build_time < 90 THEN 'ok' diff --git a/compliance/controls/aws/aws_codebuild_project_environment_privileged_mode_disabled.yaml b/compliance/controls/aws/aws_codebuild_project_environment_privileged_mode_disabled.yaml index e89a3e19e..2bcf2a41b 100644 --- a/compliance/controls/aws/aws_codebuild_project_environment_privileged_mode_disabled.yaml +++ b/compliance/controls/aws/aws_codebuild_project_environment_privileged_mode_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN environment ->> 'PrivilegedMode' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_codebuild_project_logging_enabled.yaml b/compliance/controls/aws/aws_codebuild_project_logging_enabled.yaml index d20464d77..ad7c6a3e6 100644 --- a/compliance/controls/aws/aws_codebuild_project_logging_enabled.yaml +++ b/compliance/controls/aws/aws_codebuild_project_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logs_config -> 'CloudWatchLogs' ->> 'Status' = 'ENABLED' OR logs_config -> 'S3Logs' ->> 'Status' = 'ENABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values.yaml b/compliance/controls/aws/aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values.yaml index fca78fa3c..5b742c740 100644 --- a/compliance/controls/aws/aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values.yaml +++ b/compliance/controls/aws/aws_codebuild_project_plaintext_env_variables_no_sensitive_aws_values.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_codebuild_project_s3_logs_encryption_enabled.yaml b/compliance/controls/aws/aws_codebuild_project_s3_logs_encryption_enabled.yaml index e768bfda3..b4bde09d8 100644 --- a/compliance/controls/aws/aws_codebuild_project_s3_logs_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_codebuild_project_s3_logs_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT (logs_config -> 'S3Logs' ->> 'EncryptionDisabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_codebuild_project_source_repo_oauth_configured.yaml b/compliance/controls/aws/aws_codebuild_project_source_repo_oauth_configured.yaml index db9e70850..b3fecd017 100644 --- a/compliance/controls/aws/aws_codebuild_project_source_repo_oauth_configured.yaml +++ b/compliance/controls/aws/aws_codebuild_project_source_repo_oauth_configured.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.source ->> 'Type' NOT IN ('GITHUB', 'BITBUCKET') THEN 'skip' WHEN c.auth_type = 'OAUTH' THEN 'ok' diff --git a/compliance/controls/aws/aws_codebuild_project_with_user_controlled_buildspec.yaml b/compliance/controls/aws/aws_codebuild_project_with_user_controlled_buildspec.yaml index d26d868fb..1de33a23f 100644 --- a/compliance/controls/aws/aws_codebuild_project_with_user_controlled_buildspec.yaml +++ b/compliance/controls/aws/aws_codebuild_project_with_user_controlled_buildspec.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN split_part(source ->> 'Buildspec', '.', -1) = 'yml' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_config_configuration_recorder_no_failed_deliver_logs.yaml b/compliance/controls/aws/aws_config_configuration_recorder_no_failed_deliver_logs.yaml index ec3d05757..4a8281314 100644 --- a/compliance/controls/aws/aws_config_configuration_recorder_no_failed_deliver_logs.yaml +++ b/compliance/controls/aws/aws_config_configuration_recorder_no_failed_deliver_logs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status ->> 'LastStatus' = 'FAILURE' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_config_enabled_all_regions.yaml b/compliance/controls/aws/aws_config_enabled_all_regions.yaml index 2aadbac21..151d80e9a 100644 --- a/compliance/controls/aws/aws_config_enabled_all_regions.yaml +++ b/compliance/controls/aws/aws_config_enabled_all_regions.yaml @@ -25,8 +25,8 @@ Query: regions AS ( SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 @@ -45,8 +45,8 @@ Query: results AS ( SELECT account_id AS resource, - og_account_id AS og_account_id, - og_account_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_account_id AS platform_resource_id, CASE WHEN MAX(status) = 2 THEN 'alarm' WHEN MAX(status) = 1 THEN 'skip' @@ -58,16 +58,16 @@ Query: WHEN MAX(status) = 0 THEN 'AWS Config is enabled for this account on regions: [' || STRING_AGG(region, ',') || ']' END AS reason FROM regions - GROUP BY account_id, og_account_id + GROUP BY account_id, platform_account_id ) SELECT r.resource AS resource, - r.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, r.status AS status, r.reason AS reason FROM results AS r - JOIN aws_account AS a ON r.og_account_id = a.og_account_id + JOIN aws_account AS a ON r.platform_account_id = a.platform_account_id Severity: high Tags: category: diff --git a/compliance/controls/aws/aws_dax_cluster_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_dax_cluster_encryption_at_rest_enabled.yaml index a68b41c66..d4b3b9e75 100644 --- a/compliance/controls/aws/aws_dax_cluster_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_dax_cluster_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN sse_description ->> 'Status' = 'ENABLED' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_directory_service_certificate_expires_90_days.yaml b/compliance/controls/aws/aws_directory_service_certificate_expires_90_days.yaml index adb96cb3f..e57eb54ef 100644 --- a/compliance/controls/aws/aws_directory_service_certificate_expires_90_days.yaml +++ b/compliance/controls/aws/aws_directory_service_certificate_expires_90_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN DATE(expiry_date_time) - DATE(CURRENT_DATE) >= 90 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_directory_service_directory_snapshots_limit_2.yaml b/compliance/controls/aws/aws_directory_service_directory_snapshots_limit_2.yaml index a089aa62d..c4a95d181 100644 --- a/compliance/controls/aws/aws_directory_service_directory_snapshots_limit_2.yaml +++ b/compliance/controls/aws/aws_directory_service_directory_snapshots_limit_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN snapshot_limit ->> 'ManualSnapshotsLimitReached' = 'true' THEN 'alarm' WHEN ( (snapshot_limit ->> 'ManualSnapshotsLimit')::int - (snapshot_limit ->> 'ManualSnapshotsCurrentCount')::int ) <= 2 THEN 'alarm' diff --git a/compliance/controls/aws/aws_directory_service_directory_sns_notifications_enabled.yaml b/compliance/controls/aws/aws_directory_service_directory_sns_notifications_enabled.yaml index f18842c08..abfa32be8 100644 --- a/compliance/controls/aws/aws_directory_service_directory_sns_notifications_enabled.yaml +++ b/compliance/controls/aws/aws_directory_service_directory_sns_notifications_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(event_topics) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml b/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml index 8d78ae687..4ac808555 100644 --- a/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml +++ b/compliance/controls/aws/aws_dlm_ebs_snapshot_lifecycle_policy_enabled.yaml @@ -16,8 +16,8 @@ Query: partition, account_id, _ctx, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id FROM aws_ebs_snapshot ), @@ -36,8 +36,8 @@ Query: ) SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN p.region IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_dms_certificate_not_expired.yaml b/compliance/controls/aws/aws_dms_certificate_not_expired.yaml index 43d2507f8..f59d5b95b 100644 --- a/compliance/controls/aws/aws_dms_certificate_not_expired.yaml +++ b/compliance/controls/aws/aws_dms_certificate_not_expired.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN valid_to_date < (current_date - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dms_endpoint_ssl_configured.yaml b/compliance/controls/aws/aws_dms_endpoint_ssl_configured.yaml index 7a1d42603..1c4048241 100644 --- a/compliance/controls/aws/aws_dms_endpoint_ssl_configured.yaml +++ b/compliance/controls/aws/aws_dms_endpoint_ssl_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ssl_mode = 'none' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dms_replication_instance_automatic_minor_version_upgrade_enabled.yaml b/compliance/controls/aws/aws_dms_replication_instance_automatic_minor_version_upgrade_enabled.yaml index b823e717f..2c8d32e06 100644 --- a/compliance/controls/aws/aws_dms_replication_instance_automatic_minor_version_upgrade_enabled.yaml +++ b/compliance/controls/aws/aws_dms_replication_instance_automatic_minor_version_upgrade_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_dms_replication_instance_not_publicly_accessible.yaml b/compliance/controls/aws/aws_dms_replication_instance_not_publicly_accessible.yaml index 5ecd595c4..245402e52 100644 --- a/compliance/controls/aws/aws_dms_replication_instance_not_publicly_accessible.yaml +++ b/compliance/controls/aws/aws_dms_replication_instance_not_publicly_accessible.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dms_replication_task_source_database_logging_enabled.yaml b/compliance/controls/aws/aws_dms_replication_task_source_database_logging_enabled.yaml index 6e3f1c707..1baa28663 100644 --- a/compliance/controls/aws/aws_dms_replication_task_source_database_logging_enabled.yaml +++ b/compliance/controls/aws/aws_dms_replication_task_source_database_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: WITH replication_task_logging AS ( SELECT arn, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, BOOL_OR(o ->> 'Id' = 'SOURCE_CAPTURE' AND o ->> 'Severity' IN ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')) AS capture_logging_enabled, BOOL_OR(o ->> 'Id' = 'SOURCE_UNLOAD' AND o ->> 'Severity' IN ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')) AS unload_logging_enabled FROM @@ -21,14 +21,14 @@ Query: JSONB_ARRAY_ELEMENTS(replication_task_settings -> 'Logging' -> 'LogComponents') AS o GROUP BY arn, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, (replication_task_settings -> 'Logging' ->> 'EnableLogging')::BOOL AS logging_enabled, CASE WHEN (replication_task_settings -> 'Logging' ->> 'EnableLogging')::BOOL AND l.capture_logging_enabled AND l.unload_logging_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_docdb_cluster_backup_retention_period_7_days.yaml b/compliance/controls/aws/aws_docdb_cluster_backup_retention_period_7_days.yaml index fa3b738a0..844fa45a3 100644 --- a/compliance/controls/aws/aws_docdb_cluster_backup_retention_period_7_days.yaml +++ b/compliance/controls/aws/aws_docdb_cluster_backup_retention_period_7_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_docdb_cluster_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_docdb_cluster_deletion_protection_enabled.yaml index bbf2addbb..dcc672a46 100644 --- a/compliance/controls/aws/aws_docdb_cluster_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_docdb_cluster_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_docdb_cluster_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_docdb_cluster_encryption_at_rest_enabled.yaml index 37e45af9e..e31070f6d 100644 --- a/compliance/controls/aws/aws_docdb_cluster_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_docdb_cluster_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_docdb_cluster_instance_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_docdb_cluster_instance_encryption_at_rest_enabled.yaml index 739160822..f7d750b06 100644 --- a/compliance/controls/aws/aws_docdb_cluster_instance_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_docdb_cluster_instance_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_docdb_cluster_instance_logging_enabled.yaml b/compliance/controls/aws/aws_docdb_cluster_instance_logging_enabled.yaml index 67de09195..e7b4ead9b 100644 --- a/compliance/controls/aws/aws_docdb_cluster_instance_logging_enabled.yaml +++ b/compliance/controls/aws/aws_docdb_cluster_instance_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, engine, CASE WHEN engine LIKE 'docdb' diff --git a/compliance/controls/aws/aws_drs_job_enabled.yaml b/compliance/controls/aws/aws_drs_job_enabled.yaml index 8cc796eda..b5159e5ae 100644 --- a/compliance/controls/aws/aws_drs_job_enabled.yaml +++ b/compliance/controls/aws/aws_drs_job_enabled.yaml @@ -25,8 +25,8 @@ Query: ) SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN drs_job_count.count = 0 OR drs_job_count.count IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dynamodb_table_auto_scaling_enabled.yaml b/compliance/controls/aws/aws_dynamodb_table_auto_scaling_enabled.yaml index b9aa72ee4..f782c2a4e 100644 --- a/compliance/controls/aws/aws_dynamodb_table_auto_scaling_enabled.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_auto_scaling_enabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT d.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN d.billing_mode = 'PAY_PER_REQUEST' THEN 'ok' WHEN t.resource_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_dynamodb_table_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_dynamodb_table_deletion_protection_enabled.yaml index 008d0634f..29e8c2aec 100644 --- a/compliance/controls/aws/aws_dynamodb_table_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_dynamodb_table_encrypted_with_kms.yaml b/compliance/controls/aws/aws_dynamodb_table_encrypted_with_kms.yaml index 3d547e990..e782c770f 100644 --- a/compliance/controls/aws/aws_dynamodb_table_encrypted_with_kms.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_encrypted_with_kms.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN sse_description IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dynamodb_table_encryption_enabled.yaml b/compliance/controls/aws/aws_dynamodb_table_encryption_enabled.yaml index 7233366db..41347303a 100644 --- a/compliance/controls/aws/aws_dynamodb_table_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN sse_description IS NOT NULL AND sse_description ->> 'SSEType' = 'KMS' THEN 'ok' WHEN sse_description IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_dynamodb_table_in_backup_plan.yaml b/compliance/controls/aws/aws_dynamodb_table_in_backup_plan.yaml index bcd2da0df..3beaaf20d 100644 --- a/compliance/controls/aws/aws_dynamodb_table_in_backup_plan.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_in_backup_plan.yaml @@ -43,8 +43,8 @@ Query: ) SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dynamodb_table_point_in_time_recovery_enabled.yaml b/compliance/controls/aws/aws_dynamodb_table_point_in_time_recovery_enabled.yaml index df60b6d11..4757d9cf5 100644 --- a/compliance/controls/aws/aws_dynamodb_table_point_in_time_recovery_enabled.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_point_in_time_recovery_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN LOWER(point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus') = 'disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_dynamodb_table_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_dynamodb_table_protected_by_backup_plan.yaml index 1703204eb..0aae93c3a 100644 --- a/compliance/controls/aws/aws_dynamodb_table_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_dynamodb_table_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ebs_attached_volume_delete_on_termination_enabled.yaml b/compliance/controls/aws/aws_ebs_attached_volume_delete_on_termination_enabled.yaml index e84c83905..578a49f38 100644 --- a/compliance/controls/aws/aws_ebs_attached_volume_delete_on_termination_enabled.yaml +++ b/compliance/controls/aws/aws_ebs_attached_volume_delete_on_termination_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state != 'in-use' THEN 'skip' WHEN attachment ->> 'DeleteOnTermination' = 'true' THEN 'ok' diff --git a/compliance/controls/aws/aws_ebs_attached_volume_encryption_enabled.yaml b/compliance/controls/aws/aws_ebs_attached_volume_encryption_enabled.yaml index ea6066f1e..3d0bc1873 100644 --- a/compliance/controls/aws/aws_ebs_attached_volume_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_ebs_attached_volume_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state != 'in-use' THEN 'skip' WHEN encrypted THEN 'ok' diff --git a/compliance/controls/aws/aws_ebs_snapshot_encryption_enabled.yaml b/compliance/controls/aws/aws_ebs_snapshot_encryption_enabled.yaml index 4eecd2039..cca17476c 100644 --- a/compliance/controls/aws/aws_ebs_snapshot_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_ebs_snapshot_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ebs_snapshot_not_publicly_restorable.yaml b/compliance/controls/aws/aws_ebs_snapshot_not_publicly_restorable.yaml index 45b78b5f4..59d94bf3b 100644 --- a/compliance/controls/aws/aws_ebs_snapshot_not_publicly_restorable.yaml +++ b/compliance/controls/aws/aws_ebs_snapshot_not_publicly_restorable.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':snapshot/' || snapshot_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_volume_permissions @> '[{"Group": "all", "UserId": null}]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ebs_volume_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_ebs_volume_encryption_at_rest_enabled.yaml index 86855ab31..3ac7491b7 100644 --- a/compliance/controls/aws/aws_ebs_volume_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_ebs_volume_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ebs_volume_in_backup_plan.yaml b/compliance/controls/aws/aws_ebs_volume_in_backup_plan.yaml index 8ae400908..e68097798 100644 --- a/compliance/controls/aws/aws_ebs_volume_in_backup_plan.yaml +++ b/compliance/controls/aws/aws_ebs_volume_in_backup_plan.yaml @@ -49,8 +49,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN b.volume_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ebs_volume_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_ebs_volume_protected_by_backup_plan.yaml index 7620cab9c..ffb0edcfb 100644 --- a/compliance/controls/aws/aws_ebs_volume_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_ebs_volume_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ebs_volume_snapshot_exists.yaml b/compliance/controls/aws/aws_ebs_volume_snapshot_exists.yaml index cbd1064ae..04b5254a6 100644 --- a/compliance/controls/aws/aws_ebs_volume_snapshot_exists.yaml +++ b/compliance/controls/aws/aws_ebs_volume_snapshot_exists.yaml @@ -21,8 +21,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN s.volume_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ebs_volume_unused.yaml b/compliance/controls/aws/aws_ebs_volume_unused.yaml index a8d69afe2..3fb5cb3fd 100644 --- a/compliance/controls/aws/aws_ebs_volume_unused.yaml +++ b/compliance/controls/aws/aws_ebs_volume_unused.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state = 'in-use' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_ami_ebs_encryption_enabled.yaml b/compliance/controls/aws/aws_ec2_ami_ebs_encryption_enabled.yaml index 757deea4d..5f676962b 100644 --- a/compliance/controls/aws/aws_ec2_ami_ebs_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_ami_ebs_encryption_enabled.yaml @@ -30,8 +30,8 @@ Query: ) SELECT resource, - e.account_id AS og_account_id, - e.resource AS og_resource_id, + e.account_id AS platform_account_id, + e.resource AS platform_resource_id, CASE WHEN all_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_ami_not_older_than_90_days.yaml b/compliance/controls/aws/aws_ec2_ami_not_older_than_90_days.yaml index 82ba880ec..bbfe59bb9 100644 --- a/compliance/controls/aws/aws_ec2_ami_not_older_than_90_days.yaml +++ b/compliance/controls/aws/aws_ec2_ami_not_older_than_90_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT image_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN creation_date >= (current_date - INTERVAL '90 days') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_ami_restrict_public_access.yaml b/compliance/controls/aws/aws_ec2_ami_restrict_public_access.yaml index 0a9392076..c9a0938cd 100644 --- a/compliance/controls/aws/aws_ec2_ami_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_ec2_ami_restrict_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':image/' || image_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN public THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_classic_lb_connection_draining_enabled.yaml b/compliance/controls/aws/aws_ec2_classic_lb_connection_draining_enabled.yaml index 8e8591feb..fa764388d 100644 --- a/compliance/controls/aws/aws_ec2_classic_lb_connection_draining_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_classic_lb_connection_draining_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN connection_draining_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_client_vpn_endpoint_client_connection_logging_enabled.yaml b/compliance/controls/aws/aws_ec2_client_vpn_endpoint_client_connection_logging_enabled.yaml index 4f5275046..301da84f6 100644 --- a/compliance/controls/aws/aws_ec2_client_vpn_endpoint_client_connection_logging_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_client_vpn_endpoint_client_connection_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT client_vpn_endpoint_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (connection_log_options ->> 'Enabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_ebs_default_encryption_enabled.yaml b/compliance/controls/aws/aws_ec2_ebs_default_encryption_enabled.yaml index 27f14044d..42877bbb6 100644 --- a/compliance/controls/aws/aws_ec2_ebs_default_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_ebs_default_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || '::' || region || ':' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT default_ebs_encryption_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_attached_ebs_volume_delete_on_termination_enabled.yaml b/compliance/controls/aws/aws_ec2_instance_attached_ebs_volume_delete_on_termination_enabled.yaml index 4b11bb401..fb68fb30d 100644 --- a/compliance/controls/aws/aws_ec2_instance_attached_ebs_volume_delete_on_termination_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_instance_attached_ebs_volume_delete_on_termination_enabled.yaml @@ -24,8 +24,8 @@ Query: SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN e.count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_detailed_monitoring_enabled.yaml b/compliance/controls/aws/aws_ec2_instance_detailed_monitoring_enabled.yaml index 2034252b9..168aebfe4 100644 --- a/compliance/controls/aws/aws_ec2_instance_detailed_monitoring_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_instance_detailed_monitoring_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN monitoring_state = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_ebs_optimized.yaml b/compliance/controls/aws/aws_ec2_instance_ebs_optimized.yaml index 28e0f4729..1b5b83686 100644 --- a/compliance/controls/aws/aws_ec2_instance_ebs_optimized.yaml +++ b/compliance/controls/aws/aws_ec2_instance_ebs_optimized.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ebs_optimized THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_iam_profile_attached.yaml b/compliance/controls/aws/aws_ec2_instance_iam_profile_attached.yaml index a67f6610e..55570850d 100644 --- a/compliance/controls/aws/aws_ec2_instance_iam_profile_attached.yaml +++ b/compliance/controls/aws/aws_ec2_instance_iam_profile_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_instance_profile_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_in_vpc.yaml b/compliance/controls/aws/aws_ec2_instance_in_vpc.yaml index 02d5fd61b..80b8d76ab 100644 --- a/compliance/controls/aws/aws_ec2_instance_in_vpc.yaml +++ b/compliance/controls/aws/aws_ec2_instance_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_no_amazon_key_pair.yaml b/compliance/controls/aws/aws_ec2_instance_no_amazon_key_pair.yaml index a7f3927f9..a0e2ab433 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_amazon_key_pair.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_amazon_key_pair.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN instance_state <> 'running' THEN 'skip' WHEN key_name IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_passrole_and_lambda_invoke_function_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_passrole_and_lambda_invoke_function_access.yaml index 8915ef0be..df83e19bb 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_passrole_and_lambda_invoke_function_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_passrole_and_lambda_invoke_function_access.yaml @@ -36,8 +36,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_attached_with_credentials_exposure_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_attached_with_credentials_exposure_access.yaml index 0f8435eca..ea91d70f8 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_attached_with_credentials_exposure_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_attached_with_credentials_exposure_access.yaml @@ -66,8 +66,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_alter_critical_s3_permissions_configuration.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_alter_critical_s3_permissions_configuration.yaml index c29d5e592..80ed0c1b4 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_alter_critical_s3_permissions_configuration.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_alter_critical_s3_permissions_configuration.yaml @@ -38,8 +38,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_cloud_log_tampering_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_cloud_log_tampering_access.yaml index f42ebf913..a164893c8 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_cloud_log_tampering_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_cloud_log_tampering_access.yaml @@ -72,8 +72,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_data_destruction_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_data_destruction_access.yaml index 618715a6b..f2f0ee80b 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_data_destruction_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_data_destruction_access.yaml @@ -48,8 +48,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_kms_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_kms_access.yaml index 128ef98dc..d7688c409 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_kms_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_kms_access.yaml @@ -36,8 +36,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_rds_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_rds_access.yaml index 5db22aa46..4bd3546f8 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_rds_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_destruction_rds_access.yaml @@ -36,8 +36,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_elastic_ip_hijacking_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_elastic_ip_hijacking_access.yaml index a3eadb460..51dd6724c 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_elastic_ip_hijacking_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_elastic_ip_hijacking_access.yaml @@ -72,8 +72,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_management_level_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_management_level_access.yaml index 9678e6332..c666ad41e 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_management_level_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_management_level_access.yaml @@ -63,8 +63,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_group_creation_with_attached_policy_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_group_creation_with_attached_policy_access.yaml index 93e08d916..433025762 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_group_creation_with_attached_policy_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_group_creation_with_attached_policy_access.yaml @@ -38,8 +38,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_role_creation_with_attached_policy_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_role_creation_with_attached_policy_access.yaml index 060ad2706..e22baf844 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_role_creation_with_attached_policy_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_new_role_creation_with_attached_policy_access.yaml @@ -38,8 +38,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_org_write_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_org_write_access.yaml index d6420879b..027d1a40c 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_org_write_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_org_write_access.yaml @@ -66,8 +66,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_privilege_escalation_risk_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_privilege_escalation_risk_access.yaml index 2a678dd8d..5c13c646b 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_privilege_escalation_risk_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_privilege_escalation_risk_access.yaml @@ -45,8 +45,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_security_group_write_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_security_group_write_access.yaml index 3daec46db..078ccb842 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_security_group_write_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_security_group_write_access.yaml @@ -53,8 +53,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_write_permission_on_critical_s3_configuration.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_write_permission_on_critical_s3_configuration.yaml index 1e6b605db..2e452093b 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_write_permission_on_critical_s3_configuration.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_role_with_write_permission_on_critical_s3_configuration.yaml @@ -61,8 +61,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_no_iam_with_write_level_access.yaml b/compliance/controls/aws/aws_ec2_instance_no_iam_with_write_level_access.yaml index a53bbce1f..6747b5842 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_iam_with_write_level_access.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_iam_with_write_level_access.yaml @@ -104,8 +104,8 @@ Query: WHEN p.arn IS NULL THEN title || ' has no IAM writ level access.' ELSE title || ' has IAM write level access.' END AS reason, - i.og_account_id, - i.og_resource_id, + i.platform_account_id, + i.platform_resource_id, i.account_id FROM aws_ec2_instance AS i LEFT JOIN iam_roles AS r diff --git a/compliance/controls/aws/aws_ec2_instance_no_launch_wizard_security_group.yaml b/compliance/controls/aws/aws_ec2_instance_no_launch_wizard_security_group.yaml index ffa69cd4f..9e0139455 100644 --- a/compliance/controls/aws/aws_ec2_instance_no_launch_wizard_security_group.yaml +++ b/compliance/controls/aws/aws_ec2_instance_no_launch_wizard_security_group.yaml @@ -20,8 +20,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN sg.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_not_older_than_180_days.yaml b/compliance/controls/aws/aws_ec2_instance_not_older_than_180_days.yaml index eb16f1894..0a279578b 100644 --- a/compliance/controls/aws/aws_ec2_instance_not_older_than_180_days.yaml +++ b/compliance/controls/aws/aws_ec2_instance_not_older_than_180_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, launch_time, CASE WHEN launch_time >= (current_date - INTERVAL '180 days') THEN 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_not_publicly_accessible.yaml b/compliance/controls/aws/aws_ec2_instance_not_publicly_accessible.yaml index 36a6fbbec..f48d8c5f3 100644 --- a/compliance/controls/aws/aws_ec2_instance_not_publicly_accessible.yaml +++ b/compliance/controls/aws/aws_ec2_instance_not_publicly_accessible.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN public_ip_address IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_not_use_multiple_enis.yaml b/compliance/controls/aws/aws_ec2_instance_not_use_multiple_enis.yaml index a5c70d3f1..2f835761d 100644 --- a/compliance/controls/aws/aws_ec2_instance_not_use_multiple_enis.yaml +++ b/compliance/controls/aws/aws_ec2_instance_not_use_multiple_enis.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(network_interfaces) = 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_ec2_instance_protected_by_backup_plan.yaml index 6697c486a..6904cfcaf 100644 --- a/compliance/controls/aws/aws_ec2_instance_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_ec2_instance_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_publicly_accessible_iam_profile_attached.yaml b/compliance/controls/aws/aws_ec2_instance_publicly_accessible_iam_profile_attached.yaml index bd643e86f..1998e44b1 100644 --- a/compliance/controls/aws/aws_ec2_instance_publicly_accessible_iam_profile_attached.yaml +++ b/compliance/controls/aws/aws_ec2_instance_publicly_accessible_iam_profile_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_instance_profile_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_ssm_managed.yaml b/compliance/controls/aws/aws_ec2_instance_ssm_managed.yaml index 0a98d5176..5567126ec 100644 --- a/compliance/controls/aws/aws_ec2_instance_ssm_managed.yaml +++ b/compliance/controls/aws/aws_ec2_instance_ssm_managed.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN i.instance_state = 'stopped' THEN 'info' WHEN m.instance_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_termination_protection_enabled.yaml b/compliance/controls/aws/aws_ec2_instance_termination_protection_enabled.yaml index 2ab132be3..15022bac8 100644 --- a/compliance/controls/aws/aws_ec2_instance_termination_protection_enabled.yaml +++ b/compliance/controls/aws/aws_ec2_instance_termination_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN disable_api_termination THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ec2_instance_user_data_no_secrets.yaml b/compliance/controls/aws/aws_ec2_instance_user_data_no_secrets.yaml index 886a040d9..1574d133c 100644 --- a/compliance/controls/aws/aws_ec2_instance_user_data_no_secrets.yaml +++ b/compliance/controls/aws/aws_ec2_instance_user_data_no_secrets.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_data LIKE ANY (ARRAY ['%pass%', '%secret%', '%token%', '%key%']) OR user_data ~ '(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]' diff --git a/compliance/controls/aws/aws_ec2_instance_uses_imdsv2.yaml b/compliance/controls/aws/aws_ec2_instance_uses_imdsv2.yaml index 7ffbe8f06..4d14bbf91 100644 --- a/compliance/controls/aws/aws_ec2_instance_uses_imdsv2.yaml +++ b/compliance/controls/aws/aws_ec2_instance_uses_imdsv2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_instance_virtualization_type_no_paravirtual.yaml b/compliance/controls/aws/aws_ec2_instance_virtualization_type_no_paravirtual.yaml index 32329e34b..0a1ba984c 100644 --- a/compliance/controls/aws/aws_ec2_instance_virtualization_type_no_paravirtual.yaml +++ b/compliance/controls/aws/aws_ec2_instance_virtualization_type_no_paravirtual.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN virtualization_type = 'paravirtual' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_launch_template_not_publicly_accessible.yaml b/compliance/controls/aws/aws_ec2_launch_template_not_publicly_accessible.yaml index 491f81b99..2b53b66b8 100644 --- a/compliance/controls/aws/aws_ec2_launch_template_not_publicly_accessible.yaml +++ b/compliance/controls/aws/aws_ec2_launch_template_not_publicly_accessible.yaml @@ -27,8 +27,8 @@ Query: ) SELECT t.launch_template_id AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN i.launch_template_id IS NULL THEN 'skip' WHEN t.launch_template_id IN (SELECT public_launch_template_id FROM public_launch_templates) THEN 'alarm' diff --git a/compliance/controls/aws/aws_ec2_network_interface_unused.yaml b/compliance/controls/aws/aws_ec2_network_interface_unused.yaml index c8ef2c85e..2ed09c379 100644 --- a/compliance/controls/aws/aws_ec2_network_interface_unused.yaml +++ b/compliance/controls/aws/aws_ec2_network_interface_unused.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT network_interface_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status = 'available' AND attached_instance_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ec2_stopped_instance_30_days.yaml b/compliance/controls/aws/aws_ec2_stopped_instance_30_days.yaml index 932beabc6..0195d44a9 100644 --- a/compliance/controls/aws/aws_ec2_stopped_instance_30_days.yaml +++ b/compliance/controls/aws/aws_ec2_stopped_instance_30_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN instance_state NOT IN ('stopped', 'stopping') THEN 'skip' WHEN state_transition_time <= (current_date - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_ec2_stopped_instance_90_days.yaml b/compliance/controls/aws/aws_ec2_stopped_instance_90_days.yaml index 699b348cb..b3ec3bc8b 100644 --- a/compliance/controls/aws/aws_ec2_stopped_instance_90_days.yaml +++ b/compliance/controls/aws/aws_ec2_stopped_instance_90_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN instance_state NOT IN ('stopped', 'stopping') THEN 'skip' WHEN state_transition_time <= (current_date - INTERVAL '90' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_ec2_transit_gateway_auto_cross_account_attachment_disabled.yaml b/compliance/controls/aws/aws_ec2_transit_gateway_auto_cross_account_attachment_disabled.yaml index af01f191d..2229f6ab4 100644 --- a/compliance/controls/aws/aws_ec2_transit_gateway_auto_cross_account_attachment_disabled.yaml +++ b/compliance/controls/aws/aws_ec2_transit_gateway_auto_cross_account_attachment_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT transit_gateway_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_accept_shared_attachments = 'enable' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ecr_repository_image_scan_on_push_enabled.yaml b/compliance/controls/aws/aws_ecr_repository_image_scan_on_push_enabled.yaml index 47b2ae5c7..933720580 100644 --- a/compliance/controls/aws/aws_ecr_repository_image_scan_on_push_enabled.yaml +++ b/compliance/controls/aws/aws_ecr_repository_image_scan_on_push_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN image_scanning_configuration ->> 'ScanOnPush' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecr_repository_lifecycle_policy_configured.yaml b/compliance/controls/aws/aws_ecr_repository_lifecycle_policy_configured.yaml index a94021661..b0850f9a1 100644 --- a/compliance/controls/aws/aws_ecr_repository_lifecycle_policy_configured.yaml +++ b/compliance/controls/aws/aws_ecr_repository_lifecycle_policy_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN lifecycle_policy -> 'rules' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecr_repository_prohibit_public_access.yaml b/compliance/controls/aws/aws_ecr_repository_prohibit_public_access.yaml index cd3c4ddb2..fa3a92cf1 100644 --- a/compliance/controls/aws/aws_ecr_repository_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_ecr_repository_prohibit_public_access.yaml @@ -26,8 +26,8 @@ Query: ) SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN o.arn IS NOT NULL THEN 'alarm' ELSE 'ok' @@ -40,7 +40,7 @@ Query: aws_ecr_repository AS r LEFT JOIN open_access_ecr_repo AS o ON r.arn = o.arn GROUP BY - resource, status, reason, r.region, r.account_id, r.tags, r._ctx, r.og_account_id, r.og_resource_id; + resource, status, reason, r.region, r.account_id, r.tags, r._ctx, r.platform_account_id, r.platform_resource_id; Severity: low Tags: {} Title: ECR repositories should prohibit public access \ No newline at end of file diff --git a/compliance/controls/aws/aws_ecr_repository_tag_immutability_enabled.yaml b/compliance/controls/aws/aws_ecr_repository_tag_immutability_enabled.yaml index 78952432f..67c519a44 100644 --- a/compliance/controls/aws/aws_ecr_repository_tag_immutability_enabled.yaml +++ b/compliance/controls/aws/aws_ecr_repository_tag_immutability_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN image_tag_mutability = 'IMMUTABLE' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_cluster_container_insights_enabled.yaml b/compliance/controls/aws/aws_ecs_cluster_container_insights_enabled.yaml index e85b76ea7..99afe159d 100644 --- a/compliance/controls/aws/aws_ecs_cluster_container_insights_enabled.yaml +++ b/compliance/controls/aws/aws_ecs_cluster_container_insights_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN s ->> 'Name' = 'containerInsights' AND s ->> 'Value' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_cluster_container_instance_agent_connected.yaml b/compliance/controls/aws/aws_ecs_cluster_container_instance_agent_connected.yaml index 687be7235..ae631cf49 100644 --- a/compliance/controls/aws/aws_ecs_cluster_container_instance_agent_connected.yaml +++ b/compliance/controls/aws/aws_ecs_cluster_container_instance_agent_connected.yaml @@ -21,8 +21,8 @@ Query: ) SELECT c.cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.registered_container_instances_count = 0 THEN 'skip' WHEN i.cluster_arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_ecs_cluster_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_ecs_cluster_encryption_at_rest_enabled.yaml index 742e3171a..f4092665c 100644 --- a/compliance/controls/aws/aws_ecs_cluster_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_ecs_cluster_encryption_at_rest_enabled.yaml @@ -27,8 +27,8 @@ Query: ) SELECT c.cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.registered_container_instances_count = 0 THEN 'skip' WHEN v.cluster_arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_ecs_cluster_no_active_services_count.yaml b/compliance/controls/aws/aws_ecs_cluster_no_active_services_count.yaml index 9eae060d3..9b8b5f75f 100644 --- a/compliance/controls/aws/aws_ecs_cluster_no_active_services_count.yaml +++ b/compliance/controls/aws/aws_ecs_cluster_no_active_services_count.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN active_services_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_cluster_no_registered_container_instance.yaml b/compliance/controls/aws/aws_ecs_cluster_no_registered_container_instance.yaml index e7bcecbdd..909f7df72 100644 --- a/compliance/controls/aws/aws_ecs_cluster_no_registered_container_instance.yaml +++ b/compliance/controls/aws/aws_ecs_cluster_no_registered_container_instance.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN registered_container_instances_count = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ecs_service_fargate_using_latest_platform_version.yaml b/compliance/controls/aws/aws_ecs_service_fargate_using_latest_platform_version.yaml index 6fa4e56cf..6ec06d9f8 100644 --- a/compliance/controls/aws/aws_ecs_service_fargate_using_latest_platform_version.yaml +++ b/compliance/controls/aws/aws_ecs_service_fargate_using_latest_platform_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN launch_type <> 'FARGATE' THEN 'skip' WHEN platform_version = 'LATEST' THEN 'ok' diff --git a/compliance/controls/aws/aws_ecs_service_load_balancer_attached.yaml b/compliance/controls/aws/aws_ecs_service_load_balancer_attached.yaml index 684930e5e..0834f5801 100644 --- a/compliance/controls/aws/aws_ecs_service_load_balancer_attached.yaml +++ b/compliance/controls/aws/aws_ecs_service_load_balancer_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(load_balancers) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ecs_service_not_publicly_accessible.yaml b/compliance/controls/aws/aws_ecs_service_not_publicly_accessible.yaml index a8b307d74..a36178a95 100644 --- a/compliance/controls/aws/aws_ecs_service_not_publicly_accessible.yaml +++ b/compliance/controls/aws/aws_ecs_service_not_publicly_accessible.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.service_name IS NULL THEN 'skip' WHEN network_configuration -> 'AwsvpcConfiguration' ->> 'AssignPublicIp' = 'DISABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_ecs_task_definition_container_environment_no_secret.yaml b/compliance/controls/aws/aws_ecs_task_definition_container_environment_no_secret.yaml index cbe3630cc..cd7803d20 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_container_environment_no_secret.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_container_environment_no_secret.yaml @@ -43,8 +43,8 @@ Query: SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN e.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_task_definition_container_non_privileged.yaml b/compliance/controls/aws/aws_ecs_task_definition_container_non_privileged.yaml index 2e95e5f34..4a7de9217 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_container_non_privileged.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_container_non_privileged.yaml @@ -20,8 +20,8 @@ Query: ) SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN c.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_task_definition_container_readonly_root_filesystem.yaml b/compliance/controls/aws/aws_ecs_task_definition_container_readonly_root_filesystem.yaml index 74611e83c..af1bc30d1 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_container_readonly_root_filesystem.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_container_readonly_root_filesystem.yaml @@ -20,8 +20,8 @@ Query: ) SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN c.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_task_definition_logging_enabled.yaml b/compliance/controls/aws/aws_ecs_task_definition_logging_enabled.yaml index 5e4887c4f..20188eb36 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_logging_enabled.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_logging_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.task_definition_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ecs_task_definition_no_host_pid_mode.yaml b/compliance/controls/aws/aws_ecs_task_definition_no_host_pid_mode.yaml index 2dc8f45ce..ba48b2acc 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_no_host_pid_mode.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_no_host_pid_mode.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT task_definition_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN pid_mode = 'host' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ecs_task_definition_no_root_user.yaml b/compliance/controls/aws/aws_ecs_task_definition_no_root_user.yaml index ee9cf6c4a..f5ae1c687 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_no_root_user.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_no_root_user.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.task_definition_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ecs_task_definition_user_for_host_mode_check.yaml b/compliance/controls/aws/aws_ecs_task_definition_user_for_host_mode_check.yaml index f1a6fffd1..d0f4b9ef8 100644 --- a/compliance/controls/aws/aws_ecs_task_definition_user_for_host_mode_check.yaml +++ b/compliance/controls/aws/aws_ecs_task_definition_user_for_host_mode_check.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.task_definition_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.network_mode IS NULL OR a.network_mode <> 'host' THEN 'skip' WHEN b.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_efs_access_point_enforce_root_directory.yaml b/compliance/controls/aws/aws_efs_access_point_enforce_root_directory.yaml index b73963dab..9fc7fb9f5 100644 --- a/compliance/controls/aws/aws_efs_access_point_enforce_root_directory.yaml +++ b/compliance/controls/aws/aws_efs_access_point_enforce_root_directory.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN root_directory ->> 'Path' = '/' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_efs_access_point_enforce_user_identity.yaml b/compliance/controls/aws/aws_efs_access_point_enforce_user_identity.yaml index 4634a7a6f..5de628c08 100644 --- a/compliance/controls/aws/aws_efs_access_point_enforce_user_identity.yaml +++ b/compliance/controls/aws/aws_efs_access_point_enforce_user_identity.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN posix_user IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_efs_file_system_encrypt_data_at_rest.yaml b/compliance/controls/aws/aws_efs_file_system_encrypt_data_at_rest.yaml index ac9f07fe8..21087ca4f 100644 --- a/compliance/controls/aws/aws_efs_file_system_encrypt_data_at_rest.yaml +++ b/compliance/controls/aws/aws_efs_file_system_encrypt_data_at_rest.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_efs_file_system_encrypted_with_cmk.yaml b/compliance/controls/aws/aws_efs_file_system_encrypted_with_cmk.yaml index 011a5cfb1..3700e517a 100644 --- a/compliance/controls/aws/aws_efs_file_system_encrypted_with_cmk.yaml +++ b/compliance/controls/aws/aws_efs_file_system_encrypted_with_cmk.yaml @@ -22,8 +22,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN NOT encrypted THEN 'alarm' WHEN encrypted AND e.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/aws/aws_efs_file_system_enforces_ssl.yaml b/compliance/controls/aws/aws_efs_file_system_enforces_ssl.yaml index 6a4ac1a2e..5d4abe08a 100644 --- a/compliance/controls/aws/aws_efs_file_system_enforces_ssl.yaml +++ b/compliance/controls/aws/aws_efs_file_system_enforces_ssl.yaml @@ -29,8 +29,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_efs_file_system_in_backup_plan.yaml b/compliance/controls/aws/aws_efs_file_system_in_backup_plan.yaml index 2aeec9ca4..9be9aa7e4 100644 --- a/compliance/controls/aws/aws_efs_file_system_in_backup_plan.yaml +++ b/compliance/controls/aws/aws_efs_file_system_in_backup_plan.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automatic_backups = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_efs_file_system_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_efs_file_system_protected_by_backup_plan.yaml index d0c267033..3b6d20761 100644 --- a/compliance/controls/aws/aws_efs_file_system_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_efs_file_system_protected_by_backup_plan.yaml @@ -21,8 +21,8 @@ Query: SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_efs_file_system_restrict_public_access.yaml b/compliance/controls/aws/aws_efs_file_system_restrict_public_access.yaml index 7f87f33e4..db92fdcd1 100644 --- a/compliance/controls/aws/aws_efs_file_system_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_efs_file_system_restrict_public_access.yaml @@ -27,8 +27,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_eks_cluster_control_plane_audit_logging_enabled.yaml b/compliance/controls/aws/aws_eks_cluster_control_plane_audit_logging_enabled.yaml index f373a274a..11169527a 100644 --- a/compliance/controls/aws/aws_eks_cluster_control_plane_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_eks_cluster_control_plane_audit_logging_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_eks_cluster_endpoint_public_access_restricted.yaml b/compliance/controls/aws/aws_eks_cluster_endpoint_public_access_restricted.yaml index 6242ca8ab..75d6490a8 100644 --- a/compliance/controls/aws/aws_eks_cluster_endpoint_public_access_restricted.yaml +++ b/compliance/controls/aws/aws_eks_cluster_endpoint_public_access_restricted.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN resources_vpc_config ->> 'EndpointPrivateAccess' = 'true' AND resources_vpc_config ->> 'EndpointPublicAccess' = 'false' diff --git a/compliance/controls/aws/aws_eks_cluster_endpoint_restrict_public_access.yaml b/compliance/controls/aws/aws_eks_cluster_endpoint_restrict_public_access.yaml index 633215cc4..002283ab0 100644 --- a/compliance/controls/aws/aws_eks_cluster_endpoint_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_eks_cluster_endpoint_restrict_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN resources_vpc_config ->> 'EndpointPublicAccess' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_eks_cluster_no_default_vpc.yaml b/compliance/controls/aws/aws_eks_cluster_no_default_vpc.yaml index 072f53ffb..8b462a126 100644 --- a/compliance/controls/aws/aws_eks_cluster_no_default_vpc.yaml +++ b/compliance/controls/aws/aws_eks_cluster_no_default_vpc.yaml @@ -22,8 +22,8 @@ Query: ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN v.arn IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_eks_cluster_no_multiple_security_groups.yaml b/compliance/controls/aws/aws_eks_cluster_no_multiple_security_groups.yaml index b866bbe16..c5a4932d1 100644 --- a/compliance/controls/aws/aws_eks_cluster_no_multiple_security_groups.yaml +++ b/compliance/controls/aws/aws_eks_cluster_no_multiple_security_groups.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(resources_vpc_config -> 'SecurityGroupIds') > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_eks_cluster_secrets_encrypted.yaml b/compliance/controls/aws/aws_eks_cluster_secrets_encrypted.yaml index 48f980066..cfca49f65 100644 --- a/compliance/controls/aws/aws_eks_cluster_secrets_encrypted.yaml +++ b/compliance/controls/aws/aws_eks_cluster_secrets_encrypted.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN encryption_config IS NULL THEN 'alarm' WHEN b.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_eks_cluster_with_latest_kubernetes_version.yaml b/compliance/controls/aws/aws_eks_cluster_with_latest_kubernetes_version.yaml index c91fbd3b3..29adb871c 100644 --- a/compliance/controls/aws/aws_eks_cluster_with_latest_kubernetes_version.yaml +++ b/compliance/controls/aws/aws_eks_cluster_with_latest_kubernetes_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (version)::decimal >= 1.19 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elastic_beanstalk_enhanced_health_reporting_enabled.yaml b/compliance/controls/aws/aws_elastic_beanstalk_enhanced_health_reporting_enabled.yaml index 723149166..5469fc8b4 100644 --- a/compliance/controls/aws/aws_elastic_beanstalk_enhanced_health_reporting_enabled.yaml +++ b/compliance/controls/aws/aws_elastic_beanstalk_enhanced_health_reporting_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT application_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN health_status IS NOT NULL AND health IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elastic_beanstalk_environment_logs_to_cloudwatch.yaml b/compliance/controls/aws/aws_elastic_beanstalk_environment_logs_to_cloudwatch.yaml index 8d0593a54..07d5dab36 100644 --- a/compliance/controls/aws/aws_elastic_beanstalk_environment_logs_to_cloudwatch.yaml +++ b/compliance/controls/aws/aws_elastic_beanstalk_environment_logs_to_cloudwatch.yaml @@ -24,8 +24,8 @@ Query: ) SELECT e.arn AS resource, - e.og_account_id AS og_account_id, - e.og_resource_id AS og_resource_id, + e.platform_account_id AS platform_account_id, + e.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elastic_beanstalk_environment_managed_updates_enabled.yaml b/compliance/controls/aws/aws_elastic_beanstalk_environment_managed_updates_enabled.yaml index 2515fa8e8..a9503806f 100644 --- a/compliance/controls/aws/aws_elastic_beanstalk_environment_managed_updates_enabled.yaml +++ b/compliance/controls/aws/aws_elastic_beanstalk_environment_managed_updates_enabled.yaml @@ -24,8 +24,8 @@ Query: ) SELECT e.arn AS resource, - e.og_account_id AS og_account_id, - e.og_resource_id AS og_resource_id, + e.platform_account_id AS platform_account_id, + e.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_cluster_auto_minor_version_upgrade_enabled.yaml b/compliance/controls/aws/aws_elasticache_cluster_auto_minor_version_upgrade_enabled.yaml index 6a0200145..63470decd 100644 --- a/compliance/controls/aws/aws_elasticache_cluster_auto_minor_version_upgrade_enabled.yaml +++ b/compliance/controls/aws/aws_elasticache_cluster_auto_minor_version_upgrade_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_cluster_no_default_subnet_group.yaml b/compliance/controls/aws/aws_elasticache_cluster_no_default_subnet_group.yaml index 7d7aadbb4..25fde28e2 100644 --- a/compliance/controls/aws/aws_elasticache_cluster_no_default_subnet_group.yaml +++ b/compliance/controls/aws/aws_elasticache_cluster_no_default_subnet_group.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cache_subnet_group_name = 'default' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elasticache_cluster_no_public_subnet.yaml b/compliance/controls/aws/aws_elasticache_cluster_no_public_subnet.yaml index 4577772a1..3645076c0 100644 --- a/compliance/controls/aws/aws_elasticache_cluster_no_public_subnet.yaml +++ b/compliance/controls/aws/aws_elasticache_cluster_no_public_subnet.yaml @@ -73,8 +73,8 @@ Query: WHERE a.access = 'public' ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN s.cache_subnet_group_name IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_redis_cluster_automatic_backup_retention_15_days.yaml b/compliance/controls/aws/aws_elasticache_redis_cluster_automatic_backup_retention_15_days.yaml index 1f7b54a57..3d14cf260 100644 --- a/compliance/controls/aws/aws_elasticache_redis_cluster_automatic_backup_retention_15_days.yaml +++ b/compliance/controls/aws/aws_elasticache_redis_cluster_automatic_backup_retention_15_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN snapshot_retention_limit < 15 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elasticache_replication_group_auto_failover_enabled.yaml b/compliance/controls/aws/aws_elasticache_replication_group_auto_failover_enabled.yaml index 1d784437e..dd93f947f 100644 --- a/compliance/controls/aws/aws_elasticache_replication_group_auto_failover_enabled.yaml +++ b/compliance/controls/aws/aws_elasticache_replication_group_auto_failover_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automatic_failover = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled.yaml index c0b099538..60ba64f07 100644 --- a/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN at_rest_encryption_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled_with_kms_cmk.yaml b/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled_with_kms_cmk.yaml index 3d733444a..489a6a15f 100644 --- a/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_elasticache_replication_group_encryption_at_rest_enabled_with_kms_cmk.yaml @@ -19,8 +19,8 @@ Query: region, account_id, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_elasticache_replication_group ORDER BY @@ -37,8 +37,8 @@ Query: ) SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN NOT at_rest_encryption_enabled THEN 'alarm' WHEN at_rest_encryption_enabled AND kms_key_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_replication_group_encryption_in_transit_enabled.yaml b/compliance/controls/aws/aws_elasticache_replication_group_encryption_in_transit_enabled.yaml index 6cdc94c97..dfbb543d3 100644 --- a/compliance/controls/aws/aws_elasticache_replication_group_encryption_in_transit_enabled.yaml +++ b/compliance/controls/aws/aws_elasticache_replication_group_encryption_in_transit_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN transit_encryption_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elasticache_replication_group_redis_auth_enabled.yaml b/compliance/controls/aws/aws_elasticache_replication_group_redis_auth_enabled.yaml index 74366d3c6..8b7ed41da 100644 --- a/compliance/controls/aws/aws_elasticache_replication_group_redis_auth_enabled.yaml +++ b/compliance/controls/aws/aws_elasticache_replication_group_redis_auth_enabled.yaml @@ -19,8 +19,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN regexp_split_to_array(v.engine_version, '.')::int[] >= regexp_split_to_array('6.0', '.')::int[] THEN 'skip' WHEN regexp_split_to_array(v.engine_version, '.')::int[] < regexp_split_to_array('6.0', '.')::int[] AND eg.auth_token_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml b/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml index b2dca9f2b..808598c0d 100644 --- a/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml +++ b/compliance/controls/aws/aws_elb_application_classic_lb_logging_enabled.yaml @@ -13,9 +13,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_application_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_application_load_balancer' AS platform_table_name, CASE WHEN load_balancer_attributes @> '[{"Key": "access_logs.s3.enabled", "Value": "true"}]' THEN 'ok' ELSE 'alarm' @@ -32,9 +32,9 @@ Query: ( SELECT 'arn:' || partition || ':elasticloadbalancing:' || region || ':' || account_id || ':loadbalancer/' || title AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_classic_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_classic_load_balancer' AS platform_table_name, CASE WHEN access_log_enabled = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_classic_network_lb_prohibit_public_access.yaml b/compliance/controls/aws/aws_elb_application_classic_network_lb_prohibit_public_access.yaml index 8163a5370..c485e129c 100644 --- a/compliance/controls/aws/aws_elb_application_classic_network_lb_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_elb_application_classic_network_lb_prohibit_public_access.yaml @@ -20,8 +20,8 @@ Query: account_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_application_load_balancer UNION @@ -33,8 +33,8 @@ Query: account_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_network_load_balancer UNION @@ -46,15 +46,15 @@ Query: account_id, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_classic_load_balancer ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN scheme = 'internet-facing' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml b/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml index f08bcfa83..d27c1c88e 100644 --- a/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml +++ b/compliance/controls/aws/aws_elb_application_gateway_network_lb_multiple_az_configured.yaml @@ -13,9 +13,9 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_application_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_application_load_balancer' AS platform_table_name, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' @@ -28,9 +28,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_network_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_network_load_balancer' AS platform_table_name, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' @@ -43,9 +43,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_gateway_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_gateway_load_balancer' AS platform_table_name, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elb_application_lb_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_elb_application_lb_deletion_protection_enabled.yaml index b7523336c..b5ab5eb3f 100644 --- a/compliance/controls/aws/aws_elb_application_lb_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key": "deletion_protection.enabled", "Value": "true"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_lb_desync_mitigation_mode.yaml b/compliance/controls/aws/aws_elb_application_lb_desync_mitigation_mode.yaml index 3a34fd786..a5ffdd72e 100644 --- a/compliance/controls/aws/aws_elb_application_lb_desync_mitigation_mode.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_desync_mitigation_mode.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN m.v = ANY(ARRAY['defensive', 'strictest']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_lb_drop_http_headers.yaml b/compliance/controls/aws/aws_elb_application_lb_drop_http_headers.yaml index c27709b5d..dd36ac5f9 100644 --- a/compliance/controls/aws/aws_elb_application_lb_drop_http_headers.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_drop_http_headers.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key": "routing.http.drop_invalid_header_fields.enabled", "Value": "true"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_lb_redirect_http_request_to_https.yaml b/compliance/controls/aws/aws_elb_application_lb_redirect_http_request_to_https.yaml index 02aeca0d0..0b794c0bd 100644 --- a/compliance/controls/aws/aws_elb_application_lb_redirect_http_request_to_https.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_redirect_http_request_to_https.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.load_balancer_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elb_application_lb_waf_enabled.yaml b/compliance/controls/aws/aws_elb_application_lb_waf_enabled.yaml index a05b7d348..c42fa0ac1 100644 --- a/compliance/controls/aws/aws_elb_application_lb_waf_enabled.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_waf_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_lb_with_outbound_rule.yaml b/compliance/controls/aws/aws_elb_application_lb_with_outbound_rule.yaml index b344708b0..8d75c8317 100644 --- a/compliance/controls/aws/aws_elb_application_lb_with_outbound_rule.yaml +++ b/compliance/controls/aws/aws_elb_application_lb_with_outbound_rule.yaml @@ -34,8 +34,8 @@ Query: ) SELECT DISTINCT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.security_groups IS NULL THEN 'alarm' WHEN o.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_network_lb_use_listeners.yaml b/compliance/controls/aws/aws_elb_application_network_lb_use_listeners.yaml index f29fa4e78..b99cdf1d1 100644 --- a/compliance/controls/aws/aws_elb_application_network_lb_use_listeners.yaml +++ b/compliance/controls/aws/aws_elb_application_network_lb_use_listeners.yaml @@ -17,8 +17,8 @@ Query: n.title, n.region, n.account_id, - n.og_account_id, - n.og_resource_id, + n.platform_account_id, + n.platform_resource_id, tags, _ctx FROM @@ -29,8 +29,8 @@ Query: a.title, a.region, a.account_id, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, tags, _ctx FROM @@ -38,8 +38,8 @@ Query: ) SELECT DISTINCT lb.arn AS resource, - lb.og_account_id AS og_account_id, - lb.og_resource_id AS og_resource_id, + lb.platform_account_id AS platform_account_id, + lb.platform_resource_id AS platform_resource_id, CASE WHEN l.load_balancer_arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml b/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml index 03327399b..10b011f7e 100644 --- a/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml +++ b/compliance/controls/aws/aws_elb_application_network_lb_use_ssl_certificate.yaml @@ -35,9 +35,9 @@ Query: account_id, region, title, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_application_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_application_load_balancer' AS platform_table_name, _ctx FROM aws_ec2_application_load_balancer @@ -47,18 +47,18 @@ Query: account_id, region, title, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_ec2_network_load_balancer' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_ec2_network_load_balancer' AS platform_table_name, _ctx FROM aws_ec2_network_load_balancer ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, - a.og_table_name AS og_table_name, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, + a.platform_table_name AS platform_table_name, CASE WHEN b.load_balancer_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_classic_lb_cross_zone_load_balancing_enabled.yaml b/compliance/controls/aws/aws_elb_classic_lb_cross_zone_load_balancing_enabled.yaml index 791f420ba..6437a6f7b 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_cross_zone_load_balancing_enabled.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_cross_zone_load_balancing_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cross_zone_load_balancing_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_classic_lb_desync_mitigation_mode.yaml b/compliance/controls/aws/aws_elb_classic_lb_desync_mitigation_mode.yaml index d88d0651f..3e145c3a1 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_desync_mitigation_mode.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_desync_mitigation_mode.yaml @@ -22,8 +22,8 @@ Query: ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN m.v = ANY(ARRAY['defensive', 'strictest']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_classic_lb_multiple_az_configured.yaml b/compliance/controls/aws/aws_elb_classic_lb_multiple_az_configured.yaml index 3006814f9..93914fd7a 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_multiple_az_configured.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_multiple_az_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elb_classic_lb_no_registered_instance.yaml b/compliance/controls/aws/aws_elb_classic_lb_no_registered_instance.yaml index 6133b5068..b5f5f385f 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_no_registered_instance.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_no_registered_instance.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(instances) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_elb_classic_lb_use_ssl_certificate.yaml b/compliance/controls/aws/aws_elb_classic_lb_use_ssl_certificate.yaml index 5d648ec6b..20420ca3f 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_use_ssl_certificate.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_use_ssl_certificate.yaml @@ -12,7 +12,7 @@ Query: WITH detailed_classic_listeners AS ( SELECT name, - og_resource_id + platform_resource_id FROM aws_ec2_classic_load_balancer, jsonb_array_elements(listener_descriptions) AS listener_description @@ -22,8 +22,8 @@ Query: ) SELECT 'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.listener_descriptions IS NULL THEN 'skip' WHEN b.name IS NOT NULL THEN 'alarm' @@ -38,7 +38,7 @@ Query: account_id FROM aws_ec2_classic_load_balancer AS a - LEFT JOIN detailed_classic_listeners AS b ON a.og_resource_id = b.og_resource_id + LEFT JOIN detailed_classic_listeners AS b ON a.platform_resource_id = b.platform_resource_id Severity: high Tags: category: diff --git a/compliance/controls/aws/aws_elb_classic_lb_use_tls_https_listeners.yaml b/compliance/controls/aws/aws_elb_classic_lb_use_tls_https_listeners.yaml index e2fd9cb36..1ce01c0c5 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_use_tls_https_listeners.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_use_tls_https_listeners.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':elasticloadbalancing:' || region || ':' || account_id || ':loadbalancer/' || title AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN listener_description -> 'Listener' ->> 'Protocol' IN ('HTTPS', 'SSL', 'TLS') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_classic_lb_with_inbound_rule.yaml b/compliance/controls/aws/aws_elb_classic_lb_with_inbound_rule.yaml index 5562d8d0e..053c95d52 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_with_inbound_rule.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_with_inbound_rule.yaml @@ -33,8 +33,8 @@ Query: ) SELECT DISTINCT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.security_groups IS NULL THEN 'alarm' WHEN i.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_elb_classic_lb_with_outbound_rule.yaml b/compliance/controls/aws/aws_elb_classic_lb_with_outbound_rule.yaml index a3d760d7e..57d1f50d7 100644 --- a/compliance/controls/aws/aws_elb_classic_lb_with_outbound_rule.yaml +++ b/compliance/controls/aws/aws_elb_classic_lb_with_outbound_rule.yaml @@ -34,8 +34,8 @@ Query: ) SELECT DISTINCT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.security_groups IS NULL THEN 'alarm' WHEN o.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_elb_listener_use_secure_ssl_cipher.yaml b/compliance/controls/aws/aws_elb_listener_use_secure_ssl_cipher.yaml index 92af577f7..749c40530 100644 --- a/compliance/controls/aws/aws_elb_listener_use_secure_ssl_cipher.yaml +++ b/compliance/controls/aws/aws_elb_listener_use_secure_ssl_cipher.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT load_balancer_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ssl_policy LIKE ANY(ARRAY['ELBSecurityPolicy-TLS-1-2-2017-01', 'ELBSecurityPolicy-TLS-1-1-2017-01']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_elb_network_lb_tls_listener_security_policy_configured.yaml b/compliance/controls/aws/aws_elb_network_lb_tls_listener_security_policy_configured.yaml index 6fd07f4c1..98b9bc38d 100644 --- a/compliance/controls/aws/aws_elb_network_lb_tls_listener_security_policy_configured.yaml +++ b/compliance/controls/aws/aws_elb_network_lb_tls_listener_security_policy_configured.yaml @@ -38,8 +38,8 @@ Query: ) SELECT lb.arn AS resource, - lb.og_account_id AS og_account_id, - lb.og_resource_id AS og_resource_id, + lb.platform_account_id AS platform_account_id, + lb.platform_resource_id AS platform_resource_id, CASE WHEN l.load_balancer_arn IS NOT NULL AND lb.arn IN (SELECT load_balancer_arn FROM tls_listeners) THEN 'alarm' diff --git a/compliance/controls/aws/aws_elb_tls_listener_protocol_version.yaml b/compliance/controls/aws/aws_elb_tls_listener_protocol_version.yaml index 534d42f62..4c4faca83 100644 --- a/compliance/controls/aws/aws_elb_tls_listener_protocol_version.yaml +++ b/compliance/controls/aws/aws_elb_tls_listener_protocol_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT load_balancer_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN protocol <> 'HTTPS' THEN 'skip' WHEN protocol = 'HTTPS' AND ssl_policy LIKE ANY (ARRAY['Protocol-SSLv3', 'Protocol-TLSv1']) THEN 'alarm' diff --git a/compliance/controls/aws/aws_emr_account_public_access_blocked.yaml b/compliance/controls/aws/aws_emr_account_public_access_blocked.yaml index 942960859..4193525a4 100644 --- a/compliance/controls/aws/aws_emr_account_public_access_blocked.yaml +++ b/compliance/controls/aws/aws_emr_account_public_access_blocked.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:' || c.partition || '::' || c.region || ':' || c.account_id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN NOT block_public_security_group_rules THEN 'alarm' WHEN block_public_security_group_rules AND p.region IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_emr_cluster_encryption_at_rest_with_sse_kms.yaml b/compliance/controls/aws/aws_emr_cluster_encryption_at_rest_with_sse_kms.yaml index 1e7bc2c7d..ee138655f 100644 --- a/compliance/controls/aws/aws_emr_cluster_encryption_at_rest_with_sse_kms.yaml +++ b/compliance/controls/aws/aws_emr_cluster_encryption_at_rest_with_sse_kms.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN s.name IS NULL THEN 'alarm' WHEN NOT (encryption_configuration -> 'EnableAtRestEncryption')::bool THEN 'alarm' diff --git a/compliance/controls/aws/aws_emr_cluster_kerberos_enabled.yaml b/compliance/controls/aws/aws_emr_cluster_kerberos_enabled.yaml index c2920603b..82021c5a0 100644 --- a/compliance/controls/aws/aws_emr_cluster_kerberos_enabled.yaml +++ b/compliance/controls/aws/aws_emr_cluster_kerberos_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kerberos_attributes IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_emr_cluster_local_disk_encrypted_with_cmk.yaml b/compliance/controls/aws/aws_emr_cluster_local_disk_encrypted_with_cmk.yaml index dc09cdc93..63ad23629 100644 --- a/compliance/controls/aws/aws_emr_cluster_local_disk_encrypted_with_cmk.yaml +++ b/compliance/controls/aws/aws_emr_cluster_local_disk_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN s.name IS NULL THEN 'alarm' WHEN (encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration') IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_emr_cluster_master_nodes_no_public_ip.yaml b/compliance/controls/aws/aws_emr_cluster_master_nodes_no_public_ip.yaml index 30a064dfc..cb2f051d0 100644 --- a/compliance/controls/aws/aws_emr_cluster_master_nodes_no_public_ip.yaml +++ b/compliance/controls/aws/aws_emr_cluster_master_nodes_no_public_ip.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.status ->> 'State' NOT IN ('RUNNING', 'WAITING') THEN 'skip' WHEN s.map_public_ip_on_launch THEN 'alarm' diff --git a/compliance/controls/aws/aws_emr_cluster_security_configuration_enabled.yaml b/compliance/controls/aws/aws_emr_cluster_security_configuration_enabled.yaml index 62f7bdbb8..aef066855 100644 --- a/compliance/controls/aws/aws_emr_cluster_security_configuration_enabled.yaml +++ b/compliance/controls/aws/aws_emr_cluster_security_configuration_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN security_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_es_domain_audit_logging_enabled.yaml b/compliance/controls/aws/aws_es_domain_audit_logging_enabled.yaml index cd4e4968d..b5f45fd77 100644 --- a/compliance/controls/aws/aws_es_domain_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_audit_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'AUDIT_LOGS' -> 'Enabled' = 'true' diff --git a/compliance/controls/aws/aws_es_domain_cognito_authentication_enabled.yaml b/compliance/controls/aws/aws_es_domain_cognito_authentication_enabled.yaml index 0d898a88f..26a54e683 100644 --- a/compliance/controls/aws/aws_es_domain_cognito_authentication_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_cognito_authentication_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cognito_options ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_es_domain_data_nodes_min_3.yaml b/compliance/controls/aws/aws_es_domain_data_nodes_min_3.yaml index 9e03b00bf..3fbdd3f9e 100644 --- a/compliance/controls/aws/aws_es_domain_data_nodes_min_3.yaml +++ b/compliance/controls/aws/aws_es_domain_data_nodes_min_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN elasticsearch_cluster_config ->> 'ZoneAwarenessEnabled' = 'false' THEN 'alarm' WHEN elasticsearch_cluster_config ->> 'ZoneAwarenessEnabled' = 'true' diff --git a/compliance/controls/aws/aws_es_domain_dedicated_master_nodes_min_3.yaml b/compliance/controls/aws/aws_es_domain_dedicated_master_nodes_min_3.yaml index 08f5968c6..41b45a718 100644 --- a/compliance/controls/aws/aws_es_domain_dedicated_master_nodes_min_3.yaml +++ b/compliance/controls/aws/aws_es_domain_dedicated_master_nodes_min_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN elasticsearch_cluster_config ->> 'DedicatedMasterEnabled' = 'false' THEN 'alarm' WHEN diff --git a/compliance/controls/aws/aws_es_domain_encrypted_using_tls_1_2.yaml b/compliance/controls/aws/aws_es_domain_encrypted_using_tls_1_2.yaml index b8414daa9..209cbdd4a 100644 --- a/compliance/controls/aws/aws_es_domain_encrypted_using_tls_1_2.yaml +++ b/compliance/controls/aws/aws_es_domain_encrypted_using_tls_1_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN domain_endpoint_options ->> 'TLSSecurityPolicy' = 'Policy-Min-TLS-1-2-2019-07' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_es_domain_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_es_domain_encryption_at_rest_enabled.yaml index 94a53809c..bb0cb5e6d 100644 --- a/compliance/controls/aws/aws_es_domain_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_at_rest_options ->> 'Enabled' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_es_domain_error_logging_enabled.yaml b/compliance/controls/aws/aws_es_domain_error_logging_enabled.yaml index 56e1b2935..67ee32c37 100644 --- a/compliance/controls/aws/aws_es_domain_error_logging_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_error_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'ES_APPLICATION_LOGS' -> 'Enabled' = 'true' diff --git a/compliance/controls/aws/aws_es_domain_in_vpc.yaml b/compliance/controls/aws/aws_es_domain_in_vpc.yaml index 4123cbf23..415b5975f 100644 --- a/compliance/controls/aws/aws_es_domain_in_vpc.yaml +++ b/compliance/controls/aws/aws_es_domain_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_options ->> 'VPCId' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_es_domain_internal_user_database_enabled.yaml b/compliance/controls/aws/aws_es_domain_internal_user_database_enabled.yaml index a563439f6..ea61e336f 100644 --- a/compliance/controls/aws/aws_es_domain_internal_user_database_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_internal_user_database_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN advanced_security_options ->> 'InternalUserDatabaseEnabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_es_domain_logs_to_cloudwatch.yaml b/compliance/controls/aws/aws_es_domain_logs_to_cloudwatch.yaml index fb355d5df..bd19eb661 100644 --- a/compliance/controls/aws/aws_es_domain_logs_to_cloudwatch.yaml +++ b/compliance/controls/aws/aws_es_domain_logs_to_cloudwatch.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ( log_publishing_options -> 'ES_APPLICATION_LOGS' -> 'Enabled' = 'true' diff --git a/compliance/controls/aws/aws_es_domain_node_to_node_encryption_enabled.yaml b/compliance/controls/aws/aws_es_domain_node_to_node_encryption_enabled.yaml index fdc6e48cf..52e8c9f61 100644 --- a/compliance/controls/aws/aws_es_domain_node_to_node_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_es_domain_node_to_node_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) THEN 'skip' WHEN NOT enabled THEN 'alarm' diff --git a/compliance/controls/aws/aws_eventbridge_custom_bus_resource_based_policy_attached.yaml b/compliance/controls/aws/aws_eventbridge_custom_bus_resource_based_policy_attached.yaml index 7c4fa6d62..059e9c734 100644 --- a/compliance/controls/aws/aws_eventbridge_custom_bus_resource_based_policy_attached.yaml +++ b/compliance/controls/aws/aws_eventbridge_custom_bus_resource_based_policy_attached.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN name = 'default' THEN 'skip' WHEN policy_std IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_account_1.yaml b/compliance/controls/aws/aws_foundational_security_account_1.yaml index df1abb4a8..47e7d8c11 100644 --- a/compliance/controls/aws/aws_foundational_security_account_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_account_1.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.partition = 'aws-us-gov' THEN 'info' WHEN c.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_acm_1.yaml b/compliance/controls/aws/aws_foundational_security_acm_1.yaml index e437d18f9..036c9ac59 100644 --- a/compliance/controls/aws/aws_foundational_security_acm_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_acm_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN renewal_eligibility = 'INELIGIBLE' THEN 'skip' WHEN DATE(not_after) - DATE(current_date) >= 30 THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_acm_2.yaml b/compliance/controls/aws/aws_foundational_security_acm_2.yaml index 1bccde925..511c79bd0 100644 --- a/compliance/controls/aws/aws_foundational_security_acm_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_acm_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT key_algorithm LIKE 'RSA-%' THEN 'skip' WHEN key_algorithm = 'RSA_1024' THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_1.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_1.yaml index 8ae6301fd..01a6f0296 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_1.yaml @@ -37,8 +37,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_level IS NULL OR log_level = '' OR log_level = 'OFF' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_2.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_2.yaml index a7ea134d5..4fa6e25a0 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN client_certificate_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_3.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_3.yaml index 7df78462a..f332ee0ba 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN tracing_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_4.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_4.yaml index 9a74b1f8a..35c410091 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN web_acl_arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_5.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_5.yaml index 086bcd0cc..c85003d25 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || rest_api_id || '/stages/' || name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN method_settings -> '*/*' ->> 'CachingEnabled' = 'true' AND method_settings -> '*/*' ->> 'CacheDataEncrypted' = 'true' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_8.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_8.yaml index 2bb3e0971..7aff5872f 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/routes/' || route_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN authorization_type IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_apigateway_9.yaml b/compliance/controls/aws/aws_foundational_security_apigateway_9.yaml index 3f95343f9..c343aab32 100644 --- a/compliance/controls/aws/aws_foundational_security_apigateway_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_apigateway_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/stages/' || stage_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN access_log_settings IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_appsync_2.yaml b/compliance/controls/aws/aws_foundational_security_appsync_2.yaml index 8ea1c56cf..dc70f596e 100644 --- a/compliance/controls/aws/aws_foundational_security_appsync_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_appsync_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_config ->> 'FieldLogLevel' IN ('ERROR', 'ALL') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_athena_1.yaml b/compliance/controls/aws/aws_foundational_security_athena_1.yaml index 880b880fe..8f36d44b7 100644 --- a/compliance/controls/aws/aws_foundational_security_athena_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_athena_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_option IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_1.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_1.yaml index 7b3dcd13b..5ee47e1b0 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_names IS NULL AND target_group_arns IS NULL THEN 'alarm' WHEN health_check_type != 'ELB' THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_2.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_2.yaml index 083d68d24..7c94dfbd5 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(availability_zones) > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_3.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_3.yaml index 6a8885d3a..380416fcb 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options_http_tokens = 'required' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_4.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_4.yaml index 25ebf8636..8688f5562 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options_put_response_hop_limit IS NULL THEN 'ok' WHEN metadata_options_put_response_hop_limit > 1 THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_5.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_5.yaml index ff2b2eff7..bbdec9ad5 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT launch_configuration_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN associate_public_ip_address THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_6.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_6.yaml index fa5b32d87..ca8ed0e0a 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_6.yaml @@ -35,8 +35,8 @@ Query: ) SELECT a.autoscaling_group_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.distinct_instance_types > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_autoscaling_9.yaml b/compliance/controls/aws/aws_foundational_security_autoscaling_9.yaml index 76cf41c82..ae6fcd293 100644 --- a/compliance/controls/aws/aws_foundational_security_autoscaling_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_autoscaling_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT autoscaling_group_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN launch_template_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_backup_1.yaml b/compliance/controls/aws/aws_foundational_security_backup_1.yaml index 7e6ab1719..11ac81162 100644 --- a/compliance/controls/aws/aws_foundational_security_backup_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_backup_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT recovery_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN is_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudformation_1.yaml b/compliance/controls/aws/aws_foundational_security_cloudformation_1.yaml index aab13114c..395157b8c 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudformation_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudformation_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(notification_arns) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_1.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_1.yaml index 012dd1623..203724cdb 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN default_root_object = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_10.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_10.yaml index 6ba2755be..3c702dbaf 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_10.yaml @@ -21,8 +21,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN o.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_12.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_12.yaml index 939af10db..feb7c1881 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_12.yaml @@ -26,8 +26,8 @@ Query: ) SELECT DISTINCT b.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_3.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_3.yaml index 1073274f0..fc6e43d2e 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_3.yaml @@ -25,8 +25,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN d.arn IS NOT NULL OR (default_cache_behavior ->> 'ViewerProtocolPolicy' = 'allow-all') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_4.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_4.yaml index 2ba0aff63..dd1ff134e 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin_groups ->> 'Items' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_5.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_5.yaml index 5447529c9..b3ae17d72 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_6.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_6.yaml index 8d072d313..0c6eb5750 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN web_acl_id <> '' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_7.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_7.yaml index 85eeb275a..02b8d1b56 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN viewer_certificate ->> 'ACMCertificateArn' IS NOT NULL AND viewer_certificate ->> 'Certificate' IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_cloudfront_8.yaml b/compliance/controls/aws/aws_foundational_security_cloudfront_8.yaml index 950d6fad5..b2f549ed4 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudfront_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudfront_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN viewer_certificate ->> 'SSLSupportMethod' = 'sni-only' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml b/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml index 7ba7cc519..5e98954bc 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudtrail_1.yaml @@ -36,8 +36,8 @@ Query: ) SELECT DISTINCT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COALESCE(num_multregion_trails, 0) >= 1 THEN 'ok' WHEN o.is_organization_trail AND o.is_logging AND o.is_multi_region_trail THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_cloudtrail_2.yaml b/compliance/controls/aws/aws_foundational_security_cloudtrail_2.yaml index 0c951732e..c994b5784 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudtrail_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudtrail_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_cloudtrail_4.yaml b/compliance/controls/aws/aws_foundational_security_cloudtrail_4.yaml index 517c77826..782b022ab 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudtrail_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudtrail_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_file_validation_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_cloudtrail_5.yaml b/compliance/controls/aws/aws_foundational_security_cloudtrail_5.yaml index f1dfc3040..2337dfc13 100644 --- a/compliance/controls/aws/aws_foundational_security_cloudtrail_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_cloudtrail_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_group_arn != 'null' AND (latest_delivery_time > current_date - 1) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_codebuild_1.yaml b/compliance/controls/aws/aws_foundational_security_codebuild_1.yaml index 430fb0706..1f5d36e3c 100644 --- a/compliance/controls/aws/aws_foundational_security_codebuild_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_codebuild_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.source ->> 'Type' NOT IN ('GITHUB', 'BITBUCKET') THEN 'skip' WHEN c.auth_type = 'OAUTH' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_codebuild_2.yaml b/compliance/controls/aws/aws_foundational_security_codebuild_2.yaml index 13b028bb5..e258893a0 100644 --- a/compliance/controls/aws/aws_foundational_security_codebuild_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_codebuild_2.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_codebuild_3.yaml b/compliance/controls/aws/aws_foundational_security_codebuild_3.yaml index cbcb29a44..50a7069fe 100644 --- a/compliance/controls/aws/aws_foundational_security_codebuild_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_codebuild_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT (logs_config -> 'S3Logs' ->> 'EncryptionDisabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_codebuild_4.yaml b/compliance/controls/aws/aws_foundational_security_codebuild_4.yaml index fcbdaf880..c5a772582 100644 --- a/compliance/controls/aws/aws_foundational_security_codebuild_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_codebuild_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logs_config -> 'CloudWatchLogs' ->> 'Status' = 'ENABLED' OR logs_config -> 'S3Logs' ->> 'Status' = 'ENABLED' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_codebuild_5.yaml b/compliance/controls/aws/aws_foundational_security_codebuild_5.yaml index a13b8b39a..20777cb20 100644 --- a/compliance/controls/aws/aws_foundational_security_codebuild_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_codebuild_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN environment ->> 'PrivilegedMode' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_config_1.yaml b/compliance/controls/aws/aws_foundational_security_config_1.yaml index 6f899dd1a..5d98bc3ca 100644 --- a/compliance/controls/aws/aws_foundational_security_config_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_config_1.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:aws::' || a.region || ':' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN g.global_config_recorders >= 1 AND status ->> 'Recording' = 'true' diff --git a/compliance/controls/aws/aws_foundational_security_dms_1.yaml b/compliance/controls/aws/aws_foundational_security_dms_1.yaml index 60ae749f6..0d3a86c23 100644 --- a/compliance/controls/aws/aws_foundational_security_dms_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_dms_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_dms_6.yaml b/compliance/controls/aws/aws_foundational_security_dms_6.yaml index eb6bf87ac..c042853b4 100644 --- a/compliance/controls/aws/aws_foundational_security_dms_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_dms_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_dms_8.yaml b/compliance/controls/aws/aws_foundational_security_dms_8.yaml index 7e7a84b56..f62fbb374 100644 --- a/compliance/controls/aws/aws_foundational_security_dms_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_dms_8.yaml @@ -22,8 +22,8 @@ Query: ) SELECT t.arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, (replication_task_settings -> 'Logging' ->> 'EnableLogging')::BOOL AS logging_enabled, CASE WHEN (replication_task_settings -> 'Logging' ->> 'EnableLogging')::BOOL diff --git a/compliance/controls/aws/aws_foundational_security_dms_9.yaml b/compliance/controls/aws/aws_foundational_security_dms_9.yaml index 2ccfe12e4..2997e82e1 100644 --- a/compliance/controls/aws/aws_foundational_security_dms_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_dms_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ssl_mode = 'none' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_docdb_1.yaml b/compliance/controls/aws/aws_foundational_security_docdb_1.yaml index 4c7bca6a2..889ba97e7 100644 --- a/compliance/controls/aws/aws_foundational_security_docdb_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_docdb_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_docdb_2.yaml b/compliance/controls/aws/aws_foundational_security_docdb_2.yaml index a16044988..9d7c158a2 100644 --- a/compliance/controls/aws/aws_foundational_security_docdb_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_docdb_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_docdb_4.yaml b/compliance/controls/aws/aws_foundational_security_docdb_4.yaml index 9d872f798..d6fa17d19 100644 --- a/compliance/controls/aws/aws_foundational_security_docdb_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_docdb_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, engine, CASE WHEN engine LIKE 'docdb' AND enabled_cloudwatch_logs_exports ?& ARRAY ['error', 'slowquery'] THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_docdb_5.yaml b/compliance/controls/aws/aws_foundational_security_docdb_5.yaml index cd7c3cdba..492718715 100644 --- a/compliance/controls/aws/aws_foundational_security_docdb_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_docdb_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_dynamodb_1.yaml b/compliance/controls/aws/aws_foundational_security_dynamodb_1.yaml index 1fb4078d1..b03dc4f2b 100644 --- a/compliance/controls/aws/aws_foundational_security_dynamodb_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_dynamodb_1.yaml @@ -23,8 +23,8 @@ Query: ) SELECT d.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN d.billing_mode = 'PAY_PER_REQUEST' THEN 'ok' WHEN t.resource_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_dynamodb_2.yaml b/compliance/controls/aws/aws_foundational_security_dynamodb_2.yaml index 167abd277..81107d240 100644 --- a/compliance/controls/aws/aws_foundational_security_dynamodb_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_dynamodb_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN LOWER(point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus') = 'disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_dynamodb_3.yaml b/compliance/controls/aws/aws_foundational_security_dynamodb_3.yaml index 970a112d3..ceba27937 100644 --- a/compliance/controls/aws/aws_foundational_security_dynamodb_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_dynamodb_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN sse_description ->> 'Status' = 'ENABLED' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_dynamodb_6.yaml b/compliance/controls/aws/aws_foundational_security_dynamodb_6.yaml index 6b2bf3705..38e2fb3c9 100644 --- a/compliance/controls/aws/aws_foundational_security_dynamodb_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_dynamodb_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_1.yaml b/compliance/controls/aws/aws_foundational_security_ec2_1.yaml index 49a4ba7a3..f7a9de519 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':snapshot/' || snapshot_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_volume_permissions @> '[{"Group": "all", "UserId": null}]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_15.yaml b/compliance/controls/aws/aws_foundational_security_ec2_15.yaml index 952b9ba6c..7fbfa81a6 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_15.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT subnet_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN map_public_ip_on_launch = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_16.yaml b/compliance/controls/aws/aws_foundational_security_ec2_16.yaml index 5fca165b8..612b4df0e 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_16.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_16.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT network_acl_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(associations) >= 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_17.yaml b/compliance/controls/aws/aws_foundational_security_ec2_17.yaml index de3980061..c11aca4ff 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_17.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_17.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(network_interfaces) = 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_18.yaml b/compliance/controls/aws/aws_foundational_security_ec2_18.yaml index 8851aec3b..a28364517 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_18.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_18.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sg.arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_unauthorized_ports.count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_19.yaml b/compliance/controls/aws/aws_foundational_security_ec2_19.yaml index a46f3149d..2ccaf0d51 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_19.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_19.yaml @@ -46,8 +46,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_2.yaml b/compliance/controls/aws/aws_foundational_security_ec2_2.yaml index fc7a90fde..d11cb75e9 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(ip_permissions) = 0 AND jsonb_array_length(ip_permissions_egress) = 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_20.yaml b/compliance/controls/aws/aws_foundational_security_ec2_20.yaml index 8f8a7fa64..f79c13b8d 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_20.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_20.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.count IS NULL OR b.count < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_23.yaml b/compliance/controls/aws/aws_foundational_security_ec2_23.yaml index cba79b2ca..18c8fd27f 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_23.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_23.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT transit_gateway_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_accept_shared_attachments = 'enable' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_24.yaml b/compliance/controls/aws/aws_foundational_security_ec2_24.yaml index 4ea55c150..6dfe78b67 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_24.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_24.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN virtualization_type = 'paravirtual' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_3.yaml b/compliance/controls/aws/aws_foundational_security_ec2_3.yaml index e4d7a035f..7a154aac1 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state != 'in-use' THEN 'skip' WHEN encrypted THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_4.yaml b/compliance/controls/aws/aws_foundational_security_ec2_4.yaml index 5375907ef..5f7c14a4f 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN instance_state NOT IN ('stopped', 'stopping') THEN 'skip' WHEN state_transition_time <= (CURRENT_DATE - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_51.yaml b/compliance/controls/aws/aws_foundational_security_ec2_51.yaml index a64659ff9..28b95b743 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_51.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_51.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT client_vpn_endpoint_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (connection_log_options ->> 'Enabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_7.yaml b/compliance/controls/aws/aws_foundational_security_ec2_7.yaml index 4123bb104..716eeff90 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || '::' || region || ':' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT default_ebs_encryption_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_8.yaml b/compliance/controls/aws/aws_foundational_security_ec2_8.yaml index 323dc9696..2a4345bb8 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ec2_9.yaml b/compliance/controls/aws/aws_foundational_security_ec2_9.yaml index 969e7e1ca..1a203d63e 100644 --- a/compliance/controls/aws/aws_foundational_security_ec2_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_ec2_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN public_ip_address IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecr_1.yaml b/compliance/controls/aws/aws_foundational_security_ecr_1.yaml index bbd3f3543..df25f2b34 100644 --- a/compliance/controls/aws/aws_foundational_security_ecr_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecr_1.yaml @@ -23,8 +23,8 @@ Query: ) SELECT arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN image_scanning_configuration ->> 'ScanOnPush' = 'true' OR s.registry_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecr_2.yaml b/compliance/controls/aws/aws_foundational_security_ecr_2.yaml index bf0896c6e..59b6e8704 100644 --- a/compliance/controls/aws/aws_foundational_security_ecr_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecr_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN image_tag_mutability = 'IMMUTABLE' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecr_3.yaml b/compliance/controls/aws/aws_foundational_security_ecr_3.yaml index d61e9771d..6c60c0e10 100644 --- a/compliance/controls/aws/aws_foundational_security_ecr_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecr_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN lifecycle_policy -> 'rules' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_1.yaml b/compliance/controls/aws/aws_foundational_security_ecs_1.yaml index 61834a5dc..c8bdcb759 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_1.yaml @@ -28,8 +28,8 @@ Query: ) SELECT a.task_definition_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.network_mode IS NULL OR a.network_mode <> 'host' THEN 'skip' WHEN b.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_10.yaml b/compliance/controls/aws/aws_foundational_security_ecs_10.yaml index 8b71b615a..4a274e264 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN launch_type <> 'FARGATE' THEN 'skip' WHEN platform_version = 'LATEST' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_12.yaml b/compliance/controls/aws/aws_foundational_security_ecs_12.yaml index 3f55784cf..e5bcbe963 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN s ->> 'Name' = 'containerInsights' AND s ->> 'Value' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_2.yaml b/compliance/controls/aws/aws_foundational_security_ecs_2.yaml index 497a5a044..0ff37c099 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_2.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.service_name IS NULL THEN 'skip' WHEN network_configuration -> 'AwsvpcConfiguration' ->> 'AssignPublicIp' = 'DISABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_3.yaml b/compliance/controls/aws/aws_foundational_security_ecs_3.yaml index 447295933..5c9230799 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT task_definition_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN pid_mode = 'host' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_4.yaml b/compliance/controls/aws/aws_foundational_security_ecs_4.yaml index 520e7a693..b8f99963c 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_4.yaml @@ -20,8 +20,8 @@ Query: ) SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN c.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_5.yaml b/compliance/controls/aws/aws_foundational_security_ecs_5.yaml index da50505af..ec3d607fb 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_5.yaml @@ -20,8 +20,8 @@ Query: ) SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN c.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_8.yaml b/compliance/controls/aws/aws_foundational_security_ecs_8.yaml index df6397fab..b3e33e2f8 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_8.yaml @@ -28,8 +28,8 @@ Query: ) SELECT d.task_definition_arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN e.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ecs_9.yaml b/compliance/controls/aws/aws_foundational_security_ecs_9.yaml index a6a18a716..62c081c1c 100644 --- a/compliance/controls/aws/aws_foundational_security_ecs_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_ecs_9.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.task_definition_arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'OK' ELSE 'ALARM' diff --git a/compliance/controls/aws/aws_foundational_security_efs_1.yaml b/compliance/controls/aws/aws_foundational_security_efs_1.yaml index 463333f77..b22f2fb60 100644 --- a/compliance/controls/aws/aws_foundational_security_efs_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_efs_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_efs_2.yaml b/compliance/controls/aws/aws_foundational_security_efs_2.yaml index eced28707..06c6a8549 100644 --- a/compliance/controls/aws/aws_foundational_security_efs_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_efs_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automatic_backups = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_efs_3.yaml b/compliance/controls/aws/aws_foundational_security_efs_3.yaml index 8fe284f03..37b2e9ca9 100644 --- a/compliance/controls/aws/aws_foundational_security_efs_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_efs_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN root_directory ->> 'Path' = '/' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_efs_4.yaml b/compliance/controls/aws/aws_foundational_security_efs_4.yaml index 9a1ce94d1..44350286b 100644 --- a/compliance/controls/aws/aws_foundational_security_efs_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_efs_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN posix_user IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_eks_1.yaml b/compliance/controls/aws/aws_foundational_security_eks_1.yaml index 440ce4219..6db242a4d 100644 --- a/compliance/controls/aws/aws_foundational_security_eks_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_eks_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN resources_vpc_config ->> 'EndpointPublicAccess' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_eks_2.yaml b/compliance/controls/aws/aws_foundational_security_eks_2.yaml index 20dacc13e..cb34d57c6 100644 --- a/compliance/controls/aws/aws_foundational_security_eks_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_eks_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (version)::decimal >= 1.19 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_eks_8.yaml b/compliance/controls/aws/aws_foundational_security_eks_8.yaml index a02897993..4b1c801fc 100644 --- a/compliance/controls/aws/aws_foundational_security_eks_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_eks_8.yaml @@ -22,8 +22,8 @@ Query: ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_1.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_1.yaml index b5d9c43dc..b608c3e7d 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN snapshot_retention_limit < 15 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_2.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_2.yaml index 7ea3b65bb..71974b42d 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_3.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_3.yaml index 9ea65d6d2..163059a9d 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automatic_failover = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_4.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_4.yaml index 568df2faf..b711acab2 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN at_rest_encryption_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_5.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_5.yaml index d11e5cbb8..e5e5801e8 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN transit_encryption_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_6.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_6.yaml index 7e8869cdd..c336217b4 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_6.yaml @@ -19,8 +19,8 @@ Query: ) SELECT arn AS resource, - eg.og_account_id AS og_account_id, - eg.og_resource_id AS og_resource_id, + eg.platform_account_id AS platform_account_id, + eg.platform_resource_id AS platform_resource_id, CASE WHEN regexp_split_to_array(v.engine_version, '.')::INT[] >= regexp_split_to_array('6.0', '.')::INT[] THEN 'skip' WHEN regexp_split_to_array(v.engine_version, '.')::INT[] < regexp_split_to_array('6.0', '.')::INT[] AND eg.auth_token_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_elasticache_7.yaml b/compliance/controls/aws/aws_foundational_security_elasticache_7.yaml index 34af3f6cf..94c51d62d 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticache_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticache_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cache_subnet_group_name = 'default' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_1.yaml b/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_1.yaml index 6d9a3c183..d1d94fd0d 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT application_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN health_status IS NOT NULL AND health IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_3.yaml b/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_3.yaml index ed5c96040..ed76836a9 100644 --- a/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_elasticbeanstalk_3.yaml @@ -24,8 +24,8 @@ Query: ) SELECT e.arn AS resource, - e.og_account_id AS og_account_id, - e.og_resource_id AS og_resource_id, + e.platform_account_id AS platform_account_id, + e.platform_resource_id AS platform_resource_id, CASE WHEN l.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_1.yaml b/compliance/controls/aws/aws_foundational_security_elb_1.yaml index 51e12d46d..bfbca4a68 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_1.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.load_balancer_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_elb_10.yaml b/compliance/controls/aws/aws_foundational_security_elb_10.yaml index f2aa27133..870c50c2e 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_elb_12.yaml b/compliance/controls/aws/aws_foundational_security_elb_12.yaml index bb197062d..7f38f6989 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_12.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN m.v = ANY(ARRAY['defensive', 'strictest']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_14.yaml b/compliance/controls/aws/aws_foundational_security_elb_14.yaml index 22ffed655..ac348d631 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_14.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_14.yaml @@ -23,8 +23,8 @@ Query: SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN m.v = ANY(ARRAY['defensive', 'strictest']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_2.yaml b/compliance/controls/aws/aws_foundational_security_elb_2.yaml index a4ae303ca..c97bdc181 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT 'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.listener_descriptions IS NULL THEN 'skip' WHEN b.name IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_4.yaml b/compliance/controls/aws/aws_foundational_security_elb_4.yaml index 2132f5ad1..c2b12eae6 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key": "routing.http.drop_invalid_header_fields.enabled", "Value": "true"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_6.yaml b/compliance/controls/aws/aws_foundational_security_elb_6.yaml index be35da2e9..6c327b382 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key": "deletion_protection.enabled", "Value": "true"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_7.yaml b/compliance/controls/aws/aws_foundational_security_elb_7.yaml index ceb1a9a9b..7c494e40b 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN connection_draining_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_elb_9.yaml b/compliance/controls/aws/aws_foundational_security_elb_9.yaml index c78940983..a6f3d6e56 100644 --- a/compliance/controls/aws/aws_foundational_security_elb_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_elb_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cross_zone_load_balancing_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_emr_1.yaml b/compliance/controls/aws/aws_foundational_security_emr_1.yaml index 118fb1bcb..7ff9579d8 100644 --- a/compliance/controls/aws/aws_foundational_security_emr_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_emr_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.cluster_arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.status ->> 'State' NOT IN ('RUNNING', 'WAITING') THEN 'skip' WHEN s.map_public_ip_on_launch THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_emr_2.yaml b/compliance/controls/aws/aws_foundational_security_emr_2.yaml index 9c1cb6cef..e13be9178 100644 --- a/compliance/controls/aws/aws_foundational_security_emr_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_emr_2.yaml @@ -23,8 +23,8 @@ Query: ) SELECT 'arn:' || c.partition || '::' || c.region || ':' || c.account_id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN NOT block_public_security_group_rules THEN 'alarm' WHEN block_public_security_group_rules AND p.region IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_es_1.yaml b/compliance/controls/aws/aws_foundational_security_es_1.yaml index 1b84531ea..5d019d8b8 100644 --- a/compliance/controls/aws/aws_foundational_security_es_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_at_rest_options ->> 'Enabled' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_es_2.yaml b/compliance/controls/aws/aws_foundational_security_es_2.yaml index ea02fcba2..ff5536b63 100644 --- a/compliance/controls/aws/aws_foundational_security_es_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_options ->> 'VPCId' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_es_3.yaml b/compliance/controls/aws/aws_foundational_security_es_3.yaml index dc810a31a..73cde05b0 100644 --- a/compliance/controls/aws/aws_foundational_security_es_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) THEN 'skip' WHEN NOT enabled THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_es_4.yaml b/compliance/controls/aws/aws_foundational_security_es_4.yaml index d46d420b5..7d33d9d98 100644 --- a/compliance/controls/aws/aws_foundational_security_es_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'ES_APPLICATION_LOGS' -> 'Enabled' = 'true' diff --git a/compliance/controls/aws/aws_foundational_security_es_5.yaml b/compliance/controls/aws/aws_foundational_security_es_5.yaml index eed3bf1c9..f0048bbb3 100644 --- a/compliance/controls/aws/aws_foundational_security_es_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'AUDIT_LOGS' -> 'Enabled' = 'true' diff --git a/compliance/controls/aws/aws_foundational_security_es_6.yaml b/compliance/controls/aws/aws_foundational_security_es_6.yaml index 9e6b1cc93..7502a9579 100644 --- a/compliance/controls/aws/aws_foundational_security_es_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN elasticsearch_cluster_config ->> 'ZoneAwarenessEnabled' = 'false' THEN 'alarm' WHEN diff --git a/compliance/controls/aws/aws_foundational_security_es_7.yaml b/compliance/controls/aws/aws_foundational_security_es_7.yaml index ab7a8f49d..ccf91c40e 100644 --- a/compliance/controls/aws/aws_foundational_security_es_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN elasticsearch_cluster_config ->> 'DedicatedMasterEnabled' = 'false' THEN 'alarm' WHEN elasticsearch_cluster_config ->> 'DedicatedMasterEnabled' = 'true' diff --git a/compliance/controls/aws/aws_foundational_security_es_8.yaml b/compliance/controls/aws/aws_foundational_security_es_8.yaml index 723411bd5..575281d93 100644 --- a/compliance/controls/aws/aws_foundational_security_es_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_es_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN domain_endpoint_options ->> 'TLSSecurityPolicy' = 'Policy-Min-TLS-1-2-2019-07' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_eventbridge_3.yaml b/compliance/controls/aws/aws_foundational_security_eventbridge_3.yaml index 0267ae440..9a3e3e6fd 100644 --- a/compliance/controls/aws/aws_foundational_security_eventbridge_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_eventbridge_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN name = 'default' THEN 'skip' WHEN policy_std IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_fsx_1.yaml b/compliance/controls/aws/aws_foundational_security_fsx_1.yaml index bec502c83..7255b2ac9 100644 --- a/compliance/controls/aws/aws_foundational_security_fsx_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_fsx_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN file_system_type <> 'OPENZFS' THEN 'skip' WHEN (open_zfs_configuration ->> 'CopyTagsToBackups')::bool diff --git a/compliance/controls/aws/aws_foundational_security_iam_1.yaml b/compliance/controls/aws/aws_foundational_security_iam_1.yaml index 91cfb87b1..c77d35e39 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_1.yaml @@ -31,8 +31,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_iam_2.yaml b/compliance/controls/aws/aws_foundational_security_iam_2.yaml index 5399833da..4055853b7 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_iam_21.yaml b/compliance/controls/aws/aws_foundational_security_iam_21.yaml index b74cf8091..7b993d210 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_21.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_21.yaml @@ -31,8 +31,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_iam_3.yaml b/compliance/controls/aws/aws_foundational_security_iam_3.yaml index dc4f666fc..8a794f5a0 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_iam_4.yaml b/compliance/controls/aws/aws_foundational_security_iam_4.yaml index b659fdfb8..f3bb208e0 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_iam_5.yaml b/compliance/controls/aws/aws_foundational_security_iam_5.yaml index bdf99366a..ea4b47ebd 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_iam_8.yaml b/compliance/controls/aws/aws_foundational_security_iam_8.yaml index d7b3b0586..1d3cab8af 100644 --- a/compliance/controls/aws/aws_foundational_security_iam_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_iam_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_foundational_security_kinesis_1.yaml b/compliance/controls/aws/aws_foundational_security_kinesis_1.yaml index 1abd315ec..b5c02b435 100644 --- a/compliance/controls/aws/aws_foundational_security_kinesis_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_kinesis_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT stream_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'KMS' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_kms_1.yaml b/compliance/controls/aws/aws_foundational_security_kms_1.yaml index e44be19cc..e04ba1f7f 100644 --- a/compliance/controls/aws/aws_foundational_security_kms_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_kms_1.yaml @@ -23,8 +23,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN d.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_kms_3.yaml b/compliance/controls/aws/aws_foundational_security_kms_3.yaml index 5f0fc2fd5..819c0dc59 100644 --- a/compliance/controls/aws/aws_foundational_security_kms_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_kms_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN key_state = 'PendingDeletion' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_lambda_1.yaml b/compliance/controls/aws/aws_foundational_security_lambda_1.yaml index 20f031324..770ec2d4b 100644 --- a/compliance/controls/aws/aws_foundational_security_lambda_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_lambda_1.yaml @@ -27,8 +27,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_lambda_2.yaml b/compliance/controls/aws/aws_foundational_security_lambda_2.yaml index 6d59b9d1b..2aca3464b 100644 --- a/compliance/controls/aws/aws_foundational_security_lambda_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_lambda_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN package_type <> 'Zip' THEN 'skip' WHEN runtime LIKE ANY ($1) THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_msk_1.yaml b/compliance/controls/aws/aws_foundational_security_msk_1.yaml index 20a67510f..c23033390 100644 --- a/compliance/controls/aws/aws_foundational_security_msk_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_msk_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN provisioned -> 'EncryptionInfo' -> 'EncryptionInTransit' ->> 'ClientBroker' = 'TLS' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_1.yaml b/compliance/controls/aws/aws_foundational_security_neptune_1.yaml index 557209768..22f7bcb38 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_2.yaml b/compliance/controls/aws/aws_foundational_security_neptune_2.yaml index f586656a9..1ef0f305f 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, engine, CASE WHEN enabled_cloudwatch_logs_exports @> '["audit"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_3.yaml b/compliance/controls/aws/aws_foundational_security_neptune_3.yaml index b0d62c156..c01ce0de0 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_snapshot_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cluster_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_4.yaml b/compliance/controls/aws/aws_foundational_security_neptune_4.yaml index e93813321..5c0291b6c 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_5.yaml b/compliance/controls/aws/aws_foundational_security_neptune_5.yaml index 7847c1436..67bf2afe4 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_6.yaml b/compliance/controls/aws/aws_foundational_security_neptune_6.yaml index 42e882a16..9722ce851 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_snapshot_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_7.yaml b/compliance/controls/aws/aws_foundational_security_neptune_7.yaml index 1363b71bc..c3f423f71 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_neptune_8.yaml b/compliance/controls/aws/aws_foundational_security_neptune_8.yaml index d1967e60f..6c972cf4d 100644 --- a/compliance/controls/aws/aws_foundational_security_neptune_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_neptune_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_2.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_2.yaml index f498e49b4..68b619de4 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(logging_configuration) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_3.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_3.yaml index 03d8c35ba..3e530d252 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (firewall_policy ->> 'StatefulRuleGroupReferences' IS NULL OR jsonb_array_length(firewall_policy -> 'StatefulRuleGroupReferences') = 0) diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_4.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_4.yaml index 055c2e1d8..f594d5739 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (NOT (firewall_policy -> 'StatelessDefaultActions') ? 'aws:drop' AND NOT (firewall_policy -> 'StatelessDefaultActions') ? 'aws:forward_to_sfe') THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_5.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_5.yaml index a6b02691d..b7b11e688 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (NOT (firewall_policy -> 'StatelessFragmentDefaultActions') ? 'aws:drop' AND NOT (firewall_policy -> 'StatelessFragmentDefaultActions') ? 'aws:forward_to_sfe') THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_6.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_6.yaml index 5a4b79db0..fa28f02de 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type = 'STATEFUL' THEN 'skip' WHEN jsonb_array_length(rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') > 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_networkfirewall_9.yaml b/compliance/controls/aws/aws_foundational_security_networkfirewall_9.yaml index dbf9fd743..2d931cc66 100644 --- a/compliance/controls/aws/aws_foundational_security_networkfirewall_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_networkfirewall_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN delete_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_1.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_1.yaml index 98e41a7c7..bb20c5019 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_at_rest_options ->> 'Enabled' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_10.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_10.yaml index eeb635b46..110ba0259 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN service_software_options ->> 'UpdateAvailable' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_2.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_2.yaml index 2cf8b6e47..c8072a12d 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_2.yaml @@ -31,8 +31,8 @@ Query: ) SELECT d.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN d.vpc_options ->> 'VPCId' IS NULL THEN 'alarm' WHEN d.vpc_options ->> 'VPCId' IS NOT NULL AND p.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_3.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_3.yaml index f43359ebb..b16b34d33 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) THEN 'skip' WHEN node_to_node_encryption_options_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_4.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_4.yaml index 90fc764a0..c10a02350 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options IS NULL THEN 'alarm' WHEN diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_5.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_5.yaml index 9a8bb1a97..8a5ff1e44 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'AUDIT_LOGS' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_6.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_6.yaml index fda0e0774..68d8f5d48 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cluster_config ->> 'ZoneAwarenessEnabled' = 'true' AND cluster_config ->> 'InstanceCount' > '2' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_7.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_7.yaml index c046626ff..8de8cc4ec 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN advanced_security_options IS NULL OR NOT (advanced_security_options -> 'Enabled')::boolean diff --git a/compliance/controls/aws/aws_foundational_security_opensearch_8.yaml b/compliance/controls/aws/aws_foundational_security_opensearch_8.yaml index 09c5dde9a..55032f8cf 100644 --- a/compliance/controls/aws/aws_foundational_security_opensearch_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_opensearch_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (domain_endpoint_options ->> 'EnforceHTTPS' = 'false') OR (domain_endpoint_options ->> 'EnforceHTTPS' = 'true' AND diff --git a/compliance/controls/aws/aws_foundational_security_pca_1.yaml b/compliance/controls/aws/aws_foundational_security_pca_1.yaml index 4dc27a647..00f51be14 100644 --- a/compliance/controls/aws/aws_foundational_security_pca_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_pca_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type <> 'ROOT' THEN 'skip' WHEN status = 'DISABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_10.yaml b/compliance/controls/aws/aws_foundational_security_rds_10.yaml index a151a7598..1abff07f3 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_10.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_11.yaml b/compliance/controls/aws/aws_foundational_security_rds_11.yaml index a212379a1..d4d1dab16 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_11.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period < 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_12.yaml b/compliance/controls/aws/aws_foundational_security_rds_12.yaml index 2e2ad4384..af347b4ce 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_13.yaml b/compliance/controls/aws/aws_foundational_security_rds_13.yaml index ff4b0ea9a..ed3ebf7d2 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_13.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_13.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_14.yaml b/compliance/controls/aws/aws_foundational_security_rds_14.yaml index 73ac13526..ee6ac2b43 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_14.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_14.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine NOT ILIKE '%aurora-mysql%' THEN 'skip' WHEN backtrack_window IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_15.yaml b/compliance/controls/aws/aws_foundational_security_rds_15.yaml index 1597344ff..58ed440c1 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_15.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_15.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN multi_az THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_16.yaml b/compliance/controls/aws/aws_foundational_security_rds_16.yaml index e0e05233f..782b255ae 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_16.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_16.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_17.yaml b/compliance/controls/aws/aws_foundational_security_rds_17.yaml index 10cb59946..7b589cf2c 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_17.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_17.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_18.yaml b/compliance/controls/aws/aws_foundational_security_rds_18.yaml index ac2906add..b8a3d3907 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_18.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_18.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_19.yaml b/compliance/controls/aws/aws_foundational_security_rds_19.yaml index 4f46c85ec..49a925757 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_19.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-cluster' THEN 'skip' WHEN source_type = 'db-cluster' diff --git a/compliance/controls/aws/aws_foundational_security_rds_2.yaml b/compliance/controls/aws/aws_foundational_security_rds_2.yaml index 716bc6fac..49b868210 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_20.yaml b/compliance/controls/aws/aws_foundational_security_rds_20.yaml index f1257cf5f..0346ce1ae 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_20.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_20.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-instance' THEN 'skip' WHEN source_type = 'db-instance' diff --git a/compliance/controls/aws/aws_foundational_security_rds_21.yaml b/compliance/controls/aws/aws_foundational_security_rds_21.yaml index 5838d4f32..3e6987313 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_21.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_21.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-parameter-group' THEN 'skip' WHEN source_type = 'db-parameter-group' AND enabled AND event_categories_list @> '["maintenance", "failure"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_22.yaml b/compliance/controls/aws/aws_foundational_security_rds_22.yaml index ee65f363e..b4e4660e3 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_22.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_22.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-security-group' THEN 'skip' WHEN source_type = 'db-security-group' diff --git a/compliance/controls/aws/aws_foundational_security_rds_24.yaml b/compliance/controls/aws/aws_foundational_security_rds_24.yaml index ed65eb3cb..30ff9aa04 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_24.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_24.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_user_name IN ('admin', 'postgres') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_25.yaml b/compliance/controls/aws/aws_foundational_security_rds_25.yaml index 4a13dcb4e..4d2f8dfe3 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_25.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_25.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_user_name IN ('admin', 'postgres') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_27.yaml b/compliance/controls/aws/aws_foundational_security_rds_27.yaml index d302bc1bc..13d61c7a6 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_27.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_27.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_3.yaml b/compliance/controls/aws/aws_foundational_security_rds_3.yaml index 647802ffc..ae8cab89e 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_34.yaml b/compliance/controls/aws/aws_foundational_security_rds_34.yaml index 41688cf96..229d2ea8c 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_34.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_34.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine NOT ILIKE '%aurora-mysql%' THEN 'skip' WHEN enabled_cloudwatch_logs_exports @> '["audit"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_35.yaml b/compliance/controls/aws/aws_foundational_security_rds_35.yaml index ca7d57cfc..0af5b15e7 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_35.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_35.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_5.yaml b/compliance/controls/aws/aws_foundational_security_rds_5.yaml index aede9a941..0b3439aed 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_5.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine ILIKE ANY (ARRAY ['%aurora-mysql%', '%aurora-postgres%']) THEN 'skip' WHEN multi_az THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_7.yaml b/compliance/controls/aws/aws_foundational_security_rds_7.yaml index 0d7ca5f99..3bd33a027 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_rds_8.yaml b/compliance/controls/aws/aws_foundational_security_rds_8.yaml index ef9a53198..f4347babe 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine LIKE ANY(array['aurora%', 'docdb', 'neptune']) THEN 'skip' WHEN deletion_protection THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_rds_9.yaml b/compliance/controls/aws/aws_foundational_security_rds_9.yaml index 8dc2fe8a8..10ef12d6a 100644 --- a/compliance/controls/aws/aws_foundational_security_rds_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_rds_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine = 'docdb' THEN 'skip' WHEN engine LIKE ANY (ARRAY ['mariadb', '%mysql']) AND enabled_cloudwatch_logs_exports ?& ARRAY ['audit','error','general','slowquery'] THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_1.yaml b/compliance/controls/aws/aws_foundational_security_redshift_1.yaml index c94fc1fa7..15c37e1c5 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_namespace_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_10.yaml b/compliance/controls/aws/aws_foundational_security_redshift_10.yaml index aaf6a8a11..704d51de4 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_10.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted AND kms_key_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_2.yaml b/compliance/controls/aws/aws_foundational_security_redshift_2.yaml index 58a5a49ac..de4430cc9 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_2.yaml @@ -24,8 +24,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cpg ->> 'ParameterGroupName' IN (SELECT pg_name FROM pg_with_ssl) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_3.yaml b/compliance/controls/aws/aws_foundational_security_redshift_3.yaml index ab455a11b..e8b86fcfa 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automated_snapshot_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_4.yaml b/compliance/controls/aws/aws_foundational_security_redshift_4.yaml index efa2e7c5c..bfe7a4926 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automated_snapshot_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_6.yaml b/compliance/controls/aws/aws_foundational_security_redshift_6.yaml index 1ea396e43..9446900f4 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN allow_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_7.yaml b/compliance/controls/aws/aws_foundational_security_redshift_7.yaml index c8ab5892e..be4bb5e55 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enhanced_vpc_routing THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_8.yaml b/compliance/controls/aws/aws_foundational_security_redshift_8.yaml index 6d474debd..3c7dfd50a 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_username = 'awsuser' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_redshift_9.yaml b/compliance/controls/aws/aws_foundational_security_redshift_9.yaml index 5966d1924..fd965d389 100644 --- a/compliance/controls/aws/aws_foundational_security_redshift_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_redshift_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN db_name = 'dev' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_route53_2.yaml b/compliance/controls/aws/aws_foundational_security_route53_2.yaml index 2ff069d26..5fe26be78 100644 --- a/compliance/controls/aws/aws_foundational_security_route53_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_route53_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN private_zone THEN 'skip' WHEN query_logging_configs IS NOT NULL OR jsonb_array_length(query_logging_configs) > 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_s3_1.yaml b/compliance/controls/aws/aws_foundational_security_s3_1.yaml index e06c234af..f9fac5405 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn' || ':' || 'aws' || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_foundational_security_s3_10.yaml b/compliance/controls/aws/aws_foundational_security_s3_10.yaml index d11017cbe..4c3e91c36 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_10.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN NOT versioning_enabled THEN 'alarm' WHEN versioning_enabled AND r.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_s3_11.yaml b/compliance/controls/aws/aws_foundational_security_s3_11.yaml index 791f005d1..51e9be5bb 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_11.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_11.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN event_notification_configuration ->> 'EventBridgeConfiguration' IS NULL diff --git a/compliance/controls/aws/aws_foundational_security_s3_12.yaml b/compliance/controls/aws/aws_foundational_security_s3_12.yaml index 828d15f8e..3486a10e9 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_12.yaml @@ -48,8 +48,8 @@ Query: ) SELECT arn AS resource, - account_id AS og_account_id, - arn AS og_resource_id, + account_id AS platform_account_id, + arn AS platform_resource_id, CASE WHEN object_ownership_controls -> 'Rules' @> '[{"ObjectOwnership": "BucketOwnerEnforced"}]' THEN 'ok' WHEN JSONB_ARRAY_LENGTH(additional_permissions) = 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_s3_13.yaml b/compliance/controls/aws/aws_foundational_security_s3_13.yaml index 6efe14e23..9fff1afd3 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_13.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_13.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN r.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_s3_19.yaml b/compliance/controls/aws/aws_foundational_security_s3_19.yaml index 355bfcc29..4cd27a7f7 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_19.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_19.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_foundational_security_s3_5.yaml b/compliance/controls/aws/aws_foundational_security_s3_5.yaml index 405936a10..5492cb453 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_5.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_5.yaml @@ -30,8 +30,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_s3_6.yaml b/compliance/controls/aws/aws_foundational_security_s3_6.yaml index 29faab5f7..ab850d920 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_6.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_s3_8.yaml b/compliance/controls/aws/aws_foundational_security_s3_8.yaml index 051e0c42f..e23cbfcf3 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_foundational_security_s3_9.yaml b/compliance/controls/aws/aws_foundational_security_s3_9.yaml index 574e6257d..b880ca7df 100644 --- a/compliance/controls/aws/aws_foundational_security_s3_9.yaml +++ b/compliance/controls/aws/aws_foundational_security_s3_9.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging -> 'TargetBucket' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_sagemaker_1.yaml b/compliance/controls/aws/aws_foundational_security_sagemaker_1.yaml index 25b34b1b2..1df0c9bd8 100644 --- a/compliance/controls/aws/aws_foundational_security_sagemaker_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_sagemaker_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN direct_internet_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_sagemaker_2.yaml b/compliance/controls/aws/aws_foundational_security_sagemaker_2.yaml index c6c121f8d..d991da8cd 100644 --- a/compliance/controls/aws/aws_foundational_security_sagemaker_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_sagemaker_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN subnet_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_sagemaker_3.yaml b/compliance/controls/aws/aws_foundational_security_sagemaker_3.yaml index 9ae1910a7..23a7236f6 100644 --- a/compliance/controls/aws/aws_foundational_security_sagemaker_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_sagemaker_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN root_access = 'Disabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_secretsmanager_1.yaml b/compliance/controls/aws/aws_foundational_security_secretsmanager_1.yaml index 2b12ff15f..f5448988a 100644 --- a/compliance/controls/aws/aws_foundational_security_secretsmanager_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_secretsmanager_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rotation_rules IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_secretsmanager_2.yaml b/compliance/controls/aws/aws_foundational_security_secretsmanager_2.yaml index 32979de4c..ec27c08f7 100644 --- a/compliance/controls/aws/aws_foundational_security_secretsmanager_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_secretsmanager_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN primary_region IS NOT NULL AND region != primary_region THEN 'skip' WHEN rotation_rules IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_secretsmanager_3.yaml b/compliance/controls/aws/aws_foundational_security_secretsmanager_3.yaml index 8770e33e3..4dc980d80 100644 --- a/compliance/controls/aws/aws_foundational_security_secretsmanager_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_secretsmanager_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN last_accessed_date IS NULL THEN 'alarm' WHEN DATE(current_date) - DATE(last_accessed_date) <= 90 THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_secretsmanager_4.yaml b/compliance/controls/aws/aws_foundational_security_secretsmanager_4.yaml index 233118749..3115ebafd 100644 --- a/compliance/controls/aws/aws_foundational_security_secretsmanager_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_secretsmanager_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rotation_rules IS NOT NULL AND rotation_lambda_arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_sfn_1.yaml b/compliance/controls/aws/aws_foundational_security_sfn_1.yaml index ec8c9c4cf..50f2f50f6 100644 --- a/compliance/controls/aws/aws_foundational_security_sfn_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_sfn_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_configuration ->> 'Level' = 'OFF' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_sns_1.yaml b/compliance/controls/aws/aws_foundational_security_sns_1.yaml index 7e7bca241..162c5332f 100644 --- a/compliance/controls/aws/aws_foundational_security_sns_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_sns_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT topic_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_master_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_sns_2.yaml b/compliance/controls/aws/aws_foundational_security_sns_2.yaml index 01fbce047..d8a34f9cb 100644 --- a/compliance/controls/aws/aws_foundational_security_sns_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_sns_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT topic_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN application_failure_feedback_role_arn IS NULL AND firehose_failure_feedback_role_arn IS NULL diff --git a/compliance/controls/aws/aws_foundational_security_sqs_1.yaml b/compliance/controls/aws/aws_foundational_security_sqs_1.yaml index 2e2d3d943..f1ed22b2d 100644 --- a/compliance/controls/aws/aws_foundational_security_sqs_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_sqs_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT queue_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN sqs_managed_sse_enabled THEN 'ok' WHEN kms_master_key_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ssm_1.yaml b/compliance/controls/aws/aws_foundational_security_ssm_1.yaml index 9de0112d7..f3d575fcb 100644 --- a/compliance/controls/aws/aws_foundational_security_ssm_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_ssm_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN i.instance_state = 'stopped' THEN 'info' WHEN m.instance_id IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ssm_2.yaml b/compliance/controls/aws/aws_foundational_security_ssm_2.yaml index c6ae36fa5..21fafdc4f 100644 --- a/compliance/controls/aws/aws_foundational_security_ssm_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_ssm_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT i.instance_id AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN c.status = '' THEN 'skip' WHEN c.status = 'COMPLIANT' THEN 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_ssm_3.yaml b/compliance/controls/aws/aws_foundational_security_ssm_3.yaml index babb8f4e7..89d4379d7 100644 --- a/compliance/controls/aws/aws_foundational_security_ssm_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_ssm_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT id AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN c.status = 'COMPLIANT' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_ssm_4.yaml b/compliance/controls/aws/aws_foundational_security_ssm_4.yaml index 71fdee54f..bc0b03cdc 100644 --- a/compliance/controls/aws/aws_foundational_security_ssm_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_ssm_4.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ssm:' || region || ':' || account_id || ':document/' || name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_ids :: jsonb ? 'all' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_1.yaml b/compliance/controls/aws/aws_foundational_security_waf_1.yaml index d56afd5b6..b2aa62a22 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_1.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_configuration IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_10.yaml b/compliance/controls/aws/aws_foundational_security_waf_10.yaml index 6182173fb..120f88156 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_10.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_10.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_12.yaml b/compliance/controls/aws/aws_foundational_security_waf_12.yaml index 8e6c25242..a332bd309 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_12.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_12.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (visibility_config ->> 'CloudWatchMetricsEnabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_foundational_security_waf_2.yaml b/compliance/controls/aws/aws_foundational_security_waf_2.yaml index 22ab3ea56..56d2aadae 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_2.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT rule_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN predicates IS NULL OR jsonb_array_length(predicates) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_3.yaml b/compliance/controls/aws/aws_foundational_security_waf_3.yaml index 5910403b9..8714a107d 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_3.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_3.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN activated_rules IS NULL OR jsonb_array_length(activated_rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_4.yaml b/compliance/controls/aws/aws_foundational_security_waf_4.yaml index 89d801f02..fbc5a53ce 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_4.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_6.yaml b/compliance/controls/aws/aws_foundational_security_waf_6.yaml index bc597eb39..58984c683 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_6.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_6.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT rule_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN predicates IS NULL OR jsonb_array_length(predicates) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_7.yaml b/compliance/controls/aws/aws_foundational_security_waf_7.yaml index 29d0fc827..8ba6429ba 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_7.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN activated_rules IS NULL OR jsonb_array_length(activated_rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_foundational_security_waf_8.yaml b/compliance/controls/aws/aws_foundational_security_waf_8.yaml index 3ddd2e3a1..611ff8e92 100644 --- a/compliance/controls/aws/aws_foundational_security_waf_8.yaml +++ b/compliance/controls/aws/aws_foundational_security_waf_8.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_fsx_file_system_copy_tags_to_backup_and_volume_enabled.yaml b/compliance/controls/aws/aws_fsx_file_system_copy_tags_to_backup_and_volume_enabled.yaml index 15f2e3007..abc96db9a 100644 --- a/compliance/controls/aws/aws_fsx_file_system_copy_tags_to_backup_and_volume_enabled.yaml +++ b/compliance/controls/aws/aws_fsx_file_system_copy_tags_to_backup_and_volume_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN file_system_type <> 'OPENZFS' THEN 'skip' WHEN (open_zfs_configuration ->> 'CopyTagsToBackups')::bool diff --git a/compliance/controls/aws/aws_fsx_file_system_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_fsx_file_system_protected_by_backup_plan.yaml index 5b7f15ba6..23f3b5b44 100644 --- a/compliance/controls/aws/aws_fsx_file_system_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_fsx_file_system_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_gatewayv2_stage_access_logging_enabled.yaml b/compliance/controls/aws/aws_gatewayv2_stage_access_logging_enabled.yaml index 2ce3ed063..8bc87d72f 100644 --- a/compliance/controls/aws/aws_gatewayv2_stage_access_logging_enabled.yaml +++ b/compliance/controls/aws/aws_gatewayv2_stage_access_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id || '/stages/' || stage_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN access_log_settings IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_glacier_vault_restrict_public_access.yaml b/compliance/controls/aws/aws_glacier_vault_restrict_public_access.yaml index 48c0312e8..284ee3375 100644 --- a/compliance/controls/aws/aws_glacier_vault_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_glacier_vault_restrict_public_access.yaml @@ -27,8 +27,8 @@ Query: ) SELECT g.vault_arn AS resource, - g.og_account_id AS og_account_id, - g.og_resource_id AS og_resource_id, + g.platform_account_id AS platform_account_id, + g.platform_resource_id AS platform_resource_id, CASE WHEN p.vault_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_glue_connection_ssl_enabled.yaml b/compliance/controls/aws/aws_glue_connection_ssl_enabled.yaml index de082b0d9..24e8fe2b3 100644 --- a/compliance/controls/aws/aws_glue_connection_ssl_enabled.yaml +++ b/compliance/controls/aws/aws_glue_connection_ssl_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN connection_properties ->> 'JDBC_ENFORCE_SSL' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_metadata_encryption_enabled.yaml b/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_metadata_encryption_enabled.yaml index 37f33b587..f2c2a12e1 100644 --- a/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_metadata_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_metadata_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || '::' || region || ':' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_at_rest IS NOT NULL AND encryption_at_rest ->> 'CatalogEncryptionMode' != 'DISABLED' THEN 'ok' diff --git a/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_password_encryption_enabled.yaml b/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_password_encryption_enabled.yaml index 7560182ce..9c0977063 100644 --- a/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_password_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_glue_data_catalog_encryption_settings_password_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || '::' || region || ':' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN connection_password_encryption IS NOT NULL AND connection_password_encryption ->> 'ReturnConnectionPasswordEncrypted' != 'false' THEN 'ok' diff --git a/compliance/controls/aws/aws_glue_job_bookmarks_encryption_enabled.yaml b/compliance/controls/aws/aws_glue_job_bookmarks_encryption_enabled.yaml index ca90e6e58..f1ecf3fc4 100644 --- a/compliance/controls/aws/aws_glue_job_bookmarks_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_glue_job_bookmarks_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT j.arn AS resource, - j.og_account_id AS og_account_id, - j.og_resource_id AS og_resource_id, + j.platform_account_id AS platform_account_id, + j.platform_resource_id AS platform_resource_id, CASE WHEN job_bookmarks_encryption IS NOT NULL AND job_bookmarks_encryption ->> 'JobBookmarksEncryptionMode' != 'DISABLED' diff --git a/compliance/controls/aws/aws_guardduty_enabled.yaml b/compliance/controls/aws/aws_guardduty_enabled.yaml index 35060e9be..de14f153a 100644 --- a/compliance/controls/aws/aws_guardduty_enabled.yaml +++ b/compliance/controls/aws/aws_guardduty_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.region = ANY(ARRAY['af-south-1', 'ap-northeast-3', 'ap-southeast-3', 'eu-south-1', 'cn-north-1', 'cn-northwest-1', 'me-south-1', 'us-gov-east-1']) THEN 'skip' WHEN r.opt_in_status = 'not-opted-in' THEN 'skip' diff --git a/compliance/controls/aws/aws_guardduty_finding_archived.yaml b/compliance/controls/aws/aws_guardduty_finding_archived.yaml index c2f59d0c5..54e58a9ad 100644 --- a/compliance/controls/aws/aws_guardduty_finding_archived.yaml +++ b/compliance/controls/aws/aws_guardduty_finding_archived.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN service ->> 'Archived' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_guardduty_no_high_severity_findings.yaml b/compliance/controls/aws/aws_guardduty_no_high_severity_findings.yaml index 022ee8407..093fa7803 100644 --- a/compliance/controls/aws/aws_guardduty_no_high_severity_findings.yaml +++ b/compliance/controls/aws/aws_guardduty_no_high_severity_findings.yaml @@ -18,8 +18,8 @@ Query: region, account_id, status, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_guardduty_detector ), finding_count AS ( @@ -33,8 +33,8 @@ Query: ) SELECT arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN status <> 'ENABLED' THEN 'skip' WHEN fc.count = 0 OR fc.count IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_iam_access_analyzer_enabled.yaml b/compliance/controls/aws/aws_iam_access_analyzer_enabled.yaml index 403943979..1660100f5 100644 --- a/compliance/controls/aws/aws_iam_access_analyzer_enabled.yaml +++ b/compliance/controls/aws/aws_iam_access_analyzer_enabled.yaml @@ -14,8 +14,8 @@ Query: WITH regions AS ( SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.opt_in_status = 'not-opted-in' THEN 1 WHEN aa.arn IS NOT NULL THEN 0 @@ -31,8 +31,8 @@ Query: results AS ( SELECT account_id AS resource, - og_account_id AS og_account_id, - og_account_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_account_id AS platform_resource_id, CASE WHEN MAX(status) = 2 THEN 'alarm' WHEN MAX(status) = 1 THEN 'skip' @@ -44,17 +44,17 @@ Query: WHEN MAX(status) = 0 THEN 'IAM Access analyzer is enabled for this account on regions: [' || STRING_AGG(region, ',') || ']' END AS reason FROM regions - GROUP BY account_id, og_account_id + GROUP BY account_id, platform_account_id ) SELECT r.resource AS resource, - r.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, r.status AS status, r.reason AS reason FROM results AS r JOIN aws_account AS a - ON r.og_account_id = a.og_account_id + ON r.platform_account_id = a.platform_account_id Severity: high Tags: category: diff --git a/compliance/controls/aws/aws_iam_account_password_policy_min_length_14.yaml b/compliance/controls/aws/aws_iam_account_password_policy_min_length_14.yaml index db84b89c5..26a8c8c5d 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_min_length_14.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_min_length_14.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_one_lowercase_letter.yaml b/compliance/controls/aws/aws_iam_account_password_policy_one_lowercase_letter.yaml index 2bc899ab0..a2721ece5 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_one_lowercase_letter.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_one_lowercase_letter.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN require_lowercase_characters THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_one_number.yaml b/compliance/controls/aws/aws_iam_account_password_policy_one_number.yaml index 01d2af082..6b4477488 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_one_number.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_one_number.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN require_numbers THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_one_symbol.yaml b/compliance/controls/aws/aws_iam_account_password_policy_one_symbol.yaml index b2cde6e75..bebada1d7 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_one_symbol.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_one_symbol.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN require_symbols THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_one_uppercase_letter.yaml b/compliance/controls/aws/aws_iam_account_password_policy_one_uppercase_letter.yaml index 773d58c19..834e59b4a 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_one_uppercase_letter.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_one_uppercase_letter.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN require_uppercase_characters THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_reuse_24.yaml b/compliance/controls/aws/aws_iam_account_password_policy_reuse_24.yaml index 458725dd4..238c69369 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_reuse_24.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_reuse_24.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN password_reuse_prevention >= 24 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_account_password_policy_strong_min_length_8.yaml b/compliance/controls/aws/aws_iam_account_password_policy_strong_min_length_8.yaml index 4df03bec4..7a7c77288 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_strong_min_length_8.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_strong_min_length_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 8 diff --git a/compliance/controls/aws/aws_iam_account_password_policy_strong_min_reuse_24.yaml b/compliance/controls/aws/aws_iam_account_password_policy_strong_min_reuse_24.yaml index b550eabbf..c5b22e606 100644 --- a/compliance/controls/aws/aws_iam_account_password_policy_strong_min_reuse_24.yaml +++ b/compliance/controls/aws/aws_iam_account_password_policy_strong_min_reuse_24.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN minimum_password_length >= 14 diff --git a/compliance/controls/aws/aws_iam_all_policy_no_service_wild_card.yaml b/compliance/controls/aws/aws_iam_all_policy_no_service_wild_card.yaml index 361aca0d3..e80f5ef90 100644 --- a/compliance/controls/aws/aws_iam_all_policy_no_service_wild_card.yaml +++ b/compliance/controls/aws/aws_iam_all_policy_no_service_wild_card.yaml @@ -31,8 +31,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_custom_policy_unattached_no_star_star.yaml b/compliance/controls/aws/aws_iam_custom_policy_unattached_no_star_star.yaml index 12c5b9d74..04f0e55f1 100644 --- a/compliance/controls/aws/aws_iam_custom_policy_unattached_no_star_star.yaml +++ b/compliance/controls/aws/aws_iam_custom_policy_unattached_no_star_star.yaml @@ -32,8 +32,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN bad.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_group_not_empty.yaml b/compliance/controls/aws/aws_iam_group_not_empty.yaml index 3bc2564cb..ae461ba90 100644 --- a/compliance/controls/aws/aws_iam_group_not_empty.yaml +++ b/compliance/controls/aws/aws_iam_group_not_empty.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN users IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml b/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml index da7983dab..1e3fc1ee8 100644 --- a/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml +++ b/compliance/controls/aws/aws_iam_group_user_role_no_inline_policies.yaml @@ -13,9 +13,9 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_user' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_user' AS platform_table_name, CASE WHEN inline_policies IS NULL THEN 'ok' ELSE 'alarm' @@ -27,9 +27,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_role' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_role' AS platform_table_name, CASE WHEN inline_policies IS NULL THEN 'ok' ELSE 'alarm' @@ -43,9 +43,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_group' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_group' AS platform_table_name, CASE WHEN inline_policies IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_inline_policy_no_administrative_privileges.yaml b/compliance/controls/aws/aws_iam_inline_policy_no_administrative_privileges.yaml index f40610183..b2d45018c 100644 --- a/compliance/controls/aws/aws_iam_inline_policy_no_administrative_privileges.yaml +++ b/compliance/controls/aws/aws_iam_inline_policy_no_administrative_privileges.yaml @@ -20,8 +20,8 @@ Query: region, _ctx, 'iam_user' AS type, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_user UNION @@ -33,8 +33,8 @@ Query: region, _ctx, 'iam_role' AS type, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_role UNION @@ -46,8 +46,8 @@ Query: region, _ctx, 'iam_group' AS type, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_group ), @@ -74,8 +74,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN bad.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_managed_policy_attached_to_role.yaml b/compliance/controls/aws/aws_iam_managed_policy_attached_to_role.yaml index af4711af4..037966ea2 100644 --- a/compliance/controls/aws/aws_iam_managed_policy_attached_to_role.yaml +++ b/compliance/controls/aws/aws_iam_managed_policy_attached_to_role.yaml @@ -19,8 +19,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN arn IN (SELECT policy_arn FROM role_attached_policies) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_all_attached_no_star_star.yaml b/compliance/controls/aws/aws_iam_policy_all_attached_no_star_star.yaml index 1bc1b7a83..1a1ca8271 100644 --- a/compliance/controls/aws/aws_iam_policy_all_attached_no_star_star.yaml +++ b/compliance/controls/aws/aws_iam_policy_all_attached_no_star_star.yaml @@ -34,8 +34,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NOT NULL AND s.is_aws_managed THEN 'info' WHEN s.arn IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_iam_policy_custom_attached_no_star_star.yaml b/compliance/controls/aws/aws_iam_policy_custom_attached_no_star_star.yaml index 1d4152086..408285972 100644 --- a/compliance/controls/aws/aws_iam_policy_custom_attached_no_star_star.yaml +++ b/compliance/controls/aws/aws_iam_policy_custom_attached_no_star_star.yaml @@ -32,8 +32,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN s.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_custom_no_assume_role.yaml b/compliance/controls/aws/aws_iam_policy_custom_no_assume_role.yaml index f543051a8..68386e088 100644 --- a/compliance/controls/aws/aws_iam_policy_custom_no_assume_role.yaml +++ b/compliance/controls/aws/aws_iam_policy_custom_no_assume_role.yaml @@ -22,8 +22,8 @@ Query: ) SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN fu.user_id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_policy_custom_no_blocked_kms_actions.yaml b/compliance/controls/aws/aws_iam_policy_custom_no_blocked_kms_actions.yaml index 511e2da71..43534b535 100644 --- a/compliance/controls/aws/aws_iam_policy_custom_no_blocked_kms_actions.yaml +++ b/compliance/controls/aws/aws_iam_policy_custom_no_blocked_kms_actions.yaml @@ -28,8 +28,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_custom_no_permissive_role_assumption.yaml b/compliance/controls/aws/aws_iam_policy_custom_no_permissive_role_assumption.yaml index f545aa335..1aa84bdca 100644 --- a/compliance/controls/aws/aws_iam_policy_custom_no_permissive_role_assumption.yaml +++ b/compliance/controls/aws/aws_iam_policy_custom_no_permissive_role_assumption.yaml @@ -32,8 +32,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml b/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml index 504c99f60..2dafad6d3 100644 --- a/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml +++ b/compliance/controls/aws/aws_iam_policy_inline_no_blocked_kms_actions.yaml @@ -18,9 +18,9 @@ Query: name, account_id, region, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_user' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_user' AS platform_table_name, _ctx FROM aws_iam_user @@ -31,9 +31,9 @@ Query: name, account_id, region, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_role' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_role' AS platform_table_name, _ctx FROM aws_iam_role @@ -44,9 +44,9 @@ Query: name, account_id, region, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_group' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_group' AS platform_table_name, _ctx FROM aws_iam_group @@ -69,9 +69,9 @@ Query: ) SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, - u.og_table_name AS og_table_name, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, + u.platform_table_name AS platform_table_name, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_no_full_access_to_cloudtrail.yaml b/compliance/controls/aws/aws_iam_policy_no_full_access_to_cloudtrail.yaml index 3fdad4558..49cbe2602 100644 --- a/compliance/controls/aws/aws_iam_policy_no_full_access_to_cloudtrail.yaml +++ b/compliance/controls/aws/aws_iam_policy_no_full_access_to_cloudtrail.yaml @@ -28,8 +28,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_no_full_access_to_kms.yaml b/compliance/controls/aws/aws_iam_policy_no_full_access_to_kms.yaml index 884fedb7a..32992eaba 100644 --- a/compliance/controls/aws/aws_iam_policy_no_full_access_to_kms.yaml +++ b/compliance/controls/aws/aws_iam_policy_no_full_access_to_kms.yaml @@ -28,8 +28,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN w.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_no_star_star.yaml b/compliance/controls/aws/aws_iam_policy_no_star_star.yaml index 8f7a8631c..100a4707c 100644 --- a/compliance/controls/aws/aws_iam_policy_no_star_star.yaml +++ b/compliance/controls/aws/aws_iam_policy_no_star_star.yaml @@ -30,8 +30,8 @@ Query: ) SELECT p.arn AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN bad.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_policy_unused.yaml b/compliance/controls/aws/aws_iam_policy_unused.yaml index f9984a24a..5368e5375 100644 --- a/compliance/controls/aws/aws_iam_policy_unused.yaml +++ b/compliance/controls/aws/aws_iam_policy_unused.yaml @@ -32,8 +32,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN arn IN ( SELECT jsonb_array_elements_text(attached_policy_arns) diff --git a/compliance/controls/aws/aws_iam_role_no_administrator_access_policy_attached.yaml b/compliance/controls/aws/aws_iam_role_no_administrator_access_policy_attached.yaml index c0cf7fd81..64bf53789 100644 --- a/compliance/controls/aws/aws_iam_role_no_administrator_access_policy_attached.yaml +++ b/compliance/controls/aws/aws_iam_role_no_administrator_access_policy_attached.yaml @@ -22,8 +22,8 @@ Query: ) SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN ar.arn IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_role_should_not_have_trust_to_cognito_full_access.yaml b/compliance/controls/aws/aws_iam_role_should_not_have_trust_to_cognito_full_access.yaml index ceb599c32..289b27972 100644 --- a/compliance/controls/aws/aws_iam_role_should_not_have_trust_to_cognito_full_access.yaml +++ b/compliance/controls/aws/aws_iam_role_should_not_have_trust_to_cognito_full_access.yaml @@ -21,8 +21,8 @@ Query: ) SELECT role.arn AS resource, - role.og_account_id AS og_account_id, - role.og_resource_id AS og_resource_id, + role.platform_account_id AS platform_account_id, + role.platform_resource_id AS platform_resource_id, CASE WHEN cognito_access.role_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_role_unused_60.yaml b/compliance/controls/aws/aws_iam_role_unused_60.yaml index 5320f9876..690d6536f 100644 --- a/compliance/controls/aws/aws_iam_role_unused_60.yaml +++ b/compliance/controls/aws/aws_iam_role_unused_60.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN role_last_used_date <= (CURRENT_DATE - INTERVAL '60' DAY) OR role_last_used_date IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_root_last_used.yaml b/compliance/controls/aws/aws_iam_root_last_used.yaml index 36cd9e534..a5a6f9da1 100644 --- a/compliance/controls/aws/aws_iam_root_last_used.yaml +++ b/compliance/controls/aws/aws_iam_root_last_used.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_last_used >= (current_date - INTERVAL '90' day) THEN 'alarm' WHEN access_key_1_last_used_date <= (current_date - INTERVAL '90' day) THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_root_user_hardware_mfa_enabled.yaml b/compliance/controls/aws/aws_iam_root_user_hardware_mfa_enabled.yaml index b22c83139..87683b0ee 100644 --- a/compliance/controls/aws/aws_iam_root_user_hardware_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_iam_root_user_hardware_mfa_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT 'arn:' || s.partition || ':::' || s.account_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled AND serial_number IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_root_user_mfa_enabled.yaml b/compliance/controls/aws/aws_iam_root_user_mfa_enabled.yaml index 545042089..2fc304bc2 100644 --- a/compliance/controls/aws/aws_iam_root_user_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_iam_root_user_mfa_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_mfa_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_root_user_no_access_keys.yaml b/compliance/controls/aws/aws_iam_root_user_no_access_keys.yaml index 4e6de5028..b4991fd57 100644 --- a/compliance/controls/aws/aws_iam_root_user_no_access_keys.yaml +++ b/compliance/controls/aws/aws_iam_root_user_no_access_keys.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_access_keys_present > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_security_audit_role.yaml b/compliance/controls/aws/aws_iam_security_audit_role.yaml index dca838382..1c7f4ffb7 100644 --- a/compliance/controls/aws/aws_iam_security_audit_role.yaml +++ b/compliance/controls/aws/aws_iam_security_audit_role.yaml @@ -16,8 +16,8 @@ Query: COUNT(policy_arn), a.account_id, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id FROM aws_account AS a LEFT JOIN aws_iam_role AS r @@ -30,13 +30,13 @@ Query: a.account_id, a.partition, a._ctx, - a.og_account_id, - a.og_resource_id + a.platform_account_id, + a.platform_resource_id ) SELECT resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_server_certificate_not_expired.yaml b/compliance/controls/aws/aws_iam_server_certificate_not_expired.yaml index 5aec413b5..b2e039916 100644 --- a/compliance/controls/aws/aws_iam_server_certificate_not_expired.yaml +++ b/compliance/controls/aws/aws_iam_server_certificate_not_expired.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration < (current_date - INTERVAL '1' SECOND) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_support_role.yaml b/compliance/controls/aws/aws_iam_support_role.yaml index 1f06f5ea1..6d5f9252c 100644 --- a/compliance/controls/aws/aws_iam_support_role.yaml +++ b/compliance/controls/aws/aws_iam_support_role.yaml @@ -15,8 +15,8 @@ Query: 'arn:' || a.partition || ':::' || a.account_id AS resource, COUNT(policy_arn), a.account_id, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, a._ctx FROM aws_account AS a @@ -28,14 +28,14 @@ Query: GROUP BY a.account_id, a.partition, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, a._ctx ) SELECT resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN COUNT > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_access_key_age_90.yaml b/compliance/controls/aws/aws_iam_user_access_key_age_90.yaml index 3d0d720ea..513fdd391 100644 --- a/compliance/controls/aws/aws_iam_user_access_key_age_90.yaml +++ b/compliance/controls/aws/aws_iam_user_access_key_age_90.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':iam::' || account_id || ':user/' || user_name || '/accesskey/' || access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN create_date <= (CURRENT_DATE - INTERVAL '90' DAY) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_user_access_key_unused_45.yaml b/compliance/controls/aws/aws_iam_user_access_key_unused_45.yaml index bf9d8af43..2e3dc17d4 100644 --- a/compliance/controls/aws/aws_iam_user_access_key_unused_45.yaml +++ b/compliance/controls/aws/aws_iam_user_access_key_unused_45.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT access_key_1_active THEN 'ok' WHEN access_key_1_active AND access_key_1_last_used_date IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_access_keys_and_password_at_setup.yaml b/compliance/controls/aws/aws_iam_user_access_keys_and_password_at_setup.yaml index f20bfff38..6cb273f9d 100644 --- a/compliance/controls/aws/aws_iam_user_access_keys_and_password_at_setup.yaml +++ b/compliance/controls/aws/aws_iam_user_access_keys_and_password_at_setup.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND (EXTRACT(EPOCH FROM (access_key_1_last_rotated - user_creation_time)) < 10) THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_console_access_mfa_enabled.yaml b/compliance/controls/aws/aws_iam_user_console_access_mfa_enabled.yaml index 9fd5d00f1..ef3d42af6 100644 --- a/compliance/controls/aws/aws_iam_user_console_access_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_iam_user_console_access_mfa_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN password_enabled AND NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_user_console_access_unused_45.yaml b/compliance/controls/aws/aws_iam_user_console_access_unused_45.yaml index 00281c450..5c6cfeadb 100644 --- a/compliance/controls/aws/aws_iam_user_console_access_unused_45.yaml +++ b/compliance/controls/aws/aws_iam_user_console_access_unused_45.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT password_enabled THEN 'ok' WHEN password_enabled AND password_last_used IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml b/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml index fbcd0c0de..c52754c24 100644 --- a/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml +++ b/compliance/controls/aws/aws_iam_user_group_role_cloudshell_fullaccess_restricted.yaml @@ -13,9 +13,9 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_user' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_user' AS platform_table_name, CASE WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' THEN 'alarm' @@ -32,9 +32,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_role' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_role' AS platform_table_name, CASE WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' THEN 'alarm' @@ -51,9 +51,9 @@ Query: UNION SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_iam_group' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_iam_group' AS platform_table_name, CASE WHEN attached_policy_arns @> '["arn:aws:iam::aws:policy/AWSCloudShellFullAccess"]' THEN 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_in_group.yaml b/compliance/controls/aws/aws_iam_user_in_group.yaml index d5463bc2d..8295cd386 100644 --- a/compliance/controls/aws/aws_iam_user_in_group.yaml +++ b/compliance/controls/aws/aws_iam_user_in_group.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(groups) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_user_mfa_enabled.yaml b/compliance/controls/aws/aws_iam_user_mfa_enabled.yaml index 7ebf410e1..52486ffd9 100644 --- a/compliance/controls/aws/aws_iam_user_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_iam_user_mfa_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_iam_user_no_inline_attached_policies.yaml b/compliance/controls/aws/aws_iam_user_no_inline_attached_policies.yaml index 5e636d247..e08cfa737 100644 --- a/compliance/controls/aws/aws_iam_user_no_inline_attached_policies.yaml +++ b/compliance/controls/aws/aws_iam_user_no_inline_attached_policies.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN inline_policies IS NULL AND attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_no_policies.yaml b/compliance/controls/aws/aws_iam_user_no_policies.yaml index 8c378511d..34b97a183 100644 --- a/compliance/controls/aws/aws_iam_user_no_policies.yaml +++ b/compliance/controls/aws/aws_iam_user_no_policies.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_iam_user_one_active_key.yaml b/compliance/controls/aws/aws_iam_user_one_active_key.yaml index 594a78536..394ac939b 100644 --- a/compliance/controls/aws/aws_iam_user_one_active_key.yaml +++ b/compliance/controls/aws/aws_iam_user_one_active_key.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(k.*) > 1 THEN 'alarm' ELSE 'ok' @@ -34,8 +34,8 @@ Query: u.name, u.account_id, u.tags, - u.og_account_id, - u.og_resource_id, + u.platform_account_id, + u.platform_resource_id, u._ctx; Severity: high Tags: diff --git a/compliance/controls/aws/aws_iam_user_unused_credentials_45.yaml b/compliance/controls/aws/aws_iam_user_unused_credentials_45.yaml index 08cccb295..2b2407b96 100644 --- a/compliance/controls/aws/aws_iam_user_unused_credentials_45.yaml +++ b/compliance/controls/aws/aws_iam_user_unused_credentials_45.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_iam_user_unused_credentials_90.yaml b/compliance/controls/aws/aws_iam_user_unused_credentials_90.yaml index 27bcdbda9..fa0c4c149 100644 --- a/compliance/controls/aws/aws_iam_user_unused_credentials_90.yaml +++ b/compliance/controls/aws/aws_iam_user_unused_credentials_90.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_name = '' THEN 'info' diff --git a/compliance/controls/aws/aws_iam_user_with_administrator_access_mfa_enabled.yaml b/compliance/controls/aws/aws_iam_user_with_administrator_access_mfa_enabled.yaml index 19df9570b..ced02de91 100644 --- a/compliance/controls/aws/aws_iam_user_with_administrator_access_mfa_enabled.yaml +++ b/compliance/controls/aws/aws_iam_user_with_administrator_access_mfa_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT u.arn AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN au.user_id IS NULL THEN 'skip' WHEN au.user_id IS NOT NULL AND u.mfa_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_iam_users_with_api_keys_should_have_keys_rotated_every_x_days.yaml b/compliance/controls/aws/aws_iam_users_with_api_keys_should_have_keys_rotated_every_x_days.yaml index 75fbbe12f..df6d1d499 100644 --- a/compliance/controls/aws/aws_iam_users_with_api_keys_should_have_keys_rotated_every_x_days.yaml +++ b/compliance/controls/aws/aws_iam_users_with_api_keys_should_have_keys_rotated_every_x_days.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT user_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, (DATE(current_timestamp) - DATE(access_key_1_last_rotated)), (DATE(current_timestamp) - DATE(access_key_2_last_rotated)), CASE diff --git a/compliance/controls/aws/aws_iam_users_with_console_access_are_requried_to_have_MFA.yaml b/compliance/controls/aws/aws_iam_users_with_console_access_are_requried_to_have_MFA.yaml index 3647d0221..876c99c8a 100644 --- a/compliance/controls/aws/aws_iam_users_with_console_access_are_requried_to_have_MFA.yaml +++ b/compliance/controls/aws/aws_iam_users_with_console_access_are_requried_to_have_MFA.yaml @@ -20,8 +20,8 @@ Query: WHEN NOT(mfa_active::bool) THEN 'MFA is not enabled for ' || user_name ELSE user_name || ' has MFA' END AS reason, - u.og_resource_id, - u.og_account_id, + u.platform_resource_id, + u.platform_account_id, u.account_id FROM aws_iam_credential_report cr diff --git a/compliance/controls/aws/aws_kinesis_firehose_delivery_stream_server_side_encryption_enabled.yaml b/compliance/controls/aws/aws_kinesis_firehose_delivery_stream_server_side_encryption_enabled.yaml index 8d9b98d77..cff4bdec7 100644 --- a/compliance/controls/aws/aws_kinesis_firehose_delivery_stream_server_side_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_kinesis_firehose_delivery_stream_server_side_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN delivery_stream_encryption_configuration ->> 'Status' = 'ENABLED' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kinesis_stream_encrypted_with_kms_cmk.yaml b/compliance/controls/aws/aws_kinesis_stream_encrypted_with_kms_cmk.yaml index b578307ff..c578e80a6 100644 --- a/compliance/controls/aws/aws_kinesis_stream_encrypted_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_kinesis_stream_encrypted_with_kms_cmk.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT stream_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'KMS' AND key_id <> 'alias/aws/kinesis' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kinesis_stream_server_side_encryption_enabled.yaml b/compliance/controls/aws/aws_kinesis_stream_server_side_encryption_enabled.yaml index 29bf2e85f..e89ffe5af 100644 --- a/compliance/controls/aws/aws_kinesis_stream_server_side_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_kinesis_stream_server_side_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT stream_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'KMS' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kms_cmk_policy_prohibit_public_access.yaml b/compliance/controls/aws/aws_kms_cmk_policy_prohibit_public_access.yaml index 97a032d90..2c658711f 100644 --- a/compliance/controls/aws/aws_kms_cmk_policy_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_kms_cmk_policy_prohibit_public_access.yaml @@ -28,8 +28,8 @@ Query: ) SELECT k.arn AS resource, - k.og_account_id AS og_account_id, - k.og_resource_id AS og_resource_id, + k.platform_account_id AS platform_account_id, + k.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kms_cmk_rotation_enabled.yaml b/compliance/controls/aws/aws_kms_cmk_rotation_enabled.yaml index b5984ab0c..fb7fbcf6e 100644 --- a/compliance/controls/aws/aws_kms_cmk_rotation_enabled.yaml +++ b/compliance/controls/aws/aws_kms_cmk_rotation_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN origin = 'EXTERNAL' THEN 'skip' WHEN key_state = 'PendingDeletion' THEN 'skip' diff --git a/compliance/controls/aws/aws_kms_cmk_unused.yaml b/compliance/controls/aws/aws_kms_cmk_unused.yaml index 6ae873cac..c76531767 100644 --- a/compliance/controls/aws/aws_kms_cmk_unused.yaml +++ b/compliance/controls/aws/aws_kms_cmk_unused.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT enabled AND key_state = 'PendingDeletion' THEN 'ok' WHEN NOT enabled AND key_state <> 'PendingDeletion' THEN 'alarm' diff --git a/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_customer_managed_policy.yaml b/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_customer_managed_policy.yaml index 8641d21b5..97765ae52 100644 --- a/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_customer_managed_policy.yaml +++ b/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_customer_managed_policy.yaml @@ -24,8 +24,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN d.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml b/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml index e3528d1e3..e86dc6b5e 100644 --- a/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml +++ b/compliance/controls/aws/aws_kms_key_decryption_restricted_in_iam_inline_policy.yaml @@ -49,9 +49,9 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, - 'aws_iam_user' AS og_table_name, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, + 'aws_iam_user' AS platform_table_name, CASE WHEN d.arn IS NULL THEN 'ok' ELSE 'alarm' @@ -67,9 +67,9 @@ Query: UNION SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, - 'aws_iam_role' AS og_table_name, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, + 'aws_iam_role' AS platform_table_name, CASE WHEN d.arn IS NULL THEN 'ok' ELSE 'alarm' @@ -87,9 +87,9 @@ Query: UNION SELECT g.arn AS resource, - g.og_account_id AS og_account_id, - g.og_resource_id AS og_resource_id, - 'aws_iam_group' AS og_table_name, + g.platform_account_id AS platform_account_id, + g.platform_resource_id AS platform_resource_id, + 'aws_iam_group' AS platform_table_name, CASE WHEN d.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_kms_key_not_pending_deletion.yaml b/compliance/controls/aws/aws_kms_key_not_pending_deletion.yaml index 4317ae342..e07cb80d9 100644 --- a/compliance/controls/aws/aws_kms_key_not_pending_deletion.yaml +++ b/compliance/controls/aws/aws_kms_key_not_pending_deletion.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN key_state = 'PendingDeletion' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_cloudtrail_logging_enabled.yaml b/compliance/controls/aws/aws_lambda_function_cloudtrail_logging_enabled.yaml index aaa72fadd..cdf4cdade 100644 --- a/compliance/controls/aws/aws_lambda_function_cloudtrail_logging_enabled.yaml +++ b/compliance/controls/aws/aws_lambda_function_cloudtrail_logging_enabled.yaml @@ -53,8 +53,8 @@ Query: ) SELECT DISTINCT l.arn AS resource, - l.og_account_id AS og_account_id, - l.og_resource_id AS og_resource_id, + l.platform_account_id AS platform_account_id, + l.platform_resource_id AS platform_resource_id, CASE WHEN (l.arn = c.lambda_arn) OR (r.lambda_arn = 'arn:aws:lambda' AND r.cloudtrail_region = l.region) diff --git a/compliance/controls/aws/aws_lambda_function_cloudwatch_insights_enabled.yaml b/compliance/controls/aws/aws_lambda_function_cloudwatch_insights_enabled.yaml index c9c43450c..4d0c1b1b2 100644 --- a/compliance/controls/aws/aws_lambda_function_cloudwatch_insights_enabled.yaml +++ b/compliance/controls/aws/aws_lambda_function_cloudwatch_insights_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/aws/aws_lambda_function_concurrent_execution_limit_configured.yaml b/compliance/controls/aws/aws_lambda_function_concurrent_execution_limit_configured.yaml index dae225d52..e30fd9be8 100644 --- a/compliance/controls/aws/aws_lambda_function_concurrent_execution_limit_configured.yaml +++ b/compliance/controls/aws/aws_lambda_function_concurrent_execution_limit_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN reserved_concurrent_executions IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_cors_configuration.yaml b/compliance/controls/aws/aws_lambda_function_cors_configuration.yaml index 3124b9b2e..75112e547 100644 --- a/compliance/controls/aws/aws_lambda_function_cors_configuration.yaml +++ b/compliance/controls/aws/aws_lambda_function_cors_configuration.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN url_config IS NULL THEN 'info' WHEN url_config -> 'Cors' ->> 'AllowOrigins' = '[\"*\"]' THEN 'alarm' diff --git a/compliance/controls/aws/aws_lambda_function_dead_letter_queue_configured.yaml b/compliance/controls/aws/aws_lambda_function_dead_letter_queue_configured.yaml index 26e74b6ee..b863dd4eb 100644 --- a/compliance/controls/aws/aws_lambda_function_dead_letter_queue_configured.yaml +++ b/compliance/controls/aws/aws_lambda_function_dead_letter_queue_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN dead_letter_config_target_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_encryption_enabled.yaml b/compliance/controls/aws/aws_lambda_function_encryption_enabled.yaml index e398c06db..71c6e859c 100644 --- a/compliance/controls/aws/aws_lambda_function_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_lambda_function_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_in_vpc.yaml b/compliance/controls/aws/aws_lambda_function_in_vpc.yaml index 3e8d198e9..7263cb344 100644 --- a/compliance/controls/aws/aws_lambda_function_in_vpc.yaml +++ b/compliance/controls/aws/aws_lambda_function_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL OR vpc_id = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_multiple_az_configured.yaml b/compliance/controls/aws/aws_lambda_function_multiple_az_configured.yaml index 8ccf22981..66446b1e4 100644 --- a/compliance/controls/aws/aws_lambda_function_multiple_az_configured.yaml +++ b/compliance/controls/aws/aws_lambda_function_multiple_az_configured.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL OR vpc_id = '' THEN 'skip' ELSE CASE diff --git a/compliance/controls/aws/aws_lambda_function_restrict_public_access.yaml b/compliance/controls/aws/aws_lambda_function_restrict_public_access.yaml index 0759f3c5e..0345cfc43 100644 --- a/compliance/controls/aws/aws_lambda_function_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_lambda_function_restrict_public_access.yaml @@ -33,8 +33,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN p.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_lambda_function_restrict_public_url.yaml b/compliance/controls/aws/aws_lambda_function_restrict_public_url.yaml index 8f1f6c530..2e58a7e52 100644 --- a/compliance/controls/aws/aws_lambda_function_restrict_public_url.yaml +++ b/compliance/controls/aws/aws_lambda_function_restrict_public_url.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN url_config IS NULL THEN 'info' WHEN url_config ->> 'AuthType' = 'AWS_IAM' THEN 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_tracing_enabled.yaml b/compliance/controls/aws/aws_lambda_function_tracing_enabled.yaml index 28cd0b4d4..e70035aaa 100644 --- a/compliance/controls/aws/aws_lambda_function_tracing_enabled.yaml +++ b/compliance/controls/aws/aws_lambda_function_tracing_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN tracing_config ->> 'Mode' = 'PassThrough' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_use_latest_runtime.yaml b/compliance/controls/aws/aws_lambda_function_use_latest_runtime.yaml index 8fcea6d28..1b1a1aa2c 100644 --- a/compliance/controls/aws/aws_lambda_function_use_latest_runtime.yaml +++ b/compliance/controls/aws/aws_lambda_function_use_latest_runtime.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN package_type <> 'Zip' THEN 'skip' WHEN runtime IN ('nodejs16.x', 'nodejs14.x', 'nodejs12.x', 'nodejs10.x', 'python3.9', 'python3.8', 'python3.7', 'python3.6', 'ruby2.5', 'ruby2.7', 'java11', 'java8', 'java8.al2', 'go1.x', 'dotnetcore2.1', 'dotnetcore3.1', 'dotnet6') THEN 'ok' diff --git a/compliance/controls/aws/aws_lambda_function_variables_no_sensitive_data.yaml b/compliance/controls/aws/aws_lambda_function_variables_no_sensitive_data.yaml index 41f78ac3b..97125120e 100644 --- a/compliance/controls/aws/aws_lambda_function_variables_no_sensitive_data.yaml +++ b/compliance/controls/aws/aws_lambda_function_variables_no_sensitive_data.yaml @@ -24,8 +24,8 @@ Query: ) SELECT f.arn AS resource, - f.og_account_id AS og_account_id, - f.og_resource_id AS og_resource_id, + f.platform_account_id AS platform_account_id, + f.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_lightsail_instance_ipv6_networking_disabled.yaml b/compliance/controls/aws/aws_lightsail_instance_ipv6_networking_disabled.yaml index 281b01942..44dda1e91 100644 --- a/compliance/controls/aws/aws_lightsail_instance_ipv6_networking_disabled.yaml +++ b/compliance/controls/aws/aws_lightsail_instance_ipv6_networking_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ip_v6_addresses IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_log_group_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_log_group_encryption_at_rest_enabled.yaml index 69c8350e1..52a65fbac 100644 --- a/compliance/controls/aws/aws_log_group_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_log_group_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_bucket_policy.yaml b/compliance/controls/aws/aws_log_metric_filter_bucket_policy.yaml index 1ec020e03..b84b9231b 100644 --- a/compliance/controls/aws/aws_log_metric_filter_bucket_policy.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_bucket_policy.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_cloudtrail_configuration.yaml b/compliance/controls/aws/aws_log_metric_filter_cloudtrail_configuration.yaml index 5fc70ea84..d676aafd6 100644 --- a/compliance/controls/aws/aws_log_metric_filter_cloudtrail_configuration.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_cloudtrail_configuration.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_config_configuration.yaml b/compliance/controls/aws/aws_log_metric_filter_config_configuration.yaml index ffdd4d017..8e317969e 100644 --- a/compliance/controls/aws/aws_log_metric_filter_config_configuration.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_config_configuration.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_console_authentication_failure.yaml b/compliance/controls/aws/aws_log_metric_filter_console_authentication_failure.yaml index 9bd9e7bac..04c5df65e 100644 --- a/compliance/controls/aws/aws_log_metric_filter_console_authentication_failure.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_console_authentication_failure.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_console_login_mfa.yaml b/compliance/controls/aws/aws_log_metric_filter_console_login_mfa.yaml index a66e377ff..169f71241 100644 --- a/compliance/controls/aws/aws_log_metric_filter_console_login_mfa.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_console_login_mfa.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_disable_or_delete_cmk.yaml b/compliance/controls/aws/aws_log_metric_filter_disable_or_delete_cmk.yaml index 96cce84d5..1f2ac0b2e 100644 --- a/compliance/controls/aws/aws_log_metric_filter_disable_or_delete_cmk.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_disable_or_delete_cmk.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_iam_policy.yaml b/compliance/controls/aws/aws_log_metric_filter_iam_policy.yaml index 81bc1226d..cb4012fcb 100644 --- a/compliance/controls/aws/aws_log_metric_filter_iam_policy.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_iam_policy.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_network_acl.yaml b/compliance/controls/aws/aws_log_metric_filter_network_acl.yaml index f341211f4..e4e11ef19 100644 --- a/compliance/controls/aws/aws_log_metric_filter_network_acl.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_network_acl.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_network_gateway.yaml b/compliance/controls/aws/aws_log_metric_filter_network_gateway.yaml index c60be22d8..98cafb67a 100644 --- a/compliance/controls/aws/aws_log_metric_filter_network_gateway.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_network_gateway.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_organization.yaml b/compliance/controls/aws/aws_log_metric_filter_organization.yaml index 07e483b67..a45ea57f4 100644 --- a/compliance/controls/aws/aws_log_metric_filter_organization.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_organization.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_root_login.yaml b/compliance/controls/aws/aws_log_metric_filter_root_login.yaml index b4beb879f..644910a02 100644 --- a/compliance/controls/aws/aws_log_metric_filter_root_login.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_root_login.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_route_table.yaml b/compliance/controls/aws/aws_log_metric_filter_route_table.yaml index 753f389b8..2bae98ea5 100644 --- a/compliance/controls/aws/aws_log_metric_filter_route_table.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_route_table.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_security_group.yaml b/compliance/controls/aws/aws_log_metric_filter_security_group.yaml index 8456f6af9..6f4eba8cc 100644 --- a/compliance/controls/aws/aws_log_metric_filter_security_group.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_security_group.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_unauthorized_api.yaml b/compliance/controls/aws/aws_log_metric_filter_unauthorized_api.yaml index 323550c69..2e008bcb5 100644 --- a/compliance/controls/aws/aws_log_metric_filter_unauthorized_api.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_unauthorized_api.yaml @@ -43,8 +43,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_log_metric_filter_vpc.yaml b/compliance/controls/aws/aws_log_metric_filter_vpc.yaml index 28aaa0be9..10662f5cc 100644 --- a/compliance/controls/aws/aws_log_metric_filter_vpc.yaml +++ b/compliance/controls/aws/aws_log_metric_filter_vpc.yaml @@ -44,8 +44,8 @@ Query: ) SELECT DISTINCT 'arn:' || a.partition || ':::' || a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN f.trail_name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_accessanalyzer_analyzer_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_accessanalyzer_analyzer_mandatory.yaml index b1e1ce658..dc02d5199 100644 --- a/compliance/controls/aws/aws_mandatory_sql_accessanalyzer_analyzer_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_accessanalyzer_analyzer_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_accessanalyzer_analyzer ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_api_gateway_stage_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_api_gateway_stage_mandatory.yaml index 60f7f436f..0045e164a 100644 --- a/compliance/controls/aws/aws_mandatory_sql_api_gateway_stage_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_api_gateway_stage_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_api_gateway_stage ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_cloudfront_distribution_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_cloudfront_distribution_mandatory.yaml index acf4b7536..7463e417d 100644 --- a/compliance/controls/aws/aws_mandatory_sql_cloudfront_distribution_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_cloudfront_distribution_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_cloudfront_distribution ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_cloudtrail_trail_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_cloudtrail_trail_mandatory.yaml index 4912f7848..87c58d8ac 100644 --- a/compliance/controls/aws/aws_mandatory_sql_cloudtrail_trail_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_cloudtrail_trail_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -29,8 +29,8 @@ Query: aws_cloudtrail_trail ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/aws/aws_mandatory_sql_cloudwatch_alarm_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_cloudwatch_alarm_mandatory.yaml index 6537e85b8..468c43673 100644 --- a/compliance/controls/aws/aws_mandatory_sql_cloudwatch_alarm_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_cloudwatch_alarm_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_cloudwatch_alarm ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_cloudwatch_log_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_cloudwatch_log_group_mandatory.yaml index f7a087284..05b5567ff 100644 --- a/compliance/controls/aws/aws_mandatory_sql_cloudwatch_log_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_cloudwatch_log_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_cloudwatch_log_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_codebuild_project_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_codebuild_project_mandatory.yaml index 745090d45..b13580ff8 100644 --- a/compliance/controls/aws/aws_mandatory_sql_codebuild_project_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_codebuild_project_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_codebuild_project ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_codecommit_repository_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_codecommit_repository_mandatory.yaml index 6a564e2f8..1affcf440 100644 --- a/compliance/controls/aws/aws_mandatory_sql_codecommit_repository_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_codecommit_repository_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_codecommit_repository ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_codepipeline_pipeline_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_codepipeline_pipeline_mandatory.yaml index fe852b53f..8834ab042 100644 --- a/compliance/controls/aws/aws_mandatory_sql_codepipeline_pipeline_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_codepipeline_pipeline_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_codepipeline_pipeline ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_config_rule_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_config_rule_mandatory.yaml index a29a7ca8e..94b64e969 100644 --- a/compliance/controls/aws/aws_mandatory_sql_config_rule_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_config_rule_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_config_rule ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_dax_cluster_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_dax_cluster_mandatory.yaml index de0a372ae..b5aa7ca9e 100644 --- a/compliance/controls/aws/aws_mandatory_sql_dax_cluster_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_dax_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_dax_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_directory_service_directory_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_directory_service_directory_mandatory.yaml index 56849b0cb..ee72322bd 100644 --- a/compliance/controls/aws/aws_mandatory_sql_directory_service_directory_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_directory_service_directory_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_directory_service_directory ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_dms_replication_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_dms_replication_instance_mandatory.yaml index 055a95af7..48e72b5f5 100644 --- a/compliance/controls/aws/aws_mandatory_sql_dms_replication_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_dms_replication_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_dms_replication_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/aws/aws_mandatory_sql_dynamodb_table_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_dynamodb_table_mandatory.yaml index 309adddd1..f96fa2acc 100644 --- a/compliance/controls/aws/aws_mandatory_sql_dynamodb_table_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_dynamodb_table_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_dynamodb_table ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ebs_snapshot_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ebs_snapshot_mandatory.yaml index 6b2389023..bbc640d0b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ebs_snapshot_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ebs_snapshot_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ebs_snapshot ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ebs_volume_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ebs_volume_mandatory.yaml index a3307440d..deab59a92 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ebs_volume_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ebs_volume_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ebs_volume ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_application_load_balancer_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_application_load_balancer_mandatory.yaml index e8a83ec06..3936c33cc 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_application_load_balancer_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_application_load_balancer_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_application_load_balancer ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_classic_load_balancer_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_classic_load_balancer_mandatory.yaml index b29306d5c..bdfe6c658 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_classic_load_balancer_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_classic_load_balancer_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_classic_load_balancer ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_gateway_load_balancer_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_gateway_load_balancer_mandatory.yaml index 8091966d2..c97d35732 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_gateway_load_balancer_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_gateway_load_balancer_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_gateway_load_balancer ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_instance_mandatory.yaml index cbecdec12..133079a64 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_network_load_balancer_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_network_load_balancer_mandatory.yaml index 5f59802be..eb1fef643 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_network_load_balancer_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_network_load_balancer_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_network_load_balancer ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ec2_reserved_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ec2_reserved_instance_mandatory.yaml index a487a5117..1468ee40a 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ec2_reserved_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ec2_reserved_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ec2_reserved_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ecr_repository_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ecr_repository_mandatory.yaml index 006f6518c..9b618701d 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ecr_repository_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ecr_repository_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ecr_repository ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ecs_container_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ecs_container_instance_mandatory.yaml index 1e9505fc9..61ef0a8f1 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ecs_container_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ecs_container_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -29,8 +29,8 @@ Query: aws_ecs_container_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ecs_service_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ecs_service_mandatory.yaml index 0d1c888e8..2249ae6e5 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ecs_service_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ecs_service_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ecs_service ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_efs_file_system_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_efs_file_system_mandatory.yaml index 41c4a9c1b..4cbe00346 100644 --- a/compliance/controls/aws/aws_mandatory_sql_efs_file_system_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_efs_file_system_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_efs_file_system ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/aws/aws_mandatory_sql_eks_addon_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_eks_addon_mandatory.yaml index 8947e6e4c..638072b02 100644 --- a/compliance/controls/aws/aws_mandatory_sql_eks_addon_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_eks_addon_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_eks_addon ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_eks_cluster_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_eks_cluster_mandatory.yaml index 4e85b60a0..2cb80c0b0 100644 --- a/compliance/controls/aws/aws_mandatory_sql_eks_cluster_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_eks_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_eks_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_application_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_application_mandatory.yaml index b1a084675..f45369a98 100644 --- a/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_application_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_application_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_elastic_beanstalk_application ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_environment_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_environment_mandatory.yaml index 5dba01a7a..4d807723b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_environment_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_elastic_beanstalk_environment_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_elastic_beanstalk_environment ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_elasticache_cluster_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_elasticache_cluster_mandatory.yaml index 564e54cf6..5fe3f958b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_elasticache_cluster_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_elasticache_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_elasticache_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_elasticsearch_domain_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_elasticsearch_domain_mandatory.yaml index b1c207eab..46a161c15 100644 --- a/compliance/controls/aws/aws_mandatory_sql_elasticsearch_domain_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_elasticsearch_domain_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_elasticsearch_domain ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_eventbridge_rule_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_eventbridge_rule_mandatory.yaml index b08616761..4fd12fa6b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_eventbridge_rule_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_eventbridge_rule_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_eventbridge_rule ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_guardduty_detector_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_guardduty_detector_mandatory.yaml index 3a1ef3a65..5b0abdb92 100644 --- a/compliance/controls/aws/aws_mandatory_sql_guardduty_detector_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_guardduty_detector_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_guardduty_detector ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_iam_role_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_iam_role_mandatory.yaml index feb8fcd2b..5fab7103c 100644 --- a/compliance/controls/aws/aws_mandatory_sql_iam_role_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_iam_role_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_iam_role ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_iam_server_certificate_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_iam_server_certificate_mandatory.yaml index 3fd0319af..bc1de8a9f 100644 --- a/compliance/controls/aws/aws_mandatory_sql_iam_server_certificate_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_iam_server_certificate_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -29,8 +29,8 @@ Query: aws_iam_server_certificate ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_iam_user_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_iam_user_mandatory.yaml index e2bfe4e5b..ba210c9e0 100644 --- a/compliance/controls/aws/aws_mandatory_sql_iam_user_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_iam_user_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_iam_user ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_inspector_assessment_template_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_inspector_assessment_template_mandatory.yaml index ec9023b85..f9c2a91cb 100644 --- a/compliance/controls/aws/aws_mandatory_sql_inspector_assessment_template_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_inspector_assessment_template_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_inspector_assessment_template ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_kinesis_firehose_delivery_stream_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_kinesis_firehose_delivery_stream_mandatory.yaml index 5d3d8dfb8..b5ebb8ef1 100644 --- a/compliance/controls/aws/aws_mandatory_sql_kinesis_firehose_delivery_stream_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_kinesis_firehose_delivery_stream_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_kinesis_firehose_delivery_stream ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_kms_key_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_kms_key_mandatory.yaml index 59dd1a167..b21be46de 100644 --- a/compliance/controls/aws/aws_mandatory_sql_kms_key_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_kms_key_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_kms_key ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_lambda_function_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_lambda_function_mandatory.yaml index fc7812c38..ca8cbf02d 100644 --- a/compliance/controls/aws/aws_mandatory_sql_lambda_function_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_lambda_function_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_lambda_function ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_mandatory.yaml index fe53d0220..38e64ec44 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_parameter_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_parameter_group_mandatory.yaml index 4db12e96f..4fa63a033 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_parameter_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_parameter_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_cluster_parameter_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_snapshot_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_snapshot_mandatory.yaml index 5b1635319..bcb7edb63 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_snapshot_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_cluster_snapshot_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_cluster_snapshot ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_instance_mandatory.yaml index a8453e990..19276d72f 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_option_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_option_group_mandatory.yaml index f4acc97bb..346d55c02 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_option_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_option_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_option_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_parameter_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_parameter_group_mandatory.yaml index 94381ef8d..493f81e09 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_parameter_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_parameter_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_parameter_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_snapshot_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_snapshot_mandatory.yaml index 0a1cf1272..0fae13ca0 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_snapshot_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_snapshot_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_snapshot ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_rds_db_subnet_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_rds_db_subnet_group_mandatory.yaml index 0eeb660a2..9cdb81c69 100644 --- a/compliance/controls/aws/aws_mandatory_sql_rds_db_subnet_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_rds_db_subnet_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_rds_db_subnet_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_redshift_cluster_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_redshift_cluster_mandatory.yaml index 734c149b6..4ee42ff91 100644 --- a/compliance/controls/aws/aws_mandatory_sql_redshift_cluster_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_redshift_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_redshift_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_route53_domain_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_route53_domain_mandatory.yaml index cf386b72a..6ffe4353b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_route53_domain_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_route53_domain_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -29,8 +29,8 @@ Query: aws_route53_domain ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_route53_resolver_endpoint_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_route53_resolver_endpoint_mandatory.yaml index 96826e689..2ec1e3866 100644 --- a/compliance/controls/aws/aws_mandatory_sql_route53_resolver_endpoint_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_route53_resolver_endpoint_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_route53_resolver_endpoint ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_s3_bucket_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_s3_bucket_mandatory.yaml index ffe99e285..cb535c782 100644 --- a/compliance/controls/aws/aws_mandatory_sql_s3_bucket_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_s3_bucket_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_s3_bucket ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_sagemaker_endpoint_configuration_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_sagemaker_endpoint_configuration_mandatory.yaml index 9257fb9a1..1bca8662a 100644 --- a/compliance/controls/aws/aws_mandatory_sql_sagemaker_endpoint_configuration_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_sagemaker_endpoint_configuration_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_sagemaker_endpoint_configuration ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_sagemaker_model_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_sagemaker_model_mandatory.yaml index 34631d69c..f67966739 100644 --- a/compliance/controls/aws/aws_mandatory_sql_sagemaker_model_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_sagemaker_model_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_sagemaker_model ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_sagemaker_notebook_instance_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_sagemaker_notebook_instance_mandatory.yaml index aca7e82f5..8822b6479 100644 --- a/compliance/controls/aws/aws_mandatory_sql_sagemaker_notebook_instance_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_sagemaker_notebook_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_sagemaker_notebook_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_sagemaker_training_job_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_sagemaker_training_job_mandatory.yaml index 438bf218f..a88022650 100644 --- a/compliance/controls/aws/aws_mandatory_sql_sagemaker_training_job_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_sagemaker_training_job_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -29,8 +29,8 @@ Query: aws_sagemaker_training_job ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_secretsmanager_secret_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_secretsmanager_secret_mandatory.yaml index 5e834f237..802c7ac35 100644 --- a/compliance/controls/aws/aws_mandatory_sql_secretsmanager_secret_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_secretsmanager_secret_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_secretsmanager_secret ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_ssm_parameter_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_ssm_parameter_mandatory.yaml index 9a7d43f01..6803a4288 100644 --- a/compliance/controls/aws/aws_mandatory_sql_ssm_parameter_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_ssm_parameter_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_ssm_parameter ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_eip_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_eip_mandatory.yaml index 56dca009e..56737ec3c 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_eip_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_eip_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc_eip ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_mandatory.yaml index 1bf351b83..d222deb8f 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_nat_gateway_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_nat_gateway_mandatory.yaml index ea22d3d90..40280e77e 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_nat_gateway_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_nat_gateway_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc_nat_gateway ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_network_acl_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_network_acl_mandatory.yaml index a3d0cb2f8..9e0eb5061 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_network_acl_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_network_acl_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc_network_acl ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_security_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_security_group_mandatory.yaml index 5ca5a2308..5c1113a63 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_security_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_security_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc_security_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_vpc_vpn_connection_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_vpc_vpn_connection_mandatory.yaml index 30f32ac40..291bba31e 100644 --- a/compliance/controls/aws/aws_mandatory_sql_vpc_vpn_connection_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_vpc_vpn_connection_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_vpc_vpn_connection ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/aws/aws_mandatory_sql_wafv2_ip_set_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_wafv2_ip_set_mandatory.yaml index 0fc08e20d..f7a8765be 100644 --- a/compliance/controls/aws/aws_mandatory_sql_wafv2_ip_set_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_wafv2_ip_set_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_wafv2_ip_set ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_wafv2_regex_pattern_set_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_wafv2_regex_pattern_set_mandatory.yaml index c96cba4a1..77f8b8f6a 100644 --- a/compliance/controls/aws/aws_mandatory_sql_wafv2_regex_pattern_set_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_wafv2_regex_pattern_set_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_wafv2_regex_pattern_set ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_wafv2_rule_group_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_wafv2_rule_group_mandatory.yaml index 4d9e5f751..648a2c96d 100644 --- a/compliance/controls/aws/aws_mandatory_sql_wafv2_rule_group_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_wafv2_rule_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_wafv2_rule_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mandatory_sql_wafv2_web_acl_mandatory.yaml b/compliance/controls/aws/aws_mandatory_sql_wafv2_web_acl_mandatory.yaml index 6c79e2c9a..b708e597b 100644 --- a/compliance/controls/aws/aws_mandatory_sql_wafv2_web_acl_mandatory.yaml +++ b/compliance/controls/aws/aws_mandatory_sql_wafv2_web_acl_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn, title, tags ?& '{{.awsMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: aws_wafv2_web_acl ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, arn AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/aws/aws_mq_broker_restrict_public_access.yaml b/compliance/controls/aws/aws_mq_broker_restrict_public_access.yaml index 6f5342e81..7ffb45fcd 100644 --- a/compliance/controls/aws/aws_mq_broker_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_mq_broker_restrict_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_msk_cluster_encryption_in_transit_with_tls_enabled.yaml b/compliance/controls/aws/aws_msk_cluster_encryption_in_transit_with_tls_enabled.yaml index ac718af2c..4731fcef6 100644 --- a/compliance/controls/aws/aws_msk_cluster_encryption_in_transit_with_tls_enabled.yaml +++ b/compliance/controls/aws/aws_msk_cluster_encryption_in_transit_with_tls_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN provisioned -> 'EncryptionInfo' -> 'EncryptionInTransit' ->> 'ClientBroker' = 'TLS' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_audit_logging_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_audit_logging_enabled.yaml index 74770701d..fd99579bf 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_audit_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, engine, CASE WHEN enabled_cloudwatch_logs_exports @> '["audit"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_automated_backup_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_automated_backup_enabled.yaml index defbbfc87..4310f51e2 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_automated_backup_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_automated_backup_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_copy_tags_to_snapshot_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_copy_tags_to_snapshot_enabled.yaml index 4b1f67e51..0455afb15 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_copy_tags_to_snapshot_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_copy_tags_to_snapshot_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_deletion_protection_enabled.yaml index a1975d617..80aacbe17 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_encryption_at_rest_enabled.yaml index 6339593da..197928dba 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_iam_authentication_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_iam_authentication_enabled.yaml index 39570ad08..63b6d6c85 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_iam_authentication_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_iam_authentication_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_no_public_subnet.yaml b/compliance/controls/aws/aws_neptune_db_cluster_no_public_subnet.yaml index 82859df0e..89aa91d41 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_no_public_subnet.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_no_public_subnet.yaml @@ -65,8 +65,8 @@ Query: WHERE a.access = 'public' ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN s.subnet_group_name IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_snapshot_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_neptune_db_cluster_snapshot_encryption_at_rest_enabled.yaml index 1db5b738c..f3c13baf8 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_snapshot_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_snapshot_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_snapshot_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_neptune_db_cluster_snapshot_prohibit_public_access.yaml b/compliance/controls/aws/aws_neptune_db_cluster_snapshot_prohibit_public_access.yaml index e4aa4de31..1b5add92f 100644 --- a/compliance/controls/aws/aws_neptune_db_cluster_snapshot_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_neptune_db_cluster_snapshot_prohibit_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_snapshot_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cluster_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_deletion_protection_enabled.yaml index ddbe90f66..7018b1914 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN delete_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_in_vpc.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_in_vpc.yaml index 7c6f86c3b..f8d3d5340 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_in_vpc.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL OR vpc_id = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_logging_enabled.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_logging_enabled.yaml index e552392d3..9832a0d83 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_logging_enabled.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(logging_configuration) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_fragmented_packets.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_fragmented_packets.yaml index 3ed77bc47..19ead900d 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_fragmented_packets.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_fragmented_packets.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (NOT (firewall_policy -> 'StatelessFragmentDefaultActions') ? 'aws:drop' AND NOT (firewall_policy -> 'StatelessFragmentDefaultActions') ? 'aws:forward_to_sfe') THEN 'alarm' diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_full_packets.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_full_packets.yaml index c7bf170dc..3ac9bdb9b 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_full_packets.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_policy_default_stateless_action_check_full_packets.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (NOT (firewall_policy -> 'StatelessDefaultActions') ? 'aws:drop' AND NOT (firewall_policy -> 'StatelessDefaultActions') ? 'aws:forward_to_sfe') diff --git a/compliance/controls/aws/aws_networkfirewall_firewall_policy_rule_group_not_empty.yaml b/compliance/controls/aws/aws_networkfirewall_firewall_policy_rule_group_not_empty.yaml index ad9221de3..b07486ccc 100644 --- a/compliance/controls/aws/aws_networkfirewall_firewall_policy_rule_group_not_empty.yaml +++ b/compliance/controls/aws/aws_networkfirewall_firewall_policy_rule_group_not_empty.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (firewall_policy ->> 'StatefulRuleGroupReferences' IS NULL OR jsonb_array_length(firewall_policy -> 'StatefulRuleGroupReferences') = 0) AND (firewall_policy ->> 'StatelessRuleGroupReferences' IS NULL OR jsonb_array_length(firewall_policy -> 'StatelessRuleGroupReferences') = 0) THEN 'alarm' diff --git a/compliance/controls/aws/aws_networkfirewall_stateless_rule_group_not_empty.yaml b/compliance/controls/aws/aws_networkfirewall_stateless_rule_group_not_empty.yaml index 836a3f285..07475410e 100644 --- a/compliance/controls/aws/aws_networkfirewall_stateless_rule_group_not_empty.yaml +++ b/compliance/controls/aws/aws_networkfirewall_stateless_rule_group_not_empty.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type = 'STATEFUL' THEN 'skip' WHEN jsonb_array_length(rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules') > 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_audit_logging_enabled.yaml b/compliance/controls/aws/aws_opensearch_domain_audit_logging_enabled.yaml index ce491b180..02737495d 100644 --- a/compliance/controls/aws/aws_opensearch_domain_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_audit_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options -> 'AUDIT_LOGS' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_cognito_authentication_enabled_for_kibana.yaml b/compliance/controls/aws/aws_opensearch_domain_cognito_authentication_enabled_for_kibana.yaml index 732e24e2b..56f357b3e 100644 --- a/compliance/controls/aws/aws_opensearch_domain_cognito_authentication_enabled_for_kibana.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_cognito_authentication_enabled_for_kibana.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cognito_options ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_opensearch_domain_data_node_fault_tolerance.yaml b/compliance/controls/aws/aws_opensearch_domain_data_node_fault_tolerance.yaml index 94246b824..90fb348ab 100644 --- a/compliance/controls/aws/aws_opensearch_domain_data_node_fault_tolerance.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_data_node_fault_tolerance.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cluster_config ->> 'ZoneAwarenessEnabled' = 'true' AND cluster_config ->> 'InstanceCount' > '2' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_opensearch_domain_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_opensearch_domain_encryption_at_rest_enabled.yaml index 498997d3e..250c65e3e 100644 --- a/compliance/controls/aws/aws_opensearch_domain_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encryption_at_rest_options ->> 'Enabled' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_fine_grained_access_enabled.yaml b/compliance/controls/aws/aws_opensearch_domain_fine_grained_access_enabled.yaml index 9ac45def6..2a94a8047 100644 --- a/compliance/controls/aws/aws_opensearch_domain_fine_grained_access_enabled.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_fine_grained_access_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN advanced_security_options IS NULL OR NOT (advanced_security_options -> 'Enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_https_required.yaml b/compliance/controls/aws/aws_opensearch_domain_https_required.yaml index a1176081f..18df45a0c 100644 --- a/compliance/controls/aws/aws_opensearch_domain_https_required.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_https_required.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (domain_endpoint_options ->> 'EnforceHTTPS' = 'false') OR (domain_endpoint_options ->> 'EnforceHTTPS' = 'true' diff --git a/compliance/controls/aws/aws_opensearch_domain_in_vpc.yaml b/compliance/controls/aws/aws_opensearch_domain_in_vpc.yaml index f865f6a3c..49c0f936c 100644 --- a/compliance/controls/aws/aws_opensearch_domain_in_vpc.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_in_vpc.yaml @@ -24,8 +24,8 @@ Query: WHERE s IN (SELECT SubnetId FROM public_subnets) ) SELECT d.arn AS resource, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, CASE WHEN d.vpc_options ->> 'VPCId' IS NULL THEN 'alarm' WHEN d.vpc_options ->> 'VPCId' IS NOT NULL AND p.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_opensearch_domain_internal_user_database_disabled.yaml b/compliance/controls/aws/aws_opensearch_domain_internal_user_database_disabled.yaml index 48cb65b5d..23f251777 100644 --- a/compliance/controls/aws/aws_opensearch_domain_internal_user_database_disabled.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_internal_user_database_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN advanced_security_options ->> 'InternalUserDatabaseEnabled' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_logs_to_cloudwatch.yaml b/compliance/controls/aws/aws_opensearch_domain_logs_to_cloudwatch.yaml index cfa6ed9ff..68c124e3c 100644 --- a/compliance/controls/aws/aws_opensearch_domain_logs_to_cloudwatch.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_logs_to_cloudwatch.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN log_publishing_options IS NULL THEN 'alarm' WHEN diff --git a/compliance/controls/aws/aws_opensearch_domain_node_to_node_encryption_enabled.yaml b/compliance/controls/aws/aws_opensearch_domain_node_to_node_encryption_enabled.yaml index 5de24e217..bcc7a1875 100644 --- a/compliance/controls/aws/aws_opensearch_domain_node_to_node_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_node_to_node_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) THEN 'skip' WHEN node_to_node_encryption_options_enabled THEN 'ok' diff --git a/compliance/controls/aws/aws_opensearch_domain_updated_with_latest_service_software_version.yaml b/compliance/controls/aws/aws_opensearch_domain_updated_with_latest_service_software_version.yaml index d24d31bcc..48504cecd 100644 --- a/compliance/controls/aws/aws_opensearch_domain_updated_with_latest_service_software_version.yaml +++ b/compliance/controls/aws/aws_opensearch_domain_updated_with_latest_service_software_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN service_software_options ->> 'UpdateAvailable' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_organizational_tag_policies_enabled.yaml b/compliance/controls/aws/aws_organizational_tag_policies_enabled.yaml index 0f2a91424..23c0afe9f 100644 --- a/compliance/controls/aws/aws_organizational_tag_policies_enabled.yaml +++ b/compliance/controls/aws/aws_organizational_tag_policies_enabled.yaml @@ -15,8 +15,8 @@ Query: account_id, region, COUNT(*) AS count, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_organizations_policy WHERE @@ -25,12 +25,12 @@ Query: _ctx, region, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_aurora_backtracking_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_aurora_backtracking_enabled.yaml index 06d3dee20..0676dd40e 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_aurora_backtracking_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_aurora_backtracking_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine NOT ILIKE '%aurora-mysql%' THEN 'skip' WHEN backtrack_window IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_cluster_aurora_mysql_audit_logging_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_aurora_mysql_audit_logging_enabled.yaml index 0710d73ab..c4096c3cc 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_aurora_mysql_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_aurora_mysql_audit_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine NOT ILIKE '%aurora-mysql%' THEN 'skip' WHEN enabled_cloudwatch_logs_exports @> '["audit"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability.yaml b/compliance/controls/aws/aws_rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability.yaml index 6a350ea1b..3e591c0b0 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT engine ILIKE '%aurora-postgres%' THEN 'skip' WHEN engine ILIKE '%aurora-postgres%' AND engine_version LIKE ANY (ARRAY ['10.11', '10.12', '10.13', '11.6', '11.7', '11.8']) THEN 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_aurora_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_rds_db_cluster_aurora_protected_by_backup_plan.yaml index 9ec421b3c..a68db24d5 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_aurora_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_aurora_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT c.arn AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.engine NOT LIKE '%aurora%' THEN 'skip' WHEN b.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_cluster_automatic_minor_version_upgrade_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_automatic_minor_version_upgrade_enabled.yaml index 07f7db41e..e76fffa4a 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_automatic_minor_version_upgrade_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_automatic_minor_version_upgrade_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_copy_tags_to_snapshot_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_copy_tags_to_snapshot_enabled.yaml index 7bf4cd211..ed31eeee3 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_copy_tags_to_snapshot_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_copy_tags_to_snapshot_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_deletion_protection_enabled.yaml index 96f4cbf99..40871c809 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN deletion_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_encryption_at_rest_enabled.yaml index 88e019d40..29beb909b 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_events_subscription.yaml b/compliance/controls/aws/aws_rds_db_cluster_events_subscription.yaml index 7f255cdce..46dda7546 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_events_subscription.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_events_subscription.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-cluster' THEN 'skip' WHEN source_type = 'db-cluster' AND enabled AND event_categories_list @> '["failure", "maintenance"]' THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_cluster_iam_authentication_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_iam_authentication_enabled.yaml index 0681a689e..b641bcaa3 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_iam_authentication_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_iam_authentication_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_multiple_az_enabled.yaml b/compliance/controls/aws/aws_rds_db_cluster_multiple_az_enabled.yaml index 86c6a119c..f3001e0a8 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_multiple_az_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_multiple_az_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN multi_az THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_cluster_no_default_admin_name.yaml b/compliance/controls/aws/aws_rds_db_cluster_no_default_admin_name.yaml index d7b8a5836..136a7d410 100644 --- a/compliance/controls/aws/aws_rds_db_cluster_no_default_admin_name.yaml +++ b/compliance/controls/aws/aws_rds_db_cluster_no_default_admin_name.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_user_name IN ('admin', 'postgres') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml index 2b92de858..efd59dd2e 100644 --- a/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_and_cluster_enhanced_monitoring_enabled.yaml @@ -13,9 +13,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_cluster' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_cluster' AS platform_table_name, CASE WHEN enabled_cloudwatch_logs_exports IS NOT NULL THEN 'ok' ELSE 'alarm' @@ -33,9 +33,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_instance' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_instance' AS platform_table_name, CASE WHEN class = 'db.m1.small' THEN 'skip' WHEN enhanced_monitoring_resource_arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml b/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml index c937d04a8..be05df56d 100644 --- a/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_and_cluster_no_default_port.yaml @@ -13,9 +13,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_cluster' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_cluster' AS platform_table_name, CASE WHEN engine SIMILAR TO '%(aurora|mysql|mariadb)%' AND port = '3306' THEN 'alarm' WHEN engine LIKE '%postgres%' AND port = '5432' THEN 'alarm' @@ -38,9 +38,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_instance' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_instance' AS platform_table_name, CASE WHEN engine SIMILAR TO '%(aurora|mysql|mariadb)%' AND port = '3306' THEN 'alarm' WHEN engine LIKE '%postgres%' AND port = '5432' THEN 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_automatic_minor_version_upgrade_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_automatic_minor_version_upgrade_enabled.yaml index ccb35dd87..0e3abc362 100644 --- a/compliance/controls/aws/aws_rds_db_instance_automatic_minor_version_upgrade_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_automatic_minor_version_upgrade_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_minor_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_backup_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_backup_enabled.yaml index e4a0575ed..3643fd4f1 100644 --- a/compliance/controls/aws/aws_rds_db_instance_backup_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_backup_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period < 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_backup_retention_period_less_than_7.yaml b/compliance/controls/aws/aws_rds_db_instance_backup_retention_period_less_than_7.yaml index 7a28aadc8..5809d830e 100644 --- a/compliance/controls/aws/aws_rds_db_instance_backup_retention_period_less_than_7.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_backup_retention_period_less_than_7.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period < 7 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_ca_certificate_expires_7_days.yaml b/compliance/controls/aws/aws_rds_db_instance_ca_certificate_expires_7_days.yaml index added0c75..d8224205e 100644 --- a/compliance/controls/aws/aws_rds_db_instance_ca_certificate_expires_7_days.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_ca_certificate_expires_7_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN EXTRACT(DAY FROM (TO_TIMESTAMP(certificate ->> 'ValidTill', 'YYYY-MM-DDTHH:MI:SS') - CURRENT_TIMESTAMP)) <= 7 THEN 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_cloudwatch_logs_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_cloudwatch_logs_enabled.yaml index 41e502458..d5dd651b6 100644 --- a/compliance/controls/aws/aws_rds_db_instance_cloudwatch_logs_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_cloudwatch_logs_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enabled_cloudwatch_logs_exports IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_connections_encryption_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_connections_encryption_enabled.yaml index a58a2c532..f7e5a2c3d 100644 --- a/compliance/controls/aws/aws_rds_db_instance_connections_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_connections_encryption_enabled.yaml @@ -20,8 +20,8 @@ Query: i.region, i.account_id, i._ctx, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id FROM aws_rds_db_instance AS i, jsonb_array_elements(db_parameter_groups) AS g @@ -41,8 +41,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, i.engine, CASE WHEN i.engine NOT IN ('sqlserver', 'postgres') THEN 'skip' diff --git a/compliance/controls/aws/aws_rds_db_instance_copy_tags_to_snapshot_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_copy_tags_to_snapshot_enabled.yaml index ee7972ca1..8a61b6cfc 100644 --- a/compliance/controls/aws/aws_rds_db_instance_copy_tags_to_snapshot_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_copy_tags_to_snapshot_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN copy_tags_to_snapshot THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_deletion_protection_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_deletion_protection_enabled.yaml index 7d7d2302a..4a5ae0330 100644 --- a/compliance/controls/aws/aws_rds_db_instance_deletion_protection_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_deletion_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine LIKE ANY(ARRAY['aurora%', 'docdb', 'neptune']) THEN 'skip' WHEN deletion_protection THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_encryption_at_rest_enabled.yaml index 2dc68849f..31cd86cb9 100644 --- a/compliance/controls/aws/aws_rds_db_instance_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_events_subscription.yaml b/compliance/controls/aws/aws_rds_db_instance_events_subscription.yaml index 720468e22..309d06ebb 100644 --- a/compliance/controls/aws/aws_rds_db_instance_events_subscription.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_events_subscription.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-instance' THEN 'skip' WHEN source_type = 'db-instance' diff --git a/compliance/controls/aws/aws_rds_db_instance_iam_authentication_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_iam_authentication_enabled.yaml index beb3859ca..74b603b00 100644 --- a/compliance/controls/aws/aws_rds_db_instance_iam_authentication_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_iam_authentication_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN iam_database_authentication_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_in_backup_plan.yaml b/compliance/controls/aws/aws_rds_db_instance_in_backup_plan.yaml index 9d77f9204..d1f5e4b1b 100644 --- a/compliance/controls/aws/aws_rds_db_instance_in_backup_plan.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_in_backup_plan.yaml @@ -43,8 +43,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN b.db_instance_identifier IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_in_vpc.yaml b/compliance/controls/aws/aws_rds_db_instance_in_vpc.yaml index bd692caa0..a4b30e869 100644 --- a/compliance/controls/aws/aws_rds_db_instance_in_vpc.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_logging_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_logging_enabled.yaml index 40d1b0e9f..cfca6fa78 100644 --- a/compliance/controls/aws/aws_rds_db_instance_logging_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine = 'docdb' THEN 'skip' WHEN engine LIKE ANY (ARRAY['mariadb', '%mysql']) diff --git a/compliance/controls/aws/aws_rds_db_instance_multiple_az_enabled.yaml b/compliance/controls/aws/aws_rds_db_instance_multiple_az_enabled.yaml index 514b5b04a..f029f60cf 100644 --- a/compliance/controls/aws/aws_rds_db_instance_multiple_az_enabled.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_multiple_az_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine ILIKE ANY (ARRAY ['%aurora-mysql%', '%aurora-postgres%']) THEN 'skip' WHEN multi_az THEN 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_no_default_admin_name.yaml b/compliance/controls/aws/aws_rds_db_instance_no_default_admin_name.yaml index 9038f6dcc..15f20a37f 100644 --- a/compliance/controls/aws/aws_rds_db_instance_no_default_admin_name.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_no_default_admin_name.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_user_name IN ('admin', 'postgres') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability.yaml b/compliance/controls/aws/aws_rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability.yaml index 422a1f372..9d4326151 100644 --- a/compliance/controls/aws/aws_rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT engine = 'postgres' THEN 'skip' WHEN engine = 'postgres' AND engine_version LIKE ANY (ARRAY ['10.11', '10.12', '10.13', '11.6', '11.7', '11.8']) THEN 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_instance_prohibit_public_access.yaml b/compliance/controls/aws/aws_rds_db_instance_prohibit_public_access.yaml index 0bb1fbd39..eac55221c 100644 --- a/compliance/controls/aws/aws_rds_db_instance_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_prohibit_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_rds_db_instance_protected_by_backup_plan.yaml b/compliance/controls/aws/aws_rds_db_instance_protected_by_backup_plan.yaml index 98ba8b0f7..2c7ea4ee6 100644 --- a/compliance/controls/aws/aws_rds_db_instance_protected_by_backup_plan.yaml +++ b/compliance/controls/aws/aws_rds_db_instance_protected_by_backup_plan.yaml @@ -20,8 +20,8 @@ Query: ) SELECT r.arn AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_parameter_group_events_subscription.yaml b/compliance/controls/aws/aws_rds_db_parameter_group_events_subscription.yaml index a5aad33bd..281280ade 100644 --- a/compliance/controls/aws/aws_rds_db_parameter_group_events_subscription.yaml +++ b/compliance/controls/aws/aws_rds_db_parameter_group_events_subscription.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-parameter-group' THEN 'skip' WHEN source_type = 'db-parameter-group' diff --git a/compliance/controls/aws/aws_rds_db_security_group_events_subscription.yaml b/compliance/controls/aws/aws_rds_db_security_group_events_subscription.yaml index 1d0919503..bedffd196 100644 --- a/compliance/controls/aws/aws_rds_db_security_group_events_subscription.yaml +++ b/compliance/controls/aws/aws_rds_db_security_group_events_subscription.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN source_type <> 'db-security-group' THEN 'skip' WHEN source_type = 'db-security-group' diff --git a/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml b/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml index ab17d6d78..371346325 100644 --- a/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml +++ b/compliance/controls/aws/aws_rds_db_snapshot_encrypted_at_rest.yaml @@ -13,9 +13,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_cluster_snapshot' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_cluster_snapshot' AS platform_table_name, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' @@ -33,9 +33,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_snapshot' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_snapshot' AS platform_table_name, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml b/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml index ae89049a9..4fbd86ce2 100644 --- a/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_rds_db_snapshot_prohibit_public_access.yaml @@ -13,9 +13,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_cluster_snapshot' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_cluster_snapshot' AS platform_table_name, CASE WHEN cluster_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm' ELSE 'ok' @@ -34,9 +34,9 @@ Query: ( SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, - 'aws_rds_db_snapshot' AS og_table_name, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, + 'aws_rds_db_snapshot' AS platform_table_name, CASE WHEN database_snapshot -> 'AttributeValues' = '["all"]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_redshift_cluster_audit_logging_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_audit_logging_enabled.yaml index 7624a5819..0140861e6 100644 --- a/compliance/controls/aws/aws_redshift_cluster_audit_logging_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_audit_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_status ->> 'LoggingEnabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_automatic_snapshots_min_7_days.yaml b/compliance/controls/aws/aws_redshift_cluster_automatic_snapshots_min_7_days.yaml index d56574192..337010002 100644 --- a/compliance/controls/aws/aws_redshift_cluster_automatic_snapshots_min_7_days.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_automatic_snapshots_min_7_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN automated_snapshot_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_automatic_upgrade_major_versions_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_automatic_upgrade_major_versions_enabled.yaml index f810f6c45..3adf4048e 100644 --- a/compliance/controls/aws/aws_redshift_cluster_automatic_upgrade_major_versions_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_automatic_upgrade_major_versions_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN allow_version_upgrade THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_encryption_in_transit_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_encryption_in_transit_enabled.yaml index 87afea45e..f3ef55ed0 100644 --- a/compliance/controls/aws/aws_redshift_cluster_encryption_in_transit_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_encryption_in_transit_enabled.yaml @@ -24,8 +24,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN cpg ->> 'ParameterGroupName' IN (SELECT pg_name FROM pg_with_ssl) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_encryption_logging_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_encryption_logging_enabled.yaml index 834154aa4..ec743f541 100644 --- a/compliance/controls/aws/aws_redshift_cluster_encryption_logging_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_encryption_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT encrypted THEN 'alarm' WHEN NOT (logging_status ->> 'LoggingEnabled')::BOOLEAN THEN 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_enhanced_vpc_routing_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_enhanced_vpc_routing_enabled.yaml index b2e7bed1f..be83c064f 100644 --- a/compliance/controls/aws/aws_redshift_cluster_enhanced_vpc_routing_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_enhanced_vpc_routing_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enhanced_vpc_routing THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_kms_enabled.yaml b/compliance/controls/aws/aws_redshift_cluster_kms_enabled.yaml index 63867b26f..deb3b8dad 100644 --- a/compliance/controls/aws/aws_redshift_cluster_kms_enabled.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_kms_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN encrypted AND kms_key_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_maintenance_settings_check.yaml b/compliance/controls/aws/aws_redshift_cluster_maintenance_settings_check.yaml index 3670ca80d..7af815eeb 100644 --- a/compliance/controls/aws/aws_redshift_cluster_maintenance_settings_check.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_maintenance_settings_check.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN allow_version_upgrade AND automated_snapshot_retention_period >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_redshift_cluster_no_default_admin_name.yaml b/compliance/controls/aws/aws_redshift_cluster_no_default_admin_name.yaml index d67772613..976a09124 100644 --- a/compliance/controls/aws/aws_redshift_cluster_no_default_admin_name.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_no_default_admin_name.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN master_username = 'awsuser' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_redshift_cluster_no_default_database_name.yaml b/compliance/controls/aws/aws_redshift_cluster_no_default_database_name.yaml index e28cccf93..ebc011ec4 100644 --- a/compliance/controls/aws/aws_redshift_cluster_no_default_database_name.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_no_default_database_name.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN db_name = 'dev' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_redshift_cluster_prohibit_public_access.yaml b/compliance/controls/aws/aws_redshift_cluster_prohibit_public_access.yaml index 4031f36bf..cc8427948 100644 --- a/compliance/controls/aws/aws_redshift_cluster_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_redshift_cluster_prohibit_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_namespace_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_root_accounts_needs_to_have_mfa.yaml b/compliance/controls/aws/aws_root_accounts_needs_to_have_mfa.yaml index aa3745f87..3eb2bffb2 100644 --- a/compliance/controls/aws/aws_root_accounts_needs_to_have_mfa.yaml +++ b/compliance/controls/aws/aws_root_accounts_needs_to_have_mfa.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT mfa_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_route53_domain_auto_renew_enabled.yaml b/compliance/controls/aws/aws_route53_domain_auto_renew_enabled.yaml index cae21345e..15d04be49 100644 --- a/compliance/controls/aws/aws_route53_domain_auto_renew_enabled.yaml +++ b/compliance/controls/aws/aws_route53_domain_auto_renew_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN auto_renew THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_route53_domain_expires_30_days.yaml b/compliance/controls/aws/aws_route53_domain_expires_30_days.yaml index b8310f61d..812c305eb 100644 --- a/compliance/controls/aws/aws_route53_domain_expires_30_days.yaml +++ b/compliance/controls/aws/aws_route53_domain_expires_30_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN DATE(expiration_date) - DATE(current_date) >= 30 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_route53_domain_expires_7_days.yaml b/compliance/controls/aws/aws_route53_domain_expires_7_days.yaml index 65246c238..1f41d1f38 100644 --- a/compliance/controls/aws/aws_route53_domain_expires_7_days.yaml +++ b/compliance/controls/aws/aws_route53_domain_expires_7_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN DATE(expiration_date) - DATE(current_date) >= 7 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_route53_domain_not_expired.yaml b/compliance/controls/aws/aws_route53_domain_not_expired.yaml index a37fb235f..8752310bf 100644 --- a/compliance/controls/aws/aws_route53_domain_not_expired.yaml +++ b/compliance/controls/aws/aws_route53_domain_not_expired.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN expiration_date < (CURRENT_DATE - INTERVAL '1' MINUTE) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_route53_domain_privacy_protection_enabled.yaml b/compliance/controls/aws/aws_route53_domain_privacy_protection_enabled.yaml index 49367012d..bc64dc689 100644 --- a/compliance/controls/aws/aws_route53_domain_privacy_protection_enabled.yaml +++ b/compliance/controls/aws/aws_route53_domain_privacy_protection_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN admin_privacy THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_route53_domain_transfer_lock_enabled.yaml b/compliance/controls/aws/aws_route53_domain_transfer_lock_enabled.yaml index c00470523..502776adf 100644 --- a/compliance/controls/aws/aws_route53_domain_transfer_lock_enabled.yaml +++ b/compliance/controls/aws/aws_route53_domain_transfer_lock_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN transfer_lock THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_route53_zone_query_logging_enabled.yaml b/compliance/controls/aws/aws_route53_zone_query_logging_enabled.yaml index 29b3351d0..77cb34dbc 100644 --- a/compliance/controls/aws/aws_route53_zone_query_logging_enabled.yaml +++ b/compliance/controls/aws/aws_route53_zone_query_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN private_zone THEN 'skip' WHEN query_logging_configs IS NOT NULL OR jsonb_array_length(query_logging_configs) > 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_access_point_restrict_public_access.yaml b/compliance/controls/aws/aws_s3_access_point_restrict_public_access.yaml index 99ddd8793..f6a0aec3e 100644 --- a/compliance/controls/aws/aws_s3_access_point_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_s3_access_point_restrict_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_point_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_s3_bucket_acls_should_prohibit_user_access.yaml b/compliance/controls/aws/aws_s3_bucket_acls_should_prohibit_user_access.yaml index dcd9dbd38..ab08dcbf3 100644 --- a/compliance/controls/aws/aws_s3_bucket_acls_should_prohibit_user_access.yaml +++ b/compliance/controls/aws/aws_s3_bucket_acls_should_prohibit_user_access.yaml @@ -18,8 +18,8 @@ Query: object_ownership_controls, region, account_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, tags FROM @@ -32,8 +32,8 @@ Query: region, account_id, object_ownership_controls, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, _ctx, tags ), @@ -45,8 +45,8 @@ Query: object_ownership_controls, region, account_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, tags FROM @@ -54,8 +54,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN object_ownership_controls -> 'Rules' @> '[{"ObjectOwnership": "BucketOwnerEnforced"}]' THEN 'ok' WHEN JSONB_ARRAY_LENGTH(additional_permissions) = 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_cross_region_replication_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_cross_region_replication_enabled.yaml index 04495adcb..91adfc80b 100644 --- a/compliance/controls/aws/aws_s3_bucket_cross_region_replication_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_cross_region_replication_enabled.yaml @@ -19,8 +19,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.name = r.name AND r.rep_status = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled.yaml index 4047fd1c6..b9e83f586 100644 --- a/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN server_side_encryption_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled_kms.yaml b/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled_kms.yaml index 6950422e6..910f07464 100644 --- a/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled_kms.yaml +++ b/compliance/controls/aws/aws_s3_bucket_default_encryption_enabled_kms.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN d.name IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_enforces_ssl.yaml b/compliance/controls/aws/aws_s3_bucket_enforces_ssl.yaml index 3bec2a381..0de05be5d 100644 --- a/compliance/controls/aws/aws_s3_bucket_enforces_ssl.yaml +++ b/compliance/controls/aws/aws_s3_bucket_enforces_ssl.yaml @@ -28,8 +28,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN ok.status = 'ok' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_event_notifications_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_event_notifications_enabled.yaml index ce78dd98a..88716c6f1 100644 --- a/compliance/controls/aws/aws_s3_bucket_event_notifications_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_event_notifications_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN event_notification_configuration ->> 'EventBridgeConfiguration' IS NULL AND event_notification_configuration ->> 'LambdaFunctionConfigurations' IS NULL diff --git a/compliance/controls/aws/aws_s3_bucket_lifecycle_policy_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_lifecycle_policy_enabled.yaml index c2fe39be0..133ed286c 100644 --- a/compliance/controls/aws/aws_s3_bucket_lifecycle_policy_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_lifecycle_policy_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN r.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_logging_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_logging_enabled.yaml index 40a83dadd..4bd813ed0 100644 --- a/compliance/controls/aws/aws_s3_bucket_logging_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging -> 'TargetBucket' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_mfa_delete_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_mfa_delete_enabled.yaml index 43340815f..a16cabb64 100644 --- a/compliance/controls/aws/aws_s3_bucket_mfa_delete_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_mfa_delete_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_mfa_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_not_accessible_to_all_authenticated_user.yaml b/compliance/controls/aws/aws_s3_bucket_not_accessible_to_all_authenticated_user.yaml index b1c859dae..0f04ea3c3 100644 --- a/compliance/controls/aws/aws_s3_bucket_not_accessible_to_all_authenticated_user.yaml +++ b/compliance/controls/aws/aws_s3_bucket_not_accessible_to_all_authenticated_user.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN p.name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_object_lock_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_object_lock_enabled.yaml index d4044f3dc..c2f9a5849 100644 --- a/compliance/controls/aws/aws_s3_bucket_object_lock_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_object_lock_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN object_lock_configuration IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_policy_restrict_public_access.yaml b/compliance/controls/aws/aws_s3_bucket_policy_restrict_public_access.yaml index e97299205..715bfdb1b 100644 --- a/compliance/controls/aws/aws_s3_bucket_policy_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_s3_bucket_policy_restrict_public_access.yaml @@ -25,8 +25,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.policy_std IS NULL THEN 'info' WHEN p.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_policy_restricts_cross_account_permission_changes.yaml b/compliance/controls/aws/aws_s3_bucket_policy_restricts_cross_account_permission_changes.yaml index 295eb661d..0ef53b8a7 100644 --- a/compliance/controls/aws/aws_s3_bucket_policy_restricts_cross_account_permission_changes.yaml +++ b/compliance/controls/aws/aws_s3_bucket_policy_restricts_cross_account_permission_changes.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_bucket_protected_by_macie.yaml b/compliance/controls/aws/aws_s3_bucket_protected_by_macie.yaml index 0c1b8808b..4b1fd2be7 100644 --- a/compliance/controls/aws/aws_s3_bucket_protected_by_macie.yaml +++ b/compliance/controls/aws/aws_s3_bucket_protected_by_macie.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN b.region = ANY(ARRAY['us-gov-east-1', 'us-gov-west-1']) THEN 'skip' WHEN l.bucket_name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_restrict_public_read_access.yaml b/compliance/controls/aws/aws_s3_bucket_restrict_public_read_access.yaml index 7689805a2..39871a25a 100644 --- a/compliance/controls/aws/aws_s3_bucket_restrict_public_read_access.yaml +++ b/compliance/controls/aws/aws_s3_bucket_restrict_public_read_access.yaml @@ -58,8 +58,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN (block_public_acls OR a.name IS NULL) AND NOT bucket_policy_is_public THEN 'ok' WHEN (block_public_acls OR a.name IS NULL) AND (bucket_policy_is_public AND block_public_policy) THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_restrict_public_write_access.yaml b/compliance/controls/aws/aws_s3_bucket_restrict_public_write_access.yaml index bfe06bcb6..f647680cc 100644 --- a/compliance/controls/aws/aws_s3_bucket_restrict_public_write_access.yaml +++ b/compliance/controls/aws/aws_s3_bucket_restrict_public_write_access.yaml @@ -44,8 +44,8 @@ Query: OR action ILIKE 's3:restore%') ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN (block_public_acls OR a.name IS NULL) AND NOT bucket_policy_is_public THEN 'ok' WHEN (block_public_acls OR a.name IS NULL) AND (bucket_policy_is_public AND block_public_policy) THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_static_website_hosting_disabled.yaml b/compliance/controls/aws/aws_s3_bucket_static_website_hosting_disabled.yaml index d3b2c93bd..2aeadc817 100644 --- a/compliance/controls/aws/aws_s3_bucket_static_website_hosting_disabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_static_website_hosting_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN website_configuration -> 'IndexDocument' ->> 'Suffix' IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_versioning_and_lifecycle_policy_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_versioning_and_lifecycle_policy_enabled.yaml index e1cd900c7..2329abf93 100644 --- a/compliance/controls/aws/aws_s3_bucket_versioning_and_lifecycle_policy_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_versioning_and_lifecycle_policy_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT b.arn AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN NOT versioning_enabled THEN 'alarm' WHEN versioning_enabled AND r.arn IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_s3_bucket_versioning_enabled.yaml b/compliance/controls/aws/aws_s3_bucket_versioning_enabled.yaml index c28f7793e..2dd3f0d06 100644 --- a/compliance/controls/aws/aws_s3_bucket_versioning_enabled.yaml +++ b/compliance/controls/aws/aws_s3_bucket_versioning_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN versioning_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_s3_public_access_block_account.yaml b/compliance/controls/aws/aws_s3_public_access_block_account.yaml index af4fef61c..481add4d9 100644 --- a/compliance/controls/aws/aws_s3_public_access_block_account.yaml +++ b/compliance/controls/aws/aws_s3_public_access_block_account.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn' || ':' || 'aws' || ':::' || account_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_s3_public_access_block_bucket.yaml b/compliance/controls/aws/aws_s3_public_access_block_bucket.yaml index 2cb2ae193..54618393e 100644 --- a/compliance/controls/aws/aws_s3_public_access_block_bucket.yaml +++ b/compliance/controls/aws/aws_s3_public_access_block_bucket.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN block_public_acls AND block_public_policy diff --git a/compliance/controls/aws/aws_s3_public_access_block_bucket_account.yaml b/compliance/controls/aws/aws_s3_public_access_block_bucket_account.yaml index 23287e760..5c62e8cde 100644 --- a/compliance/controls/aws/aws_s3_public_access_block_bucket_account.yaml +++ b/compliance/controls/aws/aws_s3_public_access_block_bucket_account.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT bucket.arn AS resource, - bucket.og_account_id AS og_account_id, - bucket.og_resource_id AS og_resource_id, + bucket.platform_account_id AS platform_account_id, + bucket.platform_resource_id AS platform_resource_id, CASE WHEN (bucket.block_public_acls OR s3account.block_public_acls) AND (bucket.block_public_policy OR s3account.block_public_policy) diff --git a/compliance/controls/aws/aws_sagemaker_endpoint_configuration_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_sagemaker_endpoint_configuration_encryption_at_rest_enabled.yaml index eba234778..507841065 100644 --- a/compliance/controls/aws/aws_sagemaker_endpoint_configuration_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_endpoint_configuration_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sagemaker_model_in_vpc.yaml b/compliance/controls/aws/aws_sagemaker_model_in_vpc.yaml index e87bc9d9a..9c1b2c78f 100644 --- a/compliance/controls/aws/aws_sagemaker_model_in_vpc.yaml +++ b/compliance/controls/aws/aws_sagemaker_model_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_config IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_model_network_isolation_enabled.yaml b/compliance/controls/aws/aws_sagemaker_model_network_isolation_enabled.yaml index 29224ba33..2c3f296b3 100644 --- a/compliance/controls/aws/aws_sagemaker_model_network_isolation_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_model_network_isolation_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enable_network_isolation THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_notebook_instance_direct_internet_access_disabled.yaml b/compliance/controls/aws/aws_sagemaker_notebook_instance_direct_internet_access_disabled.yaml index 4b77710a1..f61f75fb4 100644 --- a/compliance/controls/aws/aws_sagemaker_notebook_instance_direct_internet_access_disabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_notebook_instance_direct_internet_access_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN direct_internet_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sagemaker_notebook_instance_encrypted_with_kms_cmk.yaml b/compliance/controls/aws/aws_sagemaker_notebook_instance_encrypted_with_kms_cmk.yaml index 74b5fab7f..565d2774d 100644 --- a/compliance/controls/aws/aws_sagemaker_notebook_instance_encrypted_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_sagemaker_notebook_instance_encrypted_with_kms_cmk.yaml @@ -19,8 +19,8 @@ Query: title, tags, _ctx, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_sagemaker_notebook_instance ), kms_keys AS ( @@ -33,8 +33,8 @@ Query: ) SELECT i.arn AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' WHEN k.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/aws/aws_sagemaker_notebook_instance_encryption_at_rest_enabled.yaml b/compliance/controls/aws/aws_sagemaker_notebook_instance_encryption_at_rest_enabled.yaml index 9d1841ce0..a8f289114 100644 --- a/compliance/controls/aws/aws_sagemaker_notebook_instance_encryption_at_rest_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_notebook_instance_encryption_at_rest_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sagemaker_notebook_instance_in_vpc.yaml b/compliance/controls/aws/aws_sagemaker_notebook_instance_in_vpc.yaml index 8c712138e..26c39cc78 100644 --- a/compliance/controls/aws/aws_sagemaker_notebook_instance_in_vpc.yaml +++ b/compliance/controls/aws/aws_sagemaker_notebook_instance_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN subnet_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_notebook_instance_root_access_disabled.yaml b/compliance/controls/aws/aws_sagemaker_notebook_instance_root_access_disabled.yaml index 178d2557c..cdb3ea760 100644 --- a/compliance/controls/aws/aws_sagemaker_notebook_instance_root_access_disabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_notebook_instance_root_access_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN root_access = 'Disabled' THEN 'OK' ELSE 'ALARM' diff --git a/compliance/controls/aws/aws_sagemaker_training_job_in_vpc.yaml b/compliance/controls/aws/aws_sagemaker_training_job_in_vpc.yaml index 7c77bebdb..f7ff45ede 100644 --- a/compliance/controls/aws/aws_sagemaker_training_job_in_vpc.yaml +++ b/compliance/controls/aws/aws_sagemaker_training_job_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_config IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_training_job_inter_container_traffic_encryption_enabled.yaml b/compliance/controls/aws/aws_sagemaker_training_job_inter_container_traffic_encryption_enabled.yaml index 167a3dc4d..c54d033a1 100644 --- a/compliance/controls/aws/aws_sagemaker_training_job_inter_container_traffic_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_training_job_inter_container_traffic_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enable_inter_container_traffic_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_training_job_network_isolation_enabled.yaml b/compliance/controls/aws/aws_sagemaker_training_job_network_isolation_enabled.yaml index bb8ba689a..c1cefd8e7 100644 --- a/compliance/controls/aws/aws_sagemaker_training_job_network_isolation_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_training_job_network_isolation_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enable_network_isolation THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sagemaker_training_job_volume_and_data_encryption_enabled.yaml b/compliance/controls/aws/aws_sagemaker_training_job_volume_and_data_encryption_enabled.yaml index cf9943c0b..8a5bf96e6 100644 --- a/compliance/controls/aws/aws_sagemaker_training_job_volume_and_data_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_sagemaker_training_job_volume_and_data_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN output_data_config ->> 'KmsKeyId' IS NULL OR output_data_config ->> 'KmsKeyId' = '' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_enabled.yaml b/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_enabled.yaml index 14ce7aea8..e310344a9 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_enabled.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rotation_rules IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_lambda_enabled.yaml b/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_lambda_enabled.yaml index 98def219b..6c826007d 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_lambda_enabled.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_automatic_rotation_lambda_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rotation_rules IS NOT NULL AND rotation_lambda_arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_encrypted_with_kms_cmk.yaml b/compliance/controls/aws/aws_secretsmanager_secret_encrypted_with_kms_cmk.yaml index bc25dc331..101f9ed9d 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_encrypted_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_encrypted_with_kms_cmk.yaml @@ -23,8 +23,8 @@ Query: ) SELECT s.arn AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN kms_key_id IS NULL OR kms_key_id = 'alias/aws/secretsmanager' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_last_changed_90_day.yaml b/compliance/controls/aws/aws_secretsmanager_secret_last_changed_90_day.yaml index fe8531304..1c2e086e2 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_last_changed_90_day.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_last_changed_90_day.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN last_changed_date IS NULL THEN 'alarm' WHEN DATE(current_date) - DATE(last_changed_date) <= 90 THEN 'ok' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_last_used_1_day.yaml b/compliance/controls/aws/aws_secretsmanager_secret_last_used_1_day.yaml index 15ad41631..ba4ec71df 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_last_used_1_day.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_last_used_1_day.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN DATE(last_accessed_date) - DATE(created_date) >= 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_rotated_as_scheduled.yaml b/compliance/controls/aws/aws_secretsmanager_secret_rotated_as_scheduled.yaml index 1a5caf05a..6b482c019 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_rotated_as_scheduled.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_rotated_as_scheduled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN primary_region IS NOT NULL AND region != primary_region THEN 'skip' WHEN rotation_rules IS NULL THEN 'alarm' diff --git a/compliance/controls/aws/aws_secretsmanager_secret_unused_90_day.yaml b/compliance/controls/aws/aws_secretsmanager_secret_unused_90_day.yaml index 7dc85dd6c..a274badb4 100644 --- a/compliance/controls/aws/aws_secretsmanager_secret_unused_90_day.yaml +++ b/compliance/controls/aws/aws_secretsmanager_secret_unused_90_day.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN last_accessed_date IS NULL THEN 'alarm' WHEN DATE(current_date) - DATE(last_accessed_date) <= 90 THEN 'ok' diff --git a/compliance/controls/aws/aws_securityhub_enabled.yaml b/compliance/controls/aws/aws_securityhub_enabled.yaml index eff7438e6..85a9ba31c 100644 --- a/compliance/controls/aws/aws_securityhub_enabled.yaml +++ b/compliance/controls/aws/aws_securityhub_enabled.yaml @@ -14,8 +14,8 @@ Query: WITH regions AS ( SELECT 'arn:' || r.partition || '::' || r.region || ':' || r.account_id AS resource, - r.og_account_id AS og_account_id, - r.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + r.platform_resource_id AS platform_resource_id, CASE WHEN r.region = ANY(ARRAY['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1', 'ap-northeast-3']) THEN 1 WHEN r.opt_in_status = 'not-opted-in' THEN 1 @@ -37,8 +37,8 @@ Query: results AS ( SELECT account_id AS resource, - og_account_id AS og_account_id, - og_account_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_account_id AS platform_resource_id, CASE WHEN MAX(status) = 2 THEN 'alarm' WHEN MAX(status) = 1 THEN 'skip' @@ -50,16 +50,16 @@ Query: WHEN MAX(status) = 0 THEN 'SecurityHub is enabled for this account on regions: [' || STRING_AGG(region, ',') || ']' END AS reason FROM regions - GROUP BY account_id, og_account_id + GROUP BY account_id, platform_account_id ) SELECT r.resource AS resource, - r.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + r.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, r.status AS status, r.reason AS reason FROM results AS r - JOIN aws_account AS a ON r.og_account_id = a.og_account_id + JOIN aws_account AS a ON r.platform_account_id = a.platform_account_id Severity: low Tags: category: diff --git a/compliance/controls/aws/aws_sfn_state_machine_logging_enabled.yaml b/compliance/controls/aws/aws_sfn_state_machine_logging_enabled.yaml index 6bae24bc5..98703db20 100644 --- a/compliance/controls/aws/aws_sfn_state_machine_logging_enabled.yaml +++ b/compliance/controls/aws/aws_sfn_state_machine_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_configuration ->> 'Level' = 'OFF' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sns_topic_encrypted_at_rest.yaml b/compliance/controls/aws/aws_sns_topic_encrypted_at_rest.yaml index 345390680..9edb7eb42 100644 --- a/compliance/controls/aws/aws_sns_topic_encrypted_at_rest.yaml +++ b/compliance/controls/aws/aws_sns_topic_encrypted_at_rest.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT topic_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_master_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sns_topic_notification_delivery_status_enabled.yaml b/compliance/controls/aws/aws_sns_topic_notification_delivery_status_enabled.yaml index fc4bb8611..74b5a4538 100644 --- a/compliance/controls/aws/aws_sns_topic_notification_delivery_status_enabled.yaml +++ b/compliance/controls/aws/aws_sns_topic_notification_delivery_status_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT topic_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN application_failure_feedback_role_arn IS NULL AND firehose_failure_feedback_role_arn IS NULL diff --git a/compliance/controls/aws/aws_sns_topic_policy_prohibit_cross_account_access.yaml b/compliance/controls/aws/aws_sns_topic_policy_prohibit_cross_account_access.yaml index 825123997..0f53902e0 100644 --- a/compliance/controls/aws/aws_sns_topic_policy_prohibit_cross_account_access.yaml +++ b/compliance/controls/aws/aws_sns_topic_policy_prohibit_cross_account_access.yaml @@ -29,8 +29,8 @@ Query: ) SELECT t.topic_arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN p.topic_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sns_topic_policy_prohibit_public_access.yaml b/compliance/controls/aws/aws_sns_topic_policy_prohibit_public_access.yaml index b50552062..d02267a85 100644 --- a/compliance/controls/aws/aws_sns_topic_policy_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_sns_topic_policy_prohibit_public_access.yaml @@ -27,8 +27,8 @@ Query: ) SELECT t.topic_arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN p.topic_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sns_topic_policy_prohibit_publishing_access.yaml b/compliance/controls/aws/aws_sns_topic_policy_prohibit_publishing_access.yaml index 9798df1d2..16c1fefb8 100644 --- a/compliance/controls/aws/aws_sns_topic_policy_prohibit_publishing_access.yaml +++ b/compliance/controls/aws/aws_sns_topic_policy_prohibit_publishing_access.yaml @@ -30,8 +30,8 @@ Query: ) SELECT t.topic_arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN p.topic_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sns_topic_policy_prohibit_subscription_access.yaml b/compliance/controls/aws/aws_sns_topic_policy_prohibit_subscription_access.yaml index 9c1146ca7..6b0de4b59 100644 --- a/compliance/controls/aws/aws_sns_topic_policy_prohibit_subscription_access.yaml +++ b/compliance/controls/aws/aws_sns_topic_policy_prohibit_subscription_access.yaml @@ -30,8 +30,8 @@ Query: ) SELECT t.topic_arn AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN p.topic_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sqs_queue_dead_letter_queue_configured.yaml b/compliance/controls/aws/aws_sqs_queue_dead_letter_queue_configured.yaml index 057f46e11..9ba20a352 100644 --- a/compliance/controls/aws/aws_sqs_queue_dead_letter_queue_configured.yaml +++ b/compliance/controls/aws/aws_sqs_queue_dead_letter_queue_configured.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT queue_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN redrive_policy IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sqs_queue_encrypted_at_rest.yaml b/compliance/controls/aws/aws_sqs_queue_encrypted_at_rest.yaml index d57249b1b..fd5a0a8b6 100644 --- a/compliance/controls/aws/aws_sqs_queue_encrypted_at_rest.yaml +++ b/compliance/controls/aws/aws_sqs_queue_encrypted_at_rest.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT queue_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_master_key_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_sqs_queue_encrypted_with_kms_cmk.yaml b/compliance/controls/aws/aws_sqs_queue_encrypted_with_kms_cmk.yaml index a95c46c1d..93c42a046 100644 --- a/compliance/controls/aws/aws_sqs_queue_encrypted_with_kms_cmk.yaml +++ b/compliance/controls/aws/aws_sqs_queue_encrypted_with_kms_cmk.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT queue_arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN kms_master_key_id IS NULL THEN 'alarm' WHEN kms_master_key_id IS NOT NULL AND kms_master_key_id = 'alias/aws/sqs' THEN 'alarm' diff --git a/compliance/controls/aws/aws_sqs_queue_policy_prohibit_public_access.yaml b/compliance/controls/aws/aws_sqs_queue_policy_prohibit_public_access.yaml index 5798ea737..e195abc98 100644 --- a/compliance/controls/aws/aws_sqs_queue_policy_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_sqs_queue_policy_prohibit_public_access.yaml @@ -27,8 +27,8 @@ Query: ) SELECT q.queue_arn AS resource, - q.og_account_id AS og_account_id, - q.og_resource_id AS og_resource_id, + q.platform_account_id AS platform_account_id, + q.platform_resource_id AS platform_resource_id, CASE WHEN p.queue_arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ssm_document_prohibit_public_access.yaml b/compliance/controls/aws/aws_ssm_document_prohibit_public_access.yaml index 04a334094..0137436b5 100644 --- a/compliance/controls/aws/aws_ssm_document_prohibit_public_access.yaml +++ b/compliance/controls/aws/aws_ssm_document_prohibit_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ssm:' || region || ':' || account_id || ':document/' || name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN account_ids :: jsonb ? 'all' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_ssm_managed_instance_compliance_association_compliant.yaml b/compliance/controls/aws/aws_ssm_managed_instance_compliance_association_compliant.yaml index b192a6914..e303a360a 100644 --- a/compliance/controls/aws/aws_ssm_managed_instance_compliance_association_compliant.yaml +++ b/compliance/controls/aws/aws_ssm_managed_instance_compliance_association_compliant.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.status = 'COMPLIANT' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ssm_managed_instance_compliance_patch_compliant.yaml b/compliance/controls/aws/aws_ssm_managed_instance_compliance_patch_compliant.yaml index 7f5d116be..eae513c31 100644 --- a/compliance/controls/aws/aws_ssm_managed_instance_compliance_patch_compliant.yaml +++ b/compliance/controls/aws/aws_ssm_managed_instance_compliance_patch_compliant.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.status = 'COMPLIANT' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_ssm_parameter_encryption_enabled.yaml b/compliance/controls/aws/aws_ssm_parameter_encryption_enabled.yaml index ee282335f..340ec4e65 100644 --- a/compliance/controls/aws/aws_ssm_parameter_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_ssm_parameter_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN type = 'SecureString' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_sso_users_with_permission_assignments_are_required_to_have_MFA_on_AzureAD.yaml b/compliance/controls/aws/aws_sso_users_with_permission_assignments_are_required_to_have_MFA_on_AzureAD.yaml index 0a45c29bc..f35c9d49e 100644 --- a/compliance/controls/aws/aws_sso_users_with_permission_assignments_are_required_to_have_MFA_on_AzureAD.yaml +++ b/compliance/controls/aws/aws_sso_users_with_permission_assignments_are_required_to_have_MFA_on_AzureAD.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT iden.id AS resource, - iden.og_account_id, - iden.og_resource_id, + iden.platform_account_id, + iden.platform_resource_id, CASE WHEN is_mfa_registered::BOOL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_configured_to_use_vpc_endpoints.yaml b/compliance/controls/aws/aws_vpc_configured_to_use_vpc_endpoints.yaml index 9c56d5305..9c62c7766 100644 --- a/compliance/controls/aws/aws_vpc_configured_to_use_vpc_endpoints.yaml +++ b/compliance/controls/aws/aws_vpc_configured_to_use_vpc_endpoints.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN vpc_id NOT IN ( SELECT diff --git a/compliance/controls/aws/aws_vpc_default_security_group_restricts_all_traffic.yaml b/compliance/controls/aws/aws_vpc_default_security_group_restricts_all_traffic.yaml index aa6f8e9d3..8e1d384c0 100644 --- a/compliance/controls/aws/aws_vpc_default_security_group_restricts_all_traffic.yaml +++ b/compliance/controls/aws/aws_vpc_default_security_group_restricts_all_traffic.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(ip_permissions) = 0 AND jsonb_array_length(ip_permissions_egress) = 0 THEN 'ok' diff --git a/compliance/controls/aws/aws_vpc_eip_associated.yaml b/compliance/controls/aws/aws_vpc_eip_associated.yaml index 1bb23c3cf..394df1d6d 100644 --- a/compliance/controls/aws/aws_vpc_eip_associated.yaml +++ b/compliance/controls/aws/aws_vpc_eip_associated.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':eip/' || allocation_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN association_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_vpc_endpoint_service_acceptance_required_enabled.yaml b/compliance/controls/aws/aws_vpc_endpoint_service_acceptance_required_enabled.yaml index f5a29a289..3b4df937e 100644 --- a/compliance/controls/aws/aws_vpc_endpoint_service_acceptance_required_enabled.yaml +++ b/compliance/controls/aws/aws_vpc_endpoint_service_acceptance_required_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT service_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN acceptance_required THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_flow_logs_enabled.yaml b/compliance/controls/aws/aws_vpc_flow_logs_enabled.yaml index b779f3622..ca1552cd5 100644 --- a/compliance/controls/aws/aws_vpc_flow_logs_enabled.yaml +++ b/compliance/controls/aws/aws_vpc_flow_logs_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT v.arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_vpc_gateway_endpoint_restrict_public_access.yaml b/compliance/controls/aws/aws_vpc_gateway_endpoint_restrict_public_access.yaml index 1e65ef185..7eefe5cb7 100644 --- a/compliance/controls/aws/aws_vpc_gateway_endpoint_restrict_public_access.yaml +++ b/compliance/controls/aws/aws_vpc_gateway_endpoint_restrict_public_access.yaml @@ -29,8 +29,8 @@ Query: ) SELECT e.vpc_endpoint_id AS resource, - e.og_account_id AS og_account_id, - e.og_resource_id AS og_resource_id, + e.platform_account_id AS platform_account_id, + e.platform_resource_id AS platform_resource_id, CASE WHEN e.vpc_endpoint_type <> 'Gateway' THEN 'skip' WHEN p.vpc_endpoint_id IS NULL THEN 'ok' diff --git a/compliance/controls/aws/aws_vpc_igw_attached_to_authorized_vpc.yaml b/compliance/controls/aws/aws_vpc_igw_attached_to_authorized_vpc.yaml index 3ecb65e36..0f164758b 100644 --- a/compliance/controls/aws/aws_vpc_igw_attached_to_authorized_vpc.yaml +++ b/compliance/controls/aws/aws_vpc_igw_attached_to_authorized_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':internet-gateway/' || title AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(attachments) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml b/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml index 1d7da0698..79ee8c074 100644 --- a/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml +++ b/compliance/controls/aws/aws_vpc_in_more_than_one_region.yaml @@ -28,8 +28,8 @@ Query: ) SELECT arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN v.num > 1 THEN 'ok' WHEN v.num = 1 THEN 'alarm' diff --git a/compliance/controls/aws/aws_vpc_network_acl_remote_administration.yaml b/compliance/controls/aws/aws_vpc_network_acl_remote_administration.yaml index a5d2724d1..71775a481 100644 --- a/compliance/controls/aws/aws_vpc_network_acl_remote_administration.yaml +++ b/compliance/controls/aws/aws_vpc_network_acl_remote_administration.yaml @@ -44,8 +44,8 @@ Query: ) SELECT 'arn:' || acl.partition || ':ec2:' || acl.region || ':' || acl.account_id || ':network-acl/' || acl.network_acl_id AS resource, - acl.og_account_id AS og_account_id, - acl.og_resource_id AS og_resource_id, + acl.platform_account_id AS platform_account_id, + acl.platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.network_acl_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_network_acl_unused.yaml b/compliance/controls/aws/aws_vpc_network_acl_unused.yaml index e68f6c7ca..79f93d8de 100644 --- a/compliance/controls/aws/aws_vpc_network_acl_unused.yaml +++ b/compliance/controls/aws/aws_vpc_network_acl_unused.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT network_acl_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(associations) >= 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_not_in_use.yaml b/compliance/controls/aws/aws_vpc_not_in_use.yaml index e1001d758..235943089 100644 --- a/compliance/controls/aws/aws_vpc_not_in_use.yaml +++ b/compliance/controls/aws/aws_vpc_not_in_use.yaml @@ -20,8 +20,8 @@ Query: ) SELECT arn AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN s.vpc_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_peering_connection_no_cross_account_access.yaml b/compliance/controls/aws/aws_vpc_peering_connection_no_cross_account_access.yaml index f7057fb6f..c374c0d49 100644 --- a/compliance/controls/aws/aws_vpc_peering_connection_no_cross_account_access.yaml +++ b/compliance/controls/aws/aws_vpc_peering_connection_no_cross_account_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status_code <> 'active' THEN 'alarm' WHEN requester_owner_id <> accepter_owner_id THEN 'alarm' diff --git a/compliance/controls/aws/aws_vpc_peering_connection_route_table_least_privilege.yaml b/compliance/controls/aws/aws_vpc_peering_connection_route_table_least_privilege.yaml index 8f0cedefb..b42c84ed2 100644 --- a/compliance/controls/aws/aws_vpc_peering_connection_route_table_least_privilege.yaml +++ b/compliance/controls/aws/aws_vpc_peering_connection_route_table_least_privilege.yaml @@ -28,8 +28,8 @@ Query: ) SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN t.peering_connection_id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_vpc_route_table_restrict_public_access_to_igw.yaml b/compliance/controls/aws/aws_vpc_route_table_restrict_public_access_to_igw.yaml index dc6fd90e5..56a0aadb3 100644 --- a/compliance/controls/aws/aws_vpc_route_table_restrict_public_access_to_igw.yaml +++ b/compliance/controls/aws/aws_vpc_route_table_restrict_public_access_to_igw.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.route_table_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.route_table_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_authorized_ports.yaml b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_authorized_ports.yaml index aa208558c..cbe75d67d 100644 --- a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_authorized_ports.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_authorized_ports.yaml @@ -28,8 +28,8 @@ Query: ) SELECT sg.arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_unauthorized_ports.count > 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_cassandra_ports.yaml b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_cassandra_ports.yaml index 4e313e7da..89e64bc48 100644 --- a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_cassandra_ports.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_cassandra_ports.yaml @@ -35,8 +35,8 @@ Query: SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_memcached_port.yaml b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_memcached_port.yaml index 63294b0e3..b662181ed 100644 --- a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_memcached_port.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_memcached_port.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_mongodb_ports.yaml b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_mongodb_ports.yaml index 2b2d1a6f7..11cb7b81b 100644 --- a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_mongodb_ports.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_mongodb_ports.yaml @@ -29,8 +29,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_oracle_ports.yaml b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_oracle_ports.yaml index 41573c59f..b1d1bd2af 100644 --- a/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_oracle_ports.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_allows_ingress_to_oracle_ports.yaml @@ -35,8 +35,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_associated_to_eni.yaml b/compliance/controls/aws/aws_vpc_security_group_associated_to_eni.yaml index 7149ffb2b..9c7ea6196 100644 --- a/compliance/controls/aws/aws_vpc_security_group_associated_to_eni.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_associated_to_eni.yaml @@ -22,8 +22,8 @@ Query: ) SELECT DISTINCT s.arn AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.secgrp_id = s.group_id THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_not_uses_launch_wizard_sg.yaml b/compliance/controls/aws/aws_vpc_security_group_not_uses_launch_wizard_sg.yaml index b7724253e..7ebfa7eaf 100644 --- a/compliance/controls/aws/aws_vpc_security_group_not_uses_launch_wizard_sg.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_not_uses_launch_wizard_sg.yaml @@ -21,8 +21,8 @@ Query: ) SELECT arn AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_remote_administration.yaml b/compliance/controls/aws/aws_vpc_security_group_remote_administration.yaml index a35aabaf3..db283c583 100644 --- a/compliance/controls/aws/aws_vpc_security_group_remote_administration.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_remote_administration.yaml @@ -39,8 +39,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv4.yaml b/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv4.yaml index 7b103d223..f520f33b0 100644 --- a/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv4.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv4.yaml @@ -34,8 +34,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv6.yaml b/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv6.yaml index eefa8f73f..11f525be7 100644 --- a/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv6.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_remote_administration_ipv6.yaml @@ -38,8 +38,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_common_ports_all.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_common_ports_all.yaml index a7acdd732..b5747d2c4 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_common_ports_all.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_common_ports_all.yaml @@ -33,8 +33,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kafka_port.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kafka_port.yaml index 976529d85..49b7a6f3f 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kafka_port.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kafka_port.yaml @@ -34,8 +34,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN k.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kibana_port.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kibana_port.yaml index dcc6ffe64..859b12f7d 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kibana_port.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_kibana_port.yaml @@ -32,8 +32,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN k.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_rdp_all.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_rdp_all.yaml index 3f75df1c3..7fa285feb 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_rdp_all.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_rdp_all.yaml @@ -28,8 +28,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ingress_rdp_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_redis_port.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_redis_port.yaml index f92024e5c..b80e7fd58 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_redis_port.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_redis_port.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN ingress_redis_port.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_ssh_all.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_ssh_all.yaml index 93cc8e167..fa1f1c553 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_ssh_all.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_ssh_all.yaml @@ -28,8 +28,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_tcp_udp_all.yaml b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_tcp_udp_all.yaml index 7921bc3f6..4d8315fbe 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_tcp_udp_all.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restrict_ingress_tcp_udp_all.yaml @@ -31,8 +31,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN bad_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_restricted_common_ports.yaml b/compliance/controls/aws/aws_vpc_security_group_restricted_common_ports.yaml index 291520d5c..654ce1d42 100644 --- a/compliance/controls/aws/aws_vpc_security_group_restricted_common_ports.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_restricted_common_ports.yaml @@ -45,8 +45,8 @@ Query: ) SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ingress_ssh_rules.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_security_group_unused.yaml b/compliance/controls/aws/aws_vpc_security_group_unused.yaml index fcc309874..3d6f874bb 100644 --- a/compliance/controls/aws/aws_vpc_security_group_unused.yaml +++ b/compliance/controls/aws/aws_vpc_security_group_unused.yaml @@ -30,8 +30,8 @@ Query: ) SELECT DISTINCT s.arn AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.secgrp_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_subnet_auto_assign_public_ip_disabled.yaml b/compliance/controls/aws/aws_vpc_subnet_auto_assign_public_ip_disabled.yaml index 1adbff72b..0e7c2f321 100644 --- a/compliance/controls/aws/aws_vpc_subnet_auto_assign_public_ip_disabled.yaml +++ b/compliance/controls/aws/aws_vpc_subnet_auto_assign_public_ip_disabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT subnet_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN map_public_ip_on_launch = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_vpc_vpn_tunnel_up.yaml b/compliance/controls/aws/aws_vpc_vpn_tunnel_up.yaml index a4047330f..f7b684068 100644 --- a/compliance/controls/aws/aws_vpc_vpn_tunnel_up.yaml +++ b/compliance/controls/aws/aws_vpc_vpn_tunnel_up.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.count IS NULL OR b.count < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_regional_rule_condition_attached.yaml b/compliance/controls/aws/aws_waf_regional_rule_condition_attached.yaml index 34c7fb7c3..e640f3bf2 100644 --- a/compliance/controls/aws/aws_waf_regional_rule_condition_attached.yaml +++ b/compliance/controls/aws/aws_waf_regional_rule_condition_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT rule_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN predicates IS NULL OR jsonb_array_length(predicates) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_regional_rule_group_rule_attached.yaml b/compliance/controls/aws/aws_waf_regional_rule_group_rule_attached.yaml index aca506239..faa099e32 100644 --- a/compliance/controls/aws/aws_waf_regional_rule_group_rule_attached.yaml +++ b/compliance/controls/aws/aws_waf_regional_rule_group_rule_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN activated_rules IS NULL OR jsonb_array_length(activated_rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_regional_web_acl_rule_attached.yaml b/compliance/controls/aws/aws_waf_regional_web_acl_rule_attached.yaml index 6da497f0c..9e7cd1723 100644 --- a/compliance/controls/aws/aws_waf_regional_web_acl_rule_attached.yaml +++ b/compliance/controls/aws/aws_waf_regional_web_acl_rule_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_rule_condition_attached.yaml b/compliance/controls/aws/aws_waf_rule_condition_attached.yaml index e68f29584..0b691028a 100644 --- a/compliance/controls/aws/aws_waf_rule_condition_attached.yaml +++ b/compliance/controls/aws/aws_waf_rule_condition_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT rule_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN predicates IS NULL OR jsonb_array_length(predicates) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_rule_group_rule_attached.yaml b/compliance/controls/aws/aws_waf_rule_group_rule_attached.yaml index 89cd759b3..0ded32da4 100644 --- a/compliance/controls/aws/aws_waf_rule_group_rule_attached.yaml +++ b/compliance/controls/aws/aws_waf_rule_group_rule_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN activated_rules IS NULL OR jsonb_array_length(activated_rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_web_acl_logging_enabled.yaml b/compliance/controls/aws/aws_waf_web_acl_logging_enabled.yaml index bda041b5f..1b5b9767a 100644 --- a/compliance/controls/aws/aws_waf_web_acl_logging_enabled.yaml +++ b/compliance/controls/aws/aws_waf_web_acl_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_configuration IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_waf_web_acl_resource_associated.yaml b/compliance/controls/aws/aws_waf_web_acl_resource_associated.yaml index bb985039e..f72255204 100644 --- a/compliance/controls/aws/aws_waf_web_acl_resource_associated.yaml +++ b/compliance/controls/aws/aws_waf_web_acl_resource_associated.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(resources) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_waf_web_acl_rule_attached.yaml b/compliance/controls/aws/aws_waf_web_acl_rule_attached.yaml index 1d417b252..5175fa5d6 100644 --- a/compliance/controls/aws/aws_waf_web_acl_rule_attached.yaml +++ b/compliance/controls/aws/aws_waf_web_acl_rule_attached.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_wafv2_rule_group_logging_enabled.yaml b/compliance/controls/aws/aws_wafv2_rule_group_logging_enabled.yaml index e01cd0276..e0e02f892 100644 --- a/compliance/controls/aws/aws_wafv2_rule_group_logging_enabled.yaml +++ b/compliance/controls/aws/aws_wafv2_rule_group_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN (visibility_config ->> 'CloudWatchMetricsEnabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/aws/aws_wafv2_web_acl_logging_enabled.yaml b/compliance/controls/aws/aws_wafv2_web_acl_logging_enabled.yaml index 28e0cfa9e..ec82f9879 100644 --- a/compliance/controls/aws/aws_wafv2_web_acl_logging_enabled.yaml +++ b/compliance/controls/aws/aws_wafv2_web_acl_logging_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN logging_configuration IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_wafv2_web_acl_rule_attached.yaml b/compliance/controls/aws/aws_wafv2_web_acl_rule_attached.yaml index 0924cf3a4..bc24dc9f6 100644 --- a/compliance/controls/aws/aws_wafv2_web_acl_rule_attached.yaml +++ b/compliance/controls/aws/aws_wafv2_web_acl_rule_attached.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN rules IS NULL OR jsonb_array_length(rules) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/aws/aws_workspaces_workspace_volume_encryption_enabled.yaml b/compliance/controls/aws/aws_workspaces_workspace_volume_encryption_enabled.yaml index b7deaaecb..3edccfedf 100644 --- a/compliance/controls/aws/aws_workspaces_workspace_volume_encryption_enabled.yaml +++ b/compliance/controls/aws/aws_workspaces_workspace_volume_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN user_volume_encryption_enabled AND root_volume_encryption_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml b/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml index 2ce100862..925ca2380 100644 --- a/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml +++ b/compliance/controls/azure/azure_ad_guest_user_reviewed_monthly.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::timestamp <= (current_date - interval '30' day) THEN 'alarm' diff --git a/compliance/controls/azure/azure_apimanagement_service_client_certificate_enabled.yaml b/compliance/controls/azure/azure_apimanagement_service_client_certificate_enabled.yaml index 8e24ed43e..616875065 100644 --- a/compliance/controls/azure/azure_apimanagement_service_client_certificate_enabled.yaml +++ b/compliance/controls/azure/azure_apimanagement_service_client_certificate_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN enable_client_certificate THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_apimanagement_service_with_virtual_network.yaml b/compliance/controls/azure/azure_apimanagement_service_with_virtual_network.yaml index 6cdcd5bb1..c7e671592 100644 --- a/compliance/controls/azure/azure_apimanagement_service_with_virtual_network.yaml +++ b/compliance/controls/azure/azure_apimanagement_service_with_virtual_network.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN virtual_network_type != 'None' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_app_configuration_encryption_enabled.yaml b/compliance/controls/azure/azure_app_configuration_encryption_enabled.yaml index ef9f5d49c..eec2223ec 100644 --- a/compliance/controls/azure/azure_app_configuration_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_app_configuration_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN encryption -> 'keyVaultProperties' ->> 'keyIdentifier' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_app_configuration_private_link_used.yaml b/compliance/controls/azure/azure_app_configuration_private_link_used.yaml index 138d6e8ed..8554979c2 100644 --- a/compliance/controls/azure/azure_app_configuration_private_link_used.yaml +++ b/compliance/controls/azure/azure_app_configuration_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name = 'free' THEN 'skip' WHEN public_network_access = 'Enabled' AND private_endpoint_connections IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_app_configuration_sku_standard.yaml b/compliance/controls/azure/azure_app_configuration_sku_standard.yaml index bf432d430..4d9fd8c7d 100644 --- a/compliance/controls/azure/azure_app_configuration_sku_standard.yaml +++ b/compliance/controls/azure/azure_app_configuration_sku_standard.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name = 'standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_app_service_environment_internal_encryption_enabled.yaml b/compliance/controls/azure/azure_app_service_environment_internal_encryption_enabled.yaml index 1abfaf1c1..51011bd8e 100644 --- a/compliance/controls/azure/azure_app_service_environment_internal_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_app_service_environment_internal_encryption_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_application_gateway_waf_enabled.yaml b/compliance/controls/azure/azure_application_gateway_waf_enabled.yaml index b7c0283ca..9a4aca1a6 100644 --- a/compliance/controls/azure/azure_application_gateway_waf_enabled.yaml +++ b/compliance/controls/azure/azure_application_gateway_waf_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ag.id AS resource, - ag.og_account_id AS og_account_id, - ag.og_resource_id AS og_resource_id, + ag.platform_account_id AS platform_account_id, + ag.platform_resource_id AS platform_resource_id, CASE WHEN web_application_firewall_configuration IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_application_gateway_waf_uses_specified_mode.yaml b/compliance/controls/azure/azure_application_gateway_waf_uses_specified_mode.yaml index 2f574daeb..385686bd8 100644 --- a/compliance/controls/azure/azure_application_gateway_waf_uses_specified_mode.yaml +++ b/compliance/controls/azure/azure_application_gateway_waf_uses_specified_mode.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ag.id AS resource, - ag.og_account_id AS og_account_id, - ag.og_resource_id AS og_resource_id, + ag.platform_account_id AS platform_account_id, + ag.platform_resource_id AS platform_resource_id, CASE WHEN (web_application_firewall_configuration::json -> 'PolicySettings' ->> 'mode') IN ('Prevention', 'Detection') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_application_insights_block_log_ingestion_and_querying_from_public.yaml b/compliance/controls/azure/azure_application_insights_block_log_ingestion_and_querying_from_public.yaml index 2174f3c97..4b03aa2de 100644 --- a/compliance/controls/azure/azure_application_insights_block_log_ingestion_and_querying_from_public.yaml +++ b/compliance/controls/azure/azure_application_insights_block_log_ingestion_and_querying_from_public.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN type = 'microsoft.insights/components' AND public_network_access_for_ingestion = 'Enabled' diff --git a/compliance/controls/azure/azure_appservice_api_app_client_certificates_on.yaml b/compliance/controls/azure/azure_appservice_api_app_client_certificates_on.yaml index 70a86b4d6..c507719b5 100644 --- a/compliance/controls/azure/azure_appservice_api_app_client_certificates_on.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_client_certificates_on.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN client_cert_enabled THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_api_app_cors_no_star.yaml b/compliance/controls/azure/azure_appservice_api_app_cors_no_star.yaml index 8e3286cc0..abf05d21a 100644 --- a/compliance/controls/azure/azure_appservice_api_app_cors_no_star.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_cors_no_star.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' -> 'cors' -> 'allowedOrigins' @> '[\"*\"]' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_api_app_ftps_enabled.yaml b/compliance/controls/azure/azure_appservice_api_app_ftps_enabled.yaml index 8afc9d3c2..bd49d80fa 100644 --- a/compliance/controls/azure/azure_appservice_api_app_ftps_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_ftps_enabled.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_api_app_latest_tls_version.yaml b/compliance/controls/azure/azure_appservice_api_app_latest_tls_version.yaml index 957bcf163..52fd24d26 100644 --- a/compliance/controls/azure/azure_appservice_api_app_latest_tls_version.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_latest_tls_version.yaml @@ -28,8 +28,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_api_app_remote_debugging_disabled.yaml b/compliance/controls/azure/azure_appservice_api_app_remote_debugging_disabled.yaml index c968e11b3..06b5bccbf 100644 --- a/compliance/controls/azure/azure_appservice_api_app_remote_debugging_disabled.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_remote_debugging_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN kind <> 'api' THEN 'skip' WHEN configuration -> 'properties' ->> 'remoteDebuggingEnabled' = 'false' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_api_app_use_https.yaml b/compliance/controls/azure/azure_appservice_api_app_use_https.yaml index 2e143a160..4c018792a 100644 --- a/compliance/controls/azure/azure_appservice_api_app_use_https.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_use_https.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN NOT https_only THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_api_app_uses_managed_identity.yaml b/compliance/controls/azure/azure_appservice_api_app_uses_managed_identity.yaml index afa1d30fa..4db121852 100644 --- a/compliance/controls/azure/azure_appservice_api_app_uses_managed_identity.yaml +++ b/compliance/controls/azure/azure_appservice_api_app_uses_managed_identity.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN diff --git a/compliance/controls/azure/azure_appservice_authentication_enabled.yaml b/compliance/controls/azure/azure_appservice_authentication_enabled.yaml index 914ae16b1..377df176f 100644 --- a/compliance/controls/azure/azure_appservice_authentication_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_authentication_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml b/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml index 05c79ab7c..2a2826ace 100644 --- a/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml +++ b/compliance/controls/azure/azure_appservice_ftp_deployment_disabled.yaml @@ -15,9 +15,9 @@ Query: QueryToExecute: | SELECT fa.id AS resource, - fa.og_account_id AS og_account_id, - fa.og_resource_id AS og_resource_id, - 'azure_app_service_function_app' AS og_table_name, + fa.platform_account_id AS platform_account_id, + fa.platform_resource_id AS platform_resource_id, + 'azure_app_service_function_app' AS platform_table_name, CASE WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' ELSE 'ok' @@ -38,9 +38,9 @@ Query: SELECT wa.id AS resource, - wa.og_account_id AS og_account_id, - wa.og_resource_id AS og_resource_id, - 'azure_app_service_web_app' AS og_table_name, + wa.platform_account_id AS platform_account_id, + wa.platform_resource_id AS platform_resource_id, + 'azure_app_service_web_app' AS platform_table_name, CASE WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_authentication_on.yaml b/compliance/controls/azure/azure_appservice_function_app_authentication_on.yaml index 48367f4d1..4384d8d95 100644 --- a/compliance/controls/azure/azure_appservice_function_app_authentication_on.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_authentication_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT fa.id AS resource, - fa.og_account_id AS og_account_id, - fa.og_resource_id AS og_resource_id, + fa.platform_account_id AS platform_account_id, + fa.platform_resource_id AS platform_resource_id, CASE WHEN auth_settings -> 'properties' ->> 'enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_client_certificates_on.yaml b/compliance/controls/azure/azure_appservice_function_app_client_certificates_on.yaml index 93e732194..762e7476b 100644 --- a/compliance/controls/azure/azure_appservice_function_app_client_certificates_on.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_client_certificates_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN client_cert_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_cors_no_star.yaml b/compliance/controls/azure/azure_appservice_function_app_cors_no_star.yaml index f3ccfce2c..c76f87672 100644 --- a/compliance/controls/azure/azure_appservice_function_app_cors_no_star.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_cors_no_star.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT b.id AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' -> 'cors' -> 'allowedOrigins' @> '["*"]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_ftps_enabled.yaml b/compliance/controls/azure/azure_appservice_function_app_ftps_enabled.yaml index aec545cc4..1c8bfd8d6 100644 --- a/compliance/controls/azure/azure_appservice_function_app_ftps_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_ftps_enabled.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_latest_http_version.yaml b/compliance/controls/azure/azure_appservice_function_app_latest_http_version.yaml index 3c27c4c94..d939be6d3 100644 --- a/compliance/controls/azure/azure_appservice_function_app_latest_http_version.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_latest_http_version.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'http20Enabled' = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_latest_java_version.yaml b/compliance/controls/azure/azure_appservice_function_app_latest_java_version.yaml index 47b42ca46..0258e9f6f 100644 --- a/compliance/controls/azure/azure_appservice_function_app_latest_java_version.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_latest_java_version.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'Java%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_latest_python_version.yaml b/compliance/controls/azure/azure_appservice_function_app_latest_python_version.yaml index 569159d70..e979f2e40 100644 --- a/compliance/controls/azure/azure_appservice_function_app_latest_python_version.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_latest_python_version.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'Python%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_latest_tls_version.yaml b/compliance/controls/azure/azure_appservice_function_app_latest_tls_version.yaml index 75e9ccf7e..2f511144a 100644 --- a/compliance/controls/azure/azure_appservice_function_app_latest_tls_version.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_latest_tls_version.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_function_app_only_https_accessible.yaml b/compliance/controls/azure/azure_appservice_function_app_only_https_accessible.yaml index 7d0db39b8..49f1f89ee 100644 --- a/compliance/controls/azure/azure_appservice_function_app_only_https_accessible.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_only_https_accessible.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN https_only THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_remote_debugging_disabled.yaml b/compliance/controls/azure/azure_appservice_function_app_remote_debugging_disabled.yaml index 21f4bc793..83ac1a4ac 100644 --- a/compliance/controls/azure/azure_appservice_function_app_remote_debugging_disabled.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_remote_debugging_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'remoteDebuggingEnabled' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_restrict_public_acces.yaml b/compliance/controls/azure/azure_appservice_function_app_restrict_public_acces.yaml index 1d4b58554..e20d54229 100644 --- a/compliance/controls/azure/azure_appservice_function_app_restrict_public_acces.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_restrict_public_acces.yaml @@ -22,8 +22,8 @@ Query: ) SELECT fa.id AS resource, - fa.og_account_id AS og_account_id, - fa.og_resource_id AS og_resource_id, + fa.platform_account_id AS platform_account_id, + fa.platform_resource_id AS platform_resource_id, CASE WHEN p.id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_function_app_uses_managed_identity.yaml b/compliance/controls/azure/azure_appservice_function_app_uses_managed_identity.yaml index 677f2cec1..60d198150 100644 --- a/compliance/controls/azure/azure_appservice_function_app_uses_managed_identity.yaml +++ b/compliance/controls/azure/azure_appservice_function_app_uses_managed_identity.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN diff --git a/compliance/controls/azure/azure_appservice_plan_minimum_sku.yaml b/compliance/controls/azure/azure_appservice_plan_minimum_sku.yaml index 4f21842f0..8491b9cc7 100644 --- a/compliance/controls/azure/azure_appservice_plan_minimum_sku.yaml +++ b/compliance/controls/azure/azure_appservice_plan_minimum_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name IN ('F1', 'D1', 'B1', 'B2', 'B3') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_always_on.yaml b/compliance/controls/azure/azure_appservice_web_app_always_on.yaml index d578532be..bc2d3743d 100644 --- a/compliance/controls/azure/azure_appservice_web_app_always_on.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_always_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'alwaysOn' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_client_certificates_on.yaml b/compliance/controls/azure/azure_appservice_web_app_client_certificates_on.yaml index 53f96b18a..9b11e53e3 100644 --- a/compliance/controls/azure/azure_appservice_web_app_client_certificates_on.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_client_certificates_on.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN client_cert_enabled THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_cors_no_star.yaml b/compliance/controls/azure/azure_appservice_web_app_cors_no_star.yaml index cce10bdae..ee1ae64a8 100644 --- a/compliance/controls/azure/azure_appservice_web_app_cors_no_star.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_cors_no_star.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' -> 'cors' -> 'allowedOrigins' @> '["*"]' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_diagnostic_logs_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_diagnostic_logs_enabled.yaml index 0e18651c4..952a09d98 100644 --- a/compliance/controls/azure/azure_appservice_web_app_diagnostic_logs_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_diagnostic_logs_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN (a.configuration-> 'properties' -> 'detailedErrorLoggingEnabled')::bool AND (a.configuration -> 'properties' -> 'httpLoggingEnabled')::bool diff --git a/compliance/controls/azure/azure_appservice_web_app_failed_request_tracing_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_failed_request_tracing_enabled.yaml index c79d629be..259066776 100644 --- a/compliance/controls/azure/azure_appservice_web_app_failed_request_tracing_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_failed_request_tracing_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN diagnostic_logs_configuration -> 'properties' -> 'failedRequestsTracing' ->> 'enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_ftps_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_ftps_enabled.yaml index f2ed9e1bf..fdeebb0b2 100644 --- a/compliance/controls/azure/azure_appservice_web_app_ftps_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_ftps_enabled.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_health_check_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_health_check_enabled.yaml index fda0a82d5..153f31f69 100644 --- a/compliance/controls/azure/azure_appservice_web_app_health_check_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_health_check_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'healthCheckPath' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_http_logs_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_http_logs_enabled.yaml index 694901fb2..fa866cdd9 100644 --- a/compliance/controls/azure/azure_appservice_web_app_http_logs_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_http_logs_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'httpLoggingEnabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_incoming_client_cert_on.yaml b/compliance/controls/azure/azure_appservice_web_app_incoming_client_cert_on.yaml index 54f75f4d9..29b05ae0f 100644 --- a/compliance/controls/azure/azure_appservice_web_app_incoming_client_cert_on.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_incoming_client_cert_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT client_cert_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_dotnet_framework_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_dotnet_framework_version.yaml index d134471d1..170cbbb95 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_dotnet_framework_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_dotnet_framework_version.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL AND configuration -> 'properties' ->> 'netFrameworkVersion' IN ('v6.0', 'v7.0') THEN 'ok' WHEN b.id IS NOT NULL AND configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'DOTNETCORE|%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_http_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_http_version.yaml index c3e31bbef..d4a1a5cc8 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_http_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_http_version.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_java_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_java_version.yaml index 8cdf3e760..8e9b09f41 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_java_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_java_version.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'JAVA%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_php_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_php_version.yaml index 9734e0efe..1d2d4c5b1 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_php_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_php_version.yaml @@ -33,8 +33,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'PHP%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_python_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_python_version.yaml index ca93c3e81..d37c61616 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_python_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_python_version.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'PYTHON%' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_latest_tls_version.yaml b/compliance/controls/azure/azure_appservice_web_app_latest_tls_version.yaml index 7d3111894..66be41c78 100644 --- a/compliance/controls/azure/azure_appservice_web_app_latest_tls_version.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_latest_tls_version.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_register_with_active_directory_enabled.yaml b/compliance/controls/azure/azure_appservice_web_app_register_with_active_directory_enabled.yaml index 6add314a9..7697a0e12 100644 --- a/compliance/controls/azure/azure_appservice_web_app_register_with_active_directory_enabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_register_with_active_directory_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_remote_debugging_disabled.yaml b/compliance/controls/azure/azure_appservice_web_app_remote_debugging_disabled.yaml index 8961159fe..c42253e76 100644 --- a/compliance/controls/azure/azure_appservice_web_app_remote_debugging_disabled.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_remote_debugging_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN kind = 'api' THEN 'skip' WHEN configuration -> 'properties' ->> 'remoteDebuggingEnabled' = 'false' THEN 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_slot_use_https.yaml b/compliance/controls/azure/azure_appservice_web_app_slot_use_https.yaml index 5dc4577da..4cbec1b9f 100644 --- a/compliance/controls/azure/azure_appservice_web_app_slot_use_https.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_slot_use_https.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN https_only THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_use_https.yaml b/compliance/controls/azure/azure_appservice_web_app_use_https.yaml index 8af6d6943..35a961eca 100644 --- a/compliance/controls/azure/azure_appservice_web_app_use_https.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_use_https.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_appservice_web_app_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_appservice_web_app_use_virtual_service_endpoint.yaml index c0ff74d4d..3a505820d 100644 --- a/compliance/controls/azure/azure_appservice_web_app_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_use_virtual_service_endpoint.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN vnet_connection -> 'properties' -> 'vnetResourceId' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_appservice_web_app_uses_managed_identity.yaml b/compliance/controls/azure/azure_appservice_web_app_uses_managed_identity.yaml index 353ca3319..6b527b4a3 100644 --- a/compliance/controls/azure/azure_appservice_web_app_uses_managed_identity.yaml +++ b/compliance/controls/azure/azure_appservice_web_app_uses_managed_identity.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN diff --git a/compliance/controls/azure/azure_arc_compute_machine_linux_log_analytics_agent_installed.yaml b/compliance/controls/azure/azure_arc_compute_machine_linux_log_analytics_agent_installed.yaml index 64694046e..30df09697 100644 --- a/compliance/controls/azure/azure_arc_compute_machine_linux_log_analytics_agent_installed.yaml +++ b/compliance/controls/azure/azure_arc_compute_machine_linux_log_analytics_agent_installed.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_name <> 'linux' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_arc_compute_machine_windows_log_analytics_agent_installed.yaml b/compliance/controls/azure/azure_arc_compute_machine_windows_log_analytics_agent_installed.yaml index 28e97e807..6477094df 100644 --- a/compliance/controls/azure/azure_arc_compute_machine_windows_log_analytics_agent_installed.yaml +++ b/compliance/controls/azure/azure_arc_compute_machine_windows_log_analytics_agent_installed.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_name <> 'windows' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_arc_kubernetes_cluster_azure_defender_extension_installed.yaml b/compliance/controls/azure/azure_arc_kubernetes_cluster_azure_defender_extension_installed.yaml index be84bbe3a..c34be137a 100644 --- a/compliance/controls/azure/azure_arc_kubernetes_cluster_azure_defender_extension_installed.yaml +++ b/compliance/controls/azure/azure_arc_kubernetes_cluster_azure_defender_extension_installed.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_audit_diagnostic_setting.yaml b/compliance/controls/azure/azure_audit_diagnostic_setting.yaml index cc54729e1..46cedad6a 100644 --- a/compliance/controls/azure/azure_audit_diagnostic_setting.yaml +++ b/compliance/controls/azure/azure_audit_diagnostic_setting.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_authorize_access_to_security_functions_and_information.yaml b/compliance/controls/azure/azure_authorize_access_to_security_functions_and_information.yaml index 1099f6d33..5b7abaedb 100644 --- a/compliance/controls/azure/azure_authorize_access_to_security_functions_and_information.yaml +++ b/compliance/controls/azure/azure_authorize_access_to_security_functions_and_information.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_automation_account_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_automation_account_encrypted_with_cmk.yaml index e366bf55e..36e63899c 100644 --- a/compliance/controls/azure/azure_automation_account_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_automation_account_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_automation_account_variable_encryption_enabled.yaml b/compliance/controls/azure/azure_automation_account_variable_encryption_enabled.yaml index c53c1bee6..13f0c2caa 100644 --- a/compliance/controls/azure/azure_automation_account_variable_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_automation_account_variable_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN is_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_batch_account_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_batch_account_encrypted_with_cmk.yaml index b315029ea..b61210578 100644 --- a/compliance/controls/azure/azure_batch_account_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_batch_account_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT batch.id AS resource, - batch.og_account_id AS og_account_id, - batch.og_resource_id AS og_resource_id, + batch.platform_account_id AS platform_account_id, + batch.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'keySource' = 'Microsoft.KeyVault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_batch_account_identity_provider_enabled.yaml b/compliance/controls/azure/azure_batch_account_identity_provider_enabled.yaml index e40197798..26517771a 100644 --- a/compliance/controls/azure/azure_batch_account_identity_provider_enabled.yaml +++ b/compliance/controls/azure/azure_batch_account_identity_provider_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT b.id AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN identity ->> 'type' = 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_batch_account_logging_enabled.yaml b/compliance/controls/azure/azure_batch_account_logging_enabled.yaml index 25b214831..dd74d98ea 100644 --- a/compliance/controls/azure/azure_batch_account_logging_enabled.yaml +++ b/compliance/controls/azure/azure_batch_account_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.account_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_bot_service_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_bot_service_encrypted_with_cmk.yaml index 1e0c5b67e..b65d487bb 100644 --- a/compliance/controls/azure/azure_bot_service_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_bot_service_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_1_21.yaml b/compliance/controls/azure/azure_cis_v130_1_21.yaml index 79d8c4fa3..4f5f69978 100644 --- a/compliance/controls/azure/azure_cis_v130_1_21.yaml +++ b/compliance/controls/azure/azure_cis_v130_1_21.yaml @@ -15,8 +15,8 @@ Query: role_name, role_type, title, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, action, _ctx, subscription_id @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -48,8 +48,8 @@ Query: sub.subscription_id = cr.subscription_id GROUP BY cr.subscription_id, - cr.og_account_id, - cr.og_resource_id, + cr.platform_account_id, + cr.platform_resource_id, cr._ctx, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v130_1_3.yaml b/compliance/controls/azure/azure_cis_v130_1_3.yaml index 45e250d20..373ad73fa 100644 --- a/compliance/controls/azure/azure_cis_v130_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_1_3.yaml @@ -20,8 +20,8 @@ Query: ) SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::TIMESTAMP <= (CURRENT_DATE - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_1.yaml b/compliance/controls/azure/azure_cis_v130_2_1.yaml index 2a82a4e51..98579207d 100644 --- a/compliance/controls/azure/azure_cis_v130_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_10.yaml b/compliance/controls/azure/azure_cis_v130_2_10.yaml index f1a22ec5d..9109b328f 100644 --- a/compliance/controls/azure/azure_cis_v130_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_11.yaml b/compliance/controls/azure/azure_cis_v130_2_11.yaml index c1d94b5f9..3c727cded 100644 --- a/compliance/controls/azure/azure_cis_v130_2_11.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_12.yaml b/compliance/controls/azure/azure_cis_v130_2_12.yaml index f661903d1..9260c7600 100644 --- a/compliance/controls/azure/azure_cis_v130_2_12.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_12.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(value = 'Disabled') > 0 THEN 'alarm' ELSE 'ok' @@ -45,8 +45,8 @@ Query: sub._ctx, sub.subscription_id, pol_assignment.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v130_2_13.yaml b/compliance/controls/azure/azure_cis_v130_2_13.yaml index 97399cf1b..b6c2d3d8a 100644 --- a/compliance/controls/azure/azure_cis_v130_2_13.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_13.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND jsonb_array_length(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_2_14.yaml b/compliance/controls/azure/azure_cis_v130_2_14.yaml index 7cc4b902d..e3b521d8c 100644 --- a/compliance/controls/azure/azure_cis_v130_2_14.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_14.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_15.yaml b/compliance/controls/azure/azure_cis_v130_2_15.yaml index 225e841f0..37f86f9d6 100644 --- a/compliance/controls/azure/azure_cis_v130_2_15.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_15.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_2.yaml b/compliance/controls/azure/azure_cis_v130_2_2.yaml index d5aafb788..7157e6957 100644 --- a/compliance/controls/azure/azure_cis_v130_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_3.yaml b/compliance/controls/azure/azure_cis_v130_2_3.yaml index 1ee99258c..0d0c2985a 100644 --- a/compliance/controls/azure/azure_cis_v130_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_4.yaml b/compliance/controls/azure/azure_cis_v130_2_4.yaml index 45bd14c97..beb394310 100644 --- a/compliance/controls/azure/azure_cis_v130_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_5.yaml b/compliance/controls/azure/azure_cis_v130_2_5.yaml index b247ddd2f..1039591b6 100644 --- a/compliance/controls/azure/azure_cis_v130_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_6.yaml b/compliance/controls/azure/azure_cis_v130_2_6.yaml index 7774fe921..e5eeaf4e0 100644 --- a/compliance/controls/azure/azure_cis_v130_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_7.yaml b/compliance/controls/azure/azure_cis_v130_2_7.yaml index 1b6f02305..5524ffd43 100644 --- a/compliance/controls/azure/azure_cis_v130_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_8.yaml b/compliance/controls/azure/azure_cis_v130_2_8.yaml index b1dc7ed5d..88764c301 100644 --- a/compliance/controls/azure/azure_cis_v130_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_2_9.yaml b/compliance/controls/azure/azure_cis_v130_2_9.yaml index e1727c6f2..427b7fb07 100644 --- a/compliance/controls/azure/azure_cis_v130_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v130_2_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_3_1.yaml b/compliance/controls/azure/azure_cis_v130_3_1.yaml index e58f9a71a..51585f887 100644 --- a/compliance/controls/azure/azure_cis_v130_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_3_10.yaml b/compliance/controls/azure/azure_cis_v130_3_10.yaml index 631b9aced..5e37b783c 100644 --- a/compliance/controls/azure/azure_cis_v130_3_10.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT (sa.blob_service_logging ->> 'Read') :: BOOLEAN OR NOT (sa.blob_service_logging ->> 'Write') :: BOOLEAN diff --git a/compliance/controls/azure/azure_cis_v130_3_11.yaml b/compliance/controls/azure/azure_cis_v130_3_11.yaml index 70437a5d2..c90b43b4c 100644 --- a/compliance/controls/azure/azure_cis_v130_3_11.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_3_2.yaml b/compliance/controls/azure/azure_cis_v130_3_2.yaml index 8b518ca7b..5a5cee557 100644 --- a/compliance/controls/azure/azure_cis_v130_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_2.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_3_3.yaml b/compliance/controls/azure/azure_cis_v130_3_3.yaml index 339fda775..efb9730d0 100644 --- a/compliance/controls/azure/azure_cis_v130_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_3_6.yaml b/compliance/controls/azure/azure_cis_v130_3_6.yaml index c069e5161..1db95b93d 100644 --- a/compliance/controls/azure/azure_cis_v130_3_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_3_7.yaml b/compliance/controls/azure/azure_cis_v130_3_7.yaml index d7bf8834a..95d8e1416 100644 --- a/compliance/controls/azure/azure_cis_v130_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_3_8.yaml b/compliance/controls/azure/azure_cis_v130_3_8.yaml index baa4dd108..fc0a3ddef 100644 --- a/compliance/controls/azure/azure_cis_v130_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_3_9.yaml b/compliance/controls/azure/azure_cis_v130_3_9.yaml index 54d2641f2..5bbac1fa4 100644 --- a/compliance/controls/azure/azure_cis_v130_3_9.yaml +++ b/compliance/controls/azure/azure_cis_v130_3_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_4_1_2.yaml b/compliance/controls/azure/azure_cis_v130_4_1_2.yaml index 09354eb04..8a01a0741 100644 --- a/compliance/controls/azure/azure_cis_v130_4_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Enabled' OR transparent_data_encryption ->> 'state' = 'Enabled' diff --git a/compliance/controls/azure/azure_cis_v130_4_3_1.yaml b/compliance/controls/azure/azure_cis_v130_4_3_1.yaml index b21689de5..c773cf159 100644 --- a/compliance/controls/azure/azure_cis_v130_4_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_4_3_2.yaml b/compliance/controls/azure/azure_cis_v130_4_3_2.yaml index 3e9ee3fc8..6df16ec36 100644 --- a/compliance/controls/azure/azure_cis_v130_4_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_3_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_4_3_5.yaml b/compliance/controls/azure/azure_cis_v130_4_3_5.yaml index 3c949822e..9f31c72de 100644 --- a/compliance/controls/azure/azure_cis_v130_4_3_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_3_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_4_3_8.yaml b/compliance/controls/azure/azure_cis_v130_4_3_8.yaml index a10912a94..776d67758 100644 --- a/compliance/controls/azure/azure_cis_v130_4_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_3_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_4_4.yaml b/compliance/controls/azure/azure_cis_v130_4_4.yaml index 39ce4f676..4313c8dbb 100644 --- a/compliance/controls/azure/azure_cis_v130_4_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_4_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_5_1_1.yaml b/compliance/controls/azure/azure_cis_v130_5_1_1.yaml index 164931024..8e750170b 100644 --- a/compliance/controls/azure/azure_cis_v130_5_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_1_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_5_1_2.yaml b/compliance/controls/azure/azure_cis_v130_5_1_2.yaml index 0b6c309c9..60fbdb605 100644 --- a/compliance/controls/azure/azure_cis_v130_5_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_1_2.yaml @@ -17,8 +17,8 @@ Query: _ctx, resource_group, subscription_id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, COUNT(*) FILTER (WHERE l ->> 'enabled' = 'true' AND l ->> 'category' IN ('Administrative', 'Security', 'Alert', 'Policy') ) AS valid_category_count, @@ -32,15 +32,15 @@ Query: name, id, _ctx, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, resource_group, subscription_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_5_1_3.yaml b/compliance/controls/azure/azure_cis_v130_5_1_3.yaml index 32cd30752..15a23f312 100644 --- a/compliance/controls/azure/azure_cis_v130_5_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_1_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_5_1_5.yaml b/compliance/controls/azure/azure_cis_v130_5_1_5.yaml index 60b28d536..19c18d65b 100644 --- a/compliance/controls/azure/azure_cis_v130_5_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_1_5.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_5_2_1.yaml b/compliance/controls/azure/azure_cis_v130_5_2_1.yaml index b4e76d63e..c60fd4e5c 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT a.subscription_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_5_2_2.yaml b/compliance/controls/azure/azure_cis_v130_5_2_2.yaml index 701e2bc77..27175d15c 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -45,8 +45,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v130_5_2_3.yaml b/compliance/controls/azure/azure_cis_v130_5_2_3.yaml index d39c8943d..57d47c637 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v130_5_2_4.yaml b/compliance/controls/azure/azure_cis_v130_5_2_4.yaml index 635131228..4f52edd0d 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_4.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v130_5_2_5.yaml b/compliance/controls/azure/azure_cis_v130_5_2_5.yaml index c3692af7d..dd36117c6 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_5.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v130_5_2_6.yaml b/compliance/controls/azure/azure_cis_v130_5_2_6.yaml index 95c59fb12..cde0cd77e 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_6.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v130_5_2_7.yaml b/compliance/controls/azure/azure_cis_v130_5_2_7.yaml index a9fa02e9a..fc6b4819c 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_7.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v130_5_2_8.yaml b/compliance/controls/azure/azure_cis_v130_5_2_8.yaml index 58aaf9771..28b35774e 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_8.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v130_5_2_9.yaml b/compliance/controls/azure/azure_cis_v130_5_2_9.yaml index 77b043306..33dfcf71b 100644 --- a/compliance/controls/azure/azure_cis_v130_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_2_9.yaml @@ -31,8 +31,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -47,8 +47,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v130_5_3.yaml b/compliance/controls/azure/azure_cis_v130_5_3.yaml index 61d74bccd..177baeea7 100644 --- a/compliance/controls/azure/azure_cis_v130_5_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_5_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_6_1.yaml b/compliance/controls/azure/azure_cis_v130_6_1.yaml index 0ce9d8dd9..e4ccd6af6 100644 --- a/compliance/controls/azure/azure_cis_v130_6_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_6_1.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_6_2.yaml b/compliance/controls/azure/azure_cis_v130_6_2.yaml index 265428dbe..8bbe33dd9 100644 --- a/compliance/controls/azure/azure_cis_v130_6_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_6_2.yaml @@ -35,8 +35,8 @@ Query: SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_6_3.yaml b/compliance/controls/azure/azure_cis_v130_6_3.yaml index 719a26499..5484174cf 100644 --- a/compliance/controls/azure/azure_cis_v130_6_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_6_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_cis_v130_6_6.yaml b/compliance/controls/azure/azure_cis_v130_6_6.yaml index 651f2f376..98f037e9a 100644 --- a/compliance/controls/azure/azure_cis_v130_6_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_6_6.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_7_1.yaml b/compliance/controls/azure/azure_cis_v130_7_1.yaml index 81ec549de..47a020613 100644 --- a/compliance/controls/azure/azure_cis_v130_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_7_2.yaml b/compliance/controls/azure/azure_cis_v130_7_2.yaml index de44d7ce5..ca5ccc9c0 100644 --- a/compliance/controls/azure/azure_cis_v130_7_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_7_3.yaml b/compliance/controls/azure/azure_cis_v130_7_3.yaml index e9ff9670c..9cf360f0c 100644 --- a/compliance/controls/azure/azure_cis_v130_7_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_7_4.yaml b/compliance/controls/azure/azure_cis_v130_7_4.yaml index a1883b086..8f6474864 100644 --- a/compliance/controls/azure/azure_cis_v130_7_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_7_5.yaml b/compliance/controls/azure/azure_cis_v130_7_5.yaml index 277098e49..5929cb4d6 100644 --- a/compliance/controls/azure/azure_cis_v130_7_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_7_6.yaml b/compliance/controls/azure/azure_cis_v130_7_6.yaml index fd2445416..4f2c6f88d 100644 --- a/compliance/controls/azure/azure_cis_v130_7_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_7_7.yaml b/compliance/controls/azure/azure_cis_v130_7_7.yaml index 670631205..e7425bff4 100644 --- a/compliance/controls/azure/azure_cis_v130_7_7.yaml +++ b/compliance/controls/azure/azure_cis_v130_7_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_8_1.yaml b/compliance/controls/azure/azure_cis_v130_8_1.yaml index 7c93db52b..3e0ffa519 100644 --- a/compliance/controls/azure/azure_cis_v130_8_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_8_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN enabled AND expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_8_2.yaml b/compliance/controls/azure/azure_cis_v130_8_2.yaml index 08f58e967..624004e01 100644 --- a/compliance/controls/azure/azure_cis_v130_8_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_8_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN enabled AND expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_8_3.yaml b/compliance/controls/azure/azure_cis_v130_8_3.yaml index ae02558c7..425c62b92 100644 --- a/compliance/controls/azure/azure_cis_v130_8_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_8_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_8_4.yaml b/compliance/controls/azure/azure_cis_v130_8_4.yaml index 4f8fc120a..ef8aa2662 100644 --- a/compliance/controls/azure/azure_cis_v130_8_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_8_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_8_5.yaml b/compliance/controls/azure/azure_cis_v130_8_5.yaml index bf094b3c3..0e2a6c786 100644 --- a/compliance/controls/azure/azure_cis_v130_8_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_8_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v130_9_1.yaml b/compliance/controls/azure/azure_cis_v130_9_1.yaml index cdd31c822..f6bfda3c4 100644 --- a/compliance/controls/azure/azure_cis_v130_9_1.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_9_11.yaml b/compliance/controls/azure/azure_cis_v130_9_11.yaml index ff61f18ce..cc4c5d535 100644 --- a/compliance/controls/azure/azure_cis_v130_9_11.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_9_2.yaml b/compliance/controls/azure/azure_cis_v130_9_2.yaml index a65b0774b..f27a58319 100644 --- a/compliance/controls/azure/azure_cis_v130_9_2.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_9_3.yaml b/compliance/controls/azure/azure_cis_v130_9_3.yaml index 5f7c369bd..f1332c649 100644 --- a/compliance/controls/azure/azure_cis_v130_9_3.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_9_4.yaml b/compliance/controls/azure/azure_cis_v130_9_4.yaml index 8f58241a6..75d0a8022 100644 --- a/compliance/controls/azure/azure_cis_v130_9_4.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT client_cert_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_9_5.yaml b/compliance/controls/azure/azure_cis_v130_9_5.yaml index 6c2733625..1101c7e92 100644 --- a/compliance/controls/azure/azure_cis_v130_9_5.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v130_9_6.yaml b/compliance/controls/azure/azure_cis_v130_9_6.yaml index bf436f830..16b25ff0d 100644 --- a/compliance/controls/azure/azure_cis_v130_9_6.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_9_7.yaml b/compliance/controls/azure/azure_cis_v130_9_7.yaml index 634046f82..0595e0bb3 100644 --- a/compliance/controls/azure/azure_cis_v130_9_7.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_9_8.yaml b/compliance/controls/azure/azure_cis_v130_9_8.yaml index 82facc4a8..48b576328 100644 --- a/compliance/controls/azure/azure_cis_v130_9_8.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v130_9_9.yaml b/compliance/controls/azure/azure_cis_v130_9_9.yaml index 1bfec5694..12271146e 100644 --- a/compliance/controls/azure/azure_cis_v130_9_9.yaml +++ b/compliance/controls/azure/azure_cis_v130_9_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::BOOLEAN THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_1_20.yaml b/compliance/controls/azure/azure_cis_v140_1_20.yaml index 14456cc08..e8117f4e8 100644 --- a/compliance/controls/azure/azure_cis_v140_1_20.yaml +++ b/compliance/controls/azure/azure_cis_v140_1_20.yaml @@ -15,8 +15,8 @@ Query: role_name, role_type, title, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, action, _ctx, subscription_id @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -48,8 +48,8 @@ Query: sub.subscription_id = cr.subscription_id GROUP BY cr.subscription_id, - cr.og_account_id, - cr.og_resource_id, + cr.platform_account_id, + cr.platform_resource_id, cr._ctx, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v140_1_3.yaml b/compliance/controls/azure/azure_cis_v140_1_3.yaml index 164bf7d83..b4a48d97a 100644 --- a/compliance/controls/azure/azure_cis_v140_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_1_3.yaml @@ -20,8 +20,8 @@ Query: ) SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::timestamp <= (CURRENT_DATE - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_1.yaml b/compliance/controls/azure/azure_cis_v140_2_1.yaml index 84cf3f013..cd07d1df3 100644 --- a/compliance/controls/azure/azure_cis_v140_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_10.yaml b/compliance/controls/azure/azure_cis_v140_2_10.yaml index 344c356c1..b4cfeed03 100644 --- a/compliance/controls/azure/azure_cis_v140_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_11.yaml b/compliance/controls/azure/azure_cis_v140_2_11.yaml index f505a86f5..c84d14ff9 100644 --- a/compliance/controls/azure/azure_cis_v140_2_11.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_12.yaml b/compliance/controls/azure/azure_cis_v140_2_12.yaml index 592ef4238..0dcbc7515 100644 --- a/compliance/controls/azure/azure_cis_v140_2_12.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_12.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(value = 'Disabled') > 0 THEN 'alarm' ELSE 'ok' @@ -43,8 +43,8 @@ Query: pol_assignment.id, sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, pol_assignment.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v140_2_13.yaml b/compliance/controls/azure/azure_cis_v140_2_13.yaml index 5e7d59a39..e629a38a1 100644 --- a/compliance/controls/azure/azure_cis_v140_2_13.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_13.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND jsonb_array_length(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_2_14.yaml b/compliance/controls/azure/azure_cis_v140_2_14.yaml index 1dc323437..e7a734ae8 100644 --- a/compliance/controls/azure/azure_cis_v140_2_14.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_14.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_15.yaml b/compliance/controls/azure/azure_cis_v140_2_15.yaml index e5efc691b..933d74ed3 100644 --- a/compliance/controls/azure/azure_cis_v140_2_15.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_15.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_2.yaml b/compliance/controls/azure/azure_cis_v140_2_2.yaml index 2f712aafd..d69c21b83 100644 --- a/compliance/controls/azure/azure_cis_v140_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_3.yaml b/compliance/controls/azure/azure_cis_v140_2_3.yaml index 2a13b23cd..e2160a87f 100644 --- a/compliance/controls/azure/azure_cis_v140_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_4.yaml b/compliance/controls/azure/azure_cis_v140_2_4.yaml index 7f79f5c95..324cbc618 100644 --- a/compliance/controls/azure/azure_cis_v140_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_5.yaml b/compliance/controls/azure/azure_cis_v140_2_5.yaml index 18b3eaf7f..dbdb59e41 100644 --- a/compliance/controls/azure/azure_cis_v140_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_6.yaml b/compliance/controls/azure/azure_cis_v140_2_6.yaml index 3f5cce57f..1d5ae0d2f 100644 --- a/compliance/controls/azure/azure_cis_v140_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_7.yaml b/compliance/controls/azure/azure_cis_v140_2_7.yaml index e8aa38249..566f816a5 100644 --- a/compliance/controls/azure/azure_cis_v140_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_8.yaml b/compliance/controls/azure/azure_cis_v140_2_8.yaml index 328fa7d8e..82cfb184a 100644 --- a/compliance/controls/azure/azure_cis_v140_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_2_9.yaml b/compliance/controls/azure/azure_cis_v140_2_9.yaml index 7558795c5..ff9913bf8 100644 --- a/compliance/controls/azure/azure_cis_v140_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v140_2_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_3_1.yaml b/compliance/controls/azure/azure_cis_v140_3_1.yaml index a4587fd7b..923037f66 100644 --- a/compliance/controls/azure/azure_cis_v140_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_3_10.yaml b/compliance/controls/azure/azure_cis_v140_3_10.yaml index ba1f953ae..c24d1df58 100644 --- a/compliance/controls/azure/azure_cis_v140_3_10.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT (sa.blob_service_logging ->> 'Read'):: BOOLEAN OR NOT (sa.blob_service_logging ->> 'Write'):: BOOLEAN diff --git a/compliance/controls/azure/azure_cis_v140_3_11.yaml b/compliance/controls/azure/azure_cis_v140_3_11.yaml index 753bf9363..643f3dcc5 100644 --- a/compliance/controls/azure/azure_cis_v140_3_11.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_3_12.yaml b/compliance/controls/azure/azure_cis_v140_3_12.yaml index 20c587a70..b3520b190 100644 --- a/compliance/controls/azure/azure_cis_v140_3_12.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_12.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimum_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_3_2.yaml b/compliance/controls/azure/azure_cis_v140_3_2.yaml index 34edc2429..8be40207b 100644 --- a/compliance/controls/azure/azure_cis_v140_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_2.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_3_3.yaml b/compliance/controls/azure/azure_cis_v140_3_3.yaml index 9c05bf485..40c08a67d 100644 --- a/compliance/controls/azure/azure_cis_v140_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_3_4.yaml b/compliance/controls/azure/azure_cis_v140_3_4.yaml index dc818a9dc..87731d23b 100644 --- a/compliance/controls/azure/azure_cis_v140_3_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_3_6.yaml b/compliance/controls/azure/azure_cis_v140_3_6.yaml index 13cf37ae7..957e053bc 100644 --- a/compliance/controls/azure/azure_cis_v140_3_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_3_7.yaml b/compliance/controls/azure/azure_cis_v140_3_7.yaml index 1222435a7..e73b4d08d 100644 --- a/compliance/controls/azure/azure_cis_v140_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_3_8.yaml b/compliance/controls/azure/azure_cis_v140_3_8.yaml index df4e544a2..2fcd0ba82 100644 --- a/compliance/controls/azure/azure_cis_v140_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_3_9.yaml b/compliance/controls/azure/azure_cis_v140_3_9.yaml index a1dded755..a68bd166b 100644 --- a/compliance/controls/azure/azure_cis_v140_3_9.yaml +++ b/compliance/controls/azure/azure_cis_v140_3_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_4_1_2.yaml b/compliance/controls/azure/azure_cis_v140_4_1_2.yaml index 43ead3b9e..540d23cdb 100644 --- a/compliance/controls/azure/azure_cis_v140_4_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Enabled' OR transparent_data_encryption ->> 'state' = 'Enabled' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_4_3_1.yaml b/compliance/controls/azure/azure_cis_v140_4_3_1.yaml index 7c9d874fb..462d3ce27 100644 --- a/compliance/controls/azure/azure_cis_v140_4_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_4_3_7.yaml b/compliance/controls/azure/azure_cis_v140_4_3_7.yaml index 687f03539..9ef64db7f 100644 --- a/compliance/controls/azure/azure_cis_v140_4_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_3_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_4_3_8.yaml b/compliance/controls/azure/azure_cis_v140_4_3_8.yaml index f6fb78781..91b0173f6 100644 --- a/compliance/controls/azure/azure_cis_v140_4_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_4_4_1.yaml b/compliance/controls/azure/azure_cis_v140_4_4_1.yaml index e3eea74e0..8d55ddb3e 100644 --- a/compliance/controls/azure/azure_cis_v140_4_4_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_4_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_4_4_2.yaml b/compliance/controls/azure/azure_cis_v140_4_4_2.yaml index b02687882..906ddf374 100644 --- a/compliance/controls/azure/azure_cis_v140_4_4_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_4_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_4_5.yaml b/compliance/controls/azure/azure_cis_v140_4_5.yaml index 2acdaa14b..320325125 100644 --- a/compliance/controls/azure/azure_cis_v140_4_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_4_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_5_1_1.yaml b/compliance/controls/azure/azure_cis_v140_5_1_1.yaml index e78cb8480..1dd045520 100644 --- a/compliance/controls/azure/azure_cis_v140_5_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_1_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_5_1_2.yaml b/compliance/controls/azure/azure_cis_v140_5_1_2.yaml index 1d5edd32d..2f903cb18 100644 --- a/compliance/controls/azure/azure_cis_v140_5_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_1_2.yaml @@ -16,8 +16,8 @@ Query: id, _ctx, resource_group, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, subscription_id, COUNT(*) FILTER (WHERE l ->> 'enabled' = 'true' AND l ->> 'category' IN ('Administrative', 'Security', 'Alert', 'Policy') @@ -33,14 +33,14 @@ Query: id, _ctx, resource_group, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, subscription_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_5_1_3.yaml b/compliance/controls/azure/azure_cis_v140_5_1_3.yaml index ef6732c38..3f1819631 100644 --- a/compliance/controls/azure/azure_cis_v140_5_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_1_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_5_1_5.yaml b/compliance/controls/azure/azure_cis_v140_5_1_5.yaml index 29e123973..b4ec3f711 100644 --- a/compliance/controls/azure/azure_cis_v140_5_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_1_5.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_5_2_1.yaml b/compliance/controls/azure/azure_cis_v140_5_2_1.yaml index f27001a3c..de9049b74 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT a.subscription_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_5_2_2.yaml b/compliance/controls/azure/azure_cis_v140_5_2_2.yaml index 7318f51ac..df7d89c15 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_3.yaml b/compliance/controls/azure/azure_cis_v140_5_2_3.yaml index 3d97c3636..287cbc943 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_4.yaml b/compliance/controls/azure/azure_cis_v140_5_2_4.yaml index a27762478..a3b16f495 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_4.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_5.yaml b/compliance/controls/azure/azure_cis_v140_5_2_5.yaml index 336832998..399c0fdba 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_5.yaml @@ -38,8 +38,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -54,8 +54,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_6.yaml b/compliance/controls/azure/azure_cis_v140_5_2_6.yaml index 1af89c65c..4769bd968 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_6.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_5_2_7.yaml b/compliance/controls/azure/azure_cis_v140_5_2_7.yaml index 3eada20e7..bf76da1d2 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_7.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_8.yaml b/compliance/controls/azure/azure_cis_v140_5_2_8.yaml index 140b21a06..425c45f51 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_8.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_2_9.yaml b/compliance/controls/azure/azure_cis_v140_5_2_9.yaml index 86ece4cec..b36719cc9 100644 --- a/compliance/controls/azure/azure_cis_v140_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_2_9.yaml @@ -31,8 +31,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -47,8 +47,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v140_5_3.yaml b/compliance/controls/azure/azure_cis_v140_5_3.yaml index d2c1c7232..fc17e6597 100644 --- a/compliance/controls/azure/azure_cis_v140_5_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_5_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_6_1.yaml b/compliance/controls/azure/azure_cis_v140_6_1.yaml index e292b43ad..530fd3852 100644 --- a/compliance/controls/azure/azure_cis_v140_6_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_6_1.yaml @@ -37,8 +37,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_6_2.yaml b/compliance/controls/azure/azure_cis_v140_6_2.yaml index 7a444cab6..b6e8018c0 100644 --- a/compliance/controls/azure/azure_cis_v140_6_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_6_2.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_6_3.yaml b/compliance/controls/azure/azure_cis_v140_6_3.yaml index 02feec3e7..3d67d92ae 100644 --- a/compliance/controls/azure/azure_cis_v140_6_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_6_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_cis_v140_6_6.yaml b/compliance/controls/azure/azure_cis_v140_6_6.yaml index 553bb818b..7d5eef7a1 100644 --- a/compliance/controls/azure/azure_cis_v140_6_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_6_6.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_7_1.yaml b/compliance/controls/azure/azure_cis_v140_7_1.yaml index f1e6792e2..9d7792819 100644 --- a/compliance/controls/azure/azure_cis_v140_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_7_2.yaml b/compliance/controls/azure/azure_cis_v140_7_2.yaml index 0d0069279..ed166e6d0 100644 --- a/compliance/controls/azure/azure_cis_v140_7_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_7_3.yaml b/compliance/controls/azure/azure_cis_v140_7_3.yaml index d93100067..4bdcef169 100644 --- a/compliance/controls/azure/azure_cis_v140_7_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_7_4.yaml b/compliance/controls/azure/azure_cis_v140_7_4.yaml index 3ddd623a1..0868ba48c 100644 --- a/compliance/controls/azure/azure_cis_v140_7_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_7_5.yaml b/compliance/controls/azure/azure_cis_v140_7_5.yaml index 3f88cb4a0..1dc01f37c 100644 --- a/compliance/controls/azure/azure_cis_v140_7_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_7_6.yaml b/compliance/controls/azure/azure_cis_v140_7_6.yaml index 2512012fc..e533566ab 100644 --- a/compliance/controls/azure/azure_cis_v140_7_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_7_7.yaml b/compliance/controls/azure/azure_cis_v140_7_7.yaml index ead22761d..2ff8e5d41 100644 --- a/compliance/controls/azure/azure_cis_v140_7_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_7_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_8_1.yaml b/compliance/controls/azure/azure_cis_v140_8_1.yaml index cb9e3f0be..c8f98e74e 100644 --- a/compliance/controls/azure/azure_cis_v140_8_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_8_2.yaml b/compliance/controls/azure/azure_cis_v140_8_2.yaml index 5bf9ecb4c..ebc332c56 100644 --- a/compliance/controls/azure/azure_cis_v140_8_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_8_3.yaml b/compliance/controls/azure/azure_cis_v140_8_3.yaml index 5dd0dd28a..683262b04 100644 --- a/compliance/controls/azure/azure_cis_v140_8_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_3.yaml @@ -22,8 +22,8 @@ Query: SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_8_4.yaml b/compliance/controls/azure/azure_cis_v140_8_4.yaml index 7bd6f3ba4..fa595241e 100644 --- a/compliance/controls/azure/azure_cis_v140_8_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_4.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_8_5.yaml b/compliance/controls/azure/azure_cis_v140_8_5.yaml index 333adeb93..752a8be10 100644 --- a/compliance/controls/azure/azure_cis_v140_8_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_8_6.yaml b/compliance/controls/azure/azure_cis_v140_8_6.yaml index a28e25b6f..a0d4a22e9 100644 --- a/compliance/controls/azure/azure_cis_v140_8_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_8_7.yaml b/compliance/controls/azure/azure_cis_v140_8_7.yaml index c35807ca9..8a9a6a6c9 100644 --- a/compliance/controls/azure/azure_cis_v140_8_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_8_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v140_9_1.yaml b/compliance/controls/azure/azure_cis_v140_9_1.yaml index 696977b84..f8fc6fb53 100644 --- a/compliance/controls/azure/azure_cis_v140_9_1.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_9_11.yaml b/compliance/controls/azure/azure_cis_v140_9_11.yaml index 9585db19d..eed783e6c 100644 --- a/compliance/controls/azure/azure_cis_v140_9_11.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_9_2.yaml b/compliance/controls/azure/azure_cis_v140_9_2.yaml index 5c0c6bed6..db9ef6f4f 100644 --- a/compliance/controls/azure/azure_cis_v140_9_2.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_9_3.yaml b/compliance/controls/azure/azure_cis_v140_9_3.yaml index cb7b7e9f2..030c167ab 100644 --- a/compliance/controls/azure/azure_cis_v140_9_3.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_9_4.yaml b/compliance/controls/azure/azure_cis_v140_9_4.yaml index c883bb585..d5a28e7d0 100644 --- a/compliance/controls/azure/azure_cis_v140_9_4.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT client_cert_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_9_5.yaml b/compliance/controls/azure/azure_cis_v140_9_5.yaml index 147c68faa..965508381 100644 --- a/compliance/controls/azure/azure_cis_v140_9_5.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v140_9_6.yaml b/compliance/controls/azure/azure_cis_v140_9_6.yaml index 5a1e40c96..68fd8de96 100644 --- a/compliance/controls/azure/azure_cis_v140_9_6.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_9_7.yaml b/compliance/controls/azure/azure_cis_v140_9_7.yaml index e563f1470..c89cbc529 100644 --- a/compliance/controls/azure/azure_cis_v140_9_7.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_9_8.yaml b/compliance/controls/azure/azure_cis_v140_9_8.yaml index 794adce53..f0d766f24 100644 --- a/compliance/controls/azure/azure_cis_v140_9_8.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_8.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v140_9_9.yaml b/compliance/controls/azure/azure_cis_v140_9_9.yaml index 161f8b629..a5120d1c3 100644 --- a/compliance/controls/azure/azure_cis_v140_9_9.yaml +++ b/compliance/controls/azure/azure_cis_v140_9_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_10_1.yaml b/compliance/controls/azure/azure_cis_v150_10_1.yaml index 0ce29473a..9f2d17700 100644 --- a/compliance/controls/azure/azure_cis_v150_10_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_10_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_1_14.yaml b/compliance/controls/azure/azure_cis_v150_1_14.yaml index 7bd40ee66..f35b3db80 100644 --- a/compliance/controls/azure/azure_cis_v150_1_14.yaml +++ b/compliance/controls/azure/azure_cis_v150_1_14.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateApps' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_1_19.yaml b/compliance/controls/azure/azure_cis_v150_1_19.yaml index 4fe083071..a070a9666 100644 --- a/compliance/controls/azure/azure_cis_v150_1_19.yaml +++ b/compliance/controls/azure/azure_cis_v150_1_19.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateSecurityGroups' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_1_23.yaml b/compliance/controls/azure/azure_cis_v150_1_23.yaml index 1ec50aa4e..63de2222a 100644 --- a/compliance/controls/azure/azure_cis_v150_1_23.yaml +++ b/compliance/controls/azure/azure_cis_v150_1_23.yaml @@ -13,8 +13,8 @@ Query: WITH owner_custom_roles AS ( SELECT role_name, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, role_type, title, action, @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -50,8 +50,8 @@ Query: cr.subscription_id, cr._ctx, sub.display_name, - cr.og_account_id, - cr.og_resource_id; + cr.platform_account_id, + cr.platform_resource_id; Severity: low Tags: {} Title: 1.23 Ensure That No Custom Subscription Owner Roles Are Created \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v150_1_2_6.yaml b/compliance/controls/azure/azure_cis_v150_1_2_6.yaml index e12f12ffb..0189146f4 100644 --- a/compliance/controls/azure/azure_cis_v150_1_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_1_2_6.yaml @@ -20,8 +20,8 @@ Query: ) SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.built_in_controls @> '["mfa"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_1_4.yaml b/compliance/controls/azure/azure_cis_v150_1_4.yaml index 9816a2597..d1ca5b758 100644 --- a/compliance/controls/azure/azure_cis_v150_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_1_4.yaml @@ -20,8 +20,8 @@ Query: ) SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::timestamp <= (current_date - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_1.yaml b/compliance/controls/azure/azure_cis_v150_2_1_1.yaml index eecbe13b8..2bae4c5ca 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_10.yaml b/compliance/controls/azure/azure_cis_v150_2_1_10.yaml index 86ec2ce0f..9084f22af 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_10.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_11.yaml b/compliance/controls/azure/azure_cis_v150_2_1_11.yaml index a832b3a1e..4d63eebe0 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_11.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_12.yaml b/compliance/controls/azure/azure_cis_v150_2_1_12.yaml index cab34c400..fbab7bbb1 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_12.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_12.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_2_1_13.yaml b/compliance/controls/azure/azure_cis_v150_2_1_13.yaml index 4cf147958..58d44648c 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_13.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_2.yaml b/compliance/controls/azure/azure_cis_v150_2_1_2.yaml index e9aed3435..0eebc0f2c 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_3.yaml b/compliance/controls/azure/azure_cis_v150_2_1_3.yaml index 70655f626..3ddb30bf0 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_3.yaml @@ -23,8 +23,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN data ->> 'CosmosDbs' = 'Standard' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_4.yaml b/compliance/controls/azure/azure_cis_v150_2_1_4.yaml index 2bb849628..bd37a4546 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_5.yaml b/compliance/controls/azure/azure_cis_v150_2_1_5.yaml index 2d73f0776..22a3e250b 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_6.yaml b/compliance/controls/azure/azure_cis_v150_2_1_6.yaml index b6b6da9c7..788daccdc 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_7.yaml b/compliance/controls/azure/azure_cis_v150_2_1_7.yaml index 83c9a95d5..6c1e9aee8 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_8.yaml b/compliance/controls/azure/azure_cis_v150_2_1_8.yaml index 97e201cc1..e5c7ae65b 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_1_9.yaml b/compliance/controls/azure/azure_cis_v150_2_1_9.yaml index 0845c815d..ebe7e3204 100644 --- a/compliance/controls/azure/azure_cis_v150_2_1_9.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_1_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_2_1.yaml b/compliance/controls/azure/azure_cis_v150_2_2_1.yaml index 8f3a75d7a..893ab1f3e 100644 --- a/compliance/controls/azure/azure_cis_v150_2_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_2_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_2_2.yaml b/compliance/controls/azure/azure_cis_v150_2_2_2.yaml index c5dda0644..cc3f1b264 100644 --- a/compliance/controls/azure/azure_cis_v150_2_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_2_2.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_2_2_3.yaml b/compliance/controls/azure/azure_cis_v150_2_2_3.yaml index 201a293d0..6df37b050 100644 --- a/compliance/controls/azure/azure_cis_v150_2_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_2_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_2_3_1.yaml b/compliance/controls/azure/azure_cis_v150_2_3_1.yaml index 08d645f06..083478615 100644 --- a/compliance/controls/azure/azure_cis_v150_2_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_3_1.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_3_2.yaml b/compliance/controls/azure/azure_cis_v150_2_3_2.yaml index 21023a03c..1495570d2 100644 --- a/compliance/controls/azure/azure_cis_v150_2_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_3_2.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND JSONB_ARRAY_LENGTH(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_2_3_3.yaml b/compliance/controls/azure/azure_cis_v150_2_3_3.yaml index c21bdfc73..29b50e8b9 100644 --- a/compliance/controls/azure/azure_cis_v150_2_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_3_3.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_4_1.yaml b/compliance/controls/azure/azure_cis_v150_2_4_1.yaml index 3a159cbef..c5fc4951f 100644 --- a/compliance/controls/azure/azure_cis_v150_2_4_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_4_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_4_2.yaml b/compliance/controls/azure/azure_cis_v150_2_4_2.yaml index 173e01778..f73a1b7cd 100644 --- a/compliance/controls/azure/azure_cis_v150_2_4_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_4_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_2_5.yaml b/compliance/controls/azure/azure_cis_v150_2_5.yaml index 66747fb2c..53211f3d9 100644 --- a/compliance/controls/azure/azure_cis_v150_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_2_6.yaml b/compliance/controls/azure/azure_cis_v150_2_6.yaml index 59b828ed6..8abaffa4d 100644 --- a/compliance/controls/azure/azure_cis_v150_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_2_6.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(value = 'Disabled') > 0 THEN 'alarm' ELSE 'ok' @@ -43,8 +43,8 @@ Query: pol_assignment.id, sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, pol_assignment.subscription_id, sub.display_name Severity: low diff --git a/compliance/controls/azure/azure_cis_v150_3_1.yaml b/compliance/controls/azure/azure_cis_v150_3_1.yaml index 4e5e5b86c..e408a720b 100644 --- a/compliance/controls/azure/azure_cis_v150_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_10.yaml b/compliance/controls/azure/azure_cis_v150_3_10.yaml index a8a2971e3..80dcdb6d5 100644 --- a/compliance/controls/azure/azure_cis_v150_3_10.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_10.yaml @@ -21,8 +21,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_11.yaml b/compliance/controls/azure/azure_cis_v150_3_11.yaml index 2ad5508cc..9bf2d0e46 100644 --- a/compliance/controls/azure/azure_cis_v150_3_11.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_12.yaml b/compliance/controls/azure/azure_cis_v150_3_12.yaml index fe263b278..3bb542995 100644 --- a/compliance/controls/azure/azure_cis_v150_3_12.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_12.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_14.yaml b/compliance/controls/azure/azure_cis_v150_3_14.yaml index fbb3c415b..07685544f 100644 --- a/compliance/controls/azure/azure_cis_v150_3_14.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_14.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN table_logging_write AND table_logging_read AND table_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_3_15.yaml b/compliance/controls/azure/azure_cis_v150_3_15.yaml index 9f8c3ad04..44f0620bb 100644 --- a/compliance/controls/azure/azure_cis_v150_3_15.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_15.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimum_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_2.yaml b/compliance/controls/azure/azure_cis_v150_3_2.yaml index 77a2fb46c..5eb4fe92e 100644 --- a/compliance/controls/azure/azure_cis_v150_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN require_infrastructure_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_3_3.yaml b/compliance/controls/azure/azure_cis_v150_3_3.yaml index 361000b76..87c3ef64d 100644 --- a/compliance/controls/azure/azure_cis_v150_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_3_4.yaml b/compliance/controls/azure/azure_cis_v150_3_4.yaml index aaec4f111..d2d2b5d14 100644 --- a/compliance/controls/azure/azure_cis_v150_3_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_3_5.yaml b/compliance/controls/azure/azure_cis_v150_3_5.yaml index adb77708e..c88dfe0f8 100644 --- a/compliance/controls/azure/azure_cis_v150_3_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_3_6.yaml b/compliance/controls/azure/azure_cis_v150_3_6.yaml index 4c4b7dae8..cc2b5382b 100644 --- a/compliance/controls/azure/azure_cis_v150_3_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_3_7.yaml b/compliance/controls/azure/azure_cis_v150_3_7.yaml index d8141da46..67c0b6cd5 100644 --- a/compliance/controls/azure/azure_cis_v150_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_7.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT container.id AS resource, - container.og_account_id AS og_account_id, - container.og_resource_id AS og_resource_id, + container.platform_account_id AS platform_account_id, + container.platform_resource_id AS platform_resource_id, CASE WHEN NOT account.allow_blob_public_access AND container.public_access = 'None' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_3_8.yaml b/compliance/controls/azure/azure_cis_v150_3_8.yaml index 2f60fed1b..07be333cc 100644 --- a/compliance/controls/azure/azure_cis_v150_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_3_9.yaml b/compliance/controls/azure/azure_cis_v150_3_9.yaml index ccc00bb52..800c2494c 100644 --- a/compliance/controls/azure/azure_cis_v150_3_9.yaml +++ b/compliance/controls/azure/azure_cis_v150_3_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_1_2.yaml b/compliance/controls/azure/azure_cis_v150_4_1_2.yaml index 5df9264c0..7d394a2fc 100644 --- a/compliance/controls/azure/azure_cis_v150_4_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_cis_v150_4_1_4.yaml b/compliance/controls/azure/azure_cis_v150_4_1_4.yaml index d7afbfdbe..6e659d777 100644 --- a/compliance/controls/azure/azure_cis_v150_4_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_1_5.yaml b/compliance/controls/azure/azure_cis_v150_4_1_5.yaml index 817d4f181..22a1e6a1b 100644 --- a/compliance/controls/azure/azure_cis_v150_4_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_1_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Enabled' OR transparent_data_encryption ->> 'state' = 'Enabled' diff --git a/compliance/controls/azure/azure_cis_v150_4_3_1.yaml b/compliance/controls/azure/azure_cis_v150_4_3_1.yaml index 9fb6c862e..86c470eab 100644 --- a/compliance/controls/azure/azure_cis_v150_4_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_3_7.yaml b/compliance/controls/azure/azure_cis_v150_4_3_7.yaml index f9acc5bea..32206674e 100644 --- a/compliance/controls/azure/azure_cis_v150_4_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_3_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_4_3_8.yaml b/compliance/controls/azure/azure_cis_v150_4_3_8.yaml index 598f5a25e..b578dc47f 100644 --- a/compliance/controls/azure/azure_cis_v150_4_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_4_4_1.yaml b/compliance/controls/azure/azure_cis_v150_4_4_1.yaml index 01bb1c2ef..d3bb90204 100644 --- a/compliance/controls/azure/azure_cis_v150_4_4_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_4_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_4_2.yaml b/compliance/controls/azure/azure_cis_v150_4_4_2.yaml index e6a38a54f..71e7aca0f 100644 --- a/compliance/controls/azure/azure_cis_v150_4_4_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_4_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_4_3.yaml b/compliance/controls/azure/azure_cis_v150_4_4_3.yaml index 749c3768a..68ea03d01 100644 --- a/compliance/controls/azure/azure_cis_v150_4_4_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_4_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_5_1.yaml b/compliance/controls/azure/azure_cis_v150_4_5_1.yaml index b898300bd..5fae34215 100644 --- a/compliance/controls/azure/azure_cis_v150_4_5_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_5_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Disabled' THEN 'ok' WHEN public_network_access = 'Enabled' AND is_virtual_network_filter_enabled = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_4_5_2.yaml b/compliance/controls/azure/azure_cis_v150_4_5_2.yaml index a0e8b20dd..09f1e180c 100644 --- a/compliance/controls/azure/azure_cis_v150_4_5_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_4_5_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_5_1_1.yaml b/compliance/controls/azure/azure_cis_v150_5_1_1.yaml index 6c4b0e9df..5053a5de5 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_5_1_2.yaml b/compliance/controls/azure/azure_cis_v150_5_1_2.yaml index cf36cb67d..555be4464 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_2.yaml @@ -15,8 +15,8 @@ Query: name, id, _ctx, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, resource_group, subscription_id, COUNT(*) FILTER (WHERE l ->> 'enabled' = 'true' @@ -33,14 +33,14 @@ Query: id, _ctx, resource_group, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, subscription_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'OK' ELSE 'ALARM' diff --git a/compliance/controls/azure/azure_cis_v150_5_1_3.yaml b/compliance/controls/azure/azure_cis_v150_5_1_3.yaml index 22858f00a..483c2ca68 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_5_1_5.yaml b/compliance/controls/azure/azure_cis_v150_5_1_5.yaml index 9d31c554e..9c7fb8ebf 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_5.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_5_1_6.yaml b/compliance/controls/azure/azure_cis_v150_5_1_6.yaml index 8f9fcbc81..ab6d5e9fd 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_5_1_7.yaml b/compliance/controls/azure/azure_cis_v150_5_1_7.yaml index 42ec787be..cb2143b10 100644 --- a/compliance/controls/azure/azure_cis_v150_5_1_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_1_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_5_2_1.yaml b/compliance/controls/azure/azure_cis_v150_5_2_1.yaml index 45dc6df28..a7b2a9928 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT a.subscription_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_5_2_10.yaml b/compliance/controls/azure/azure_cis_v150_5_2_10.yaml index a1066a433..84e57f47d 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_10.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -52,8 +52,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_2.yaml b/compliance/controls/azure/azure_cis_v150_5_2_2.yaml index 6ecc23cd9..b95c64fae 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_3.yaml b/compliance/controls/azure/azure_cis_v150_5_2_3.yaml index ff657d49c..b9ac2b73a 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_4.yaml b/compliance/controls/azure/azure_cis_v150_5_2_4.yaml index 38597b07b..2dea2128d 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_4.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_5.yaml b/compliance/controls/azure/azure_cis_v150_5_2_5.yaml index f2a8cc611..b72a677c8 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_5.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_6.yaml b/compliance/controls/azure/azure_cis_v150_5_2_6.yaml index 6282633cc..5c121a4a2 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_6.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_7.yaml b/compliance/controls/azure/azure_cis_v150_5_2_7.yaml index b630da6fd..f8820ec25 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_7.yaml @@ -37,8 +37,8 @@ Query: SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -52,8 +52,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v150_5_2_8.yaml b/compliance/controls/azure/azure_cis_v150_5_2_8.yaml index 847e806e0..aedf920e1 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_8.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -52,8 +52,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_2_9.yaml b/compliance/controls/azure/azure_cis_v150_5_2_9.yaml index 2ed54fd60..9dbaa3c31 100644 --- a/compliance/controls/azure/azure_cis_v150_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_2_9.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v150_5_3.yaml b/compliance/controls/azure/azure_cis_v150_5_3.yaml index f8b9d66b4..c5c537629 100644 --- a/compliance/controls/azure/azure_cis_v150_5_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_5_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_6_1.yaml b/compliance/controls/azure/azure_cis_v150_6_1.yaml index 4c1b5f99b..ab3f34359 100644 --- a/compliance/controls/azure/azure_cis_v150_6_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_6_1.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_6_2.yaml b/compliance/controls/azure/azure_cis_v150_6_2.yaml index 262ce8932..032993843 100644 --- a/compliance/controls/azure/azure_cis_v150_6_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_6_2.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_6_3.yaml b/compliance/controls/azure/azure_cis_v150_6_3.yaml index 8f6d05587..fa5db9469 100644 --- a/compliance/controls/azure/azure_cis_v150_6_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_6_3.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_6_4.yaml b/compliance/controls/azure/azure_cis_v150_6_4.yaml index e9c681ebf..694aaf648 100644 --- a/compliance/controls/azure/azure_cis_v150_6_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_6_4.yaml @@ -42,8 +42,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_7_1.yaml b/compliance/controls/azure/azure_cis_v150_7_1.yaml index 5c99bc85f..ebdead4dc 100644 --- a/compliance/controls/azure/azure_cis_v150_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_7_2.yaml b/compliance/controls/azure/azure_cis_v150_7_2.yaml index 12ed91ac2..bf063cdf5 100644 --- a/compliance/controls/azure/azure_cis_v150_7_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_7_3.yaml b/compliance/controls/azure/azure_cis_v150_7_3.yaml index 0cffa4cd6..b8f10f75f 100644 --- a/compliance/controls/azure/azure_cis_v150_7_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_7_4.yaml b/compliance/controls/azure/azure_cis_v150_7_4.yaml index 02500a340..27de50d98 100644 --- a/compliance/controls/azure/azure_cis_v150_7_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_7_5.yaml b/compliance/controls/azure/azure_cis_v150_7_5.yaml index 0724cafa3..0325fc8d2 100644 --- a/compliance/controls/azure/azure_cis_v150_7_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_7_6.yaml b/compliance/controls/azure/azure_cis_v150_7_6.yaml index b27d75609..871b084f2 100644 --- a/compliance/controls/azure/azure_cis_v150_7_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_7_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_8_1.yaml b/compliance/controls/azure/azure_cis_v150_8_1.yaml index ee10f4eb6..837279438 100644 --- a/compliance/controls/azure/azure_cis_v150_8_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_2.yaml b/compliance/controls/azure/azure_cis_v150_8_2.yaml index 5d08afb7d..9a331dc85 100644 --- a/compliance/controls/azure/azure_cis_v150_8_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_2.yaml @@ -22,8 +22,8 @@ Query: SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_3.yaml b/compliance/controls/azure/azure_cis_v150_8_3.yaml index 01da7159e..954b95988 100644 --- a/compliance/controls/azure/azure_cis_v150_8_3.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_3.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_4.yaml b/compliance/controls/azure/azure_cis_v150_8_4.yaml index 5a5a51386..a046ebdb5 100644 --- a/compliance/controls/azure/azure_cis_v150_8_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_4.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_5.yaml b/compliance/controls/azure/azure_cis_v150_8_5.yaml index a3f2b06fc..617496d69 100644 --- a/compliance/controls/azure/azure_cis_v150_8_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_6.yaml b/compliance/controls/azure/azure_cis_v150_8_6.yaml index 30d216fb3..e4973d170 100644 --- a/compliance/controls/azure/azure_cis_v150_8_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_rbac_authorization THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v150_8_8.yaml b/compliance/controls/azure/azure_cis_v150_8_8.yaml index 18e5ab3ef..e1c306660 100644 --- a/compliance/controls/azure/azure_cis_v150_8_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_8_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_9_1.yaml b/compliance/controls/azure/azure_cis_v150_9_1.yaml index 14b75f2b8..a76719e25 100644 --- a/compliance/controls/azure/azure_cis_v150_9_1.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::BOOLEAN THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_9_11.yaml b/compliance/controls/azure/azure_cis_v150_9_11.yaml index 2c41a1d1c..f9f622fc6 100644 --- a/compliance/controls/azure/azure_cis_v150_9_11.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_9_2.yaml b/compliance/controls/azure/azure_cis_v150_9_2.yaml index c3730c2a9..9d9a3c473 100644 --- a/compliance/controls/azure/azure_cis_v150_9_2.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_9_4.yaml b/compliance/controls/azure/azure_cis_v150_9_4.yaml index b3c2f38e9..b990100c7 100644 --- a/compliance/controls/azure/azure_cis_v150_9_4.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT client_cert_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_9_5.yaml b/compliance/controls/azure/azure_cis_v150_9_5.yaml index 25361d0ee..6950ed180 100644 --- a/compliance/controls/azure/azure_cis_v150_9_5.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v150_9_6.yaml b/compliance/controls/azure/azure_cis_v150_9_6.yaml index ebb5df845..998573afb 100644 --- a/compliance/controls/azure/azure_cis_v150_9_6.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_9_7.yaml b/compliance/controls/azure/azure_cis_v150_9_7.yaml index ff05cbc2d..19d086d7f 100644 --- a/compliance/controls/azure/azure_cis_v150_9_7.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_9_8.yaml b/compliance/controls/azure/azure_cis_v150_9_8.yaml index 43227e861..6d96a48c2 100644 --- a/compliance/controls/azure/azure_cis_v150_9_8.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v150_9_9.yaml b/compliance/controls/azure/azure_cis_v150_9_9.yaml index aaa149aa5..06590b37d 100644 --- a/compliance/controls/azure/azure_cis_v150_9_9.yaml +++ b/compliance/controls/azure/azure_cis_v150_9_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_10_1.yaml b/compliance/controls/azure/azure_cis_v200_10_1.yaml index 10bb7b896..190ae4919 100644 --- a/compliance/controls/azure/azure_cis_v200_10_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_10_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_1_14.yaml b/compliance/controls/azure/azure_cis_v200_1_14.yaml index f0064e4a0..d9ed9faea 100644 --- a/compliance/controls/azure/azure_cis_v200_1_14.yaml +++ b/compliance/controls/azure/azure_cis_v200_1_14.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateApps' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_1_19.yaml b/compliance/controls/azure/azure_cis_v200_1_19.yaml index 04eba67d2..536eb494e 100644 --- a/compliance/controls/azure/azure_cis_v200_1_19.yaml +++ b/compliance/controls/azure/azure_cis_v200_1_19.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateSecurityGroups' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_1_23.yaml b/compliance/controls/azure/azure_cis_v200_1_23.yaml index 1cf34af92..dbbd8b539 100644 --- a/compliance/controls/azure/azure_cis_v200_1_23.yaml +++ b/compliance/controls/azure/azure_cis_v200_1_23.yaml @@ -14,8 +14,8 @@ Query: SELECT role_name, role_type, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, title, action, _ctx, @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -49,8 +49,8 @@ Query: GROUP BY cr.subscription_id, cr._ctx, - cr.og_account_id, - cr.og_resource_id, + cr.platform_account_id, + cr.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v200_1_2_6.yaml b/compliance/controls/azure/azure_cis_v200_1_2_6.yaml index 37fc09a2e..7a1438b38 100644 --- a/compliance/controls/azure/azure_cis_v200_1_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_1_2_6.yaml @@ -20,8 +20,8 @@ Query: ) SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.built_in_controls @> '["mfa"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_1_5.yaml b/compliance/controls/azure/azure_cis_v200_1_5.yaml index c7b1c354c..0a4cbe917 100644 --- a/compliance/controls/azure/azure_cis_v200_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_1_5.yaml @@ -20,8 +20,8 @@ Query: ) SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::timestamp <= (CURRENT_DATE - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_1.yaml b/compliance/controls/azure/azure_cis_v200_2_1_1.yaml index 409e2fd2c..db73462a6 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_11.yaml b/compliance/controls/azure/azure_cis_v200_2_1_11.yaml index cd0967d68..84283fb9e 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_11.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_12.yaml b/compliance/controls/azure/azure_cis_v200_2_1_12.yaml index de7195bed..10ddcaeef 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_12.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_12.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_2_1_13.yaml b/compliance/controls/azure/azure_cis_v200_2_1_13.yaml index df49bc3aa..d938864dd 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_13.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_13.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_2_1_14.yaml b/compliance/controls/azure/azure_cis_v200_2_1_14.yaml index ab12267b0..9315474ab 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_14.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_14.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(value = 'Disabled') > 0 THEN 'alarm' ELSE 'ok' @@ -47,8 +47,8 @@ Query: sub.subscription_id, pol_assignment.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_2_1_15.yaml b/compliance/controls/azure/azure_cis_v200_2_1_15.yaml index 4b7a0ca79..d455f85f3 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_15.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_15.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_16.yaml b/compliance/controls/azure/azure_cis_v200_2_1_16.yaml index e477ddd3d..cc4e8cc99 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_16.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_16.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_2_1_17.yaml b/compliance/controls/azure/azure_cis_v200_2_1_17.yaml index eb652b477..f671a9fd9 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_17.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_17.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_2_1_18.yaml b/compliance/controls/azure/azure_cis_v200_2_1_18.yaml index 2b9697419..986ed92a5 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_18.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_18.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_19.yaml b/compliance/controls/azure/azure_cis_v200_2_1_19.yaml index 724bd45b0..c66bd1837 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_19.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_19.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND jsonb_array_length(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_2.yaml b/compliance/controls/azure/azure_cis_v200_2_1_2.yaml index 5273020b6..39011fbde 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_20.yaml b/compliance/controls/azure/azure_cis_v200_2_1_20.yaml index 3072290af..2b1b2f300 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_20.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_20.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_21.yaml b/compliance/controls/azure/azure_cis_v200_2_1_21.yaml index 9158b3457..55550c516 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_21.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_21.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_22.yaml b/compliance/controls/azure/azure_cis_v200_2_1_22.yaml index 91746e328..d01d0e4e5 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_22.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_22.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_3.yaml b/compliance/controls/azure/azure_cis_v200_2_1_3.yaml index ae453458d..8ef139297 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_3.yaml @@ -23,8 +23,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN data ->> 'CosmosDbs' = 'Standard' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_4.yaml b/compliance/controls/azure/azure_cis_v200_2_1_4.yaml index 66586c2da..604e554d2 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_5.yaml b/compliance/controls/azure/azure_cis_v200_2_1_5.yaml index e9f063d07..d3ba4acc1 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_6.yaml b/compliance/controls/azure/azure_cis_v200_2_1_6.yaml index 805947580..d96f0e144 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_7.yaml b/compliance/controls/azure/azure_cis_v200_2_1_7.yaml index f176adb8f..733052947 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_8.yaml b/compliance/controls/azure/azure_cis_v200_2_1_8.yaml index 9040acd3c..f56ede935 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_1_9.yaml b/compliance/controls/azure/azure_cis_v200_2_1_9.yaml index 6afdf2581..b545dfcb9 100644 --- a/compliance/controls/azure/azure_cis_v200_2_1_9.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_1_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_2_2_1.yaml b/compliance/controls/azure/azure_cis_v200_2_2_1.yaml index 5f6057219..a80db7803 100644 --- a/compliance/controls/azure/azure_cis_v200_2_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_2_2_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_3_1.yaml b/compliance/controls/azure/azure_cis_v200_3_1.yaml index 46fc19bb3..2f94e7c21 100644 --- a/compliance/controls/azure/azure_cis_v200_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_10.yaml b/compliance/controls/azure/azure_cis_v200_3_10.yaml index 6ad7a7112..b8405a2b8 100644 --- a/compliance/controls/azure/azure_cis_v200_3_10.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_10.yaml @@ -21,8 +21,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_11.yaml b/compliance/controls/azure/azure_cis_v200_3_11.yaml index 17172b776..e2a54718a 100644 --- a/compliance/controls/azure/azure_cis_v200_3_11.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_12.yaml b/compliance/controls/azure/azure_cis_v200_3_12.yaml index 2b7d4d661..fd9d99129 100644 --- a/compliance/controls/azure/azure_cis_v200_3_12.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_12.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_14.yaml b/compliance/controls/azure/azure_cis_v200_3_14.yaml index 1ddcdaafb..506b6aa52 100644 --- a/compliance/controls/azure/azure_cis_v200_3_14.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_14.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN table_logging_write AND table_logging_read AND table_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_3_15.yaml b/compliance/controls/azure/azure_cis_v200_3_15.yaml index b42b9191d..a5f203c92 100644 --- a/compliance/controls/azure/azure_cis_v200_3_15.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_15.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimum_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_2.yaml b/compliance/controls/azure/azure_cis_v200_3_2.yaml index 4d611551a..dcffc8d92 100644 --- a/compliance/controls/azure/azure_cis_v200_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN require_infrastructure_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_3_3.yaml b/compliance/controls/azure/azure_cis_v200_3_3.yaml index 45205c711..671113e9e 100644 --- a/compliance/controls/azure/azure_cis_v200_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_3_4.yaml b/compliance/controls/azure/azure_cis_v200_3_4.yaml index d1714cefc..9471a17ac 100644 --- a/compliance/controls/azure/azure_cis_v200_3_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_3_5.yaml b/compliance/controls/azure/azure_cis_v200_3_5.yaml index f1fd47647..141b4b08b 100644 --- a/compliance/controls/azure/azure_cis_v200_3_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_3_6.yaml b/compliance/controls/azure/azure_cis_v200_3_6.yaml index 00f1c0b00..79ee1e2ab 100644 --- a/compliance/controls/azure/azure_cis_v200_3_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_3_8.yaml b/compliance/controls/azure/azure_cis_v200_3_8.yaml index 55d781b37..e3012d0da 100644 --- a/compliance/controls/azure/azure_cis_v200_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_3_9.yaml b/compliance/controls/azure/azure_cis_v200_3_9.yaml index 5a19b5642..f03c113f1 100644 --- a/compliance/controls/azure/azure_cis_v200_3_9.yaml +++ b/compliance/controls/azure/azure_cis_v200_3_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_1_2.yaml b/compliance/controls/azure/azure_cis_v200_4_1_2.yaml index 4056d787c..db9855205 100644 --- a/compliance/controls/azure/azure_cis_v200_4_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_cis_v200_4_1_4.yaml b/compliance/controls/azure/azure_cis_v200_4_1_4.yaml index 7e4a68e37..11dbcdb1a 100644 --- a/compliance/controls/azure/azure_cis_v200_4_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_3_1.yaml b/compliance/controls/azure/azure_cis_v200_4_3_1.yaml index b18a89b32..52208c89a 100644 --- a/compliance/controls/azure/azure_cis_v200_4_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_3_5.yaml b/compliance/controls/azure/azure_cis_v200_4_3_5.yaml index 5488e1f57..40827f562 100644 --- a/compliance/controls/azure/azure_cis_v200_4_3_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_3_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_3_7.yaml b/compliance/controls/azure/azure_cis_v200_4_3_7.yaml index d43f7cf8f..2745304a5 100644 --- a/compliance/controls/azure/azure_cis_v200_4_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_3_7.yaml @@ -22,8 +22,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_3_8.yaml b/compliance/controls/azure/azure_cis_v200_4_3_8.yaml index edb16b2ef..fbfbf7da9 100644 --- a/compliance/controls/azure/azure_cis_v200_4_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_4_4_1.yaml b/compliance/controls/azure/azure_cis_v200_4_4_1.yaml index 216188118..f53f1fe20 100644 --- a/compliance/controls/azure/azure_cis_v200_4_4_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_4_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_4_2.yaml b/compliance/controls/azure/azure_cis_v200_4_4_2.yaml index aa90bfc5e..cb36a1998 100644 --- a/compliance/controls/azure/azure_cis_v200_4_4_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_4_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_5_1.yaml b/compliance/controls/azure/azure_cis_v200_4_5_1.yaml index 2e4412d6a..42362f683 100644 --- a/compliance/controls/azure/azure_cis_v200_4_5_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_5_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Disabled' THEN 'ok' WHEN public_network_access = 'Enabled' AND is_virtual_network_filter_enabled = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_5_2.yaml b/compliance/controls/azure/azure_cis_v200_4_5_2.yaml index 8e99237f9..7476bfb7a 100644 --- a/compliance/controls/azure/azure_cis_v200_4_5_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_5_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_4_5_3.yaml b/compliance/controls/azure/azure_cis_v200_4_5_3.yaml index 0b8a4d2e0..db273f99d 100644 --- a/compliance/controls/azure/azure_cis_v200_4_5_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_4_5_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_5_1_1.yaml b/compliance/controls/azure/azure_cis_v200_5_1_1.yaml index 08d7d2ece..6ce81d921 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_5_1_2.yaml b/compliance/controls/azure/azure_cis_v200_5_1_2.yaml index 27bf9f7ce..61557e258 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_2.yaml @@ -21,8 +21,8 @@ Query: AND l ->> 'category' IN ('Administrative', 'Security', 'Alert', 'Policy')) AS valid_category_count, STRING_AGG(l ->> 'category', ', ') FILTER (WHERE l ->> 'enabled' = 'true' AND l ->> 'category' IN ('Administrative', 'Security', 'Alert', 'Policy')) AS valid_categories, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_diagnostic_setting, jsonb_array_elements(logs) AS l @@ -32,13 +32,13 @@ Query: _ctx, resource_group, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_5_1_3.yaml b/compliance/controls/azure/azure_cis_v200_5_1_3.yaml index e7ef76316..6f53f564b 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_5_1_5.yaml b/compliance/controls/azure/azure_cis_v200_5_1_5.yaml index 12b94c182..068cd320f 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_5.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_5_1_6.yaml b/compliance/controls/azure/azure_cis_v200_5_1_6.yaml index 9a0e806a4..622262b21 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_5_1_7.yaml b/compliance/controls/azure/azure_cis_v200_5_1_7.yaml index b962e46f6..d0c86ed9b 100644 --- a/compliance/controls/azure/azure_cis_v200_5_1_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_1_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_5_2_1.yaml b/compliance/controls/azure/azure_cis_v200_5_2_1.yaml index 5620bfd0c..312f1e80a 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_1.yaml @@ -17,8 +17,8 @@ Query: alert.enabled, alert.location, alert.subscription_id, - alert.og_account_id AS og_account_id, - alert.og_resource_id AS og_resource_id + alert.platform_account_id AS platform_account_id, + alert.platform_resource_id AS platform_resource_id FROM azure_log_alert AS alert, jsonb_array_elements_text(scopes) AS sc @@ -32,8 +32,8 @@ Query: ) SELECT a.subscription_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -50,8 +50,8 @@ Query: sub.subscription_id, sub._ctx, sub.display_name, - a.og_account_id, - a.og_resource_id; + a.platform_account_id, + a.platform_resource_id; Severity: low Tags: {} Title: 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_10.yaml b/compliance/controls/azure/azure_cis_v200_5_2_10.yaml index f4d52b75a..c5a793897 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_10.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'OK' ELSE 'ALARM' @@ -53,8 +53,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.10 Ensure that Activity Log Alert exists for Delete Public IP Address rule \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_2.yaml b/compliance/controls/azure/azure_cis_v200_5_2_2.yaml index b1de546d3..16343d098 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -47,8 +47,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_3.yaml b/compliance/controls/azure/azure_cis_v200_5_2_3.yaml index a4c817fe4..fb6a5b28c 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -59,8 +59,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_4.yaml b/compliance/controls/azure/azure_cis_v200_5_2_4.yaml index dcf2dd22a..b911877c3 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_4.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -58,8 +58,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_5.yaml b/compliance/controls/azure/azure_cis_v200_5_2_5.yaml index 95f515e0a..7f437bb27 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_5.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_6.yaml b/compliance/controls/azure/azure_cis_v200_5_2_6.yaml index f53fe62a3..d5f10d325 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_6.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id + sub.platform_account_id, + sub.platform_resource_id Severity: low Tags: {} Title: 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_7.yaml b/compliance/controls/azure/azure_cis_v200_5_2_7.yaml index 2911dec95..ccf976dcb 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_7.yaml @@ -38,8 +38,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_8.yaml b/compliance/controls/azure/azure_cis_v200_5_2_8.yaml index d6197a8e0..9c9594996 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_8.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -53,8 +53,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_2_9.yaml b/compliance/controls/azure/azure_cis_v200_5_2_9.yaml index da2d5d25f..c0ed51978 100644 --- a/compliance/controls/azure/azure_cis_v200_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_2_9.yaml @@ -38,8 +38,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: sub._ctx, sub.subscription_id, sub.display_name, - sub.og_account_id, - sub.og_resource_id; + sub.platform_account_id, + sub.platform_resource_id; Severity: low Tags: {} Title: 5.2.9 Ensure that Activity Log Alert exists for Create or Update Public IP Address rule \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v200_5_3_1.yaml b/compliance/controls/azure/azure_cis_v200_5_3_1.yaml index 9943f7de6..0072cb474 100644 --- a/compliance/controls/azure/azure_cis_v200_5_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_3_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_5_4.yaml b/compliance/controls/azure/azure_cis_v200_5_4.yaml index 853552542..b8c2ec26c 100644 --- a/compliance/controls/azure/azure_cis_v200_5_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_5_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_6_1.yaml b/compliance/controls/azure/azure_cis_v200_6_1.yaml index 0e4de5c56..d80c3dceb 100644 --- a/compliance/controls/azure/azure_cis_v200_6_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_6_1.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_6_2.yaml b/compliance/controls/azure/azure_cis_v200_6_2.yaml index 61a53648e..679982c5f 100644 --- a/compliance/controls/azure/azure_cis_v200_6_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_6_2.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_6_3.yaml b/compliance/controls/azure/azure_cis_v200_6_3.yaml index 88a2e62bf..364841982 100644 --- a/compliance/controls/azure/azure_cis_v200_6_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_6_3.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_6_4.yaml b/compliance/controls/azure/azure_cis_v200_6_4.yaml index 5ed591e39..d06ef38cd 100644 --- a/compliance/controls/azure/azure_cis_v200_6_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_6_4.yaml @@ -45,8 +45,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_6_7.yaml b/compliance/controls/azure/azure_cis_v200_6_7.yaml index dea6bd602..b80648d48 100644 --- a/compliance/controls/azure/azure_cis_v200_6_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_6_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_7_1.yaml b/compliance/controls/azure/azure_cis_v200_7_1.yaml index 668b399f3..c90971c42 100644 --- a/compliance/controls/azure/azure_cis_v200_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_1.yaml @@ -27,8 +27,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_7_2.yaml b/compliance/controls/azure/azure_cis_v200_7_2.yaml index f85b9fb4d..e059b395b 100644 --- a/compliance/controls/azure/azure_cis_v200_7_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_7_3.yaml b/compliance/controls/azure/azure_cis_v200_7_3.yaml index 3ec92700c..65cfb2304 100644 --- a/compliance/controls/azure/azure_cis_v200_7_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_7_4.yaml b/compliance/controls/azure/azure_cis_v200_7_4.yaml index c3121060b..5254cd89b 100644 --- a/compliance/controls/azure/azure_cis_v200_7_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_7_5.yaml b/compliance/controls/azure/azure_cis_v200_7_5.yaml index 4aea23eea..a20f9b0fd 100644 --- a/compliance/controls/azure/azure_cis_v200_7_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_7_6.yaml b/compliance/controls/azure/azure_cis_v200_7_6.yaml index 21ad70ff4..b7d9490d5 100644 --- a/compliance/controls/azure/azure_cis_v200_7_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_7_7.yaml b/compliance/controls/azure/azure_cis_v200_7_7.yaml index 3de39f58d..0c7953279 100644 --- a/compliance/controls/azure/azure_cis_v200_7_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_7_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_8_1.yaml b/compliance/controls/azure/azure_cis_v200_8_1.yaml index 92a0ad7e1..bd4ac867d 100644 --- a/compliance/controls/azure/azure_cis_v200_8_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_2.yaml b/compliance/controls/azure/azure_cis_v200_8_2.yaml index d37b1f9ae..1eb41cada 100644 --- a/compliance/controls/azure/azure_cis_v200_8_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_3.yaml b/compliance/controls/azure/azure_cis_v200_8_3.yaml index 5c6c8423f..0fb1ee9b3 100644 --- a/compliance/controls/azure/azure_cis_v200_8_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_3.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_4.yaml b/compliance/controls/azure/azure_cis_v200_8_4.yaml index b44fe0438..6d9097a39 100644 --- a/compliance/controls/azure/azure_cis_v200_8_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_4.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_5.yaml b/compliance/controls/azure/azure_cis_v200_8_5.yaml index c6e8cd883..a77e8dbc4 100644 --- a/compliance/controls/azure/azure_cis_v200_8_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_6.yaml b/compliance/controls/azure/azure_cis_v200_8_6.yaml index cccc80a87..b0fdf7014 100644 --- a/compliance/controls/azure/azure_cis_v200_8_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_rbac_authorization THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v200_8_8.yaml b/compliance/controls/azure/azure_cis_v200_8_8.yaml index 233c651dc..5ec047979 100644 --- a/compliance/controls/azure/azure_cis_v200_8_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_8_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_9_1.yaml b/compliance/controls/azure/azure_cis_v200_9_1.yaml index ac9ce47f3..619f93d26 100644 --- a/compliance/controls/azure/azure_cis_v200_9_1.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::BOOLEAN THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_9_11.yaml b/compliance/controls/azure/azure_cis_v200_9_11.yaml index ceed0d586..023282375 100644 --- a/compliance/controls/azure/azure_cis_v200_9_11.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_11.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_9_2.yaml b/compliance/controls/azure/azure_cis_v200_9_2.yaml index b9ede289d..70057ce9b 100644 --- a/compliance/controls/azure/azure_cis_v200_9_2.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_9_3.yaml b/compliance/controls/azure/azure_cis_v200_9_3.yaml index d53c87821..fb9d38f6a 100644 --- a/compliance/controls/azure/azure_cis_v200_9_3.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_9_4.yaml b/compliance/controls/azure/azure_cis_v200_9_4.yaml index 8f232087d..5069c759e 100644 --- a/compliance/controls/azure/azure_cis_v200_9_4.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT client_cert_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_9_5.yaml b/compliance/controls/azure/azure_cis_v200_9_5.yaml index c073c5853..d3d9dadbc 100644 --- a/compliance/controls/azure/azure_cis_v200_9_5.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v200_9_6.yaml b/compliance/controls/azure/azure_cis_v200_9_6.yaml index 12ef41ceb..4415e1f47 100644 --- a/compliance/controls/azure/azure_cis_v200_9_6.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_9_7.yaml b/compliance/controls/azure/azure_cis_v200_9_7.yaml index a59c669b9..081ca7825 100644 --- a/compliance/controls/azure/azure_cis_v200_9_7.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_9_8.yaml b/compliance/controls/azure/azure_cis_v200_9_8.yaml index 82c751a90..7297fa61f 100644 --- a/compliance/controls/azure/azure_cis_v200_9_8.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v200_9_9.yaml b/compliance/controls/azure/azure_cis_v200_9_9.yaml index df0f3741a..d40d6f04a 100644 --- a/compliance/controls/azure/azure_cis_v200_9_9.yaml +++ b/compliance/controls/azure/azure_cis_v200_9_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_10_1.yaml b/compliance/controls/azure/azure_cis_v210_10_1.yaml index a7b3f353d..cc68202f4 100644 --- a/compliance/controls/azure/azure_cis_v210_10_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_10_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_1_13.yaml b/compliance/controls/azure/azure_cis_v210_1_13.yaml index 99e6ab926..9305e0b8d 100644 --- a/compliance/controls/azure/azure_cis_v210_1_13.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_13.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateApps' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_1_18.yaml b/compliance/controls/azure/azure_cis_v210_1_18.yaml index 8ed6022e8..969d9821b 100644 --- a/compliance/controls/azure/azure_cis_v210_1_18.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_18.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateSecurityGroups' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_1_22.yaml b/compliance/controls/azure/azure_cis_v210_1_22.yaml index 4e8792356..0a71ca104 100644 --- a/compliance/controls/azure/azure_cis_v210_1_22.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_22.yaml @@ -18,8 +18,8 @@ Query: action, _ctx, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_role_definition, jsonb_array_elements(permissions) AS s, @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -50,8 +50,8 @@ Query: cr.subscription_id, cr._ctx, sub.display_name, - cr.og_account_id, - cr.og_resource_id; + cr.platform_account_id, + cr.platform_resource_id; Severity: low Tags: {} Title: 1.22 Ensure That No Custom Subscription Administrator Roles Exist \ No newline at end of file diff --git a/compliance/controls/azure/azure_cis_v210_1_25.yaml b/compliance/controls/azure/azure_cis_v210_1_25.yaml index 9907cac8f..23160146e 100644 --- a/compliance/controls/azure/azure_cis_v210_1_25.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_25.yaml @@ -15,16 +15,16 @@ Query: DISTINCT tenant_id, title, subscription_id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, _ctx FROM azure_tenant ) SELECT t.tenant_id AS resource, - t.og_account_id AS og_account_id, - t.og_resource_id AS og_resource_id, + t.platform_account_id AS platform_account_id, + t.platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(member_ids) <= 5 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_1_2_6.yaml b/compliance/controls/azure/azure_cis_v210_1_2_6.yaml index e94c2a5d2..ecf49d416 100644 --- a/compliance/controls/azure/azure_cis_v210_1_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_2_6.yaml @@ -20,8 +20,8 @@ Query: ) SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.built_in_controls @> '["mfa"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_1_2_7.yaml b/compliance/controls/azure/azure_cis_v210_1_2_7.yaml index ef378c6d4..73d1a92b6 100644 --- a/compliance/controls/azure/azure_cis_v210_1_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_2_7.yaml @@ -26,8 +26,8 @@ Query: ) SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.built_in_controls @> '["mfa"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_1_4.yaml b/compliance/controls/azure/azure_cis_v210_1_4.yaml index 8fba75ac5..230f9f750 100644 --- a/compliance/controls/azure/azure_cis_v210_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_1_4.yaml @@ -20,8 +20,8 @@ Query: ) SELECT u.display_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT account_enabled THEN 'alarm' WHEN u.created_date_time::timestamp <= (CURRENT_DATE - INTERVAL '30' DAY) THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_1.yaml b/compliance/controls/azure/azure_cis_v210_2_1_1.yaml index 7caeb5e3b..94464a012 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_10.yaml b/compliance/controls/azure/azure_cis_v210_2_1_10.yaml index 5d7852d5b..298b4a54c 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_10.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_10.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_11.yaml b/compliance/controls/azure/azure_cis_v210_2_1_11.yaml index 6836546d8..0990e1409 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_11.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_12.yaml b/compliance/controls/azure/azure_cis_v210_2_1_12.yaml index 55e54a043..ecf062092 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_12.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_12.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_2_1_13.yaml b/compliance/controls/azure/azure_cis_v210_2_1_13.yaml index 977cd9f2a..e43543fa8 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_13.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_13.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_2_1_14.yaml b/compliance/controls/azure/azure_cis_v210_2_1_14.yaml index ebb8e06ca..15c571310 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_14.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_14.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_15.yaml b/compliance/controls/azure/azure_cis_v210_2_1_15.yaml index 09e2bbd36..c31504770 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_15.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_15.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_2_1_16.yaml b/compliance/controls/azure/azure_cis_v210_2_1_16.yaml index 48eb5dcc3..999de5a5f 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_16.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_16.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_17.yaml b/compliance/controls/azure/azure_cis_v210_2_1_17.yaml index 7deebb63b..a941247f2 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_17.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_17.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_18.yaml b/compliance/controls/azure/azure_cis_v210_2_1_18.yaml index d7544cbd1..9463a9610 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_18.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_18.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND JSONB_ARRAY_LENGTH(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_19.yaml b/compliance/controls/azure/azure_cis_v210_2_1_19.yaml index 71ef89303..59e197351 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_19.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_19.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_2.yaml b/compliance/controls/azure/azure_cis_v210_2_1_2.yaml index 5fd18928d..06339ca66 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_20.yaml b/compliance/controls/azure/azure_cis_v210_2_1_20.yaml index adf311b1b..fd0bd4bcc 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_20.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_20.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_21.yaml b/compliance/controls/azure/azure_cis_v210_2_1_21.yaml index 0cec47812..a1cb05dcd 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_21.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_21.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_22.yaml b/compliance/controls/azure/azure_cis_v210_2_1_22.yaml index 45859ad77..155168268 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_22.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_22.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_2_1_3.yaml b/compliance/controls/azure/azure_cis_v210_2_1_3.yaml index 704abef89..bbebc4c8e 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_4.yaml b/compliance/controls/azure/azure_cis_v210_2_1_4.yaml index ece1a72fa..286a1112c 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_5.yaml b/compliance/controls/azure/azure_cis_v210_2_1_5.yaml index eb39146e0..864530b9c 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_6.yaml b/compliance/controls/azure/azure_cis_v210_2_1_6.yaml index c057eb329..6c38f7fd9 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_7.yaml b/compliance/controls/azure/azure_cis_v210_2_1_7.yaml index cd9198c82..768e56c99 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_1_8.yaml b/compliance/controls/azure/azure_cis_v210_2_1_8.yaml index 4ed58b207..a91331f7b 100644 --- a/compliance/controls/azure/azure_cis_v210_2_1_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_1_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_2_2_1.yaml b/compliance/controls/azure/azure_cis_v210_2_2_1.yaml index df37772d3..bb58a7904 100644 --- a/compliance/controls/azure/azure_cis_v210_2_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_2_2_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_3_1.yaml b/compliance/controls/azure/azure_cis_v210_3_1.yaml index 17acce392..b9aee25d2 100644 --- a/compliance/controls/azure/azure_cis_v210_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_10.yaml b/compliance/controls/azure/azure_cis_v210_3_10.yaml index 873ab7bdc..4d7ce6905 100644 --- a/compliance/controls/azure/azure_cis_v210_3_10.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_10.yaml @@ -21,8 +21,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_11.yaml b/compliance/controls/azure/azure_cis_v210_3_11.yaml index 1dd72a392..809fb618a 100644 --- a/compliance/controls/azure/azure_cis_v210_3_11.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_11.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_12.yaml b/compliance/controls/azure/azure_cis_v210_3_12.yaml index 4a1f2797e..fc5950268 100644 --- a/compliance/controls/azure/azure_cis_v210_3_12.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_12.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_13.yaml b/compliance/controls/azure/azure_cis_v210_3_13.yaml index dd3f04cbb..2f187db94 100644 --- a/compliance/controls/azure/azure_cis_v210_3_13.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_13.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT (sa.blob_service_logging ->> 'Read')::BOOLEAN OR NOT (sa.blob_service_logging ->> 'Write')::BOOLEAN diff --git a/compliance/controls/azure/azure_cis_v210_3_14.yaml b/compliance/controls/azure/azure_cis_v210_3_14.yaml index a0f648e0c..c75bed1a2 100644 --- a/compliance/controls/azure/azure_cis_v210_3_14.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_14.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN table_logging_write AND table_logging_read AND table_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_3_15.yaml b/compliance/controls/azure/azure_cis_v210_3_15.yaml index 448e1b639..f690f568d 100644 --- a/compliance/controls/azure/azure_cis_v210_3_15.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_15.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimum_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_16.yaml b/compliance/controls/azure/azure_cis_v210_3_16.yaml index fc1be0582..27f6626f4 100644 --- a/compliance/controls/azure/azure_cis_v210_3_16.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_16.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_3_2.yaml b/compliance/controls/azure/azure_cis_v210_3_2.yaml index 0d20a4c8b..62692210d 100644 --- a/compliance/controls/azure/azure_cis_v210_3_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN require_infrastructure_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_3_3.yaml b/compliance/controls/azure/azure_cis_v210_3_3.yaml index 34a95f6cb..2b7d01ed5 100644 --- a/compliance/controls/azure/azure_cis_v210_3_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_3_4.yaml b/compliance/controls/azure/azure_cis_v210_3_4.yaml index 12821ec21..fab117e57 100644 --- a/compliance/controls/azure/azure_cis_v210_3_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_3_5.yaml b/compliance/controls/azure/azure_cis_v210_3_5.yaml index d1e109e1a..4ddd6a4fe 100644 --- a/compliance/controls/azure/azure_cis_v210_3_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_3_6.yaml b/compliance/controls/azure/azure_cis_v210_3_6.yaml index 4c367a7e1..3d099de81 100644 --- a/compliance/controls/azure/azure_cis_v210_3_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_3_7.yaml b/compliance/controls/azure/azure_cis_v210_3_7.yaml index 7d2d11981..06959f90f 100644 --- a/compliance/controls/azure/azure_cis_v210_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_7.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(sa.public_network_access) = 'disabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_3_8.yaml b/compliance/controls/azure/azure_cis_v210_3_8.yaml index ff91ab801..6c75e0a26 100644 --- a/compliance/controls/azure/azure_cis_v210_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_3_9.yaml b/compliance/controls/azure/azure_cis_v210_3_9.yaml index 9f170cf71..4699be795 100644 --- a/compliance/controls/azure/azure_cis_v210_3_9.yaml +++ b/compliance/controls/azure/azure_cis_v210_3_9.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_1_2.yaml b/compliance/controls/azure/azure_cis_v210_4_1_2.yaml index 79f5c0572..90d01a5c0 100644 --- a/compliance/controls/azure/azure_cis_v210_4_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_cis_v210_4_1_4.yaml b/compliance/controls/azure/azure_cis_v210_4_1_4.yaml index 6b60dd6e3..f8117a4f1 100644 --- a/compliance/controls/azure/azure_cis_v210_4_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_1_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_1_5.yaml b/compliance/controls/azure/azure_cis_v210_4_1_5.yaml index 46c2e6346..7bcc5b740 100644 --- a/compliance/controls/azure/azure_cis_v210_4_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_1_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Enabled' OR transparent_data_encryption ->> 'state' = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_4_3_1.yaml b/compliance/controls/azure/azure_cis_v210_4_3_1.yaml index f182e491c..249eae357 100644 --- a/compliance/controls/azure/azure_cis_v210_4_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_3_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_3_7.yaml b/compliance/controls/azure/azure_cis_v210_4_3_7.yaml index 912e7508a..d8bcd6dd8 100644 --- a/compliance/controls/azure/azure_cis_v210_4_3_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_3_7.yaml @@ -22,8 +22,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_3_8.yaml b/compliance/controls/azure/azure_cis_v210_4_3_8.yaml index 6be414a57..904adc875 100644 --- a/compliance/controls/azure/azure_cis_v210_4_3_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_3_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_4_4_1.yaml b/compliance/controls/azure/azure_cis_v210_4_4_1.yaml index 7f9cb9f14..ba00c2743 100644 --- a/compliance/controls/azure/azure_cis_v210_4_4_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_4_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_4_2.yaml b/compliance/controls/azure/azure_cis_v210_4_4_2.yaml index 3bc36c1bf..4654955d1 100644 --- a/compliance/controls/azure/azure_cis_v210_4_4_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_4_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_5_1.yaml b/compliance/controls/azure/azure_cis_v210_4_5_1.yaml index bf293bc9f..2bef8fb5b 100644 --- a/compliance/controls/azure/azure_cis_v210_4_5_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_5_1.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Disabled' THEN 'ok' WHEN public_network_access = 'Enabled' AND is_virtual_network_filter_enabled = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_5_2.yaml b/compliance/controls/azure/azure_cis_v210_4_5_2.yaml index 656530f04..0ea328449 100644 --- a/compliance/controls/azure/azure_cis_v210_4_5_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_5_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_4_5_3.yaml b/compliance/controls/azure/azure_cis_v210_4_5_3.yaml index 457de812b..5de134266 100644 --- a/compliance/controls/azure/azure_cis_v210_4_5_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_4_5_3.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_5_1_1.yaml b/compliance/controls/azure/azure_cis_v210_5_1_1.yaml index 913f14924..54374d76f 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_1.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_5_1_2.yaml b/compliance/controls/azure/azure_cis_v210_5_1_2.yaml index 8990c5ed2..a7c725c21 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_2.yaml @@ -17,8 +17,8 @@ Query: _ctx, resource_group, subscription_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, COUNT(*) FILTER (WHERE l ->> 'enabled' = 'true' AND l ->> 'category' IN ('Administrative', 'Security', 'Alert', 'Policy') ) AS valid_category_count, @@ -34,13 +34,13 @@ Query: _ctx, resource_group, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_5_1_3.yaml b/compliance/controls/azure/azure_cis_v210_5_1_3.yaml index 41b0c5a6e..4717e83c2 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_3.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.encryption_key_source = 'Microsoft.Keyvault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_5_1_4.yaml b/compliance/controls/azure/azure_cis_v210_5_1_4.yaml index 2e96ab2e1..c1346ba7c 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_4.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_5_1_5.yaml b/compliance/controls/azure/azure_cis_v210_5_1_5.yaml index 4c0181c6b..582898126 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_5_1_6.yaml b/compliance/controls/azure/azure_cis_v210_5_1_6.yaml index c497a6bfc..0af73f478 100644 --- a/compliance/controls/azure/azure_cis_v210_5_1_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_1_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_5_2_1.yaml b/compliance/controls/azure/azure_cis_v210_5_2_1.yaml index eeec464bd..6a62098e8 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_1.yaml @@ -30,8 +30,8 @@ Query: ) SELECT a.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: GROUP BY a.subscription_id, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.display_name; Severity: low diff --git a/compliance/controls/azure/azure_cis_v210_5_2_10.yaml b/compliance/controls/azure/azure_cis_v210_5_2_10.yaml index 000428552..cc9c597cb 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_10.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_10.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -52,8 +52,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_2.yaml b/compliance/controls/azure/azure_cis_v210_5_2_2.yaml index 9634f6322..bf000c2bb 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_2.yaml @@ -30,8 +30,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_3.yaml b/compliance/controls/azure/azure_cis_v210_5_2_3.yaml index 95b3a6b1d..da196520e 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_3.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_4.yaml b/compliance/controls/azure/azure_cis_v210_5_2_4.yaml index a9de8566e..d11575a01 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_4.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_5.yaml b/compliance/controls/azure/azure_cis_v210_5_2_5.yaml index 99afc4d15..9c25760bb 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_5.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_6.yaml b/compliance/controls/azure/azure_cis_v210_5_2_6.yaml index 06dd7c3a9..5120863af 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_6.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN count(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_7.yaml b/compliance/controls/azure/azure_cis_v210_5_2_7.yaml index 449414741..6afd88884 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_7.yaml @@ -36,8 +36,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -52,8 +52,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_8.yaml b/compliance/controls/azure/azure_cis_v210_5_2_8.yaml index 6e63de958..47824eca4 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_8.yaml @@ -37,8 +37,8 @@ Query: SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -54,8 +54,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_2_9.yaml b/compliance/controls/azure/azure_cis_v210_5_2_9.yaml index 10ba04958..6ef11f5b2 100644 --- a/compliance/controls/azure/azure_cis_v210_5_2_9.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_2_9.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_cis_v210_5_3_1.yaml b/compliance/controls/azure/azure_cis_v210_5_3_1.yaml index 124748076..555c2eb74 100644 --- a/compliance/controls/azure/azure_cis_v210_5_3_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_3_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_5_4.yaml b/compliance/controls/azure/azure_cis_v210_5_4.yaml index b43608882..8e72a87c7 100644 --- a/compliance/controls/azure/azure_cis_v210_5_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_5_4.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_6_1.yaml b/compliance/controls/azure/azure_cis_v210_6_1.yaml index 1f7b3417b..0efff9d4c 100644 --- a/compliance/controls/azure/azure_cis_v210_6_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_1.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_6_2.yaml b/compliance/controls/azure/azure_cis_v210_6_2.yaml index e95996d6c..c8740817d 100644 --- a/compliance/controls/azure/azure_cis_v210_6_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_2.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_6_3.yaml b/compliance/controls/azure/azure_cis_v210_6_3.yaml index 740a6966e..82f042907 100644 --- a/compliance/controls/azure/azure_cis_v210_6_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_3.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_6_4.yaml b/compliance/controls/azure/azure_cis_v210_6_4.yaml index bd51c45d1..33c15a182 100644 --- a/compliance/controls/azure/azure_cis_v210_6_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_4.yaml @@ -45,8 +45,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_6_6.yaml b/compliance/controls/azure/azure_cis_v210_6_6.yaml index ae1ca53dd..bd5b828a4 100644 --- a/compliance/controls/azure/azure_cis_v210_6_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_6.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT loc.id AS resource, - loc.og_account_id AS og_account_id, - loc.og_resource_id AS og_resource_id, + loc.platform_account_id AS platform_account_id, + loc.platform_resource_id AS platform_resource_id, CASE WHEN watcher.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_6_7.yaml b/compliance/controls/azure/azure_cis_v210_6_7.yaml index 467bb91a0..637f0f146 100644 --- a/compliance/controls/azure/azure_cis_v210_6_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_6_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_7_1.yaml b/compliance/controls/azure/azure_cis_v210_7_1.yaml index c974be458..1e3392c9e 100644 --- a/compliance/controls/azure/azure_cis_v210_7_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_1.yaml @@ -27,8 +27,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_7_2.yaml b/compliance/controls/azure/azure_cis_v210_7_2.yaml index d6fac94ff..a2f7a3cad 100644 --- a/compliance/controls/azure/azure_cis_v210_7_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_7_3.yaml b/compliance/controls/azure/azure_cis_v210_7_3.yaml index cb70a6fd3..66d8f83e1 100644 --- a/compliance/controls/azure/azure_cis_v210_7_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_7_4.yaml b/compliance/controls/azure/azure_cis_v210_7_4.yaml index 7a87ae845..349f8f093 100644 --- a/compliance/controls/azure/azure_cis_v210_7_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_7_5.yaml b/compliance/controls/azure/azure_cis_v210_7_5.yaml index 44adb00fd..508e36e5d 100644 --- a/compliance/controls/azure/azure_cis_v210_7_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_5.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_7_6.yaml b/compliance/controls/azure/azure_cis_v210_7_6.yaml index c60170e7b..84f323c6c 100644 --- a/compliance/controls/azure/azure_cis_v210_7_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_6.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_7_7.yaml b/compliance/controls/azure/azure_cis_v210_7_7.yaml index a0700f2f6..c1b2ff20a 100644 --- a/compliance/controls/azure/azure_cis_v210_7_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_7.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_7_8.yaml b/compliance/controls/azure/azure_cis_v210_7_8.yaml index ca0aab1c5..f54b64a3d 100644 --- a/compliance/controls/azure/azure_cis_v210_7_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_7_9.yaml b/compliance/controls/azure/azure_cis_v210_7_9.yaml index f342df438..1ca86f56f 100644 --- a/compliance/controls/azure/azure_cis_v210_7_9.yaml +++ b/compliance/controls/azure/azure_cis_v210_7_9.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_8_1.yaml b/compliance/controls/azure/azure_cis_v210_8_1.yaml index 942759328..5dbab5f0d 100644 --- a/compliance/controls/azure/azure_cis_v210_8_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_1.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_2.yaml b/compliance/controls/azure/azure_cis_v210_8_2.yaml index 02721c6d6..c38d6d0f3 100644 --- a/compliance/controls/azure/azure_cis_v210_8_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_2.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_3.yaml b/compliance/controls/azure/azure_cis_v210_8_3.yaml index 9591c9c7b..d696177fe 100644 --- a/compliance/controls/azure/azure_cis_v210_8_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_3.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_4.yaml b/compliance/controls/azure/azure_cis_v210_8_4.yaml index 789c09bea..d77212991 100644 --- a/compliance/controls/azure/azure_cis_v210_8_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_4.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_5.yaml b/compliance/controls/azure/azure_cis_v210_8_5.yaml index ae5b2d907..b6f596c15 100644 --- a/compliance/controls/azure/azure_cis_v210_8_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_5.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_6.yaml b/compliance/controls/azure/azure_cis_v210_8_6.yaml index e728e20ef..e60803827 100644 --- a/compliance/controls/azure/azure_cis_v210_8_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_6.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_rbac_authorization THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cis_v210_8_8.yaml b/compliance/controls/azure/azure_cis_v210_8_8.yaml index 1c9100a87..d1b44cee9 100644 --- a/compliance/controls/azure/azure_cis_v210_8_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_8_8.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_9_1.yaml b/compliance/controls/azure/azure_cis_v210_9_1.yaml index 1e8aa5b33..69325798e 100644 --- a/compliance/controls/azure/azure_cis_v210_9_1.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_1.yaml @@ -15,8 +15,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (auth_settings -> 'properties' ->> 'enabled')::boolean THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_10.yaml b/compliance/controls/azure/azure_cis_v210_9_10.yaml index 777dcfa85..729db2492 100644 --- a/compliance/controls/azure/azure_cis_v210_9_10.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_10.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cis_v210_9_2.yaml b/compliance/controls/azure/azure_cis_v210_9_2.yaml index cf04daff4..f91c7f2c9 100644 --- a/compliance/controls/azure/azure_cis_v210_9_2.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT https_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_3.yaml b/compliance/controls/azure/azure_cis_v210_9_3.yaml index a56e28010..8bb15d568 100644 --- a/compliance/controls/azure/azure_cis_v210_9_3.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN configuration -> 'properties' ->> 'minTlsVersion' < '1.2' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_4.yaml b/compliance/controls/azure/azure_cis_v210_9_4.yaml index c2ba76b40..2358d1602 100644 --- a/compliance/controls/azure/azure_cis_v210_9_4.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_4.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN identity = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_5.yaml b/compliance/controls/azure/azure_cis_v210_9_5.yaml index 415c42dea..7b166888f 100644 --- a/compliance/controls/azure/azure_cis_v210_9_5.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_5.yaml @@ -34,8 +34,8 @@ Query: SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'PHP%' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_6.yaml b/compliance/controls/azure/azure_cis_v210_9_6.yaml index 9d2ec23b2..07182893d 100644 --- a/compliance/controls/azure/azure_cis_v210_9_6.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_6.yaml @@ -33,8 +33,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'PYTHON%' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_7.yaml b/compliance/controls/azure/azure_cis_v210_9_7.yaml index add02ae6f..4c0ad1d97 100644 --- a/compliance/controls/azure/azure_cis_v210_9_7.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_7.yaml @@ -35,8 +35,8 @@ Query: SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NULL THEN 'skip' WHEN configuration -> 'properties' ->> 'linuxFxVersion' NOT LIKE 'JAVA%' THEN 'ok' diff --git a/compliance/controls/azure/azure_cis_v210_9_8.yaml b/compliance/controls/azure/azure_cis_v210_9_8.yaml index bb7f3f861..7f3973291 100644 --- a/compliance/controls/azure/azure_cis_v210_9_8.yaml +++ b/compliance/controls/azure/azure_cis_v210_9_8.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT app.id AS resource, - app.og_account_id AS og_account_id, - app.og_resource_id AS og_resource_id, + app.platform_account_id AS platform_account_id, + app.platform_resource_id AS platform_resource_id, CASE WHEN NOT (configuration -> 'properties' ->> 'http20Enabled')::BOOLEAN THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cognitive_account_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_cognitive_account_encrypted_with_cmk.yaml index 9ac999663..32f8ee821 100644 --- a/compliance/controls/azure/azure_cognitive_account_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_cognitive_account_encrypted_with_cmk.yaml @@ -21,8 +21,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'ok' WHEN c.id IS NOT NULL AND encryption ->> 'keySource' = 'Microsoft.KeyVault' THEN 'ok' diff --git a/compliance/controls/azure/azure_cognitive_account_private_link_used.yaml b/compliance/controls/azure/azure_cognitive_account_private_link_used.yaml index 087c2e086..22ea8e9a2 100644 --- a/compliance/controls/azure/azure_cognitive_account_private_link_used.yaml +++ b/compliance/controls/azure/azure_cognitive_account_private_link_used.yaml @@ -25,8 +25,8 @@ Query: ) SELECT b.id AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(b.private_endpoint_connections) = 0 THEN 'info' WHEN c.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_cognitive_account_public_network_access_disabled.yaml b/compliance/controls/azure/azure_cognitive_account_public_network_access_disabled.yaml index 4377258ce..b35c3ed1e 100644 --- a/compliance/controls/azure/azure_cognitive_account_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_cognitive_account_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cognitive_account_restrict_public_access.yaml b/compliance/controls/azure/azure_cognitive_account_restrict_public_access.yaml index a94919a95..e2af50772 100644 --- a/compliance/controls/azure/azure_cognitive_account_restrict_public_access.yaml +++ b/compliance/controls/azure/azure_cognitive_account_restrict_public_access.yaml @@ -22,8 +22,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cognitive_service_local_auth_disabled.yaml b/compliance/controls/azure/azure_cognitive_service_local_auth_disabled.yaml index e85baae30..f357a5f0d 100644 --- a/compliance/controls/azure/azure_cognitive_service_local_auth_disabled.yaml +++ b/compliance/controls/azure/azure_cognitive_service_local_auth_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN disable_local_auth THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_disk_access_uses_private_link.yaml b/compliance/controls/azure/azure_compute_disk_access_uses_private_link.yaml index 8d3549997..d65a6bfe4 100644 --- a/compliance/controls/azure/azure_compute_disk_access_uses_private_link.yaml +++ b/compliance/controls/azure/azure_compute_disk_access_uses_private_link.yaml @@ -18,8 +18,8 @@ Query: ) SELECT b.id AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_compute_disk_unattached_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_compute_disk_unattached_encrypted_with_cmk.yaml index b5e6ddad2..6c3bad407 100644 --- a/compliance/controls/azure/azure_compute_disk_unattached_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_compute_disk_unattached_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN managed_by IS NOT NULL OR managed_by != '' diff --git a/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk.yaml index 499e40ea1..a96abd0b3 100644 --- a/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk_and_platform_managed.yaml b/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk_and_platform_managed.yaml index 3da1cafda..85661de5c 100644 --- a/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk_and_platform_managed.yaml +++ b/compliance/controls/azure/azure_compute_os_and_data_disk_encrypted_with_cmk_and_platform_managed.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithPlatformAndCustomerKeys' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_unattached_disk_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_compute_unattached_disk_encrypted_with_cmk.yaml index b9f8fba06..4d9dcc81a 100644 --- a/compliance/controls/azure/azure_compute_unattached_disk_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_compute_unattached_disk_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id AS og_account_id, - disk.og_resource_id AS og_resource_id, + disk.platform_account_id AS platform_account_id, + disk.platform_resource_id AS platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_account_with_password_linux.yaml b/compliance/controls/azure/azure_compute_vm_account_with_password_linux.yaml index 0d8a3f66e..ec5969283 100644 --- a/compliance/controls/azure/azure_compute_vm_account_with_password_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_account_with_password_linux.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_adaptive_application_controls_enabled.yaml b/compliance/controls/azure/azure_compute_vm_adaptive_application_controls_enabled.yaml index 05e729c05..2d90e3c1d 100644 --- a/compliance/controls/azure/azure_compute_vm_adaptive_application_controls_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_adaptive_application_controls_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_adaptive_network_hardening_recommendation_applied.yaml b/compliance/controls/azure/azure_compute_vm_adaptive_network_hardening_recommendation_applied.yaml index fc8d0b227..f81a76699 100644 --- a/compliance/controls/azure/azure_compute_vm_adaptive_network_hardening_recommendation_applied.yaml +++ b/compliance/controls/azure/azure_compute_vm_adaptive_network_hardening_recommendation_applied.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_administrators_group_with_extra_accounts_windows.yaml b/compliance/controls/azure/azure_compute_vm_administrators_group_with_extra_accounts_windows.yaml index 1358e368d..37fd975f1 100644 --- a/compliance/controls/azure/azure_compute_vm_administrators_group_with_extra_accounts_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_administrators_group_with_extra_accounts_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_administrators_group_with_no_specified_members_windows.yaml b/compliance/controls/azure/azure_compute_vm_administrators_group_with_no_specified_members_windows.yaml index d50757f86..3daa73522 100644 --- a/compliance/controls/azure/azure_compute_vm_administrators_group_with_no_specified_members_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_administrators_group_with_no_specified_members_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_administrators_group_with_specified_members_windows.yaml b/compliance/controls/azure/azure_compute_vm_administrators_group_with_specified_members_windows.yaml index 1d267616e..645d2f1e8 100644 --- a/compliance/controls/azure/azure_compute_vm_administrators_group_with_specified_members_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_administrators_group_with_specified_members_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated.yaml b/compliance/controls/azure/azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated.yaml index 344261bf5..3b77c7824 100644 --- a/compliance/controls/azure/azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated.yaml +++ b/compliance/controls/azure/azure_compute_vm_allowlist_rules_in_adaptive_application_control_policy_updated.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml b/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml index 281ac3fd3..aa0633c9c 100644 --- a/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_and_sacle_set_encryption_at_host_enabled.yaml @@ -14,9 +14,9 @@ Query: ( SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, - 'azure_compute_virtual_machine' AS og_table_name, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, + 'azure_compute_virtual_machine' AS platform_table_name, CASE WHEN security_profile -> 'encryptionAtHost' = 'true' THEN 'ok' ELSE 'alarm' @@ -37,9 +37,9 @@ Query: ( SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, - 'azure_compute_virtual_machine_scale_set' AS og_table_name, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, + 'azure_compute_virtual_machine_scale_set' AS platform_table_name, CASE WHEN virtual_machine_security_profile -> 'encryptionAtHost' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_attached_with_network.yaml b/compliance/controls/azure/azure_compute_vm_attached_with_network.yaml index 518ffa6aa..9376123c2 100644 --- a/compliance/controls/azure/azure_compute_vm_attached_with_network.yaml +++ b/compliance/controls/azure/azure_compute_vm_attached_with_network.yaml @@ -39,8 +39,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_azure_backup_enabled.yaml b/compliance/controls/azure/azure_compute_vm_azure_backup_enabled.yaml index 59259c526..bdec929ab 100644 --- a/compliance/controls/azure/azure_compute_vm_azure_backup_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_azure_backup_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_container_security_configurations_vulnerabilities_remediated.yaml b/compliance/controls/azure/azure_compute_vm_container_security_configurations_vulnerabilities_remediated.yaml index a6e62f43a..1a8a23eb6 100644 --- a/compliance/controls/azure/azure_compute_vm_container_security_configurations_vulnerabilities_remediated.yaml +++ b/compliance/controls/azure/azure_compute_vm_container_security_configurations_vulnerabilities_remediated.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_data_and_os_disk_uses_managed_disk.yaml b/compliance/controls/azure/azure_compute_vm_data_and_os_disk_uses_managed_disk.yaml index ac3a4fbaf..7bb6a6ee7 100644 --- a/compliance/controls/azure/azure_compute_vm_data_and_os_disk_uses_managed_disk.yaml +++ b/compliance/controls/azure/azure_compute_vm_data_and_os_disk_uses_managed_disk.yaml @@ -24,8 +24,8 @@ Query: ) SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL AND d.count > 0 THEN 'alarm' WHEN managed_disk_id IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_disaster_recovery_enabled.yaml b/compliance/controls/azure/azure_compute_vm_disaster_recovery_enabled.yaml index f30152278..d61e79ac8 100644 --- a/compliance/controls/azure/azure_compute_vm_disaster_recovery_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_disaster_recovery_enabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN l.source_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_endpoint_protection_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_endpoint_protection_agent_installed.yaml index 674b1e5a4..43637f786 100644 --- a/compliance/controls/azure/azure_compute_vm_endpoint_protection_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_endpoint_protection_agent_installed.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed.yaml index d4c31f6bd..1bf951502 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_linux.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_linux.yaml index 579b4812f..0d0a98445 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_linux.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_windows.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_windows.yaml index 412bb2f97..c85ea1ce4 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_installed_windows.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_no_managed_identity.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_no_managed_identity.yaml index 35c574435..09b551606 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_no_managed_identity.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_no_managed_identity.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NULL THEN 'skip' WHEN b.vm_id IS NOT NULL AND identity ->> 'type' IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_system_assigned_managed_identity.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_system_assigned_managed_identity.yaml index 4a1d68475..4935abb09 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_system_assigned_managed_identity.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_system_assigned_managed_identity.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NULL THEN 'skip' WHEN b.vm_id IS NOT NULL AND string_to_array(identity ->> 'type', ', ') @> ARRAY['SystemAssigned'] THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_user_and_system_assigned_managed_identity.yaml b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_user_and_system_assigned_managed_identity.yaml index 4e14b4ba9..8b31cd3dc 100644 --- a/compliance/controls/azure/azure_compute_vm_guest_configuration_with_user_and_system_assigned_managed_identity.yaml +++ b/compliance/controls/azure/azure_compute_vm_guest_configuration_with_user_and_system_assigned_managed_identity.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NULL THEN 'skip' WHEN NOT string_to_array(a.identity ->> 'type', ', ') @> ARRAY['UserAssigned'] THEN 'skip' diff --git a/compliance/controls/azure/azure_compute_vm_image_builder_uses_private_link.yaml b/compliance/controls/azure/azure_compute_vm_image_builder_uses_private_link.yaml index ecfc38e0f..2c89deb6a 100644 --- a/compliance/controls/azure/azure_compute_vm_image_builder_uses_private_link.yaml +++ b/compliance/controls/azure/azure_compute_vm_image_builder_uses_private_link.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_jit_access_protected.yaml b/compliance/controls/azure/azure_compute_vm_jit_access_protected.yaml index 1777d0339..8a6eed829 100644 --- a/compliance/controls/azure/azure_compute_vm_jit_access_protected.yaml +++ b/compliance/controls/azure/azure_compute_vm_jit_access_protected.yaml @@ -26,8 +26,8 @@ Query: ) SELECT DISTINCT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(vm.id) = LOWER(vms ->> 'id') THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed.yaml index 212780985..b853abf5e 100644 --- a/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed_windows.yaml b/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed_windows.yaml index 09e8d8d6c..246d87690 100644 --- a/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_log_analytics_agent_installed_windows.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_malware_agent_automatic_upgrade_enabled.yaml b/compliance/controls/azure/azure_compute_vm_malware_agent_automatic_upgrade_enabled.yaml index 13fcfb8c5..f74dd0a84 100644 --- a/compliance/controls/azure/azure_compute_vm_malware_agent_automatic_upgrade_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_malware_agent_automatic_upgrade_enabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_malware_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_malware_agent_installed.yaml index 6b2ddc06e..b04b5d2a4 100644 --- a/compliance/controls/azure/azure_compute_vm_malware_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_malware_agent_installed.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_max_password_age_70_days_windows.yaml b/compliance/controls/azure/azure_compute_vm_max_password_age_70_days_windows.yaml index c084a2568..fc2ee3de1 100644 --- a/compliance/controls/azure/azure_compute_vm_max_password_age_70_days_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_max_password_age_70_days_windows.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_meet_firewall_properties_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_firewall_properties_windows.yaml index c77c87813..121c56eb6 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_firewall_properties_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_firewall_properties_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_linux.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_linux.yaml index 163ebfa82..6299481dc 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_linux.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_windows.yaml index 0ea3cc3ba..6bf63d90a 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_baseline_requirements_windows.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_option_audit_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_option_audit_requirement_windows.yaml index e062dc540..cf9713144 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_option_audit_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_option_audit_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_option_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_option_requirement_windows.yaml index 7cd895729..b0ed8c82e 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_option_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_option_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_options_network_access_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_options_network_access_requirement_windows.yaml index 7f1232dd2..2c066503a 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_options_network_access_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_options_network_access_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_options_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_options_requirement_windows.yaml index b3a9046db..7c3d65841 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_options_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_options_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_security_options_user_account_control_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_security_options_user_account_control_requirement_windows.yaml index f1d316c2b..bf1caaf3b 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_security_options_user_account_control_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_security_options_user_account_control_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_meet_system_audit_policies_requirement_windows.yaml b/compliance/controls/azure/azure_compute_vm_meet_system_audit_policies_requirement_windows.yaml index c496bea82..7b4d17038 100644 --- a/compliance/controls/azure/azure_compute_vm_meet_system_audit_policies_requirement_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_meet_system_audit_policies_requirement_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_min_password_age_1_day_windows.yaml b/compliance/controls/azure/azure_compute_vm_min_password_age_1_day_windows.yaml index d0eca4503..afee67e66 100644 --- a/compliance/controls/azure/azure_compute_vm_min_password_age_1_day_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_min_password_age_1_day_windows.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_min_password_length_14_windows.yaml b/compliance/controls/azure/azure_compute_vm_min_password_length_14_windows.yaml index 095fd6028..3853db080 100644 --- a/compliance/controls/azure/azure_compute_vm_min_password_length_14_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_min_password_length_14_windows.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_monitor_missing_endpoint_protection_in_asc.yaml b/compliance/controls/azure/azure_compute_vm_monitor_missing_endpoint_protection_in_asc.yaml index 67a7bfbe7..d350db88b 100644 --- a/compliance/controls/azure/azure_compute_vm_monitor_missing_endpoint_protection_in_asc.yaml +++ b/compliance/controls/azure/azure_compute_vm_monitor_missing_endpoint_protection_in_asc.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_linux_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_linux_agent_installed.yaml index eaf9dfd56..b3a268cdb 100644 --- a/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_linux_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_linux_agent_installed.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_windows_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_windows_agent_installed.yaml index 848b6b695..e5ba10759 100644 --- a/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_windows_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_network_traffic_data_collection_windows_agent_installed.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_non_internet_facing_protected_with_nsg.yaml b/compliance/controls/azure/azure_compute_vm_non_internet_facing_protected_with_nsg.yaml index 384872326..84fd610ab 100644 --- a/compliance/controls/azure/azure_compute_vm_non_internet_facing_protected_with_nsg.yaml +++ b/compliance/controls/azure/azure_compute_vm_non_internet_facing_protected_with_nsg.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_password_complexity_setting_enabled_windows.yaml b/compliance/controls/azure/azure_compute_vm_password_complexity_setting_enabled_windows.yaml index 150f882eb..fd2afe83e 100644 --- a/compliance/controls/azure/azure_compute_vm_password_complexity_setting_enabled_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_password_complexity_setting_enabled_windows.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_password_file_permissions_0644_linux.yaml b/compliance/controls/azure/azure_compute_vm_password_file_permissions_0644_linux.yaml index 676777a39..c3413ae2a 100644 --- a/compliance/controls/azure/azure_compute_vm_password_file_permissions_0644_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_password_file_permissions_0644_linux.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_passwords_stored_using_reversible_encryption_windows.yaml b/compliance/controls/azure/azure_compute_vm_passwords_stored_using_reversible_encryption_windows.yaml index 19673331c..d0b0c27f7 100644 --- a/compliance/controls/azure/azure_compute_vm_passwords_stored_using_reversible_encryption_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_passwords_stored_using_reversible_encryption_windows.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_remote_access_restricted_all_ports.yaml b/compliance/controls/azure/azure_compute_vm_remote_access_restricted_all_ports.yaml index 3c2b2c1e3..dddfb8638 100644 --- a/compliance/controls/azure/azure_compute_vm_remote_access_restricted_all_ports.yaml +++ b/compliance/controls/azure/azure_compute_vm_remote_access_restricted_all_ports.yaml @@ -28,8 +28,8 @@ Query: ) SELECT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN sg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_restrict_previous_24_passwords_resuse_windows.yaml b/compliance/controls/azure/azure_compute_vm_restrict_previous_24_passwords_resuse_windows.yaml index 488bd2677..6184531bd 100644 --- a/compliance/controls/azure/azure_compute_vm_restrict_previous_24_passwords_resuse_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_restrict_previous_24_passwords_resuse_windows.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_restrict_remote_connection_from_accounts_without_password_linux.yaml b/compliance/controls/azure/azure_compute_vm_restrict_remote_connection_from_accounts_without_password_linux.yaml index 18557569a..82fea8cd5 100644 --- a/compliance/controls/azure/azure_compute_vm_restrict_remote_connection_from_accounts_without_password_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_restrict_remote_connection_from_accounts_without_password_linux.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_automatic_upgrade_enabled.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_automatic_upgrade_enabled.yaml index 200a10b77..c8d6d38aa 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_automatic_upgrade_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_automatic_upgrade_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN upgrade_policy IS NULL THEN 'skip' WHEN upgrade_policy ->> 'mode' = 'Automatic' THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_boot_diagnostics_enabled.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_boot_diagnostics_enabled.yaml index 42d3e8ebb..802985dbd 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_boot_diagnostics_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_boot_diagnostics_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN (virtual_machine_diagnostics_profile -> 'bootDiagnostics' ->> 'enabled') :: boolean THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_endpoint_protection_solution_installed.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_endpoint_protection_solution_installed.yaml index d3b3aa049..f730217e2 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_endpoint_protection_solution_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_endpoint_protection_solution_installed.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_log_analytics_agent_installed.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_log_analytics_agent_installed.yaml index 7893a821d..e8706847d 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_log_analytics_agent_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_log_analytics_agent_installed.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_logging_enabled.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_logging_enabled.yaml index 4f4ec7c6e..5a7b5ae51 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_logging_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_logging_enabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated.yaml index d0f0480a7..563daa769 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_security_configuration_vulnerabilities_remediated.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_ssh_key_authentication_linux.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_ssh_key_authentication_linux.yaml index 7ecd42411..168ad622f 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_ssh_key_authentication_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_ssh_key_authentication_linux.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN virtual_machine_storage_profile -> 'osDisk' ->> 'osType' = 'Windows' THEN 'skip' WHEN virtual_machine_os_profile -> 'linuxConfiguration' ->> 'disablePasswordAuthentication' = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_system_updates_installed.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_system_updates_installed.yaml index 7275d5a54..b4c769a63 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_system_updates_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_system_updates_installed.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_scale_set_uses_managed_disks.yaml b/compliance/controls/azure/azure_compute_vm_scale_set_uses_managed_disks.yaml index 884dcfddc..59fb93c14 100644 --- a/compliance/controls/azure/azure_compute_vm_scale_set_uses_managed_disks.yaml +++ b/compliance/controls/azure/azure_compute_vm_scale_set_uses_managed_disks.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN virtual_machine_storage_profile -> 'osDisk' -> 'osType' -> 'vhdContainers' != NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_secure_communication_protocols_configured.yaml b/compliance/controls/azure/azure_compute_vm_secure_communication_protocols_configured.yaml index 6ae8ba4d1..db8d25207 100644 --- a/compliance/controls/azure/azure_compute_vm_secure_communication_protocols_configured.yaml +++ b/compliance/controls/azure/azure_compute_vm_secure_communication_protocols_configured.yaml @@ -29,8 +29,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_security_configuration_vulnerabilities_remediated.yaml b/compliance/controls/azure/azure_compute_vm_security_configuration_vulnerabilities_remediated.yaml index 890d42686..8451ad6b9 100644 --- a/compliance/controls/azure/azure_compute_vm_security_configuration_vulnerabilities_remediated.yaml +++ b/compliance/controls/azure/azure_compute_vm_security_configuration_vulnerabilities_remediated.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_ssh_key_authentication_linux.yaml b/compliance/controls/azure/azure_compute_vm_ssh_key_authentication_linux.yaml index 57c99ce89..b5376101b 100644 --- a/compliance/controls/azure/azure_compute_vm_ssh_key_authentication_linux.yaml +++ b/compliance/controls/azure/azure_compute_vm_ssh_key_authentication_linux.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Linux' THEN 'skip' WHEN b.vm_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_system_updates_installed.yaml b/compliance/controls/azure/azure_compute_vm_system_updates_installed.yaml index a071c9a6a..25bcde8f2 100644 --- a/compliance/controls/azure/azure_compute_vm_system_updates_installed.yaml +++ b/compliance/controls/azure/azure_compute_vm_system_updates_installed.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN enable_automatic_updates THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_tcp_udp_access_restricted_internet.yaml b/compliance/controls/azure/azure_compute_vm_tcp_udp_access_restricted_internet.yaml index 86ce4a7d9..5d0dd4c44 100644 --- a/compliance/controls/azure/azure_compute_vm_tcp_udp_access_restricted_internet.yaml +++ b/compliance/controls/azure/azure_compute_vm_tcp_udp_access_restricted_internet.yaml @@ -49,8 +49,8 @@ Query: ) SELECT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN sg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_temp_disks_cache_and_data_flows_encrypted.yaml b/compliance/controls/azure/azure_compute_vm_temp_disks_cache_and_data_flows_encrypted.yaml index bf9277f72..94e127c18 100644 --- a/compliance/controls/azure/azure_compute_vm_temp_disks_cache_and_data_flows_encrypted.yaml +++ b/compliance/controls/azure/azure_compute_vm_temp_disks_cache_and_data_flows_encrypted.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_uses_azure_resource_manager.yaml b/compliance/controls/azure/azure_compute_vm_uses_azure_resource_manager.yaml index f5b1df9a6..6e05c185d 100644 --- a/compliance/controls/azure/azure_compute_vm_uses_azure_resource_manager.yaml +++ b/compliance/controls/azure/azure_compute_vm_uses_azure_resource_manager.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.vm_id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN resource_group IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_utilizing_managed_disk.yaml b/compliance/controls/azure/azure_compute_vm_utilizing_managed_disk.yaml index 0f7bb9939..ac90d3459 100644 --- a/compliance/controls/azure/azure_compute_vm_utilizing_managed_disk.yaml +++ b/compliance/controls/azure/azure_compute_vm_utilizing_managed_disk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id AS og_account_id, - vm.og_resource_id AS og_resource_id, + vm.platform_account_id AS platform_account_id, + vm.platform_resource_id AS platform_resource_id, CASE WHEN managed_disk_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_vulnerability_assessment_solution_enabled.yaml b/compliance/controls/azure/azure_compute_vm_vulnerability_assessment_solution_enabled.yaml index 83c7c68d3..563fe9de1 100644 --- a/compliance/controls/azure/azure_compute_vm_vulnerability_assessment_solution_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_vulnerability_assessment_solution_enabled.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.vm_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vm_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_compute_vm_vulnerability_findings_resolved_for_sql_server.yaml b/compliance/controls/azure/azure_compute_vm_vulnerability_findings_resolved_for_sql_server.yaml index 3c845fd8d..a2f1f27ae 100644 --- a/compliance/controls/azure/azure_compute_vm_vulnerability_findings_resolved_for_sql_server.yaml +++ b/compliance/controls/azure/azure_compute_vm_vulnerability_findings_resolved_for_sql_server.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_compute_vm_windows_defender_exploit_guard_enabled.yaml b/compliance/controls/azure/azure_compute_vm_windows_defender_exploit_guard_enabled.yaml index e047cb510..4e4b6e236 100644 --- a/compliance/controls/azure/azure_compute_vm_windows_defender_exploit_guard_enabled.yaml +++ b/compliance/controls/azure/azure_compute_vm_windows_defender_exploit_guard_enabled.yaml @@ -25,8 +25,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.os_type <> 'Windows' THEN 'skip' WHEN m.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_compute_vm_with_no_specified_certificates_in_trusted_root_windows.yaml b/compliance/controls/azure/azure_compute_vm_with_no_specified_certificates_in_trusted_root_windows.yaml index a6722be08..1441d608e 100644 --- a/compliance/controls/azure/azure_compute_vm_with_no_specified_certificates_in_trusted_root_windows.yaml +++ b/compliance/controls/azure/azure_compute_vm_with_no_specified_certificates_in_trusted_root_windows.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required. Check control description for more details.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_container_instance_container_group_encrypted_using_cmk.yaml b/compliance/controls/azure/azure_container_instance_container_group_encrypted_using_cmk.yaml index de80aea6d..62f66106c 100644 --- a/compliance/controls/azure/azure_container_instance_container_group_encrypted_using_cmk.yaml +++ b/compliance/controls/azure/azure_container_instance_container_group_encrypted_using_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT cg.id AS resource, - cg.og_account_id AS og_account_id, - cg.og_resource_id AS og_resource_id, + cg.platform_account_id AS platform_account_id, + cg.platform_resource_id AS platform_resource_id, CASE WHEN encryption_properties ->> 'keyName' IS NOT NULL AND encryption_properties ->> 'vaultBaseUrl' IS NOT NULL diff --git a/compliance/controls/azure/azure_container_instance_container_group_identity_provider_enabled.yaml b/compliance/controls/azure/azure_container_instance_container_group_identity_provider_enabled.yaml index 22a80ca59..5f1930646 100644 --- a/compliance/controls/azure/azure_container_instance_container_group_identity_provider_enabled.yaml +++ b/compliance/controls/azure/azure_container_instance_container_group_identity_provider_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT cg.id AS resource, - cg.og_account_id AS og_account_id, - cg.og_resource_id AS og_resource_id, + cg.platform_account_id AS platform_account_id, + cg.platform_resource_id AS platform_resource_id, CASE WHEN identity IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_container_instance_container_group_in_virtual_network.yaml b/compliance/controls/azure/azure_container_instance_container_group_in_virtual_network.yaml index 37e235421..41eccf5ab 100644 --- a/compliance/controls/azure/azure_container_instance_container_group_in_virtual_network.yaml +++ b/compliance/controls/azure/azure_container_instance_container_group_in_virtual_network.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT cg.id AS resource, - cg.og_account_id AS og_account_id, - cg.og_resource_id AS og_resource_id, + cg.platform_account_id AS platform_account_id, + cg.platform_resource_id AS platform_resource_id, CASE WHEN subnet_ids IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_instance_container_group_secured_environment_variable.yaml b/compliance/controls/azure/azure_container_instance_container_group_secured_environment_variable.yaml index 0d834e2c8..a7bd6f9bd 100644 --- a/compliance/controls/azure/azure_container_instance_container_group_secured_environment_variable.yaml +++ b/compliance/controls/azure/azure_container_instance_container_group_secured_environment_variable.yaml @@ -22,8 +22,8 @@ Query: ) SELECT cg.id AS resource, - cg.og_account_id AS og_account_id, - cg.og_resource_id AS og_resource_id, + cg.platform_account_id AS platform_account_id, + cg.platform_resource_id AS platform_resource_id, CASE WHEN g.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_container_registry_admin_user_disabled.yaml b/compliance/controls/azure/azure_container_registry_admin_user_disabled.yaml index 7ed66621f..b7c290c42 100644 --- a/compliance/controls/azure/azure_container_registry_admin_user_disabled.yaml +++ b/compliance/controls/azure/azure_container_registry_admin_user_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN admin_user_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_container_registry_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_container_registry_encrypted_with_cmk.yaml index 0956194dd..ae1cf01cc 100644 --- a/compliance/controls/azure/azure_container_registry_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_container_registry_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'status' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_geo_replication_enabled.yaml b/compliance/controls/azure/azure_container_registry_geo_replication_enabled.yaml index 1e1a57c80..24d6745fd 100644 --- a/compliance/controls/azure/azure_container_registry_geo_replication_enabled.yaml +++ b/compliance/controls/azure/azure_container_registry_geo_replication_enabled.yaml @@ -24,8 +24,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name <> 'Premium' THEN 'skip' WHEN c.geo_replication_count > 1 THEN 'ok' diff --git a/compliance/controls/azure/azure_container_registry_public_network_access_disabled.yaml b/compliance/controls/azure/azure_container_registry_public_network_access_disabled.yaml index c96a3dcae..67c272bf2 100644 --- a/compliance/controls/azure/azure_container_registry_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_container_registry_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_container_registry_quarantine_policy_enabled.yaml b/compliance/controls/azure/azure_container_registry_quarantine_policy_enabled.yaml index 83f676353..bd13a4d98 100644 --- a/compliance/controls/azure/azure_container_registry_quarantine_policy_enabled.yaml +++ b/compliance/controls/azure/azure_container_registry_quarantine_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN policies -> 'quarantinePolicy' ->> 'status' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_restrict_public_access.yaml b/compliance/controls/azure/azure_container_registry_restrict_public_access.yaml index 8d57233b8..d8b993042 100644 --- a/compliance/controls/azure/azure_container_registry_restrict_public_access.yaml +++ b/compliance/controls/azure/azure_container_registry_restrict_public_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_set ->> 'defaultAction' = 'Deny' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_retention_policy_enabled.yaml b/compliance/controls/azure/azure_container_registry_retention_policy_enabled.yaml index 8a530a2a0..208e8bf36 100644 --- a/compliance/controls/azure/azure_container_registry_retention_policy_enabled.yaml +++ b/compliance/controls/azure/azure_container_registry_retention_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN policies -> 'retentionPolicy' ->> 'status' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_trust_policy_enabled.yaml b/compliance/controls/azure/azure_container_registry_trust_policy_enabled.yaml index ec3da015f..36ebc75e5 100644 --- a/compliance/controls/azure/azure_container_registry_trust_policy_enabled.yaml +++ b/compliance/controls/azure/azure_container_registry_trust_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN policies -> 'trustPolicy' ->> 'status' = 'enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_container_registry_use_virtual_service_endpoint.yaml index 300812598..26dbe2b3e 100644 --- a/compliance/controls/azure/azure_container_registry_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_container_registry_use_virtual_service_endpoint.yaml @@ -22,8 +22,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_set ->> 'defaultAction' <> 'Deny' THEN 'alarm' WHEN s.name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_container_registry_uses_private_link.yaml b/compliance/controls/azure/azure_container_registry_uses_private_link.yaml index 0e55f4d82..2c4683098 100644 --- a/compliance/controls/azure/azure_container_registry_uses_private_link.yaml +++ b/compliance/controls/azure/azure_container_registry_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_container_registry_vulnerabilities_remediated.yaml b/compliance/controls/azure/azure_container_registry_vulnerabilities_remediated.yaml index 7cb851ed7..72292ef88 100644 --- a/compliance/controls/azure/azure_container_registry_vulnerabilities_remediated.yaml +++ b/compliance/controls/azure/azure_container_registry_vulnerabilities_remediated.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_cosmosdb_account_encryption_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_cosmosdb_account_encryption_at_rest_using_cmk.yaml index 385215187..2395c291e 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_encryption_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_encryption_at_rest_using_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN key_vault_key_uri IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cosmosdb_account_key_based_metadata_write_access_disabled.yaml b/compliance/controls/azure/azure_cosmosdb_account_key_based_metadata_write_access_disabled.yaml index 12586f593..d156e54f1 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_key_based_metadata_write_access_disabled.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_key_based_metadata_write_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN disable_key_based_metadata_write_access THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cosmosdb_account_uses_aad_and_rbac.yaml b/compliance/controls/azure/azure_cosmosdb_account_uses_aad_and_rbac.yaml index 3623eb056..ccaa269b9 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_uses_aad_and_rbac.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_uses_aad_and_rbac.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN disable_local_auth THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_cosmosdb_account_uses_private_link.yaml b/compliance/controls/azure/azure_cosmosdb_account_uses_private_link.yaml index d13d197c0..875375a4a 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_uses_private_link.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_cosmosdb_account_virtual_network_filter_enabled.yaml b/compliance/controls/azure/azure_cosmosdb_account_virtual_network_filter_enabled.yaml index 2b6547380..446845c23 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_virtual_network_filter_enabled.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_virtual_network_filter_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Disabled' THEN 'ok' WHEN public_network_access = 'Enabled' AND is_virtual_network_filter_enabled = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_cosmosdb_account_with_firewall_rules.yaml b/compliance/controls/azure/azure_cosmosdb_account_with_firewall_rules.yaml index 0417a159a..c27249a1e 100644 --- a/compliance/controls/azure/azure_cosmosdb_account_with_firewall_rules.yaml +++ b/compliance/controls/azure/azure_cosmosdb_account_with_firewall_rules.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' diff --git a/compliance/controls/azure/azure_cosmosdb_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_cosmosdb_use_virtual_service_endpoint.yaml index 41fc8fdbd..6e48bc51d 100644 --- a/compliance/controls/azure/azure_cosmosdb_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_cosmosdb_use_virtual_service_endpoint.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_data_factory_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_data_factory_encrypted_with_cmk.yaml index 5780da420..75d7e8485 100644 --- a/compliance/controls/azure/azure_data_factory_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_data_factory_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'vaultBaseUrl' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_data_factory_public_network_access_disabled.yaml b/compliance/controls/azure/azure_data_factory_public_network_access_disabled.yaml index 8556c0d69..7a5590da7 100644 --- a/compliance/controls/azure/azure_data_factory_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_data_factory_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_data_factory_uses_git_repository.yaml b/compliance/controls/azure/azure_data_factory_uses_git_repository.yaml index cc17e5547..2dc130418 100644 --- a/compliance/controls/azure/azure_data_factory_uses_git_repository.yaml +++ b/compliance/controls/azure/azure_data_factory_uses_git_repository.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN repo_configuration->>'repositoryName' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_data_factory_uses_private_link.yaml b/compliance/controls/azure/azure_data_factory_uses_private_link.yaml index 717920f50..90edb3f55 100644 --- a/compliance/controls/azure/azure_data_factory_uses_private_link.yaml +++ b/compliance/controls/azure/azure_data_factory_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_databox_edge_device_double_encryption_enabled.yaml b/compliance/controls/azure/azure_databox_edge_device_double_encryption_enabled.yaml index 4f51848db..2342956fe 100644 --- a/compliance/controls/azure/azure_databox_edge_device_double_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_databox_edge_device_double_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name = ANY (ARRAY ['TEA_1Node', 'TEA_1Node_UPS', 'TEA_1Node_Heater', 'TEA_1Node_UPS_Heater', 'TEA_4Node_Heater', 'TEA_4Node_UPS_Heater', 'TMA', 'EdgePR_Base', 'EdgePR_Base_UPS', 'EdgeMR_Mini']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_databox_job_double_encryption_enabled.yaml b/compliance/controls/azure/azure_databox_job_double_encryption_enabled.yaml index ac87211c5..d04b5998c 100644 --- a/compliance/controls/azure/azure_databox_job_double_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_databox_job_double_encryption_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_databox_job_unlock_password_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_databox_job_unlock_password_encrypted_with_cmk.yaml index 8f2b5258c..4aae6f351 100644 --- a/compliance/controls/azure/azure_databox_job_unlock_password_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_databox_job_unlock_password_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_datalake_analytics_account_logging_enabled.yaml b/compliance/controls/azure/azure_datalake_analytics_account_logging_enabled.yaml index 272b9e3c2..dc6aceb7f 100644 --- a/compliance/controls/azure/azure_datalake_analytics_account_logging_enabled.yaml +++ b/compliance/controls/azure/azure_datalake_analytics_account_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.diagnostic_settings IS NULL THEN 'alarm' WHEN l.account_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_datalake_store_account_encryption_enabled.yaml b/compliance/controls/azure/azure_datalake_store_account_encryption_enabled.yaml index 2b8e1dc55..d2f6e8584 100644 --- a/compliance/controls/azure/azure_datalake_store_account_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_datalake_store_account_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT b.account_id AS resource, - b.og_account_id AS og_account_id, - b.og_resource_id AS og_resource_id, + b.platform_account_id AS platform_account_id, + b.platform_resource_id AS platform_resource_id, CASE WHEN encryption_state = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_datalake_store_account_logging_enabled.yaml b/compliance/controls/azure/azure_datalake_store_account_logging_enabled.yaml index d6a49662d..9d8de8165 100644 --- a/compliance/controls/azure/azure_datalake_store_account_logging_enabled.yaml +++ b/compliance/controls/azure/azure_datalake_store_account_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.diagnostic_settings IS NULL THEN 'alarm' WHEN l.account_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_eventgrid_domain_identity_provider_enabled.yaml b/compliance/controls/azure/azure_eventgrid_domain_identity_provider_enabled.yaml index 2875ac3f5..ee703c253 100644 --- a/compliance/controls/azure/azure_eventgrid_domain_identity_provider_enabled.yaml +++ b/compliance/controls/azure/azure_eventgrid_domain_identity_provider_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN identity_type = 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_eventgrid_domain_private_link_used.yaml b/compliance/controls/azure/azure_eventgrid_domain_private_link_used.yaml index 02decd675..59d863a78 100644 --- a/compliance/controls/azure/azure_eventgrid_domain_private_link_used.yaml +++ b/compliance/controls/azure/azure_eventgrid_domain_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' WHEN private_endpoint_connections IS NULL THEN 'info' diff --git a/compliance/controls/azure/azure_eventgrid_domain_restrict_public_access.yaml b/compliance/controls/azure/azure_eventgrid_domain_restrict_public_access.yaml index a70431f01..dd9793528 100644 --- a/compliance/controls/azure/azure_eventgrid_domain_restrict_public_access.yaml +++ b/compliance/controls/azure/azure_eventgrid_domain_restrict_public_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_eventgrid_topic_identity_provider_enabled.yaml b/compliance/controls/azure/azure_eventgrid_topic_identity_provider_enabled.yaml index dcb1c82f3..bbf73c9f5 100644 --- a/compliance/controls/azure/azure_eventgrid_topic_identity_provider_enabled.yaml +++ b/compliance/controls/azure/azure_eventgrid_topic_identity_provider_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN identity ->> 'type' = 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_eventgrid_topic_local_auth_enabled.yaml b/compliance/controls/azure/azure_eventgrid_topic_local_auth_enabled.yaml index 3568494fa..5537577e0 100644 --- a/compliance/controls/azure/azure_eventgrid_topic_local_auth_enabled.yaml +++ b/compliance/controls/azure/azure_eventgrid_topic_local_auth_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN disable_local_auth THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_eventgrid_topic_private_link_used.yaml b/compliance/controls/azure/azure_eventgrid_topic_private_link_used.yaml index 9e410990e..7f9e0001d 100644 --- a/compliance/controls/azure/azure_eventgrid_topic_private_link_used.yaml +++ b/compliance/controls/azure/azure_eventgrid_topic_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' WHEN private_endpoint_connections IS NULL THEN 'info' diff --git a/compliance/controls/azure/azure_eventhub_namespace_cmk_encryption_enabled.yaml b/compliance/controls/azure/azure_eventhub_namespace_cmk_encryption_enabled.yaml index c73299faa..ff1ca9ccf 100644 --- a/compliance/controls/azure/azure_eventhub_namespace_cmk_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_eventhub_namespace_cmk_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'keySource' = 'Microsoft.KeyVault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_eventhub_namespace_logging_enabled.yaml b/compliance/controls/azure/azure_eventhub_namespace_logging_enabled.yaml index 2fe434163..2fe7a1560 100644 --- a/compliance/controls/azure/azure_eventhub_namespace_logging_enabled.yaml +++ b/compliance/controls/azure/azure_eventhub_namespace_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.namespace_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_eventhub_namespace_private_link_used.yaml b/compliance/controls/azure/azure_eventhub_namespace_private_link_used.yaml index d35a3c98e..7a67718d1 100644 --- a/compliance/controls/azure/azure_eventhub_namespace_private_link_used.yaml +++ b/compliance/controls/azure/azure_eventhub_namespace_private_link_used.yaml @@ -23,8 +23,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_tier = 'Basic' THEN 'skip' WHEN c.id IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_eventhub_namespace_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_eventhub_namespace_use_virtual_service_endpoint.yaml index 6d41f02b0..35554360d 100644 --- a/compliance/controls/azure/azure_eventhub_namespace_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_eventhub_namespace_use_virtual_service_endpoint.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_frontdoor_waf_enabled.yaml b/compliance/controls/azure/azure_frontdoor_waf_enabled.yaml index e9867767f..fa2383492 100644 --- a/compliance/controls/azure/azure_frontdoor_waf_enabled.yaml +++ b/compliance/controls/azure/azure_frontdoor_waf_enabled.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.front_door_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.front_door_id IS NOT NULL THEN 'OK' ELSE 'ALARM' diff --git a/compliance/controls/azure/azure_hdinsight_cluster_encrypted_at_rest_with_cmk.yaml b/compliance/controls/azure/azure_hdinsight_cluster_encrypted_at_rest_with_cmk.yaml index a9ff5b753..6dec8e461 100644 --- a/compliance/controls/azure/azure_hdinsight_cluster_encrypted_at_rest_with_cmk.yaml +++ b/compliance/controls/azure/azure_hdinsight_cluster_encrypted_at_rest_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN provisioning_state <> 'Succeeded' THEN 'skip' WHEN disk_encryption_properties -> 'keyName' IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_hdinsight_cluster_encryption_at_host_enabled.yaml b/compliance/controls/azure/azure_hdinsight_cluster_encryption_at_host_enabled.yaml index 1d034fda1..42942af55 100644 --- a/compliance/controls/azure/azure_hdinsight_cluster_encryption_at_host_enabled.yaml +++ b/compliance/controls/azure/azure_hdinsight_cluster_encryption_at_host_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN provisioning_state <> 'Succeeded' THEN 'skip' WHEN disk_encryption_properties -> 'encryptionAtHost' = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_hdinsight_cluster_encryption_in_transit_enabled.yaml b/compliance/controls/azure/azure_hdinsight_cluster_encryption_in_transit_enabled.yaml index 04192ea7b..0a234d491 100644 --- a/compliance/controls/azure/azure_hdinsight_cluster_encryption_in_transit_enabled.yaml +++ b/compliance/controls/azure/azure_hdinsight_cluster_encryption_in_transit_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN provisioning_state <> 'Succeeded' THEN 'skip' WHEN encryption_in_transit_properties -> 'isEncryptionInTransitEnabled' = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_healthcare_fhir_azure_api_encrypted_at_rest_with_cmk.yaml b/compliance/controls/azure/azure_healthcare_fhir_azure_api_encrypted_at_rest_with_cmk.yaml index 29e6e9661..3339b6650 100644 --- a/compliance/controls/azure/azure_healthcare_fhir_azure_api_encrypted_at_rest_with_cmk.yaml +++ b/compliance/controls/azure/azure_healthcare_fhir_azure_api_encrypted_at_rest_with_cmk.yaml @@ -15,8 +15,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN cosmos_db_configuration -> 'keyVaultKeyUri' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_healthcare_fhir_uses_private_link.yaml b/compliance/controls/azure/azure_healthcare_fhir_uses_private_link.yaml index 8ea948233..166c1dc57 100644 --- a/compliance/controls/azure/azure_healthcare_fhir_uses_private_link.yaml +++ b/compliance/controls/azure/azure_healthcare_fhir_uses_private_link.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN private_endpoint_connections IS NULL THEN 'info' WHEN private_endpoint_connections @> '[{"privateLinkServiceConnectionState": "Approved"}]'::jsonb THEN 'ok' diff --git a/compliance/controls/azure/azure_hpc_cache_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_hpc_cache_encrypted_with_cmk.yaml index 42e9141e5..f90b8c41d 100644 --- a/compliance/controls/azure/azure_hpc_cache_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_hpc_cache_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.encryption_settings -> 'keyEncryptionKey' -> 'keyUrl' IS NOT NULL diff --git a/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml b/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml index bccaaebcb..c35bc1640 100644 --- a/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml +++ b/compliance/controls/azure/azure_iam_conditional_access_mfa_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.built_in_controls @> '["mfa"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_iam_deprecated_account.yaml b/compliance/controls/azure/azure_iam_deprecated_account.yaml index 0f133a4ec..d30a686f7 100644 --- a/compliance/controls/azure/azure_iam_deprecated_account.yaml +++ b/compliance/controls/azure/azure_iam_deprecated_account.yaml @@ -29,8 +29,8 @@ Query: ) SELECT u.user_principal_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN d.id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml b/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml index af6453ca7..06194d1a0 100644 --- a/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml +++ b/compliance/controls/azure/azure_iam_deprecated_account_with_owner_roles.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT DISTINCT u.user_principal_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN NOT u.account_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml b/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml index 3ed8391e3..78564ecbb 100644 --- a/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml +++ b/compliance/controls/azure/azure_iam_external_user_with_owner_role.yaml @@ -19,8 +19,8 @@ Query: u.account_enabled, u.user_principal_name, d.subscription_id, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id FROM entraid_user AS u LEFT JOIN azure_role_assignment AS a ON a.principal_id = u.id @@ -30,8 +30,8 @@ Query: ) SELECT a.user_principal_name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.user_principal_name LIKE '%EXT%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml b/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml index 8bdb72009..c9a16bc7d 100644 --- a/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml +++ b/compliance/controls/azure/azure_iam_external_user_with_read_permission.yaml @@ -19,8 +19,8 @@ Query: u.account_enabled, u.user_principal_name, d.subscription_id, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id FROM entraid_user AS u LEFT JOIN azure_role_assignment AS a ON a.principal_id = u.id @@ -29,8 +29,8 @@ Query: ) SELECT a.user_principal_name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.user_principal_name LIKE '%EXT%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml b/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml index 473080281..26e6daedf 100644 --- a/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml +++ b/compliance/controls/azure/azure_iam_external_user_with_write_permission.yaml @@ -20,8 +20,8 @@ Query: u.account_enabled, u.user_principal_name, d.subscription_id, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id FROM entraid_user AS u LEFT JOIN azure_role_assignment AS a ON a.principal_id = u.id @@ -31,8 +31,8 @@ Query: ) SELECT a.user_principal_name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.user_principal_name LIKE '%EXT%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_no_custom_role.yaml b/compliance/controls/azure/azure_iam_no_custom_role.yaml index c7f962278..415546dfb 100644 --- a/compliance/controls/azure/azure_iam_no_custom_role.yaml +++ b/compliance/controls/azure/azure_iam_no_custom_role.yaml @@ -15,8 +15,8 @@ Query: role_name, role_type, subscription_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx FROM azure_role_definition @@ -25,8 +25,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -42,8 +42,8 @@ Query: cr.subscription_id, cr._ctx, sub.display_name, - cr.og_account_id, - cr.og_resource_id + cr.platform_account_id, + cr.platform_resource_id Severity: medium Tags: hipaa_hitrust_v92: diff --git a/compliance/controls/azure/azure_iam_no_custom_subscription_owner_roles_created.yaml b/compliance/controls/azure/azure_iam_no_custom_subscription_owner_roles_created.yaml index 636c9b649..3f6883978 100644 --- a/compliance/controls/azure/azure_iam_no_custom_subscription_owner_roles_created.yaml +++ b/compliance/controls/azure/azure_iam_no_custom_subscription_owner_roles_created.yaml @@ -16,8 +16,8 @@ Query: role_type, title, action, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, subscription_id FROM @@ -30,8 +30,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -49,8 +49,8 @@ Query: sub.subscription_id = cr.subscription_id GROUP BY cr.subscription_id, - cr.og_account_id, - cr.og_resource_id, + cr.platform_account_id, + cr.platform_resource_id, cr._ctx, sub.display_name Severity: medium diff --git a/compliance/controls/azure/azure_iam_subscription_owner_max_3.yaml b/compliance/controls/azure/azure_iam_subscription_owner_max_3.yaml index 6f785f551..f8fd1718b 100644 --- a/compliance/controls/azure/azure_iam_subscription_owner_max_3.yaml +++ b/compliance/controls/azure/azure_iam_subscription_owner_max_3.yaml @@ -17,8 +17,8 @@ Query: d.role_type, d.name, d.title, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, d._ctx, d.subscription_id FROM @@ -32,8 +32,8 @@ Query: ) SELECT owner.subscription_id AS resource, - owner.og_account_id AS og_account_id, - owner.og_resource_id AS og_resource_id, + owner.platform_account_id AS platform_account_id, + owner.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) <= 3 THEN 'ok' ELSE 'alarm' @@ -47,8 +47,8 @@ Query: sub.subscription_id = owner.subscription_id GROUP BY owner.subscription_id, - owner.og_account_id, - owner.og_resource_id, + owner.platform_account_id, + owner.platform_resource_id, owner._ctx, sub.display_name Severity: medium diff --git a/compliance/controls/azure/azure_iam_subscription_owner_more_than_1.yaml b/compliance/controls/azure/azure_iam_subscription_owner_more_than_1.yaml index 16067b3bb..a53879516 100644 --- a/compliance/controls/azure/azure_iam_subscription_owner_more_than_1.yaml +++ b/compliance/controls/azure/azure_iam_subscription_owner_more_than_1.yaml @@ -17,8 +17,8 @@ Query: d.role_type, d.name, d.title, - d.og_account_id AS og_account_id, - d.og_resource_id AS og_resource_id, + d.platform_account_id AS platform_account_id, + d.platform_resource_id AS platform_resource_id, d._ctx, d.subscription_id FROM @@ -29,8 +29,8 @@ Query: ) SELECT owner.subscription_id AS resource, - owner.og_account_id AS og_account_id, - owner.og_resource_id AS og_resource_id, + owner.platform_account_id AS platform_account_id, + owner.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 1 THEN 'ok' ELSE 'alarm' @@ -44,8 +44,8 @@ Query: sub.subscription_id = owner.subscription_id GROUP BY owner.subscription_id, - owner.og_account_id, - owner.og_resource_id, + owner.platform_account_id, + owner.platform_resource_id, owner._ctx, sub.display_name Severity: medium diff --git a/compliance/controls/azure/azure_iam_subscriptions_with_custom_roles_no_overly_permissive.yaml b/compliance/controls/azure/azure_iam_subscriptions_with_custom_roles_no_overly_permissive.yaml index ca2e0778c..9d678c477 100644 --- a/compliance/controls/azure/azure_iam_subscriptions_with_custom_roles_no_overly_permissive.yaml +++ b/compliance/controls/azure/azure_iam_subscriptions_with_custom_roles_no_overly_permissive.yaml @@ -14,8 +14,8 @@ Query: SELECT role_name, role_type, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, title, action, _ctx, @@ -31,8 +31,8 @@ Query: ) SELECT cr.subscription_id AS resource, - cr.og_account_id AS og_account_id, - cr.og_resource_id AS og_resource_id, + cr.platform_account_id AS platform_account_id, + cr.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(*) > 0 THEN 'alarm' ELSE 'ok' @@ -50,8 +50,8 @@ Query: GROUP BY cr.subscription_id, cr._ctx, - cr.og_account_id, - cr.og_resource_id, + cr.platform_account_id, + cr.platform_resource_id, sub.display_name; Severity: low Tags: {} diff --git a/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml b/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml index 87eaf5188..c447054b7 100644 --- a/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml +++ b/compliance/controls/azure/azure_iam_user_no_built_in_contributor_role.yaml @@ -36,8 +36,8 @@ Query: ) SELECT u.user_principal_name AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN c.user_principal_name IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml index ae8084396..6036d6259 100644 --- a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml +++ b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_security_group.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateSecurityGroups' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml index 90d6f4b97..5a86b9182 100644 --- a/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml +++ b/compliance/controls/azure/azure_iam_user_not_allowed_to_create_tenants.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateTenants' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml b/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml index c494f112f..1c8f8ee83 100644 --- a/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml +++ b/compliance/controls/azure/azure_iam_user_not_allowed_to_register_application.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.default_user_role_permissions ->> 'allowedToCreateApps' = 'false' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_iam_user_with_owner_permission_on_subscription_mfa_enabled.yaml b/compliance/controls/azure/azure_iam_user_with_owner_permission_on_subscription_mfa_enabled.yaml index ba1033f09..791738c4b 100644 --- a/compliance/controls/azure/azure_iam_user_with_owner_permission_on_subscription_mfa_enabled.yaml +++ b/compliance/controls/azure/azure_iam_user_with_owner_permission_on_subscription_mfa_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_iam_user_with_read_permission_on_subscription_mfa_enabled.yaml b/compliance/controls/azure/azure_iam_user_with_read_permission_on_subscription_mfa_enabled.yaml index 3def49d4b..465f68a50 100644 --- a/compliance/controls/azure/azure_iam_user_with_read_permission_on_subscription_mfa_enabled.yaml +++ b/compliance/controls/azure/azure_iam_user_with_read_permission_on_subscription_mfa_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_iam_user_with_write_permission_on_subscription_mfa_enabled.yaml b/compliance/controls/azure/azure_iam_user_with_write_permission_on_subscription_mfa_enabled.yaml index 0b675e640..a7b55802e 100644 --- a/compliance/controls/azure/azure_iam_user_with_write_permission_on_subscription_mfa_enabled.yaml +++ b/compliance/controls/azure/azure_iam_user_with_write_permission_on_subscription_mfa_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_iot_hub_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_iot_hub_encrypted_with_cmk.yaml index ac1be401f..494dd841d 100644 --- a/compliance/controls/azure/azure_iot_hub_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_iot_hub_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_iot_hub_logging_enabled.yaml b/compliance/controls/azure/azure_iot_hub_logging_enabled.yaml index be90539be..11ab2be46 100644 --- a/compliance/controls/azure/azure_iot_hub_logging_enabled.yaml +++ b/compliance/controls/azure/azure_iot_hub_logging_enabled.yaml @@ -34,8 +34,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.diagnostic_settings IS NULL THEN 'alarm' WHEN l.id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_keyvault_certificate_validity_12_months.yaml b/compliance/controls/azure/azure_keyvault_certificate_validity_12_months.yaml index 5a832cc19..e962aa2e1 100644 --- a/compliance/controls/azure/azure_keyvault_certificate_validity_12_months.yaml +++ b/compliance/controls/azure/azure_keyvault_certificate_validity_12_months.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_keyvault_firewall_enabled.yaml b/compliance/controls/azure/azure_keyvault_firewall_enabled.yaml index d6093036a..3527b69e1 100644 --- a/compliance/controls/azure/azure_keyvault_firewall_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_firewall_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(network_acls -> 'ipRules') > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_key_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_key_expiration_set.yaml index 6a13f4000..0084490cb 100644 --- a/compliance/controls/azure/azure_keyvault_key_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_key_expiration_set.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN enabled AND expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_keyvault_logging_enabled.yaml b/compliance/controls/azure/azure_keyvault_logging_enabled.yaml index 0088cd1c4..041f09272 100644 --- a/compliance/controls/azure/azure_keyvault_logging_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_logging_enabled.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_managed_hms_logging_enabled.yaml b/compliance/controls/azure/azure_keyvault_managed_hms_logging_enabled.yaml index 1edd190bf..d6886d8d1 100644 --- a/compliance/controls/azure/azure_keyvault_managed_hms_logging_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_managed_hms_logging_enabled.yaml @@ -26,8 +26,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.key_vault_name NOT LIKE CONCAT('%', v.name, '%') THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_managed_hms_purge_protection_enabled.yaml b/compliance/controls/azure/azure_keyvault_managed_hms_purge_protection_enabled.yaml index 91151842e..e0ee5206a 100644 --- a/compliance/controls/azure/azure_keyvault_managed_hms_purge_protection_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_managed_hms_purge_protection_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_purge_protection THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_purge_protection_enabled.yaml b/compliance/controls/azure/azure_keyvault_purge_protection_enabled.yaml index 25e1dcab6..3af21d4f0 100644 --- a/compliance/controls/azure/azure_keyvault_purge_protection_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_purge_protection_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_rbac_enabled.yaml b/compliance/controls/azure/azure_keyvault_rbac_enabled.yaml index e6af6c7df..16e8a713f 100644 --- a/compliance/controls/azure/azure_keyvault_rbac_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_rbac_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_rbac_authorization THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_secret_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_secret_expiration_set.yaml index 94a65bb96..71c551cd4 100644 --- a/compliance/controls/azure/azure_keyvault_secret_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_secret_expiration_set.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN enabled AND expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_keyvault_soft_delete_enabled.yaml b/compliance/controls/azure/azure_keyvault_soft_delete_enabled.yaml index 0f0dfc0f8..aa217fef2 100644 --- a/compliance/controls/azure/azure_keyvault_soft_delete_enabled.yaml +++ b/compliance/controls/azure/azure_keyvault_soft_delete_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_vault_private_link_used.yaml b/compliance/controls/azure/azure_keyvault_vault_private_link_used.yaml index e9e41c9f7..169eec210 100644 --- a/compliance/controls/azure/azure_keyvault_vault_private_link_used.yaml +++ b/compliance/controls/azure/azure_keyvault_vault_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_acls IS NULL OR network_acls ->> 'defaultAction' = 'Allow' THEN 'alarm' WHEN private_endpoint_connections IS NULL THEN 'info' diff --git a/compliance/controls/azure/azure_keyvault_vault_public_network_access_disabled.yaml b/compliance/controls/azure/azure_keyvault_vault_public_network_access_disabled.yaml index 13ac7d0a1..013470fa2 100644 --- a/compliance/controls/azure/azure_keyvault_vault_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_keyvault_vault_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_acls IS NULL OR network_acls ->> 'defaultAction' != 'Deny' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_keyvault_vault_recoverable.yaml b/compliance/controls/azure/azure_keyvault_vault_recoverable.yaml index 8289c0525..f144df3e7 100644 --- a/compliance/controls/azure/azure_keyvault_vault_recoverable.yaml +++ b/compliance/controls/azure/azure_keyvault_vault_recoverable.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_vault_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_keyvault_vault_use_virtual_service_endpoint.yaml index 860c95571..5c40c3b8e 100644 --- a/compliance/controls/azure/azure_keyvault_vault_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_keyvault_vault_use_virtual_service_endpoint.yaml @@ -22,8 +22,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_acls ->> 'defaultAction' <> 'Deny' THEN 'alarm' WHEN s.name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_with_non_rbac_key_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_with_non_rbac_key_expiration_set.yaml index 83427023b..a3d26eb82 100644 --- a/compliance/controls/azure/azure_keyvault_with_non_rbac_key_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_with_non_rbac_key_expiration_set.yaml @@ -22,8 +22,8 @@ Query: SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_with_non_rbac_secret_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_with_non_rbac_secret_expiration_set.yaml index 182fb46dc..e3236d0fd 100644 --- a/compliance/controls/azure/azure_keyvault_with_non_rbac_secret_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_with_non_rbac_secret_expiration_set.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_with_rbac_key_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_with_rbac_key_expiration_set.yaml index 45cc69d74..ce2e9cfb8 100644 --- a/compliance/controls/azure/azure_keyvault_with_rbac_key_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_with_rbac_key_expiration_set.yaml @@ -20,8 +20,8 @@ Query: ) SELECT kvk.id AS resource, - kvk.og_account_id AS og_account_id, - kvk.og_resource_id AS og_resource_id, + kvk.platform_account_id AS platform_account_id, + kvk.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_keyvault_with_rbac_secret_expiration_set.yaml b/compliance/controls/azure/azure_keyvault_with_rbac_secret_expiration_set.yaml index 022bb5b41..2226dbb1a 100644 --- a/compliance/controls/azure/azure_keyvault_with_rbac_secret_expiration_set.yaml +++ b/compliance/controls/azure/azure_keyvault_with_rbac_secret_expiration_set.yaml @@ -21,8 +21,8 @@ Query: ) SELECT kvs.id AS resource, - kvs.og_account_id AS og_account_id, - kvs.og_resource_id AS og_resource_id, + kvs.platform_account_id AS platform_account_id, + kvs.platform_resource_id AS platform_resource_id, CASE WHEN v.name IS NULL THEN 'skip' WHEN enabled AND expires_at IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_add_on_azure_policy_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_add_on_azure_policy_enabled.yaml index ea6e12320..00446b4c7 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_add_on_azure_policy_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_add_on_azure_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kc.id AS resource, - kc.og_account_id AS og_account_id, - kc.og_resource_id AS og_resource_id, + kc.platform_account_id AS platform_account_id, + kc.platform_resource_id AS platform_resource_id, CASE WHEN addon_profiles -> 'azurepolicy' ->> 'enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_addon_azure_policy_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_addon_azure_policy_enabled.yaml index 148ac3be7..d665a2387 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_addon_azure_policy_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_addon_azure_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN addon_profiles -> 'azurepolicy' ->> 'enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_authorized_ip_range_defined.yaml b/compliance/controls/azure/azure_kubernetes_cluster_authorized_ip_range_defined.yaml index f6737a617..01f6ed7fa 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_authorized_ip_range_defined.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_authorized_ip_range_defined.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN api_server_access_profile -> 'AuthorizedIPRanges' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_cpu_and_memory_resource_limit.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_cpu_and_memory_resource_limit.yaml index 7ca88e3f1..e63a81288 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_cpu_and_memory_resource_limit.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_cpu_and_memory_resource_limit.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_host_process_id_not_shared.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_host_process_id_not_shared.yaml index 1829d7201..c77d49804 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_host_process_id_not_shared.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_host_process_id_not_shared.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_privilege_escalation_restricted.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_privilege_escalation_restricted.yaml index 5b77a4569..d1ce975d0 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_privilege_escalation_restricted.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_privilege_escalation_restricted.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_apparmor_profile.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_apparmor_profile.yaml index b8abc960e..05c16169d 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_apparmor_profile.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_apparmor_profile.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_capabilities.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_capabilities.yaml index 25bba711f..2c14b40a9 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_capabilities.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_capabilities.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_images.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_images.yaml index 009cb3dd4..68af0c744 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_images.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_use_allowed_images.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_container_with_read_only_root_file_system.yaml b/compliance/controls/azure/azure_kubernetes_cluster_container_with_read_only_root_file_system.yaml index e5a09709a..5027b40c8 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_container_with_read_only_root_file_system.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_container_with_read_only_root_file_system.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_http_application_routing_disabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_http_application_routing_disabled.yaml index 472e115ff..c72de2b0f 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_http_application_routing_disabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_http_application_routing_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN addon_profiles -> 'httpApplicationRouting' ->> 'enabled' = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_https_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_https_enabled.yaml index da816c595..bcb08f757 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_https_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_https_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_key_vault_secret_rotation_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_key_vault_secret_rotation_enabled.yaml index 4d478b430..289f920b9 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_key_vault_secret_rotation_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_key_vault_secret_rotation_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN addon_profiles -> 'azureKeyvaultSecretsProvider' -> 'config' ->> 'enableSecretRotation' = 'true' THEN 'ok' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_logging_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_logging_enabled.yaml index 1b52e378b..d26df9bcf 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_logging_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN addon_profiles -> 'omsAgent' ->> 'enabled' = 'true' AND addon_profiles -> 'omsAgent' ->> 'config' IS NOT NULL diff --git a/compliance/controls/azure/azure_kubernetes_cluster_max_pod_50.yaml b/compliance/controls/azure/azure_kubernetes_cluster_max_pod_50.yaml index db2b420e2..001aa7fc8 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_max_pod_50.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_max_pod_50.yaml @@ -21,8 +21,8 @@ Query: ) SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN n.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_network_plugin_azure.yaml b/compliance/controls/azure/azure_kubernetes_cluster_network_plugin_azure.yaml index f54cb22f1..5c57a911e 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_network_plugin_azure.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_network_plugin_azure.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN network_profile ->> 'networkPlugin' = 'azure' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_network_policy_enabled.yaml b/compliance/controls/azure/azure_kubernetes_cluster_network_policy_enabled.yaml index 474ce0171..26433184f 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_network_policy_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_network_policy_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN network_profile ->> 'networkPolicy' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_node_restrict_public_access.yaml b/compliance/controls/azure/azure_kubernetes_cluster_node_restrict_public_access.yaml index cef47965c..17b2cbf5b 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_node_restrict_public_access.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_node_restrict_public_access.yaml @@ -23,8 +23,8 @@ Query: ) SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN n.id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_os_and_data_disks_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_kubernetes_cluster_os_and_data_disks_encrypted_with_cmk.yaml index 380959852..af54b7e60 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_os_and_data_disks_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_os_and_data_disks_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN disk_encryption_set_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_pod_host_path_volume_use_allowed_host_path.yaml b/compliance/controls/azure/azure_kubernetes_cluster_pod_host_path_volume_use_allowed_host_path.yaml index 672eef7e0..d9d6d3db1 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_pod_host_path_volume_use_allowed_host_path.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_pod_host_path_volume_use_allowed_host_path.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_pod_use_approved_host_network_and_port_range.yaml b/compliance/controls/azure/azure_kubernetes_cluster_pod_use_approved_host_network_and_port_range.yaml index f967ccab1..6d2b3dabe 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_pod_use_approved_host_network_and_port_range.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_pod_use_approved_host_network_and_port_range.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id.yaml b/compliance/controls/azure/azure_kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id.yaml index bee7e0e30..28016f23d 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_pods_and_containers_uses_approved_user_and_group_id.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_privilege_containers_restricted.yaml b/compliance/controls/azure/azure_kubernetes_cluster_privilege_containers_restricted.yaml index dd6dcd962..1ae9b29ff 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_privilege_containers_restricted.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_privilege_containers_restricted.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_restrict_public_access.yaml b/compliance/controls/azure/azure_kubernetes_cluster_restrict_public_access.yaml index c1da6e850..59342592b 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_restrict_public_access.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_restrict_public_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN api_server_access_profile ->> 'enablePrivateCluster' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_service_listen_to_allowed_ports.yaml b/compliance/controls/azure/azure_kubernetes_cluster_service_listen_to_allowed_ports.yaml index ba9530143..03f843d21 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_service_listen_to_allowed_ports.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_service_listen_to_allowed_ports.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_kubernetes_cluster_sku_standard.yaml b/compliance/controls/azure/azure_kubernetes_cluster_sku_standard.yaml index dd6ae2482..d80ca9a96 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_sku_standard.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_sku_standard.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN sku ->> 'tier' = 'Paid' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host.yaml b/compliance/controls/azure/azure_kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host.yaml index b34179e81..711cc28be 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_upgrade_channel.yaml b/compliance/controls/azure/azure_kubernetes_cluster_upgrade_channel.yaml index 14df953f9..9d3d37c1e 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_upgrade_channel.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_upgrade_channel.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN auto_upgrade_profile ->> 'upgradeChannel' = 'none' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_kubernetes_cluster_upgraded_with_non_vulnerable_version.yaml b/compliance/controls/azure/azure_kubernetes_cluster_upgraded_with_non_vulnerable_version.yaml index 0609862ff..d24ad6ea9 100644 --- a/compliance/controls/azure/azure_kubernetes_cluster_upgraded_with_non_vulnerable_version.yaml +++ b/compliance/controls/azure/azure_kubernetes_cluster_upgraded_with_non_vulnerable_version.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.kubernetes_version ~ '1\.13\.[0-4]' diff --git a/compliance/controls/azure/azure_kubernetes_instance_rbac_enabled.yaml b/compliance/controls/azure/azure_kubernetes_instance_rbac_enabled.yaml index 5c68e206a..442d7847d 100644 --- a/compliance/controls/azure/azure_kubernetes_instance_rbac_enabled.yaml +++ b/compliance/controls/azure/azure_kubernetes_instance_rbac_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kc.id AS resource, - kc.og_account_id AS og_account_id, - kc.og_resource_id AS og_resource_id, + kc.platform_account_id AS platform_account_id, + kc.platform_resource_id AS platform_resource_id, CASE WHEN enable_rbac THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kusto_cluster_disk_encryption_enabled.yaml b/compliance/controls/azure/azure_kusto_cluster_disk_encryption_enabled.yaml index d2e6f8a83..adfb5f20b 100644 --- a/compliance/controls/azure/azure_kusto_cluster_disk_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_kusto_cluster_disk_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_disk_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kusto_cluster_double_encryption_enabled.yaml b/compliance/controls/azure/azure_kusto_cluster_double_encryption_enabled.yaml index 0f4891075..ce1c382d0 100644 --- a/compliance/controls/azure/azure_kusto_cluster_double_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_kusto_cluster_double_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN enable_double_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_kusto_cluster_encrypted_at_rest_with_cmk.yaml b/compliance/controls/azure/azure_kusto_cluster_encrypted_at_rest_with_cmk.yaml index 62184a525..74b69bb71 100644 --- a/compliance/controls/azure/azure_kusto_cluster_encrypted_at_rest_with_cmk.yaml +++ b/compliance/controls/azure/azure_kusto_cluster_encrypted_at_rest_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN key_vault_properties -> 'keyName' IS NOT NULL diff --git a/compliance/controls/azure/azure_kusto_cluster_sku_with_sla.yaml b/compliance/controls/azure/azure_kusto_cluster_sku_with_sla.yaml index aa0ee2d83..fdb68eb75 100644 --- a/compliance/controls/azure/azure_kusto_cluster_sku_with_sla.yaml +++ b/compliance/controls/azure/azure_kusto_cluster_sku_with_sla.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kv.id AS resource, - kv.og_account_id AS og_account_id, - kv.og_resource_id AS og_resource_id, + kv.platform_account_id AS platform_account_id, + kv.platform_resource_id AS platform_resource_id, CASE WHEN sku_name IN ('Dev(No SLA)_Standard_E2a_v4', 'Dev(No SLA)_Standard_D11_v2') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_log_analytics_workspace_block_log_ingestion_and_querying_from_public.yaml b/compliance/controls/azure/azure_log_analytics_workspace_block_log_ingestion_and_querying_from_public.yaml index 15c664eb8..8ac2aea78 100644 --- a/compliance/controls/azure/azure_log_analytics_workspace_block_log_ingestion_and_querying_from_public.yaml +++ b/compliance/controls/azure/azure_log_analytics_workspace_block_log_ingestion_and_querying_from_public.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT w.id AS resource, - w.og_account_id AS og_account_id, - w.og_resource_id AS og_resource_id, + w.platform_account_id AS platform_account_id, + w.platform_resource_id AS platform_resource_id, CASE WHEN type = 'Microsoft.OperationalInsights/workspaces' AND public_network_access_for_ingestion = 'Enabled' diff --git a/compliance/controls/azure/azure_log_analytics_workspace_block_non_azure_ingestion.yaml b/compliance/controls/azure/azure_log_analytics_workspace_block_non_azure_ingestion.yaml index 161bbd54d..aa55edc42 100644 --- a/compliance/controls/azure/azure_log_analytics_workspace_block_non_azure_ingestion.yaml +++ b/compliance/controls/azure/azure_log_analytics_workspace_block_non_azure_ingestion.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT w.id AS resource, - w.og_account_id AS og_account_id, - w.og_resource_id AS og_resource_id, + w.platform_account_id AS platform_account_id, + w.platform_resource_id AS platform_resource_id, CASE WHEN type = 'Microsoft.OperationalInsights/workspaces' AND disable_local_auth = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_log_profile_enabled_for_all_subscription.yaml b/compliance/controls/azure/azure_log_profile_enabled_for_all_subscription.yaml index 4140d2851..96210ace8 100644 --- a/compliance/controls/azure/azure_log_profile_enabled_for_all_subscription.yaml +++ b/compliance/controls/azure/azure_log_profile_enabled_for_all_subscription.yaml @@ -20,8 +20,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_logic_app_integration_service_environment_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_logic_app_integration_service_environment_encrypted_with_cmk.yaml index 1d4eaf518..169fb5913 100644 --- a/compliance/controls/azure/azure_logic_app_integration_service_environment_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_logic_app_integration_service_environment_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_logic_app_workflow_logging_enabled.yaml b/compliance/controls/azure/azure_logic_app_workflow_logging_enabled.yaml index 737e47126..7cc990b44 100644 --- a/compliance/controls/azure/azure_logic_app_workflow_logging_enabled.yaml +++ b/compliance/controls/azure/azure_logic_app_workflow_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.diagnostic_settings IS NULL THEN 'alarm' WHEN l.workflow_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_machine_learning_workspace_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_machine_learning_workspace_encrypted_with_cmk.yaml index 5e82684d1..2a6490a02 100644 --- a/compliance/controls/azure/azure_machine_learning_workspace_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_machine_learning_workspace_encrypted_with_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'status' = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_machine_learning_workspace_private_link_used.yaml b/compliance/controls/azure/azure_machine_learning_workspace_private_link_used.yaml index aae55acbe..a44143305 100644 --- a/compliance/controls/azure/azure_machine_learning_workspace_private_link_used.yaml +++ b/compliance/controls/azure/azure_machine_learning_workspace_private_link_used.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_api_management_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_api_management_mandatory.yaml index 846849bdb..5c252dfa1 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_api_management_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_api_management_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_api_management ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_environment_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_environment_mandatory.yaml index 9fb5e0e91..0b31a7553 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_environment_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_environment_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_app_service_environment ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_function_app_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_function_app_mandatory.yaml index b53a7ea1e..65f0bd90e 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_function_app_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_function_app_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_app_service_function_app ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_plan_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_plan_mandatory.yaml index 4f85ad794..312b9cdda 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_plan_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_plan_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_app_service_plan ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_web_app_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_web_app_mandatory.yaml index e907c24ff..21b0f659e 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_web_app_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_app_service_web_app_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_app_service_web_app ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_application_security_group_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_application_security_group_mandatory.yaml index 21b315ca1..1900dd4a1 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_application_security_group_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_application_security_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_application_security_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_batch_account_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_batch_account_mandatory.yaml index f65168fa5..ed74b5de5 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_batch_account_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_batch_account_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_batch_account ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_availability_set_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_availability_set_mandatory.yaml index a6a9d19c2..28e609455 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_availability_set_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_availability_set_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_availability_set ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_encryption_set_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_encryption_set_mandatory.yaml index 58fb663cb..306f8fe49 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_encryption_set_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_encryption_set_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_disk_encryption_set ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_mandatory.yaml index 5485b947d..f15103e9d 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_disk_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_disk ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_image_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_image_mandatory.yaml index 9789d1d73..0b20b5fda 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_image_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_image_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_image ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_snapshot_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_snapshot_mandatory.yaml index 8524a7255..a4899c8de 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_snapshot_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_snapshot_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_snapshot ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_mandatory.yaml index e49f6fe89..2baed6d28 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_virtual_machine ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_scale_set_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_scale_set_mandatory.yaml index 62ce8b9cb..5e18913d1 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_scale_set_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_compute_virtual_machine_scale_set_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_compute_virtual_machine_scale_set ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_container_registry_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_container_registry_mandatory.yaml index 5a29a5abb..b2bfdd164 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_container_registry_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_container_registry_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_container_registry ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_account_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_account_mandatory.yaml index f94e85f9e..3274110fd 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_account_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_account_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_cosmosdb_account ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_mongo_database_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_mongo_database_mandatory.yaml index 6650c90ab..a3373912f 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_mongo_database_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_mongo_database_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_cosmosdb_mongo_database ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_sql_database_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_sql_database_mandatory.yaml index 6962bb11f..45bed224e 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_sql_database_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_cosmosdb_sql_database_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_cosmosdb_sql_database ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_factory_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_factory_mandatory.yaml index 10c7389ef..9d22d5527 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_factory_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_factory_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_data_factory ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_analytics_account_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_analytics_account_mandatory.yaml index 5c6db02f4..fc4035ae6 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_analytics_account_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_analytics_account_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_data_lake_analytics_account ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_store_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_store_mandatory.yaml index 75a504538..88c5efa90 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_store_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_data_lake_store_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_data_lake_store ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_eventhub_namespace_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_eventhub_namespace_mandatory.yaml index 55d7d4202..038cf39c0 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_eventhub_namespace_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_eventhub_namespace_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_eventhub_namespace ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_express_route_circuit_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_express_route_circuit_mandatory.yaml index da7a28586..3e0ede0a2 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_express_route_circuit_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_express_route_circuit_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_express_route_circuit ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_firewall_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_firewall_mandatory.yaml index b26b6b28d..27d24372f 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_firewall_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_firewall_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_firewall ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_iothub_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_iothub_mandatory.yaml index 78d2ce80a..941efedcb 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_iothub_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_iothub_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_iothub ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_deleted_vault_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_deleted_vault_mandatory.yaml index c843be694..1464dc6fd 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_deleted_vault_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_deleted_vault_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_key_vault_deleted_vault ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_key_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_key_mandatory.yaml index 9dae23fc8..deb3b850f 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_key_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_key_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_key_vault_key ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_managed_hardware_security_module_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_managed_hardware_security_module_mandatory.yaml index c7bd93365..18385931a 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_managed_hardware_security_module_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_managed_hardware_security_module_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_key_vault_managed_hardware_security_module ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_mandatory.yaml index 81d0f7fd8..7bab3075a 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_key_vault ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_secret_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_secret_mandatory.yaml index 81458a9ef..44f179254 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_secret_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_key_vault_secret_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_key_vault_secret ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_kubernetes_cluster_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_kubernetes_cluster_mandatory.yaml index 47346466c..6ff8b4bb3 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_kubernetes_cluster_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_kubernetes_cluster_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_kubernetes_cluster ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_lb_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_lb_mandatory.yaml index 241d0043a..2589be00f 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_lb_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_lb_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_lb ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_log_alert_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_log_alert_mandatory.yaml index ee26040bc..57f0fe1f1 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_log_alert_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_log_alert_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_log_alert ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_log_profile_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_log_profile_mandatory.yaml index 1183794c5..806479bef 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_log_profile_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_log_profile_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_log_profile ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_logic_app_workflow_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_logic_app_workflow_mandatory.yaml index 3265e6c14..56c089012 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_logic_app_workflow_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_logic_app_workflow_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_logic_app_workflow ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_mariadb_server_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_mariadb_server_mandatory.yaml index 3d986b1b5..51fec37fe 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_mariadb_server_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_mariadb_server_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_mariadb_server ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_elasticpool_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_elasticpool_mandatory.yaml index 5eb6bea51..ca5f70b4d 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_elasticpool_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_elasticpool_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_mssql_elasticpool ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_managed_instance_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_managed_instance_mandatory.yaml index 93f7a25c2..a3c130e63 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_managed_instance_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_mssql_managed_instance_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_mssql_managed_instance ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_mysql_server_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_mysql_server_mandatory.yaml index fabcc9774..fe1ffeda8 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_mysql_server_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_mysql_server_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_mysql_server ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_interface_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_interface_mandatory.yaml index 1c70d6c0b..85f9a7950 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_interface_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_interface_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_network_interface ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_security_group_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_security_group_mandatory.yaml index d291b5799..681ecd0d4 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_security_group_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_security_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_network_security_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_flow_log_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_flow_log_mandatory.yaml index 76e14bf97..4492a7f9a 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_flow_log_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_flow_log_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_network_watcher_flow_log ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_mandatory.yaml index 268e52bf4..485f284e2 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_network_watcher_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_network_watcher ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_postgresql_server_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_postgresql_server_mandatory.yaml index 7d8d42c83..a310474a7 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_postgresql_server_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_postgresql_server_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_postgresql_server ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_public_ip_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_public_ip_mandatory.yaml index 65c6ec0b0..118c591ce 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_public_ip_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_public_ip_mandatory.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -18,8 +18,8 @@ Query: azure_public_ip ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_recovery_services_vault_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_recovery_services_vault_mandatory.yaml index bfb34a9be..415a98a5a 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_recovery_services_vault_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_recovery_services_vault_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -27,8 +27,8 @@ Query: azure_recovery_services_vault ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_redis_cache_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_redis_cache_mandatory.yaml index 0de3ead4d..95652074b 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_redis_cache_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_redis_cache_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_redis_cache ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_route_table_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_route_table_mandatory.yaml index 4c37e964a..2d639e7b3 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_route_table_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_route_table_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_route_table ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'OK' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_search_service_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_search_service_mandatory.yaml index 7a65b81ac..1a8496b51 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_search_service_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_search_service_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_search_service ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_servicebus_namespace_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_servicebus_namespace_mandatory.yaml index 50f3ed151..0899cc529 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_servicebus_namespace_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_servicebus_namespace_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_servicebus_namespace ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_database_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_database_mandatory.yaml index 5eebc85e4..84147e118 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_database_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_database_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_sql_database ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_server_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_server_mandatory.yaml index 2c08dba3b..02ed0c43c 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_server_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_sql_server_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_sql_server ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_storage_account_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_storage_account_mandatory.yaml index e695b2986..2083c5c10 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_storage_account_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_storage_account_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_storage_account ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_stream_analytics_job_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_stream_analytics_job_mandatory.yaml index d8f980c36..6a1704731 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_stream_analytics_job_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_stream_analytics_job_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_stream_analytics_job ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_gateway_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_gateway_mandatory.yaml index 39e58c3c9..5e9c2fa88 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_gateway_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_gateway_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -25,8 +25,8 @@ Query: azure_virtual_network_gateway ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_mandatory.yaml index 7df47b439..73e5ba80c 100644 --- a/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_resource_group_virtual_network_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::TEXT[] AS has_mandatory_tags, @@ -26,8 +26,8 @@ Query: ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml b/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml index bea366533..5251fa1e8 100644 --- a/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml +++ b/compliance/controls/azure/azure_mandatory_sql_subscription_resource_group_mandatory.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | WITH analysis AS ( SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id, title, tags ?& '{{.azureMandatoryTags}}'::text[] AS has_mandatory_tags, @@ -26,8 +26,8 @@ Query: azure_resource_group ) SELECT - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, id AS resource, CASE WHEN has_mandatory_tags THEN 'ok' diff --git a/compliance/controls/azure/azure_mariadb_server_geo_redundant_backup_enabled.yaml b/compliance/controls/azure/azure_mariadb_server_geo_redundant_backup_enabled.yaml index ace28e860..d28a18525 100644 --- a/compliance/controls/azure/azure_mariadb_server_geo_redundant_backup_enabled.yaml +++ b/compliance/controls/azure/azure_mariadb_server_geo_redundant_backup_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN s.geo_redundant_backup_enabled = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mariadb_server_public_network_access_disabled.yaml b/compliance/controls/azure/azure_mariadb_server_public_network_access_disabled.yaml index 32748e510..670d89c4f 100644 --- a/compliance/controls/azure/azure_mariadb_server_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_mariadb_server_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_mariadb_server_ssl_enabled.yaml b/compliance/controls/azure/azure_mariadb_server_ssl_enabled.yaml index cdd764078..9f307dd5c 100644 --- a/compliance/controls/azure/azure_mariadb_server_ssl_enabled.yaml +++ b/compliance/controls/azure/azure_mariadb_server_ssl_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_monitor_application_insights_configured.yaml b/compliance/controls/azure/azure_monitor_application_insights_configured.yaml index 726e64e76..d15b455c5 100644 --- a/compliance/controls/azure/azure_monitor_application_insights_configured.yaml +++ b/compliance/controls/azure/azure_monitor_application_insights_configured.yaml @@ -21,8 +21,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_monitor_diagnostic_settings_captures_proper_categories.yaml b/compliance/controls/azure/azure_monitor_diagnostic_settings_captures_proper_categories.yaml index 99ce3d59e..aca2bbbb1 100644 --- a/compliance/controls/azure/azure_monitor_diagnostic_settings_captures_proper_categories.yaml +++ b/compliance/controls/azure/azure_monitor_diagnostic_settings_captures_proper_categories.yaml @@ -14,8 +14,8 @@ Query: SELECT name, id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, resource_group, subscription_id, @@ -31,16 +31,16 @@ Query: GROUP BY name, id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, _ctx, resource_group, subscription_id ) SELECT sett.id AS resource, - sett.og_account_id AS og_account_id, - sett.og_resource_id AS og_resource_id, + sett.platform_account_id AS platform_account_id, + sett.platform_resource_id AS platform_resource_id, CASE WHEN valid_category_count = 4 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml index 7ea227a6b..cd7828870 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_policy_assignment.yaml @@ -14,8 +14,8 @@ Query: SELECT alert.id AS alert_id, alert.name AS alert_name, - alert.og_account_id AS og_account_id, - alert.og_resource_id AS og_resource_id, + alert.platform_account_id AS platform_account_id, + alert.platform_resource_id AS platform_resource_id, alert.enabled, alert.location, alert.subscription_id @@ -33,8 +33,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -49,8 +49,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.display_name Severity: medium diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml index 7ded0f036..7358ce2cf 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -58,8 +58,8 @@ Query: GROUP BY sub._ctx, sub.subscription_id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.display_name Severity: medium Tags: diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml index 0e400717f..1a458709e 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_nsg_rule.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY sub._ctx, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub.subscription_id, sub.display_name Severity: medium diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml index b1dcc56e3..75b1072f9 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_public_ip_address.yaml @@ -39,8 +39,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -54,8 +54,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name; diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml index e0870a56f..7e864d4ed 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_security_solution.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name; diff --git a/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml index f819f04e5..ebecc866b 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_create_update_sql_servers_firewall_rule.yaml @@ -41,8 +41,8 @@ Query: SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN count(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml index 37bc272a0..41e17e9d7 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg.yaml @@ -42,8 +42,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -57,8 +57,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml index cf38f5b83..9832fd479 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_nsg_rule.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN count(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml index 4c76c15d3..f8f237479 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_policy_assignment.yaml @@ -31,8 +31,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml index 6837f0e95..e9329817a 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_public_ip_address.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -55,8 +55,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml index f40067922..a7d11b382 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_security_solution.yaml @@ -34,8 +34,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -49,8 +49,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name; diff --git a/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml index ea29434de..19854ed15 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_delete_sql_servers_firewall_rule.yaml @@ -32,8 +32,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -47,8 +47,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name; diff --git a/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml b/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml index d1f71b0ee..ba8fa00fb 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_for_administrative_operations.yaml @@ -41,8 +41,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -56,8 +56,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml b/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml index e40cdd494..07ca29c6e 100644 --- a/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml +++ b/compliance/controls/azure/azure_monitor_log_alert_sql_firewall_rule.yaml @@ -31,8 +31,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(a.subscription_id) > 0 THEN 'ok' ELSE 'alarm' @@ -46,8 +46,8 @@ Query: azure_subscription sub LEFT JOIN alert_rule a ON sub.subscription_id = a.subscription_id GROUP BY - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, sub._ctx, sub.subscription_id, sub.display_name diff --git a/compliance/controls/azure/azure_monitor_log_analytics_workspace_integrated_with_encrypted_storage_account.yaml b/compliance/controls/azure/azure_monitor_log_analytics_workspace_integrated_with_encrypted_storage_account.yaml index 61e72f1f0..9630160b3 100644 --- a/compliance/controls/azure/azure_monitor_log_analytics_workspace_integrated_with_encrypted_storage_account.yaml +++ b/compliance/controls/azure/azure_monitor_log_analytics_workspace_integrated_with_encrypted_storage_account.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_monitor_log_cluster_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_monitor_log_cluster_encrypted_with_cmk.yaml index 364a5be86..77ebbc47c 100644 --- a/compliance/controls/azure/azure_monitor_log_cluster_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_monitor_log_cluster_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_monitor_log_cluster_infrastructure_encryption_enabled.yaml b/compliance/controls/azure/azure_monitor_log_cluster_infrastructure_encryption_enabled.yaml index 1da0eae95..aeb7bd94d 100644 --- a/compliance/controls/azure/azure_monitor_log_cluster_infrastructure_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_monitor_log_cluster_infrastructure_encryption_enabled.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_categories.yaml b/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_categories.yaml index 411baf040..0d7599d23 100644 --- a/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_categories.yaml +++ b/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_categories.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.categories @> '["Write", "Action", "Delete"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_regions.yaml b/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_regions.yaml index d5b178cc6..654230276 100644 --- a/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_regions.yaml +++ b/compliance/controls/azure/azure_monitor_log_profile_enabled_for_all_regions.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.log_event_location @> '["global", "australiacentral", "australiacentral2", "australiaeast", "australiasoutheast", "brazilsouth", "brazilsoutheast", "canadacentral", "canadaeast", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "francesouth", "germanynorth", "germanywestcentral", "japaneast", "japanwest", "jioindiawest", "koreacentral", "koreasouth", "northcentralus", "northeurope", "norwayeast", "norwaywest", "southafricanorth", "southafricawest", "southcentralus", "southeastasia", "southindia", "switzerlandnorth", "switzerlandwest", "uaecentral", "uaenorth", "uksouth", "ukwest", "westcentralus", "westeurope", "westindia", "westus", "westus2", "westus3"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_monitor_log_profile_retention_365_days.yaml b/compliance/controls/azure/azure_monitor_log_profile_retention_365_days.yaml index 05fdee46b..e0544ae3b 100644 --- a/compliance/controls/azure/azure_monitor_log_profile_retention_365_days.yaml +++ b/compliance/controls/azure/azure_monitor_log_profile_retention_365_days.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.id AS resource, - p.og_account_id AS og_account_id, - p.og_resource_id AS og_resource_id, + p.platform_account_id AS platform_account_id, + p.platform_resource_id AS platform_resource_id, CASE WHEN p.retention_policy ->> 'enabled' = 'false' THEN 'alarm' WHEN p.retention_policy ->> 'enabled' = 'true' AND (p.retention_policy ->> 'days')::int >= 365 THEN 'ok' diff --git a/compliance/controls/azure/azure_monitor_logs_storage_container_encryptes_with_byok.yaml b/compliance/controls/azure/azure_monitor_logs_storage_container_encryptes_with_byok.yaml index 62715d167..16b491b8c 100644 --- a/compliance/controls/azure/azure_monitor_logs_storage_container_encryptes_with_byok.yaml +++ b/compliance/controls/azure/azure_monitor_logs_storage_container_encryptes_with_byok.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.encryption_key_source = 'Microsoft.Keyvault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_monitor_logs_storage_container_insights_activity_logs_not_public_accessible.yaml b/compliance/controls/azure/azure_monitor_logs_storage_container_insights_activity_logs_not_public_accessible.yaml index f45f933b2..0961579c4 100644 --- a/compliance/controls/azure/azure_monitor_logs_storage_container_insights_activity_logs_not_public_accessible.yaml +++ b/compliance/controls/azure/azure_monitor_logs_storage_container_insights_activity_logs_not_public_accessible.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_monitor_logs_storage_container_insights_operational_logs_not_public_accessible.yaml b/compliance/controls/azure/azure_monitor_logs_storage_container_insights_operational_logs_not_public_accessible.yaml index c79d2d34c..a7e6a833d 100644 --- a/compliance/controls/azure/azure_monitor_logs_storage_container_insights_operational_logs_not_public_accessible.yaml +++ b/compliance/controls/azure/azure_monitor_logs_storage_container_insights_operational_logs_not_public_accessible.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_monitor_logs_storage_container_not_public_accessible.yaml b/compliance/controls/azure/azure_monitor_logs_storage_container_not_public_accessible.yaml index 3d3834ee6..52734624a 100644 --- a/compliance/controls/azure/azure_monitor_logs_storage_container_not_public_accessible.yaml +++ b/compliance/controls/azure/azure_monitor_logs_storage_container_not_public_accessible.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id AS og_account_id, - sc.og_resource_id AS og_resource_id, + sc.platform_account_id AS platform_account_id, + sc.platform_resource_id AS platform_resource_id, CASE WHEN public_access != 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_mssql_managed_instance_encryption_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_mssql_managed_instance_encryption_at_rest_using_cmk.yaml index adacce330..c5f4d3b61 100644 --- a/compliance/controls/azure/azure_mssql_managed_instance_encryption_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_mssql_managed_instance_encryption_at_rest_using_cmk.yaml @@ -22,8 +22,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mssql_managed_instance_vulnerability_assessment_enabled.yaml b/compliance/controls/azure/azure_mssql_managed_instance_vulnerability_assessment_enabled.yaml index a0d67ee5a..bafc1da8a 100644 --- a/compliance/controls/azure/azure_mssql_managed_instance_vulnerability_assessment_enabled.yaml +++ b/compliance/controls/azure/azure_mssql_managed_instance_vulnerability_assessment_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mysql_db_server_geo_redundant_backup_enabled.yaml b/compliance/controls/azure/azure_mysql_db_server_geo_redundant_backup_enabled.yaml index 854272491..98978070d 100644 --- a/compliance/controls/azure/azure_mysql_db_server_geo_redundant_backup_enabled.yaml +++ b/compliance/controls/azure/azure_mysql_db_server_geo_redundant_backup_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN geo_redundant_backup = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mysql_server_audit_logging_enabled.yaml b/compliance/controls/azure/azure_mysql_server_audit_logging_enabled.yaml index 263f058b7..422da5b90 100644 --- a/compliance/controls/azure/azure_mysql_server_audit_logging_enabled.yaml +++ b/compliance/controls/azure/azure_mysql_server_audit_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_mysql_server_audit_logging_events_connection_set.yaml b/compliance/controls/azure/azure_mysql_server_audit_logging_events_connection_set.yaml index 6435ffa15..be95e5cd4 100644 --- a/compliance/controls/azure/azure_mysql_server_audit_logging_events_connection_set.yaml +++ b/compliance/controls/azure/azure_mysql_server_audit_logging_events_connection_set.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') = 'connection' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mysql_server_encrypted_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_mysql_server_encrypted_at_rest_using_cmk.yaml index eec22714f..de544c7c8 100644 --- a/compliance/controls/azure/azure_mysql_server_encrypted_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_mysql_server_encrypted_at_rest_using_cmk.yaml @@ -22,8 +22,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mysql_server_infrastructure_encryption_enabled.yaml b/compliance/controls/azure/azure_mysql_server_infrastructure_encryption_enabled.yaml index bf1191ca4..2316e31e3 100644 --- a/compliance/controls/azure/azure_mysql_server_infrastructure_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_mysql_server_infrastructure_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_mysql_server_min_tls_1_2.yaml b/compliance/controls/azure/azure_mysql_server_min_tls_1_2.yaml index 39f923f30..93e7f4efe 100644 --- a/compliance/controls/azure/azure_mysql_server_min_tls_1_2.yaml +++ b/compliance/controls/azure/azure_mysql_server_min_tls_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_mysql_server_private_link_used.yaml b/compliance/controls/azure/azure_mysql_server_private_link_used.yaml index 895085a73..d5a5af766 100644 --- a/compliance/controls/azure/azure_mysql_server_private_link_used.yaml +++ b/compliance/controls/azure/azure_mysql_server_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_tier = 'Basic' THEN 'skip' WHEN private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb THEN 'ok' diff --git a/compliance/controls/azure/azure_mysql_server_public_network_access_disabled.yaml b/compliance/controls/azure/azure_mysql_server_public_network_access_disabled.yaml index 923677c02..17a8b9b6c 100644 --- a/compliance/controls/azure/azure_mysql_server_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_mysql_server_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_mysql_ssl_enabled.yaml b/compliance/controls/azure/azure_mysql_ssl_enabled.yaml index 9cc82cd20..f7dd88526 100644 --- a/compliance/controls/azure/azure_mysql_ssl_enabled.yaml +++ b/compliance/controls/azure/azure_mysql_ssl_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_bastion_host_min_1.yaml b/compliance/controls/azure/azure_network_bastion_host_min_1.yaml index 8f49067a9..98562527d 100644 --- a/compliance/controls/azure/azure_network_bastion_host_min_1.yaml +++ b/compliance/controls/azure/azure_network_bastion_host_min_1.yaml @@ -27,8 +27,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN i.subscription_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_ddos_enabled.yaml b/compliance/controls/azure/azure_network_ddos_enabled.yaml index edc14141e..c96f4f885 100644 --- a/compliance/controls/azure/azure_network_ddos_enabled.yaml +++ b/compliance/controls/azure/azure_network_ddos_enabled.yaml @@ -20,8 +20,8 @@ Query: ) SELECT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.vn_name IS NULL THEN 'ok' WHEN b.vn_name IS NOT NULL AND enable_ddos_protection::bool THEN 'ok' diff --git a/compliance/controls/azure/azure_network_interface_ip_forwarding_disabled.yaml b/compliance/controls/azure/azure_network_interface_ip_forwarding_disabled.yaml index 14032bdd2..387cfacff 100644 --- a/compliance/controls/azure/azure_network_interface_ip_forwarding_disabled.yaml +++ b/compliance/controls/azure/azure_network_interface_ip_forwarding_disabled.yaml @@ -16,8 +16,8 @@ Query: id AS vm_id, name AS vm_name, resource_group, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, region, subscription_id, @@ -28,8 +28,8 @@ Query: ) SELECT v.vm_id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN i.enable_ip_forwarding THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_lb_no_basic_sku.yaml b/compliance/controls/azure/azure_network_lb_no_basic_sku.yaml index 1c41de655..414e0d809 100644 --- a/compliance/controls/azure/azure_network_lb_no_basic_sku.yaml +++ b/compliance/controls/azure/azure_network_lb_no_basic_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT l.id AS resource, - l.og_account_id AS og_account_id, - l.og_resource_id AS og_resource_id, + l.platform_account_id AS platform_account_id, + l.platform_resource_id AS platform_resource_id, CASE WHEN l.sku_name = 'Basic' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_network_peering_connected.yaml b/compliance/controls/azure/azure_network_network_peering_connected.yaml index 8b74aebce..8a33edcea 100644 --- a/compliance/controls/azure/azure_network_network_peering_connected.yaml +++ b/compliance/controls/azure/azure_network_network_peering_connected.yaml @@ -21,8 +21,8 @@ Query: ) SELECT n.id AS resource, - n.og_account_id AS og_account_id, - n.og_resource_id AS og_resource_id, + n.platform_account_id AS platform_account_id, + n.platform_resource_id AS platform_resource_id, CASE WHEN jsonb_array_length(network_peerings) = 0 THEN 'ok' WHEN p.vn_id IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_network_public_ip_no_basic_sku.yaml b/compliance/controls/azure/azure_network_public_ip_no_basic_sku.yaml index 84d8fdf51..9e209f3fb 100644 --- a/compliance/controls/azure/azure_network_public_ip_no_basic_sku.yaml +++ b/compliance/controls/azure/azure_network_public_ip_no_basic_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT i.id AS resource, - i.og_account_id AS og_account_id, - i.og_resource_id AS og_resource_id, + i.platform_account_id AS platform_account_id, + i.platform_resource_id AS platform_resource_id, CASE WHEN i.sku_name = 'Basic' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_security_group_diagnostic_setting_deployed.yaml b/compliance/controls/azure/azure_network_security_group_diagnostic_setting_deployed.yaml index 87c2fdcd4..b137322ec 100644 --- a/compliance/controls/azure/azure_network_security_group_diagnostic_setting_deployed.yaml +++ b/compliance/controls/azure/azure_network_security_group_diagnostic_setting_deployed.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.resource_guid AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN a.diagnostic_settings IS NULL THEN 'alarm' WHEN l.nsg_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_https_access_restricted.yaml b/compliance/controls/azure/azure_network_security_group_https_access_restricted.yaml index 91cfc2060..935613062 100644 --- a/compliance/controls/azure/azure_network_security_group_https_access_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_https_access_restricted.yaml @@ -44,8 +44,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_not_configured_gateway_subnets.yaml b/compliance/controls/azure/azure_network_security_group_not_configured_gateway_subnets.yaml index 48d44d036..74d16bb5c 100644 --- a/compliance/controls/azure/azure_network_security_group_not_configured_gateway_subnets.yaml +++ b/compliance/controls/azure/azure_network_security_group_not_configured_gateway_subnets.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT subnet.id AS resource, - subnet.og_account_id AS og_account_id, - subnet.og_resource_id AS og_resource_id, + subnet.platform_account_id AS platform_account_id, + subnet.platform_resource_id AS platform_resource_id, CASE WHEN subnet.name = 'GatewaySubnet' AND network_security_group_id IS NOT NULL THEN 'alarm' WHEN subnet.name = 'GatewaySubnet' AND network_security_group_id IS NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_network_security_group_outbound_access_restricted.yaml b/compliance/controls/azure/azure_network_security_group_outbound_access_restricted.yaml index eae417189..945b492d5 100644 --- a/compliance/controls/azure/azure_network_security_group_outbound_access_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_outbound_access_restricted.yaml @@ -38,8 +38,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_rdp_access_restricted.yaml b/compliance/controls/azure/azure_network_security_group_rdp_access_restricted.yaml index 6e69b0fc6..b06ac4118 100644 --- a/compliance/controls/azure/azure_network_security_group_rdp_access_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_rdp_access_restricted.yaml @@ -40,8 +40,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_remote_access_restricted.yaml b/compliance/controls/azure/azure_network_security_group_remote_access_restricted.yaml index b75b08fc0..22203cf29 100644 --- a/compliance/controls/azure/azure_network_security_group_remote_access_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_remote_access_restricted.yaml @@ -45,8 +45,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_icmp_port.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_icmp_port.yaml index c5c3b8b40..66d842ee5 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_icmp_port.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_icmp_port.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_135.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_135.yaml index b9ca25184..e0d820dca 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_135.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_135.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_1433.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_1433.yaml index 477bdb0ef..742134be6 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_1433.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_1433.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_20.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_20.yaml index c4da14fbe..15e300277 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_20.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_20.yaml @@ -44,8 +44,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_21.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_21.yaml index ac44f878f..88331af27 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_21.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_21.yaml @@ -44,8 +44,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_23.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_23.yaml index bebd47891..885437ab3 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_23.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_23.yaml @@ -44,8 +44,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_25.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_25.yaml index 0ae82c196..b12733a1d 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_25.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_25.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_3306.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_3306.yaml index 2fdff9bdb..53693f3ad 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_3306.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_3306.yaml @@ -48,8 +48,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_4333.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_4333.yaml index 4e83456cc..a44b47b0c 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_4333.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_4333.yaml @@ -38,8 +38,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_445.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_445.yaml index 72f9e559e..ac8e7376f 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_445.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_445.yaml @@ -48,8 +48,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_53.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_53.yaml index 9b0b92f72..3a7022a5f 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_53.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_53.yaml @@ -48,8 +48,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5432.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5432.yaml index edb75a871..9e226950c 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5432.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5432.yaml @@ -51,8 +51,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5500.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5500.yaml index 9520e3390..67bcb5b82 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5500.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5500.yaml @@ -48,8 +48,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5900.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5900.yaml index a2ae2a96f..2b13dbfe2 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5900.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_tcp_port_5900.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_137.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_137.yaml index 1c3937f1c..fae4ae86d 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_137.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_137.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_138.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_138.yaml index 898676125..98c79ab18 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_138.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_138.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_1434.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_1434.yaml index b9bcbb92f..027577ae6 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_1434.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_1434.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_445.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_445.yaml index f98672bc7..4b495fd26 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_445.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_445.yaml @@ -42,8 +42,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_53.yaml b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_53.yaml index fe65c95ab..27c04777d 100644 --- a/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_53.yaml +++ b/compliance/controls/azure/azure_network_security_group_restrict_inbound_udp_port_53.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_ssh_access_restricted.yaml b/compliance/controls/azure/azure_network_security_group_ssh_access_restricted.yaml index 3db2e0204..9e14dd3ab 100644 --- a/compliance/controls/azure/azure_network_security_group_ssh_access_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_ssh_access_restricted.yaml @@ -46,8 +46,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_security_group_subnet_associated.yaml b/compliance/controls/azure/azure_network_security_group_subnet_associated.yaml index e57a87379..d80c255b4 100644 --- a/compliance/controls/azure/azure_network_security_group_subnet_associated.yaml +++ b/compliance/controls/azure/azure_network_security_group_subnet_associated.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN subnets IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_security_group_udp_service_restricted.yaml b/compliance/controls/azure/azure_network_security_group_udp_service_restricted.yaml index 134e6fe48..710c84c13 100644 --- a/compliance/controls/azure/azure_network_security_group_udp_service_restricted.yaml +++ b/compliance/controls/azure/azure_network_security_group_udp_service_restricted.yaml @@ -53,8 +53,8 @@ Query: ) SELECT sg.id resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN nsg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_sg_flowlog_enabled.yaml b/compliance/controls/azure/azure_network_sg_flowlog_enabled.yaml index c5963581c..c33332984 100644 --- a/compliance/controls/azure/azure_network_sg_flowlog_enabled.yaml +++ b/compliance/controls/azure/azure_network_sg_flowlog_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN sg.flow_logs IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_sg_flowlog_retention_period_greater_than_90.yaml b/compliance/controls/azure/azure_network_sg_flowlog_retention_period_greater_than_90.yaml index 6107850a4..56b82ee01 100644 --- a/compliance/controls/azure/azure_network_sg_flowlog_retention_period_greater_than_90.yaml +++ b/compliance/controls/azure/azure_network_sg_flowlog_retention_period_greater_than_90.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN fl.id IS NULL OR NOT fl.enabled OR fl.retention_policy_days < 90 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_subnet_protected_by_firewall.yaml b/compliance/controls/azure/azure_network_subnet_protected_by_firewall.yaml index 7e5fd59b5..b75799cef 100644 --- a/compliance/controls/azure/azure_network_subnet_protected_by_firewall.yaml +++ b/compliance/controls/azure/azure_network_subnet_protected_by_firewall.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_network_virtual_network_gateway_no_basic_sku.yaml b/compliance/controls/azure/azure_network_virtual_network_gateway_no_basic_sku.yaml index a7d4df8ab..c17eac513 100644 --- a/compliance/controls/azure/azure_network_virtual_network_gateway_no_basic_sku.yaml +++ b/compliance/controls/azure/azure_network_virtual_network_gateway_no_basic_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT g.id AS resource, - g.og_account_id AS og_account_id, - g.og_resource_id AS og_resource_id, + g.platform_account_id AS platform_account_id, + g.platform_resource_id AS platform_resource_id, CASE WHEN g.sku_name = 'Basic' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_watcher_enabled.yaml b/compliance/controls/azure/azure_network_watcher_enabled.yaml index 9edc9a927..7ea6200e8 100644 --- a/compliance/controls/azure/azure_network_watcher_enabled.yaml +++ b/compliance/controls/azure/azure_network_watcher_enabled.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT loc.id AS resource, - loc.og_account_id AS og_account_id, - loc.og_resource_id AS og_resource_id, + loc.platform_account_id AS platform_account_id, + loc.platform_resource_id AS platform_resource_id, CASE WHEN watcher.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_network_watcher_flow_log_enabled.yaml b/compliance/controls/azure/azure_network_watcher_flow_log_enabled.yaml index 2febde84a..4f62bb8e0 100644 --- a/compliance/controls/azure/azure_network_watcher_flow_log_enabled.yaml +++ b/compliance/controls/azure/azure_network_watcher_flow_log_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN sg.enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_network_watcher_flow_log_traffic_analytics_enabled.yaml b/compliance/controls/azure/azure_network_watcher_flow_log_traffic_analytics_enabled.yaml index 9f547c871..9726323e6 100644 --- a/compliance/controls/azure/azure_network_watcher_flow_log_traffic_analytics_enabled.yaml +++ b/compliance/controls/azure/azure_network_watcher_flow_log_traffic_analytics_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id AS og_account_id, - sg.og_resource_id AS og_resource_id, + sg.platform_account_id AS platform_account_id, + sg.platform_resource_id AS platform_resource_id, CASE WHEN sg.enabled AND traffic_analytics ->> 'enabled' = 'true' diff --git a/compliance/controls/azure/azure_network_watcher_in_regions_with_virtual_network.yaml b/compliance/controls/azure/azure_network_watcher_in_regions_with_virtual_network.yaml index 6e8ffe81c..f3aff7101 100644 --- a/compliance/controls/azure/azure_network_watcher_in_regions_with_virtual_network.yaml +++ b/compliance/controls/azure/azure_network_watcher_in_regions_with_virtual_network.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN b.region IS NULL THEN 'alarm' WHEN LOWER(b.resource_group) = 'networkwatcherrg' THEN 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_allow_access_to_azure_services_disabled.yaml b/compliance/controls/azure/azure_postgres_db_server_allow_access_to_azure_services_disabled.yaml index 38c811f4d..de2a02199 100644 --- a/compliance/controls/azure/azure_postgres_db_server_allow_access_to_azure_services_disabled.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_allow_access_to_azure_services_disabled.yaml @@ -23,8 +23,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_connection_throttling_on.yaml b/compliance/controls/azure/azure_postgres_db_server_connection_throttling_on.yaml index f21997cad..3e9a4433b 100644 --- a/compliance/controls/azure/azure_postgres_db_server_connection_throttling_on.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_connection_throttling_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_geo_redundant_backup_enabled.yaml b/compliance/controls/azure/azure_postgres_db_server_geo_redundant_backup_enabled.yaml index 94acf3bee..5f5c9ed14 100644 --- a/compliance/controls/azure/azure_postgres_db_server_geo_redundant_backup_enabled.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_geo_redundant_backup_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN geo_redundant_backup = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_postgres_db_server_latest_tls_version.yaml b/compliance/controls/azure/azure_postgres_db_server_latest_tls_version.yaml index 76bda9be6..4a3a83507 100644 --- a/compliance/controls/azure/azure_postgres_db_server_latest_tls_version.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_latest_tls_version.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN minimal_tls_version = 'TLS1_2' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_postgres_db_server_log_checkpoints_on.yaml b/compliance/controls/azure/azure_postgres_db_server_log_checkpoints_on.yaml index 59c6f9c37..daceffdfc 100644 --- a/compliance/controls/azure/azure_postgres_db_server_log_checkpoints_on.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_log_checkpoints_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_log_connections_on.yaml b/compliance/controls/azure/azure_postgres_db_server_log_connections_on.yaml index 5c576c649..4388e3e14 100644 --- a/compliance/controls/azure/azure_postgres_db_server_log_connections_on.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_log_connections_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_log_disconnections_on.yaml b/compliance/controls/azure/azure_postgres_db_server_log_disconnections_on.yaml index 727854627..26ce02aab 100644 --- a/compliance/controls/azure/azure_postgres_db_server_log_disconnections_on.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_log_disconnections_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(config -> 'ConfigurationProperties' ->> 'value') != 'on' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_db_server_log_retention_days_3.yaml b/compliance/controls/azure/azure_postgres_db_server_log_retention_days_3.yaml index e811351eb..7a2cb711b 100644 --- a/compliance/controls/azure/azure_postgres_db_server_log_retention_days_3.yaml +++ b/compliance/controls/azure/azure_postgres_db_server_log_retention_days_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN (config -> 'ConfigurationProperties' ->> 'value')::integer <= 3 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgres_server_private_link_used.yaml b/compliance/controls/azure/azure_postgres_server_private_link_used.yaml index 33f517f1c..f8b4edb5a 100644 --- a/compliance/controls/azure/azure_postgres_server_private_link_used.yaml +++ b/compliance/controls/azure/azure_postgres_server_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_tier = 'Basic' THEN 'skip' WHEN private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]'::jsonb THEN 'ok' diff --git a/compliance/controls/azure/azure_postgres_sql_server_encrypted_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_postgres_sql_server_encrypted_at_rest_using_cmk.yaml index fe84f8af6..1c46e235f 100644 --- a/compliance/controls/azure/azure_postgres_sql_server_encrypted_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_postgres_sql_server_encrypted_at_rest_using_cmk.yaml @@ -19,8 +19,8 @@ Query: AND a ->> 'uri' IS NOT NULL ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN a.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_postgres_sql_ssl_enabled.yaml b/compliance/controls/azure/azure_postgres_sql_ssl_enabled.yaml index e06c6d4ae..8954d0e1c 100644 --- a/compliance/controls/azure/azure_postgres_sql_ssl_enabled.yaml +++ b/compliance/controls/azure/azure_postgres_sql_ssl_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN ssl_enforcement = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_postgresql_server_infrastructure_encryption_enabled.yaml b/compliance/controls/azure/azure_postgresql_server_infrastructure_encryption_enabled.yaml index 34ee73dce..a888ea1ff 100644 --- a/compliance/controls/azure/azure_postgresql_server_infrastructure_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_postgresql_server_infrastructure_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN infrastructure_encryption = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_postgresql_server_public_network_access_disabled.yaml b/compliance/controls/azure/azure_postgresql_server_public_network_access_disabled.yaml index 17b212001..abb73a775 100644 --- a/compliance/controls/azure/azure_postgresql_server_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_postgresql_server_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_recovery_service_vault_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_recovery_service_vault_encrypted_with_cmk.yaml index 77ddb7569..f1999b55e 100644 --- a/compliance/controls/azure/azure_recovery_service_vault_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_recovery_service_vault_encrypted_with_cmk.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_recovery_service_vault_uses_managed_identity.yaml b/compliance/controls/azure/azure_recovery_service_vault_uses_managed_identity.yaml index c2426e43b..7b3a88841 100644 --- a/compliance/controls/azure/azure_recovery_service_vault_uses_managed_identity.yaml +++ b/compliance/controls/azure/azure_recovery_service_vault_uses_managed_identity.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN identity IS NULL OR identity ->> 'type' = 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_recovery_service_vault_uses_private_link.yaml b/compliance/controls/azure/azure_recovery_service_vault_uses_private_link.yaml index 99bc261bb..a7d8156a8 100644 --- a/compliance/controls/azure/azure_recovery_service_vault_uses_private_link.yaml +++ b/compliance/controls/azure/azure_recovery_service_vault_uses_private_link.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN private_endpoint_state_for_site_recovery = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_recovery_service_vault_uses_private_link_for_backup.yaml b/compliance/controls/azure/azure_recovery_service_vault_uses_private_link_for_backup.yaml index e91ac8d33..4458ae12f 100644 --- a/compliance/controls/azure/azure_recovery_service_vault_uses_private_link_for_backup.yaml +++ b/compliance/controls/azure/azure_recovery_service_vault_uses_private_link_for_backup.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN private_endpoint_state_for_backup = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_redis_cache_in_virtual_network.yaml b/compliance/controls/azure/azure_redis_cache_in_virtual_network.yaml index b5247de2b..6f90814a3 100644 --- a/compliance/controls/azure/azure_redis_cache_in_virtual_network.yaml +++ b/compliance/controls/azure/azure_redis_cache_in_virtual_network.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT redis.id AS resource, - redis.og_account_id AS og_account_id, - redis.og_resource_id AS og_resource_id, + redis.platform_account_id AS platform_account_id, + redis.platform_resource_id AS platform_resource_id, CASE WHEN subnet_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_redis_cache_min_tls_1_2.yaml b/compliance/controls/azure/azure_redis_cache_min_tls_1_2.yaml index 4182d4ab2..8d24c1179 100644 --- a/compliance/controls/azure/azure_redis_cache_min_tls_1_2.yaml +++ b/compliance/controls/azure/azure_redis_cache_min_tls_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version IS NULL THEN 'alarm' WHEN minimum_tls_version = '1.2' THEN 'ok' diff --git a/compliance/controls/azure/azure_redis_cache_no_basic_sku.yaml b/compliance/controls/azure/azure_redis_cache_no_basic_sku.yaml index 1bc6f4c4b..204189e2a 100644 --- a/compliance/controls/azure/azure_redis_cache_no_basic_sku.yaml +++ b/compliance/controls/azure/azure_redis_cache_no_basic_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_account_id AS og_account_id, - c.og_resource_id AS og_resource_id, + c.platform_account_id AS platform_account_id, + c.platform_resource_id AS platform_resource_id, CASE WHEN c.sku_name = 'Basic' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_redis_cache_ssl_enabled.yaml b/compliance/controls/azure/azure_redis_cache_ssl_enabled.yaml index 04a5e4b25..f0380542b 100644 --- a/compliance/controls/azure/azure_redis_cache_ssl_enabled.yaml +++ b/compliance/controls/azure/azure_redis_cache_ssl_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT redis.id AS resource, - redis.og_account_id AS og_account_id, - redis.og_resource_id AS og_resource_id, + redis.platform_account_id AS platform_account_id, + redis.platform_resource_id AS platform_resource_id, CASE WHEN enable_non_ssl_port THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_redis_cache_uses_private_link.yaml b/compliance/controls/azure/azure_redis_cache_uses_private_link.yaml index d674a3d93..fdc05b52d 100644 --- a/compliance/controls/azure/azure_redis_cache_uses_private_link.yaml +++ b/compliance/controls/azure/azure_redis_cache_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_search_service_logging_enabled.yaml b/compliance/controls/azure/azure_search_service_logging_enabled.yaml index d4efabe0e..8a1158c1d 100644 --- a/compliance/controls/azure/azure_search_service_logging_enabled.yaml +++ b/compliance/controls/azure/azure_search_service_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.search_service_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_search_service_public_network_access_disabled.yaml b/compliance/controls/azure/azure_search_service_public_network_access_disabled.yaml index eaaee647e..1aae4aa04 100644 --- a/compliance/controls/azure/azure_search_service_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_search_service_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_search_service_replica_count_3.yaml b/compliance/controls/azure/azure_search_service_replica_count_3.yaml index b20f54fd3..8bcd3f268 100644 --- a/compliance/controls/azure/azure_search_service_replica_count_3.yaml +++ b/compliance/controls/azure/azure_search_service_replica_count_3.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN replica_count > 3 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_search_service_uses_managed_identity.yaml b/compliance/controls/azure/azure_search_service_uses_managed_identity.yaml index 83042f93a..ff4ac0379 100644 --- a/compliance/controls/azure/azure_search_service_uses_managed_identity.yaml +++ b/compliance/controls/azure/azure_search_service_uses_managed_identity.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN identity ->> 'type' = 'SystemAssigned' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_search_service_uses_private_link.yaml b/compliance/controls/azure/azure_search_service_uses_private_link.yaml index 39a228cb0..11b68c65f 100644 --- a/compliance/controls/azure/azure_search_service_uses_private_link.yaml +++ b/compliance/controls/azure/azure_search_service_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_search_service_uses_sku_supporting_private_link.yaml b/compliance/controls/azure/azure_search_service_uses_sku_supporting_private_link.yaml index 4aee01b34..8c4ea6f65 100644 --- a/compliance/controls/azure/azure_search_service_uses_sku_supporting_private_link.yaml +++ b/compliance/controls/azure/azure_search_service_uses_sku_supporting_private_link.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN sku_name = 'free' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml b/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml index 7203f4927..fb72b6e57 100644 --- a/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_additional_email_configured.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'OK' WHEN default_count = 1 AND jsonb_array_length(default_email) != 0 THEN 'OK' diff --git a/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml b/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml index 345567f34..82debe429 100644 --- a/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml +++ b/compliance/controls/azure/azure_securitycenter_asc_default_setting_not_disabled.yaml @@ -25,8 +25,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN COUNT(value = 'Disabled') > 0 THEN 'alarm' ELSE 'ok' @@ -41,8 +41,8 @@ Query: RIGHT JOIN azure_subscription sub ON pol_assignment.subscription_id = sub.subscription_id GROUP BY sub.id, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, pol_assignment.id, sub._ctx, sub.subscription_id, diff --git a/compliance/controls/azure/azure_securitycenter_automatic_provisioning_monitoring_agent_on.yaml b/compliance/controls/azure/azure_securitycenter_automatic_provisioning_monitoring_agent_on.yaml index 3646fc852..2952347c8 100644 --- a/compliance/controls/azure/azure_securitycenter_automatic_provisioning_monitoring_agent_on.yaml +++ b/compliance/controls/azure/azure_securitycenter_automatic_provisioning_monitoring_agent_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_prov.id AS resource, - sc_prov.og_account_id AS og_account_id, - sc_prov.og_resource_id AS og_resource_id, + sc_prov.platform_account_id AS platform_account_id, + sc_prov.platform_resource_id AS platform_resource_id, CASE WHEN auto_provision = 'On' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_appservice.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_appservice.yaml index 7e5f6bf67..83ff9ebc7 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_appservice.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_appservice.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containerregistry.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containerregistry.yaml index cdb4da9a9..dcd5a62c7 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containerregistry.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containerregistry.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containers.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containers.yaml index 3c302d708..163cc33b9 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containers.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_containers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_cosmosdb.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_cosmosdb.yaml index 64e5d009a..244df2236 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_cosmosdb.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_cosmosdb.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml index f473bb4e1..c8df536c9 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_database.yaml @@ -27,8 +27,8 @@ Query: ) SELECT sub.id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN data ->> 'CosmosDbs' = 'Standard' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_dns.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_dns.yaml index 561c355ca..16deb07c6 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_dns.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_dns.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_k8s.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_k8s.yaml index fc956efa9..4887e8887 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_k8s.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_k8s.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_keyvault.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_keyvault.yaml index 7a4fb6cd5..7df28699d 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_keyvault.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_keyvault.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_opensource_relational_db.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_opensource_relational_db.yaml index 8ebb871a3..69e38f6f1 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_opensource_relational_db.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_opensource_relational_db.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_resource_manager.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_resource_manager.yaml index 837d64639..d113e1334 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_resource_manager.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_resource_manager.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_server.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_server.yaml index 4c5576c6e..2b107d343 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_server.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_server.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqldb.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqldb.yaml index 27343cc00..7620a60ca 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqldb.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqldb.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqlservervm.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqlservervm.yaml index dea9b2d7c..0f13937d7 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqlservervm.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_sqlservervm.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_storage.yaml b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_storage.yaml index 88932c5ba..568ec429a 100644 --- a/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_storage.yaml +++ b/compliance/controls/azure/azure_securitycenter_azure_defender_on_for_storage.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_container_image_scan_enabled.yaml b/compliance/controls/azure/azure_securitycenter_container_image_scan_enabled.yaml index b439e397e..c4a3a8830 100644 --- a/compliance/controls/azure/azure_securitycenter_container_image_scan_enabled.yaml +++ b/compliance/controls/azure/azure_securitycenter_container_image_scan_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_assessment.id AS resource, - sub_assessment.og_account_id AS og_account_id, - sub_assessment.og_resource_id AS og_resource_id, + sub_assessment.platform_account_id AS platform_account_id, + sub_assessment.platform_resource_id AS platform_resource_id, CASE WHEN container_registry_vulnerability_properties ->> 'AssessedResourceType' = 'ContainerRegistryVulnerability' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_email_configured.yaml b/compliance/controls/azure/azure_securitycenter_email_configured.yaml index 7c1d47460..443c95c72 100644 --- a/compliance/controls/azure/azure_securitycenter_email_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_email_configured.yaml @@ -24,8 +24,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN non_default_count > 0 THEN 'ok' WHEN default_count = 1 AND jsonb_array_length(default_email) != 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_securitycenter_mcas_integration.yaml b/compliance/controls/azure/azure_securitycenter_mcas_integration.yaml index 92a121afa..7d31728a4 100644 --- a/compliance/controls/azure/azure_securitycenter_mcas_integration.yaml +++ b/compliance/controls/azure/azure_securitycenter_mcas_integration.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml b/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml index 01ed58b05..95f8f03fa 100644 --- a/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml +++ b/compliance/controls/azure/azure_securitycenter_notify_alerts_configured.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN notification_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_pricing_standard.yaml b/compliance/controls/azure/azure_securitycenter_pricing_standard.yaml index d86d927ad..284c64a59 100644 --- a/compliance/controls/azure/azure_securitycenter_pricing_standard.yaml +++ b/compliance/controls/azure/azure_securitycenter_pricing_standard.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sub_pricing.id AS resource, - sub_pricing.og_account_id AS og_account_id, - sub_pricing.og_resource_id AS og_resource_id, + sub_pricing.platform_account_id AS platform_account_id, + sub_pricing.platform_resource_id AS platform_resource_id, CASE WHEN pricing_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml b/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml index a09707183..a65ecf8ba 100644 --- a/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml +++ b/compliance/controls/azure/azure_securitycenter_security_alerts_to_owner_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT sub.subscription_id AS resource, - sub.og_account_id AS og_account_id, - sub.og_resource_id AS og_resource_id, + sub.platform_account_id AS platform_account_id, + sub.platform_resource_id AS platform_resource_id, CASE WHEN admin_alert_count > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_securitycenter_wdatp_integration.yaml b/compliance/controls/azure/azure_securitycenter_wdatp_integration.yaml index c69d35d60..fa38cf285 100644 --- a/compliance/controls/azure/azure_securitycenter_wdatp_integration.yaml +++ b/compliance/controls/azure/azure_securitycenter_wdatp_integration.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc_sett.id AS resource, - sc_sett.og_account_id AS og_account_id, - sc_sett.og_resource_id AS og_resource_id, + sc_sett.platform_account_id AS platform_account_id, + sc_sett.platform_resource_id AS platform_resource_id, CASE WHEN enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_servicebus_name_space_private_link_used.yaml b/compliance/controls/azure/azure_servicebus_name_space_private_link_used.yaml index 3222aa6ad..68ed53474 100644 --- a/compliance/controls/azure/azure_servicebus_name_space_private_link_used.yaml +++ b/compliance/controls/azure/azure_servicebus_name_space_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_name IN ('Basic', 'Standard') THEN 'skip' WHEN private_endpoint_connections IS NULL THEN 'info' diff --git a/compliance/controls/azure/azure_servicebus_namespace_azure_ad_authentication_enabled.yaml b/compliance/controls/azure/azure_servicebus_namespace_azure_ad_authentication_enabled.yaml index 96c147363..eb6de89a9 100644 --- a/compliance/controls/azure/azure_servicebus_namespace_azure_ad_authentication_enabled.yaml +++ b/compliance/controls/azure/azure_servicebus_namespace_azure_ad_authentication_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN status = 'Active' AND NOT disable_local_auth THEN 'alarm' diff --git a/compliance/controls/azure/azure_servicebus_namespace_logging_enabled.yaml b/compliance/controls/azure/azure_servicebus_namespace_logging_enabled.yaml index 7e0d82f5a..978b5239b 100644 --- a/compliance/controls/azure/azure_servicebus_namespace_logging_enabled.yaml +++ b/compliance/controls/azure/azure_servicebus_namespace_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT v.id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.namespace_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_servicebus_namespace_no_overly_permissive_network_access.yaml b/compliance/controls/azure/azure_servicebus_namespace_no_overly_permissive_network_access.yaml index 30ba47dd9..764a19ec8 100644 --- a/compliance/controls/azure/azure_servicebus_namespace_no_overly_permissive_network_access.yaml +++ b/compliance/controls/azure/azure_servicebus_namespace_no_overly_permissive_network_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN status = 'Active' AND sku_tier = 'Premium' diff --git a/compliance/controls/azure/azure_servicebus_premium_namespace_cmk_encrypted.yaml b/compliance/controls/azure/azure_servicebus_premium_namespace_cmk_encrypted.yaml index 5aa54a0a9..7eb87671b 100644 --- a/compliance/controls/azure/azure_servicebus_premium_namespace_cmk_encrypted.yaml +++ b/compliance/controls/azure/azure_servicebus_premium_namespace_cmk_encrypted.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_tier <> 'Premium' THEN 'skip' WHEN encryption -> 'keySource' = '"Microsoft.KeyVault"' THEN 'ok' diff --git a/compliance/controls/azure/azure_servicebus_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_servicebus_use_virtual_service_endpoint.yaml index bda8adff0..4ff5a74cf 100644 --- a/compliance/controls/azure/azure_servicebus_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_servicebus_use_virtual_service_endpoint.yaml @@ -33,8 +33,8 @@ Query: ) SELECT bus.id AS resource, - bus.og_account_id AS og_account_id, - bus.og_resource_id AS og_resource_id, + bus.platform_account_id AS platform_account_id, + bus.platform_resource_id AS platform_resource_id, CASE WHEN bus.name != service_bus.name THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_servicefabric_cluster_active_directory_authentication_enabled.yaml b/compliance/controls/azure/azure_servicefabric_cluster_active_directory_authentication_enabled.yaml index 648b68924..af2b23f70 100644 --- a/compliance/controls/azure/azure_servicefabric_cluster_active_directory_authentication_enabled.yaml +++ b/compliance/controls/azure/azure_servicefabric_cluster_active_directory_authentication_enabled.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN azure_active_directory IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_servicefabric_cluster_protection_level_as_encrypt_and_sign.yaml b/compliance/controls/azure/azure_servicefabric_cluster_protection_level_as_encrypt_and_sign.yaml index 846c9fe31..c58062d51 100644 --- a/compliance/controls/azure/azure_servicefabric_cluster_protection_level_as_encrypt_and_sign.yaml +++ b/compliance/controls/azure/azure_servicefabric_cluster_protection_level_as_encrypt_and_sign.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN fabric_settings @> '[{"parameters":[{"value": "EncryptAndSign"}]}]'::jsonb THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_signalr_service_no_free_tier_sku.yaml b/compliance/controls/azure/azure_signalr_service_no_free_tier_sku.yaml index c72aea438..9db7fda69 100644 --- a/compliance/controls/azure/azure_signalr_service_no_free_tier_sku.yaml +++ b/compliance/controls/azure/azure_signalr_service_no_free_tier_sku.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku ->> 'tier' = 'Free' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_signalr_service_private_link_used.yaml b/compliance/controls/azure/azure_signalr_service_private_link_used.yaml index 79ac190b8..ef63ca5cb 100644 --- a/compliance/controls/azure/azure_signalr_service_private_link_used.yaml +++ b/compliance/controls/azure/azure_signalr_service_private_link_used.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku ->> 'tier' = 'Free' THEN 'skip' WHEN c.id IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_spring_cloud_service_network_injection_enabled.yaml b/compliance/controls/azure/azure_spring_cloud_service_network_injection_enabled.yaml index e3d8f4f3b..71e633378 100644 --- a/compliance/controls/azure/azure_spring_cloud_service_network_injection_enabled.yaml +++ b/compliance/controls/azure/azure_spring_cloud_service_network_injection_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN sku_tier <> 'Standard' THEN 'Skip' WHEN sku_tier = 'Standard' AND network_profile ->> 'ServiceRuntimeSubnetID' IS NOT NULL THEN 'ok' diff --git a/compliance/controls/azure/azure_sql_database_allow_internet_access.yaml b/compliance/controls/azure/azure_sql_database_allow_internet_access.yaml index a19786517..8246a10fd 100644 --- a/compliance/controls/azure/azure_sql_database_allow_internet_access.yaml +++ b/compliance/controls/azure/azure_sql_database_allow_internet_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN firewall_rules @> '[{"properties":{"endIpAddress":"0.0.0.0","startIpAddress":"0.0.0.0"}}]' OR firewall_rules @> '[{"properties":{"endIpAddress":"255.255.255.255","startIpAddress":"0.0.0.0"}}]' diff --git a/compliance/controls/azure/azure_sql_database_long_term_geo_redundant_backup_enabled.yaml b/compliance/controls/azure/azure_sql_database_long_term_geo_redundant_backup_enabled.yaml index b31932d44..d3538a8e4 100644 --- a/compliance/controls/azure/azure_sql_database_long_term_geo_redundant_backup_enabled.yaml +++ b/compliance/controls/azure/azure_sql_database_long_term_geo_redundant_backup_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN retention_policy_property ->> 'monthlyRetention' <> 'PT0S' OR retention_policy_property ->> 'weeklyRetention' <> 'PT0S' diff --git a/compliance/controls/azure/azure_sql_database_transparent_data_encryption_enabled.yaml b/compliance/controls/azure/azure_sql_database_transparent_data_encryption_enabled.yaml index 0876f2153..d393dd863 100644 --- a/compliance/controls/azure/azure_sql_database_transparent_data_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_sql_database_transparent_data_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.database_id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Enabled' OR transparent_data_encryption ->> 'state' = 'Enabled' diff --git a/compliance/controls/azure/azure_sql_database_vulnerability_findings_resolved.yaml b/compliance/controls/azure/azure_sql_database_vulnerability_findings_resolved.yaml index 376325287..522ef187a 100644 --- a/compliance/controls/azure/azure_sql_database_vulnerability_findings_resolved.yaml +++ b/compliance/controls/azure/azure_sql_database_vulnerability_findings_resolved.yaml @@ -26,8 +26,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.database_id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_sql_db_active_directory_admin_configured.yaml b/compliance/controls/azure/azure_sql_db_active_directory_admin_configured.yaml index 82bf9fb49..8a9a3212b 100644 --- a/compliance/controls/azure/azure_sql_db_active_directory_admin_configured.yaml +++ b/compliance/controls/azure/azure_sql_db_active_directory_admin_configured.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_db_public_network_access_disabled.yaml b/compliance/controls/azure/azure_sql_db_public_network_access_disabled.yaml index b3f99747f..592b0b925 100644 --- a/compliance/controls/azure/azure_sql_db_public_network_access_disabled.yaml +++ b/compliance/controls/azure/azure_sql_db_public_network_access_disabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN public_network_access = 'Enabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_and_databases_va_enabled.yaml b/compliance/controls/azure/azure_sql_server_and_databases_va_enabled.yaml index fedf6e2c8..7a5d96153 100644 --- a/compliance/controls/azure/azure_sql_server_and_databases_va_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_and_databases_va_enabled.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_atp_enabled.yaml b/compliance/controls/azure/azure_sql_server_atp_enabled.yaml index f558f2eb4..41c517032 100644 --- a/compliance/controls/azure/azure_sql_server_atp_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_atp_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_auditing_on.yaml b/compliance/controls/azure/azure_sql_server_auditing_on.yaml index 75d0273d6..5e12f68ce 100644 --- a/compliance/controls/azure/azure_sql_server_auditing_on.yaml +++ b/compliance/controls/azure/azure_sql_server_auditing_on.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN audit -> 'properties' ->> 'state' = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_auditing_retention_period_90.yaml b/compliance/controls/azure/azure_sql_server_auditing_retention_period_90.yaml index 6e4513e46..fc49f4ff9 100644 --- a/compliance/controls/azure/azure_sql_server_auditing_retention_period_90.yaml +++ b/compliance/controls/azure/azure_sql_server_auditing_retention_period_90.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN (audit -> 'properties' ->> 'retentionDays')::integer = 0 THEN 'ok' WHEN (audit -> 'properties' ->> 'retentionDays')::integer >= 90 THEN 'ok' diff --git a/compliance/controls/azure/azure_sql_server_auditing_storage_account_destination_retention_90_days.yaml b/compliance/controls/azure/azure_sql_server_auditing_storage_account_destination_retention_90_days.yaml index e66d1e325..9ace63c40 100644 --- a/compliance/controls/azure/azure_sql_server_auditing_storage_account_destination_retention_90_days.yaml +++ b/compliance/controls/azure/azure_sql_server_auditing_storage_account_destination_retention_90_days.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NULL THEN 'skip' WHEN s.retentionDays::INTEGER = 0 THEN 'ok' diff --git a/compliance/controls/azure/azure_sql_server_azure_ad_authentication_enabled.yaml b/compliance/controls/azure/azure_sql_server_azure_ad_authentication_enabled.yaml index 1ae021af6..1ce7509fc 100644 --- a/compliance/controls/azure/azure_sql_server_azure_ad_authentication_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_azure_ad_authentication_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_sql_server_azure_defender_enabled.yaml b/compliance/controls/azure/azure_sql_server_azure_defender_enabled.yaml index eaafc4aeb..e3357253a 100644 --- a/compliance/controls/azure/azure_sql_server_azure_defender_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_azure_defender_enabled.yaml @@ -22,8 +22,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN kind LIKE '%analytics%' THEN 'skip' WHEN s.name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_sql_server_tde_protector_cmk_encrypted.yaml b/compliance/controls/azure/azure_sql_server_tde_protector_cmk_encrypted.yaml index 5da2f088f..8ddc63c72 100644 --- a/compliance/controls/azure/azure_sql_server_tde_protector_cmk_encrypted.yaml +++ b/compliance/controls/azure/azure_sql_server_tde_protector_cmk_encrypted.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN encryption ->> 'kind' = 'servicemanaged' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_threat_detection_all_enabled.yaml b/compliance/controls/azure/azure_sql_server_threat_detection_all_enabled.yaml index 1ba8b4232..3040a0919 100644 --- a/compliance/controls/azure/azure_sql_server_threat_detection_all_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_threat_detection_all_enabled.yaml @@ -21,8 +21,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN t.id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_sql_server_transparent_data_encryption_enabled.yaml b/compliance/controls/azure/azure_sql_server_transparent_data_encryption_enabled.yaml index 990ea7b22..59d9c7a00 100644 --- a/compliance/controls/azure/azure_sql_server_transparent_data_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_transparent_data_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT db.id AS resource, - db.og_account_id AS og_account_id, - db.og_resource_id AS og_resource_id, + db.platform_account_id AS platform_account_id, + db.platform_resource_id AS platform_resource_id, CASE WHEN transparent_data_encryption ->> 'status' = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_sql_server_use_virtual_service_endpoint.yaml index fffb830fe..2c43712c0 100644 --- a/compliance/controls/azure/azure_sql_server_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_sql_server_use_virtual_service_endpoint.yaml @@ -20,8 +20,8 @@ Query: ) SELECT DISTINCT a.name AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_uses_private_link.yaml b/compliance/controls/azure/azure_sql_server_uses_private_link.yaml index df6b0b0e3..1fac3c2a9 100644 --- a/compliance/controls/azure/azure_sql_server_uses_private_link.yaml +++ b/compliance/controls/azure/azure_sql_server_uses_private_link.yaml @@ -22,8 +22,8 @@ Query: SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN c.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_sql_server_va_setting_periodic_scan_enabled.yaml b/compliance/controls/azure/azure_sql_server_va_setting_periodic_scan_enabled.yaml index dfd72d5e8..6d9c55ae9 100644 --- a/compliance/controls/azure/azure_sql_server_va_setting_periodic_scan_enabled.yaml +++ b/compliance/controls/azure/azure_sql_server_va_setting_periodic_scan_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' diff --git a/compliance/controls/azure/azure_sql_server_va_setting_reports_notify_admins.yaml b/compliance/controls/azure/azure_sql_server_va_setting_reports_notify_admins.yaml index 9a5760667..73d3855ec 100644 --- a/compliance/controls/azure/azure_sql_server_va_setting_reports_notify_admins.yaml +++ b/compliance/controls/azure/azure_sql_server_va_setting_reports_notify_admins.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' diff --git a/compliance/controls/azure/azure_sql_server_va_setting_scan_reports_configured.yaml b/compliance/controls/azure/azure_sql_server_va_setting_scan_reports_configured.yaml index 701caefd1..013d5a2ab 100644 --- a/compliance/controls/azure/azure_sql_server_va_setting_scan_reports_configured.yaml +++ b/compliance/controls/azure/azure_sql_server_va_setting_scan_reports_configured.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' diff --git a/compliance/controls/azure/azure_storage_account_blob_containers_public_access_private.yaml b/compliance/controls/azure/azure_storage_account_blob_containers_public_access_private.yaml index 233da7a8f..0051a179c 100644 --- a/compliance/controls/azure/azure_storage_account_blob_containers_public_access_private.yaml +++ b/compliance/controls/azure/azure_storage_account_blob_containers_public_access_private.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT container.id AS resource, - container.og_account_id AS og_account_id, - container.og_resource_id AS og_resource_id, + container.platform_account_id AS platform_account_id, + container.platform_resource_id AS platform_resource_id, CASE WHEN NOT account.allow_blob_public_access AND container.public_access = 'None' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_blob_service_logging_enabled.yaml b/compliance/controls/azure/azure_storage_account_blob_service_logging_enabled.yaml index ec18889bf..7332a0ed5 100644 --- a/compliance/controls/azure/azure_storage_account_blob_service_logging_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_blob_service_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT (sa.blob_service_logging ->> 'Read')::BOOLEAN OR NOT (sa.blob_service_logging ->> 'Write')::BOOLEAN diff --git a/compliance/controls/azure/azure_storage_account_blobs_logging_enabled.yaml b/compliance/controls/azure/azure_storage_account_blobs_logging_enabled.yaml index 3c089cdd9..3d46fa28d 100644 --- a/compliance/controls/azure/azure_storage_account_blobs_logging_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_blobs_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(sa.sku_tier) = 'standard' AND (NOT (sa.blob_service_logging ->> 'Read')::boolean diff --git a/compliance/controls/azure/azure_storage_account_block_public_access.yaml b/compliance/controls/azure/azure_storage_account_block_public_access.yaml index aa3446b05..842711c23 100644 --- a/compliance/controls/azure/azure_storage_account_block_public_access.yaml +++ b/compliance/controls/azure/azure_storage_account_block_public_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.id NOT LIKE '%/resourceGroups/aro-%' AND (sa.name NOT LIKE 'cluster%' OR sa.name NOT LIKE 'imageregistry%') diff --git a/compliance/controls/azure/azure_storage_account_default_network_access_rule_denied.yaml b/compliance/controls/azure/azure_storage_account_default_network_access_rule_denied.yaml index 020f46be0..963538cb0 100644 --- a/compliance/controls/azure/azure_storage_account_default_network_access_rule_denied.yaml +++ b/compliance/controls/azure/azure_storage_account_default_network_access_rule_denied.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_account_encryption_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_storage_account_encryption_at_rest_using_cmk.yaml index f5078778f..d1380c56f 100644 --- a/compliance/controls/azure/azure_storage_account_encryption_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_storage_account_encryption_at_rest_using_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN sa.encryption_key_source = 'Microsoft.Storage' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_account_encryption_scopes_encrypted_at_rest_with_cmk.yaml b/compliance/controls/azure/azure_storage_account_encryption_scopes_encrypted_at_rest_with_cmk.yaml index 3dd964c82..985af60ea 100644 --- a/compliance/controls/azure/azure_storage_account_encryption_scopes_encrypted_at_rest_with_cmk.yaml +++ b/compliance/controls/azure/azure_storage_account_encryption_scopes_encrypted_at_rest_with_cmk.yaml @@ -16,8 +16,8 @@ Query: e ->> 'Name' AS name, e ->> 'Source' AS source, subscription_id, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, _ctx, region, resource_group @@ -27,8 +27,8 @@ Query: ) SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN source = 'Microsoft.Keyvault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_geo_redundant_enabled.yaml b/compliance/controls/azure/azure_storage_account_geo_redundant_enabled.yaml index b14632cd4..3d88e5138 100644 --- a/compliance/controls/azure/azure_storage_account_geo_redundant_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_geo_redundant_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN sku_name = ANY(ARRAY ['Standard_GRS', 'Standard_RAGRS', 'Standard_GZRS', 'Standard_RAGZRS']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_infrastructure_encryption_enabled.yaml b/compliance/controls/azure/azure_storage_account_infrastructure_encryption_enabled.yaml index 8d1007420..e346f64d6 100644 --- a/compliance/controls/azure/azure_storage_account_infrastructure_encryption_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_infrastructure_encryption_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN require_infrastructure_encryption THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_min_tls_1_2.yaml b/compliance/controls/azure/azure_storage_account_min_tls_1_2.yaml index ffc7766af..66ff47d1b 100644 --- a/compliance/controls/azure/azure_storage_account_min_tls_1_2.yaml +++ b/compliance/controls/azure/azure_storage_account_min_tls_1_2.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN minimum_tls_version = 'TLSEnforcementDisabled' THEN 'alarm' WHEN minimum_tls_version = 'TLS1_2' THEN 'ok' diff --git a/compliance/controls/azure/azure_storage_account_queue_services_logging_enabled.yaml b/compliance/controls/azure/azure_storage_account_queue_services_logging_enabled.yaml index 825fdab36..6b3fd6c3a 100644 --- a/compliance/controls/azure/azure_storage_account_queue_services_logging_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_queue_services_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN queue_logging_read AND queue_logging_write AND queue_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_restrict_network_access.yaml b/compliance/controls/azure/azure_storage_account_restrict_network_access.yaml index 2a065d260..849f63bbc 100644 --- a/compliance/controls/azure/azure_storage_account_restrict_network_access.yaml +++ b/compliance/controls/azure/azure_storage_account_restrict_network_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_default_action = 'Deny' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_secure_transfer_required_enabled.yaml b/compliance/controls/azure/azure_storage_account_secure_transfer_required_enabled.yaml index f95635480..9f7de3208 100644 --- a/compliance/controls/azure/azure_storage_account_secure_transfer_required_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_secure_transfer_required_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT enable_https_traffic_only THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_account_soft_delete_enabled.yaml b/compliance/controls/azure/azure_storage_account_soft_delete_enabled.yaml index 53916c2d8..b05d1f47c 100644 --- a/compliance/controls/azure/azure_storage_account_soft_delete_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_soft_delete_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN NOT blob_soft_delete_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_account_table_service_logging_enabled.yaml b/compliance/controls/azure/azure_storage_account_table_service_logging_enabled.yaml index ca3a63969..824a40952 100644 --- a/compliance/controls/azure/azure_storage_account_table_service_logging_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_table_service_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN table_logging_write AND table_logging_read AND table_logging_delete THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_tables_logging_enabled.yaml b/compliance/controls/azure/azure_storage_account_tables_logging_enabled.yaml index a10a186da..2077d177f 100644 --- a/compliance/controls/azure/azure_storage_account_tables_logging_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_tables_logging_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN LOWER(sa.sku_tier) = 'standard' AND (table_logging_write AND table_logging_read AND table_logging_delete) THEN 'ok' diff --git a/compliance/controls/azure/azure_storage_account_trusted_microsoft_services_enabled.yaml b/compliance/controls/azure/azure_storage_account_trusted_microsoft_services_enabled.yaml index e2ce60622..9d6ce7d0a 100644 --- a/compliance/controls/azure/azure_storage_account_trusted_microsoft_services_enabled.yaml +++ b/compliance/controls/azure/azure_storage_account_trusted_microsoft_services_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id AS og_account_id, - sa.og_resource_id AS og_resource_id, + sa.platform_account_id AS platform_account_id, + sa.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_bypass NOT LIKE '%AzureServices%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_account_use_virtual_service_endpoint.yaml b/compliance/controls/azure/azure_storage_account_use_virtual_service_endpoint.yaml index eef19c27d..2019a1d67 100644 --- a/compliance/controls/azure/azure_storage_account_use_virtual_service_endpoint.yaml +++ b/compliance/controls/azure/azure_storage_account_use_virtual_service_endpoint.yaml @@ -25,8 +25,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN network_rule_default_action <> 'Deny' THEN 'alarm' WHEN s.storage_account_id IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_uses_azure_resource_manager.yaml b/compliance/controls/azure/azure_storage_account_uses_azure_resource_manager.yaml index e5ad1e673..bed42bd13 100644 --- a/compliance/controls/azure/azure_storage_account_uses_azure_resource_manager.yaml +++ b/compliance/controls/azure/azure_storage_account_uses_azure_resource_manager.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN resource_group IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_storage_account_uses_private_link.yaml b/compliance/controls/azure/azure_storage_account_uses_private_link.yaml index 359a6202f..d3f69e44c 100644 --- a/compliance/controls/azure/azure_storage_account_uses_private_link.yaml +++ b/compliance/controls/azure/azure_storage_account_uses_private_link.yaml @@ -21,8 +21,8 @@ Query: ) SELECT DISTINCT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/azure/azure_storage_sync_private_link_used.yaml b/compliance/controls/azure/azure_storage_sync_private_link_used.yaml index 891fb9657..61328e5c8 100644 --- a/compliance/controls/azure/azure_storage_sync_private_link_used.yaml +++ b/compliance/controls/azure/azure_storage_sync_private_link_used.yaml @@ -17,8 +17,8 @@ Query: WHERE connection -> 'PrivateLinkServiceConnectionState' ->> 'status' = 'Approved' ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN incoming_traffic_policy = 'AllowAllTraffic' THEN 'alarm' WHEN c.id IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_stream_analytics_job_encrypted_with_cmk.yaml b/compliance/controls/azure/azure_stream_analytics_job_encrypted_with_cmk.yaml index 00d63b3f1..708bde2a4 100644 --- a/compliance/controls/azure/azure_stream_analytics_job_encrypted_with_cmk.yaml +++ b/compliance/controls/azure/azure_stream_analytics_job_encrypted_with_cmk.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azure_stream_analytics_job_logging_enabled.yaml b/compliance/controls/azure/azure_stream_analytics_job_logging_enabled.yaml index 929bed33b..07cac4d8b 100644 --- a/compliance/controls/azure/azure_stream_analytics_job_logging_enabled.yaml +++ b/compliance/controls/azure/azure_stream_analytics_job_logging_enabled.yaml @@ -37,8 +37,8 @@ Query: ) SELECT v.job_id AS resource, - v.og_account_id AS og_account_id, - v.og_resource_id AS og_resource_id, + v.platform_account_id AS platform_account_id, + v.platform_resource_id AS platform_resource_id, CASE WHEN v.diagnostic_settings IS NULL THEN 'alarm' WHEN l.job_name IS NULL THEN 'alarm' diff --git a/compliance/controls/azure/azure_synapse_workspace_data_exfiltration_protection_enabled.yaml b/compliance/controls/azure/azure_synapse_workspace_data_exfiltration_protection_enabled.yaml index 85346a3e3..995a7d150 100644 --- a/compliance/controls/azure/azure_synapse_workspace_data_exfiltration_protection_enabled.yaml +++ b/compliance/controls/azure/azure_synapse_workspace_data_exfiltration_protection_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN managed_virtual_network_settings ->> 'preventDataExfiltration' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_synapse_workspace_encryption_at_rest_using_cmk.yaml b/compliance/controls/azure/azure_synapse_workspace_encryption_at_rest_using_cmk.yaml index 38cc298c7..c50612446 100644 --- a/compliance/controls/azure/azure_synapse_workspace_encryption_at_rest_using_cmk.yaml +++ b/compliance/controls/azure/azure_synapse_workspace_encryption_at_rest_using_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN encryption -> 'CmkKey' ->> 'name' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_synapse_workspace_private_link_used.yaml b/compliance/controls/azure/azure_synapse_workspace_private_link_used.yaml index 9463b67a9..52efdd5f7 100644 --- a/compliance/controls/azure/azure_synapse_workspace_private_link_used.yaml +++ b/compliance/controls/azure/azure_synapse_workspace_private_link_used.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN private_endpoint_connections @> '[{"privateLinkServiceConnectionStateStatus": "Approved"}]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_synapse_workspace_vulnerability_assessment_enabled.yaml b/compliance/controls/azure/azure_synapse_workspace_vulnerability_assessment_enabled.yaml index 35be9b206..24c4b0082 100644 --- a/compliance/controls/azure/azure_synapse_workspace_vulnerability_assessment_enabled.yaml +++ b/compliance/controls/azure/azure_synapse_workspace_vulnerability_assessment_enabled.yaml @@ -24,8 +24,8 @@ Query: ) SELECT a.id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN s.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/azure/azure_web_pub_sub_private_link_used.yaml b/compliance/controls/azure/azure_web_pub_sub_private_link_used.yaml index 9bbae5820..2ba5fe35f 100644 --- a/compliance/controls/azure/azure_web_pub_sub_private_link_used.yaml +++ b/compliance/controls/azure/azure_web_pub_sub_private_link_used.yaml @@ -10,8 +10,8 @@ Query: QueryToExecute: | SELECT id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, 'info' AS status, 'Manual verification required.' AS reason, display_name AS subscription diff --git a/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml b/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml index da67cacdd..a99b57948 100644 --- a/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml +++ b/compliance/controls/azure/azuread_spn_with_more_than_one_active_client_secret_created_x_days_ago.yaml @@ -16,8 +16,8 @@ Query: SELECT id, display_name, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, subscription_id, ( SELECT COUNT(*) @@ -44,8 +44,8 @@ Query: WHEN active_client_secret_count > 0 THEN display_name || ' has ' || active_client_secret_count || ' active client secrets created {{.entraidClientSecretExpireDays}} days ago: [' || Ids || ']' ELSE display_name || ' has no active client secrets created {{.entraidClientSecretExpireDays}} days ago' END AS reason, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, subscription_id FROM entraid_spn diff --git a/compliance/controls/azure/azuread_user_should_have_mfa_enabled_with_azure_subscription_role_assignment.yaml b/compliance/controls/azure/azuread_user_should_have_mfa_enabled_with_azure_subscription_role_assignment.yaml index 56035dd2b..569e22a36 100644 --- a/compliance/controls/azure/azuread_user_should_have_mfa_enabled_with_azure_subscription_role_assignment.yaml +++ b/compliance/controls/azure/azuread_user_should_have_mfa_enabled_with_azure_subscription_role_assignment.yaml @@ -16,8 +16,8 @@ Query: WITH users_with_roles AS ( SELECT DISTINCT u.id AS id, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, u.display_name AS display_name, u.subscription_id AS subscription_id, u.account_enabled AS account_enabled, @@ -27,8 +27,8 @@ Query: ) SELECT u.id AS resource, - u.og_account_id AS og_account_id, - u.og_resource_id AS og_resource_id, + u.platform_account_id AS platform_account_id, + u.platform_resource_id AS platform_resource_id, CASE WHEN COALESCE(NULLIF('{{.entraidAccountStatusInclude}}', ''), 'true,false,null') NOT LIKE ('%' || COALESCE(u.account_enabled::text, 'null') || '%') THEN 'skip' WHEN rd.is_mfa_registered::bool = false OR rd.is_mfa_registered::bool IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_access_keys_during_initial_iam_user_setup.yaml b/compliance/controls/baseline/aws/IAM/aws_access_keys_during_initial_iam_user_setup.yaml index 552c3d932..0f6f285ee 100644 --- a/compliance/controls/baseline/aws/IAM/aws_access_keys_during_initial_iam_user_setup.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_access_keys_during_initial_iam_user_setup.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN (access_key_1_last_rotated - user_creation_time < '5 second'::interval) AND (access_key_1_last_used_date IS NULL) THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_45_days.yaml b/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_45_days.yaml index 01d15c5ba..0b396ca50 100644 --- a/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_45_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_45_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status <> 'Active' THEN 'skip' WHEN create_date + '45 days'::interval < now() THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_x_days.yaml b/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_x_days.yaml index 990ac7ce5..56068540b 100644 --- a/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_x_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_access_keys_rotated_x_days.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT access_key_id AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN status <> 'Active' THEN 'skip' WHEN create_date + ('{{.awsIamAccessKeyAge}}' || ' days')::interval < NOW() THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_account_alternate_contacts.yaml b/compliance/controls/baseline/aws/IAM/aws_account_alternate_contacts.yaml index dccec04c5..fd727da80 100644 --- a/compliance/controls/baseline/aws/IAM/aws_account_alternate_contacts.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_account_alternate_contacts.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.account_id AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN c.name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_allow_iam_users_to_change_their_own_password.yaml b/compliance/controls/baseline/aws/IAM/aws_allow_iam_users_to_change_their_own_password.yaml index e2e664fde..5b5101c26 100644 --- a/compliance/controls/baseline/aws/IAM/aws_allow_iam_users_to_change_their_own_password.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_allow_iam_users_to_change_their_own_password.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN attached_policy_arns::text LIKE '%arn:aws:iam::aws:policy/IAMUserChangePassword%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml b/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml index 51a3dba25..b6d5ebc96 100644 --- a/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_approved_ecs_execute_command_access.yaml @@ -16,9 +16,9 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, - 'aws_iam_user' AS og_table_name, + platform_account_id, + platform_resource_id, + 'aws_iam_user' AS platform_table_name, CASE WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%') AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%') @@ -56,9 +56,9 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, - 'aws_iam_role' AS og_table_name, + platform_account_id, + platform_resource_id, + 'aws_iam_role' AS platform_table_name, CASE WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%') AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%') @@ -96,9 +96,9 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, - 'aws_iam_group' AS og_table_name, + platform_account_id, + platform_resource_id, + 'aws_iam_group' AS platform_table_name, CASE WHEN (inline_policies_std::text LIKE '%ecs:ExecuteCommand%') AND ('{{.awsEcsExecuteCommandIamArns}}' NOT LIKE '%' || arn || '%') diff --git a/compliance/controls/baseline/aws/IAM/aws_attach_policy_to_iam_roles_associated_with_app_tier_ec2_instances.yaml b/compliance/controls/baseline/aws/IAM/aws_attach_policy_to_iam_roles_associated_with_app_tier_ec2_instances.yaml index 668724c85..b57a959d3 100644 --- a/compliance/controls/baseline/aws/IAM/aws_attach_policy_to_iam_roles_associated_with_app_tier_ec2_instances.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_attach_policy_to_iam_roles_associated_with_app_tier_ec2_instances.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - i.og_account_id, - i.og_resource_id, + i.platform_account_id, + i.platform_resource_id, CASE WHEN r.inline_policies IS NULL AND r.attached_policy_arns IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_canary_access_token.yaml b/compliance/controls/baseline/aws/IAM/aws_canary_access_token.yaml index 561932aa1..da4f77485 100644 --- a/compliance/controls/baseline/aws/IAM/aws_canary_access_token.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_canary_access_token.yaml @@ -27,8 +27,8 @@ Query: SELECT account_id AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS(SELECT 1 FROM users AS u WHERE u.account_id = a.account_id) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_check_for_iam_user_group_membership.yaml b/compliance/controls/baseline/aws/IAM/aws_check_for_iam_user_group_membership.yaml index 6cd70383a..0b503bf59 100644 --- a/compliance/controls/baseline/aws/IAM/aws_check_for_iam_user_group_membership.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_check_for_iam_user_group_membership.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN groups IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_check_for_individual_iam_users.yaml b/compliance/controls/baseline/aws/IAM/aws_check_for_individual_iam_users.yaml index 2807385cc..0ee93e1ca 100644 --- a/compliance/controls/baseline/aws/IAM/aws_check_for_individual_iam_users.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_check_for_individual_iam_users.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.account_id AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN user_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_check_for_overly_permissive_iam_group_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_check_for_overly_permissive_iam_group_policies.yaml index 65ca2e551..51c4277b9 100644 --- a/compliance/controls/baseline/aws/IAM/aws_check_for_overly_permissive_iam_group_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_check_for_overly_permissive_iam_group_policies.yaml @@ -24,8 +24,8 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_check_for_untrusted_cross_account_iam_roles.yaml b/compliance/controls/baseline/aws/IAM/aws_check_for_untrusted_cross_account_iam_roles.yaml index f2a7ad447..34cdf70a8 100644 --- a/compliance/controls/baseline/aws/IAM/aws_check_for_untrusted_cross_account_iam_roles.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_check_for_untrusted_cross_account_iam_roles.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 FROM JSONB_ARRAY_ELEMENTS(assume_role_policy::jsonb -> 'Statement') AS s diff --git a/compliance/controls/baseline/aws/IAM/aws_check_that_only_safelisted_iam_users_exist.yaml b/compliance/controls/baseline/aws/IAM/aws_check_that_only_safelisted_iam_users_exist.yaml index 93d3033dd..4d1d29e88 100644 --- a/compliance/controls/baseline/aws/IAM/aws_check_that_only_safelisted_iam_users_exist.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_check_that_only_safelisted_iam_users_exist.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN '{{.awsApprovedIamUsers}}' LIKE '%' || name || '%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_credentials_last_used.yaml b/compliance/controls/baseline/aws/IAM/aws_credentials_last_used.yaml index 5a02267f0..e17867be9 100644 --- a/compliance/controls/baseline/aws/IAM/aws_credentials_last_used.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_credentials_last_used.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_name, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN NOT password_enabled::bool THEN 'skip' WHEN password_last_used < NOW() - INTERVAL '90 days' THEN 'alarm' @@ -31,8 +31,8 @@ Query: SELECT user_name, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN NOT access_key_1_active::bool THEN 'skip' WHEN access_key_1_last_used_date < NOW() - INTERVAL '90 days' THEN 'alarm' @@ -51,8 +51,8 @@ Query: SELECT user_name, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN NOT access_key_2_active::bool THEN 'skip' WHEN access_key_2_last_used_date < NOW() - INTERVAL '90 days' THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_cross_account_access_lacks_external_id_and_mfa.yaml b/compliance/controls/baseline/aws/IAM/aws_cross_account_access_lacks_external_id_and_mfa.yaml index a35bd7956..3abf34420 100644 --- a/compliance/controls/baseline/aws/IAM/aws_cross_account_access_lacks_external_id_and_mfa.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_cross_account_access_lacks_external_id_and_mfa.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT r.arn AS resource, - r.og_account_id, - r.og_resource_id, + r.platform_account_id, + r.platform_resource_id, CASE WHEN (s -> 'Principal' ->> 'AWS') IS NULL OR NOT ((s -> 'Principal' ->> 'AWS') ~ '^arn:aws:iam::[0-9]+:root$') THEN 'pass' diff --git a/compliance/controls/baseline/aws/IAM/aws_ec2_purchase_restriction.yaml b/compliance/controls/baseline/aws/IAM/aws_ec2_purchase_restriction.yaml index 92c8588fe..c995c0aed 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ec2_purchase_restriction.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ec2_purchase_restriction.yaml @@ -25,8 +25,8 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_enable_mfa_for_iam_users_with_console_password.yaml b/compliance/controls/baseline/aws/IAM/aws_enable_mfa_for_iam_users_with_console_password.yaml index 453f8a6d3..fb630ce6b 100644 --- a/compliance/controls/baseline/aws/IAM/aws_enable_mfa_for_iam_users_with_console_password.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_enable_mfa_for_iam_users_with_console_password.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN mfa_enabled = FALSE OR mfa_devices IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_enforce_infrastructure_as_code_using_iam_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_enforce_infrastructure_as_code_using_iam_policies.yaml index ef8275fbd..fc277ce47 100644 --- a/compliance/controls/baseline/aws/IAM/aws_enforce_infrastructure_as_code_using_iam_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_enforce_infrastructure_as_code_using_iam_policies.yaml @@ -25,8 +25,8 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_expired_ssl_tls_certificate.yaml b/compliance/controls/baseline/aws/IAM/aws_expired_ssl_tls_certificate.yaml index e30f6cf19..0d5b0f7b3 100644 --- a/compliance/controls/baseline/aws/IAM/aws_expired_ssl_tls_certificate.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_expired_ssl_tls_certificate.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN expiration < NOW() THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_hardware_mfa_for_aws_root_account.yaml b/compliance/controls/baseline/aws/IAM/aws_hardware_mfa_for_aws_root_account.yaml index ae538500e..92c73143a 100644 --- a/compliance/controls/baseline/aws/IAM/aws_hardware_mfa_for_aws_root_account.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_hardware_mfa_for_aws_root_account.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT (r.user_name || ' in account ' || r.account_id) AS resource, - r.og_account_id, - r.og_resource_id, + r.platform_account_id, + r.platform_resource_id, CASE WHEN NOT r.mfa_active::bool THEN 'alarm' WHEN m.serial_number IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_findings.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_findings.yaml index 66e1ced6f..32f448853 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_findings.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_findings.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_in_use.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_in_use.yaml index 8e79af02c..efcc0327a 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_in_use.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_access_analyzer_in_use.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.account_id AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_group_with_inline_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_group_with_inline_policies.yaml index d33a455f0..21823e37c 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_group_with_inline_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_group_with_inline_policies.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN inline_policies IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_groups_with_administrative_privileges.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_groups_with_administrative_privileges.yaml index 34c329008..35aa8fc5d 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_groups_with_administrative_privileges.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_groups_with_administrative_privileges.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN attached_policy_arns::text LIKE '%arn:aws:iam::aws:policy/AdministratorAccess%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_password_policy.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_password_policy.yaml index 4829793bf..4710d9c71 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_password_policy.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_password_policy.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.account_id AS resource, - a.og_account_id AS og_account_id, - a.og_resource_id AS og_resource_id, + a.platform_account_id AS platform_account_id, + a.platform_resource_id AS platform_resource_id, CASE WHEN p.account_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_effect_set_to_allow_and_notaction.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_effect_set_to_allow_and_notaction.yaml index 86d3b0c2f..49dda4db5 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_effect_set_to_allow_and_notaction.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_effect_set_to_allow_and_notaction.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN (s -> 'NotAction' IS NOT NULL AND s ->> 'Effect' = 'Allow') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_full_administrative_privileges.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_full_administrative_privileges.yaml index ba0ba6b3b..1b8897741 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_full_administrative_privileges.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_policies_with_full_administrative_privileges.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_role_policy_too_permissive.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_role_policy_too_permissive.yaml index ce5a79a38..6fdc79533 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_role_policy_too_permissive.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_role_policy_too_permissive.yaml @@ -24,8 +24,8 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_server_certificate_size.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_server_certificate_size.yaml index 3cdf9877b..74877f3f5 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_server_certificate_size.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_server_certificate_size.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN certificate_body_length < 2048 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_support_role.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_support_role.yaml index 5837ae7b9..9dfe547fc 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_support_role.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_support_role.yaml @@ -23,8 +23,8 @@ Query: SELECT a.account_id AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN r.arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_no_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_no_policies.yaml index da44fd1dd..e09f2c665 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_no_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_no_policies.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN attached_policy_arns IS NULL AND inline_policies IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_30_days.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_30_days.yaml index d8fce66aa..f6703839b 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_30_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_30_days.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT r.user_name AS resource, - r.og_account_id, - r.og_resource_id, + r.platform_account_id, + r.platform_resource_id, CASE WHEN NOT password_enabled THEN 'skip' WHEN password_last_changed IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_7_days.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_7_days.yaml index 6a6436c2a..499f7fc02 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_7_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_7_days.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT r.user_name AS resource, - r.og_account_id, - r.og_resource_id, + r.platform_account_id, + r.platform_resource_id, CASE WHEN NOT password_enabled THEN 'skip' WHEN password_last_changed IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_x_days.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_x_days.yaml index 6aad6cb18..86d6a4d81 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_x_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_password_expiry_x_days.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT r.user_name AS resource, - r.og_account_id, - r.og_resource_id, + r.platform_account_id, + r.platform_resource_id, CASE WHEN NOT password_enabled THEN 'skip' WHEN password_last_changed IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_policies.yaml index 0d5863ab7..743d616ef 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_policies.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT u.name AS resource, - u.og_account_id, - u.og_resource_id, + u.platform_account_id, + u.platform_resource_id, CASE WHEN attached_policy_arns IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_user_with_password_and_access_keys.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_user_with_password_and_access_keys.yaml index f1c26d43e..1f481a884 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_user_with_password_and_access_keys.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_user_with_password_and_access_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.name AS resource, - u.og_account_id, - u.og_resource_id, + u.platform_account_id, + u.platform_resource_id, CASE WHEN (login_profile ->> 'UserName' IS NOT NULL) AND (k.access_key_id IS NOT NULL) THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_users_unauthorized_to_edit_access_policies.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_users_unauthorized_to_edit_access_policies.yaml index 124c92f44..916075a0b 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_users_unauthorized_to_edit_access_policies.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_users_unauthorized_to_edit_access_policies.yaml @@ -52,8 +52,8 @@ Query: SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_iam_users_with_administrative_privileges.yaml b/compliance/controls/baseline/aws/IAM/aws_iam_users_with_administrative_privileges.yaml index 3e1991c61..a0f6acfdd 100644 --- a/compliance/controls/baseline/aws/IAM/aws_iam_users_with_administrative_privileges.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_iam_users_with_administrative_privileges.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/IAM/aws_inactive_iam_console_user.yaml b/compliance/controls/baseline/aws/IAM/aws_inactive_iam_console_user.yaml index 0f8ac0806..c8e2ee859 100644 --- a/compliance/controls/baseline/aws/IAM/aws_inactive_iam_console_user.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_inactive_iam_console_user.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - u.og_resource_id, - u.og_account_id, + u.platform_resource_id, + u.platform_account_id, CASE WHEN (k.access_key_id IS NULL AND (password_last_used IS NULL OR diff --git a/compliance/controls/baseline/aws/IAM/aws_mfa_device_deactivated.yaml b/compliance/controls/baseline/aws/IAM/aws_mfa_device_deactivated.yaml index c60217514..a1860b1c8 100644 --- a/compliance/controls/baseline/aws/IAM/aws_mfa_device_deactivated.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_mfa_device_deactivated.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN mfa.serial_number IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_multi_account_centralized_management.yaml b/compliance/controls/baseline/aws/IAM/aws_multi_account_centralized_management.yaml index 8cc43c73e..dee91657f 100644 --- a/compliance/controls/baseline/aws/IAM/aws_multi_account_centralized_management.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_multi_account_centralized_management.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT organization_id AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN count(*) = 1 THEN 'alarm' ELSE 'ok' @@ -25,8 +25,8 @@ Query: aws_account GROUP BY organization_id, - og_account_id, - og_resource_id; + platform_account_id, + platform_resource_id; Severity: high Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/aws/IAM/aws_pre_heartbleed_server_certificates.yaml b/compliance/controls/baseline/aws/IAM/aws_pre_heartbleed_server_certificates.yaml index 8c3086529..a2dbaf7c8 100644 --- a/compliance/controls/baseline/aws/IAM/aws_pre_heartbleed_server_certificates.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_pre_heartbleed_server_certificates.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN upload_date < '2014-04-01' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_root_account_access_keys_present.yaml b/compliance/controls/baseline/aws/IAM/aws_root_account_access_keys_present.yaml index b53df81ed..a89a6d3ae 100644 --- a/compliance/controls/baseline/aws/IAM/aws_root_account_access_keys_present.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_root_account_access_keys_present.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - u.og_resource_id, - u.og_account_id, + u.platform_resource_id, + u.platform_account_id, CASE WHEN r.access_key_1_active OR r.access_key_2_active THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_root_account_active_signing_certificates.yaml b/compliance/controls/baseline/aws/IAM/aws_root_account_active_signing_certificates.yaml index dc5790274..b9b48a0bd 100644 --- a/compliance/controls/baseline/aws/IAM/aws_root_account_active_signing_certificates.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_root_account_active_signing_certificates.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT (user_name || ' in account ' || account_id) AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN cert_1_active OR cert_2_active THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_root_account_credentials_usage.yaml b/compliance/controls/baseline/aws/IAM/aws_root_account_credentials_usage.yaml index 1fb99047d..b1db23dd8 100644 --- a/compliance/controls/baseline/aws/IAM/aws_root_account_credentials_usage.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_root_account_credentials_usage.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT (user_name || ' in account ' || account_id) AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN password_last_used + '7 days'::interval > NOW() THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_root_mfa_enabled.yaml b/compliance/controls/baseline/aws/IAM/aws_root_mfa_enabled.yaml index 0ee9b31e9..70b62bc98 100644 --- a/compliance/controls/baseline/aws/IAM/aws_root_mfa_enabled.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_root_mfa_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT (user_name || ' in account ' || account_id) AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN mfa_active::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_45_days.yaml b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_45_days.yaml index f0a196d50..b647dd5b2 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_45_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_45_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT ssh_public_key_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN now() - update_date > '45 days'::interval THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_90_days.yaml b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_90_days.yaml index b56b9bf95..51136bc41 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_90_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_90_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT ssh_public_key_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN now() - update_date > '90 days'::interval THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_x_days.yaml b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_x_days.yaml index a89e287d8..48daa1f75 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_x_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ssh_public_keys_rotated_x_days.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT ssh_public_key_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN now() - update_date > '{{.awsSshPublicKeyRotateDays}} days'::interval THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_30_days.yaml b/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_30_days.yaml index 5ea2544f1..7b651bf40 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_30_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_30_days.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN expiration - '30 days'::interval < NOW() THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_x_days.yaml b/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_x_days.yaml index fe9a288c2..ad31370b9 100644 --- a/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_x_days.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_ssl_tls_certificate_expiry_x_days.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN expiration - ('{{.awsIamServerCertificateAge}}' || ' days')::interval < NOW() THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_unapproved_iam_policy_in_use.yaml b/compliance/controls/baseline/aws/IAM/aws_unapproved_iam_policy_in_use.yaml index 9a71dcd34..535cfca15 100644 --- a/compliance/controls/baseline/aws/IAM/aws_unapproved_iam_policy_in_use.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_unapproved_iam_policy_in_use.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN attachment_count > 0 AND '{{.awsUnapprovedIamPolicies}}' LIKE '%' || name || '%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_unnecessary_access_keys.yaml b/compliance/controls/baseline/aws/IAM/aws_unnecessary_access_keys.yaml index 5462c044b..d822af9f3 100644 --- a/compliance/controls/baseline/aws/IAM/aws_unnecessary_access_keys.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_unnecessary_access_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT u.name AS resource, - u.og_account_id, - u.og_resource_id, + u.platform_account_id, + u.platform_resource_id, CASE WHEN (SELECT COUNT(*) FROM aws_iam_access_key AS k WHERE u.name = k.user_name) > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_unnecessary_ssh_public_keys.yaml b/compliance/controls/baseline/aws/IAM/aws_unnecessary_ssh_public_keys.yaml index 09cc4dda3..c4e0a9dc6 100644 --- a/compliance/controls/baseline/aws/IAM/aws_unnecessary_ssh_public_keys.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_unnecessary_ssh_public_keys.yaml @@ -23,8 +23,8 @@ Query: ) SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN c.count > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_unused_iam_group.yaml b/compliance/controls/baseline/aws/IAM/aws_unused_iam_group.yaml index df8466a5a..532b8fab5 100644 --- a/compliance/controls/baseline/aws/IAM/aws_unused_iam_group.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_unused_iam_group.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN users IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/IAM/aws_valid_iam_identity_providers.yaml b/compliance/controls/baseline/aws/IAM/aws_valid_iam_identity_providers.yaml index 11091486d..c97f0ec2f 100644 --- a/compliance/controls/baseline/aws/IAM/aws_valid_iam_identity_providers.yaml +++ b/compliance/controls/baseline/aws/IAM/aws_valid_iam_identity_providers.yaml @@ -13,7 +13,7 @@ Query: QueryToExecute: | WITH locations AS ( SELECT - og_resource_id, + platform_resource_id, UNNEST( XPATH( '/md:EntityDescriptor/md:IDPSSODescriptor/md:SingleLogoutService/@Location', @@ -31,15 +31,15 @@ Query: ) SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, saml_metadata_document, CASE WHEN '{{.awsTrustedEndpoints}}' = '' THEN 'ok' WHEN EXISTS ( SELECT 1 FROM locations AS l - WHERE l.og_resource_id = p.og_resource_id + WHERE l.platform_resource_id = p.platform_resource_id AND l.location NOT LIKE '{{.awsTrustedEndpoints}}' ) THEN 'alarm' ELSE 'ok' @@ -49,7 +49,7 @@ Query: WHEN EXISTS ( SELECT 1 FROM locations AS l - WHERE l.og_resource_id = p.og_resource_id + WHERE l.platform_resource_id = p.platform_resource_id AND l.location NOT LIKE '{{.awsTrustedEndpoints}}' ) THEN 'location is not inside trusted endpoints' ELSE 'is inside trusted endpoints' diff --git a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificate_expired.yaml b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificate_expired.yaml index b16af7f4b..8442de9f0 100644 --- a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificate_expired.yaml +++ b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificate_expired.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN status = 'EXPIRED' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_renewal_7_days_before_expiration.yaml b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_renewal_7_days_before_expiration.yaml index 839aa1ece..765755d10 100644 --- a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_renewal_7_days_before_expiration.yaml +++ b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_renewal_7_days_before_expiration.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN not_after - '7 days'::interval < now() THEN 'alarm' diff --git a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_validity.yaml b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_validity.yaml index 534e39a29..6b5ca1874 100644 --- a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_validity.yaml +++ b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_validity.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN status = 'EXPIRED' THEN 'skip' WHEN status = 'PENDING_VALIDATION' THEN 'alarm' diff --git a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_with_wildcard_domain_names.yaml b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_with_wildcard_domain_names.yaml index c9509b5f8..fd1bb416b 100644 --- a/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_with_wildcard_domain_names.yaml +++ b/compliance/controls/baseline/aws/acm_certificate/aws_acm_certificates_with_wildcard_domain_names.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT certificate_arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN domain_name LIKE '*' THEN 'ALARM' ELSE 'OK' diff --git a/compliance/controls/baseline/aws/backup/aws_backup_service_lifecycle_configuration.yaml b/compliance/controls/baseline/aws/backup/aws_backup_service_lifecycle_configuration.yaml index 6f6736257..bff786461 100644 --- a/compliance/controls/baseline/aws/backup/aws_backup_service_lifecycle_configuration.yaml +++ b/compliance/controls/baseline/aws/backup/aws_backup_service_lifecycle_configuration.yaml @@ -15,8 +15,8 @@ Query: QueryToExecute: | SELECT account_id || ' backup region setting in ' || region AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN r -> 'Lifecycle' ->> 'DeleteAfterDays' IS NULL AND r -> 'Lifecycle' ->> 'MoveToColdStorageAfterDays' IS NULL diff --git a/compliance/controls/baseline/aws/backup/aws_check_for_protected_amazon_backup_resource_types.yaml b/compliance/controls/baseline/aws/backup/aws_check_for_protected_amazon_backup_resource_types.yaml index b86f3acde..76f616def 100644 --- a/compliance/controls/baseline/aws/backup/aws_check_for_protected_amazon_backup_resource_types.yaml +++ b/compliance/controls/baseline/aws/backup/aws_check_for_protected_amazon_backup_resource_types.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT account_id || ' backup region setting in ' || region AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN resource_type_opt_in_preference::jsonb = '{{.awsBackupResourceTypeOptInPreference}}'::jsonb THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/backup/aws_configure_aws_backup_vault_access_policy.yaml b/compliance/controls/baseline/aws/backup/aws_configure_aws_backup_vault_access_policy.yaml index 52a78a5ea..37656e899 100644 --- a/compliance/controls/baseline/aws/backup/aws_configure_aws_backup_vault_access_policy.yaml +++ b/compliance/controls/baseline/aws/backup/aws_configure_aws_backup_vault_access_policy.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN policy IS NULL THEN 'alarm' WHEN EXISTS ( diff --git a/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml b/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml index 47ac73804..4f979752a 100644 --- a/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml +++ b/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml @@ -25,8 +25,8 @@ Query: SELECT t.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_withing_48_hours.yaml b/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_withing_48_hours.yaml index cafd953fa..0a1b12074 100644 --- a/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_withing_48_hours.yaml +++ b/compliance/controls/baseline/aws/backup/aws_dynamodb_instances_have_backup_withing_48_hours.yaml @@ -20,8 +20,8 @@ Query: SELECT t.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml b/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml index f5be38510..2821f15ca 100644 --- a/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml +++ b/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml @@ -25,8 +25,8 @@ Query: SELECT v.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_withing_rpo_period.yaml b/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_withing_rpo_period.yaml index 88806dce6..1b1af4f65 100644 --- a/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_withing_rpo_period.yaml +++ b/compliance/controls/baseline/aws/backup/aws_ebs_instances_have_backup_withing_rpo_period.yaml @@ -28,8 +28,8 @@ Query: SELECT v.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml b/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml index 2f4a56456..aa62ddaa9 100644 --- a/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml +++ b/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_with_lifecyclepolicy_above_35_days.yaml @@ -25,8 +25,8 @@ Query: SELECT i.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_withing_48_hours.yaml b/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_withing_48_hours.yaml index 66f9586dc..5a58d00a8 100644 --- a/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_withing_48_hours.yaml +++ b/compliance/controls/baseline/aws/backup/aws_ec2_instances_have_backup_withing_48_hours.yaml @@ -35,8 +35,8 @@ Query: ) SELECT v.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml b/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml index 1463d0536..e55dee566 100644 --- a/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml +++ b/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_with_lifecyclepolicy_above_35_days.yaml @@ -25,8 +25,8 @@ Query: SELECT f.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_withing_48_hours.yaml b/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_withing_48_hours.yaml index 354a42ca8..178d5f738 100644 --- a/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_withing_48_hours.yaml +++ b/compliance/controls/baseline/aws/backup/aws_efs_files_have_backup_withing_48_hours.yaml @@ -23,8 +23,8 @@ Query: ) SELECT f.arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN p.recovery_point_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_enable_alert_notifications_for_failed_backup_jobs.yaml b/compliance/controls/baseline/aws/backup/aws_enable_alert_notifications_for_failed_backup_jobs.yaml index 2cfc24430..8cb620916 100644 --- a/compliance/controls/baseline/aws/backup/aws_enable_alert_notifications_for_failed_backup_jobs.yaml +++ b/compliance/controls/baseline/aws/backup/aws_enable_alert_notifications_for_failed_backup_jobs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN backup_vault_events::TEXT LIKE '%BACKUP_JOB_FAILED%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/backup/aws_rds_database_instances_have_a_minimum_acceptable_backup_policy.yaml b/compliance/controls/baseline/aws/backup/aws_rds_database_instances_have_a_minimum_acceptable_backup_policy.yaml index 085e435d4..d51baa495 100644 --- a/compliance/controls/baseline/aws/backup/aws_rds_database_instances_have_a_minimum_acceptable_backup_policy.yaml +++ b/compliance/controls/baseline/aws/backup/aws_rds_database_instances_have_a_minimum_acceptable_backup_policy.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN backup_retention_period < '{{.awsRdsBaselineRetentionPeriodDays}}'::INT THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/backup/aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time.yaml b/compliance/controls/baseline/aws/backup/aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time.yaml index bdf1d32b1..110d1a447 100644 --- a/compliance/controls/baseline/aws/backup/aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time.yaml +++ b/compliance/controls/baseline/aws/backup/aws_rds_database_instances_must_have_a_minimum_acceptable_restore_time.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT i.arn AS resource, - i.og_account_id, - i.og_resource_id, + i.platform_account_id, + i.platform_resource_id, CASE WHEN c.latest_restorable_time IS NOT NULL THEN CASE diff --git a/compliance/controls/baseline/aws/backup/aws_use_kms_customer_master_keys_for_aws_backup.yaml b/compliance/controls/baseline/aws/backup/aws_use_kms_customer_master_keys_for_aws_backup.yaml index fcd71cbd1..21e71ca6b 100644 --- a/compliance/controls/baseline/aws/backup/aws_use_kms_customer_master_keys_for_aws_backup.yaml +++ b/compliance/controls/baseline/aws/backup/aws_use_kms_customer_master_keys_for_aws_backup.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN k.arn IS NULL THEN 'alarm' WHEN k.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/baseline/aws/dynamoDb/aws_unused_dynamodb_table.yaml b/compliance/controls/baseline/aws/dynamoDb/aws_unused_dynamodb_table.yaml index 000ca4dd7..0bc31751b 100644 --- a/compliance/controls/baseline/aws/dynamoDb/aws_unused_dynamodb_table.yaml +++ b/compliance/controls/baseline/aws/dynamoDb/aws_unused_dynamodb_table.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN item_count::int = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted.yaml index bcd29acdc..5addd8ed1 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted_with_kms_customer_master_keys.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted_with_kms_customer_master_keys.yaml index ba0c17511..f5fa99bab 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted_with_kms_customer_master_keys.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_encrypted_with_kms_customer_master_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT volume_id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' WHEN k.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_public_snapshots.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_public_snapshots.yaml index 2d88df668..c189b623a 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_public_snapshots.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_public_snapshots.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':snapshot/' || snapshot_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN create_volume_permissions @> '[{"Group": "all", "UserId": null}]' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_snapshot_encrypted.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_snapshot_encrypted.yaml index 572cc4dd8..fcbb95f51 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_snapshot_encrypted.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_snapshot_encrypted.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_volume_unused.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_volume_unused.yaml index 279c3054c..bc67d9981 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_volume_unused.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_volume_unused.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN state = 'in-use' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_attached_to_stopped_ec2_instances.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_attached_to_stopped_ec2_instances.yaml index 0d4ab6056..551a037be 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_attached_to_stopped_ec2_instances.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_attached_to_stopped_ec2_instances.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT v.volume_id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN i.instance_state = 'running' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_too_old_snapshots.yaml b/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_too_old_snapshots.yaml index 2b8ff9b57..272f3c665 100644 --- a/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_too_old_snapshots.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_ebs_volumes_too_old_snapshots.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT snapshot_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN start_time + ({{.awsEbsSnapshotAgeMaxDays}}::INT || ' days')::interval < now() THEN 'alarm' diff --git a/compliance/controls/baseline/aws/ebs/aws_use_gp3_not_gp2.yaml b/compliance/controls/baseline/aws/ebs/aws_use_gp3_not_gp2.yaml index f27a56612..7122b5b67 100644 --- a/compliance/controls/baseline/aws/ebs/aws_use_gp3_not_gp2.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_use_gp3_not_gp2.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN volume_type = 'gp2' THEN 'alarm' WHEN volume_type = 'gp3' THEN 'ok' diff --git a/compliance/controls/baseline/aws/ebs/aws_use_io2_not_io1.yaml b/compliance/controls/baseline/aws/ebs/aws_use_io2_not_io1.yaml index f73ee7146..a44554b4e 100644 --- a/compliance/controls/baseline/aws/ebs/aws_use_io2_not_io1.yaml +++ b/compliance/controls/baseline/aws/ebs/aws_use_io2_not_io1.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN volume_type = 'io1' THEN 'alarm' WHEN volume_type = 'io2' THEN 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_ami_encryption.yaml b/compliance/controls/baseline/aws/ec2/aws_ami_encryption.yaml index 63855814c..d82f25ebf 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ami_encryption.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ami_encryption.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_default_security_group_unrestricted.yaml b/compliance/controls/baseline/aws/ec2/aws_default_security_group_unrestricted.yaml index c4784c637..e778ee50a 100644 --- a/compliance/controls/baseline/aws/ec2/aws_default_security_group_unrestricted.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_default_security_group_unrestricted.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT group_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_default_security_groups_in_use.yaml b/compliance/controls/baseline/aws/ec2/aws_default_security_groups_in_use.yaml index a1dd3b008..879bb3ef7 100644 --- a/compliance/controls/baseline/aws/ec2/aws_default_security_groups_in_use.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_default_security_groups_in_use.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_disable_public_ip_address_assignment_for_ec2_instances.yaml b/compliance/controls/baseline/aws/ec2/aws_disable_public_ip_address_assignment_for_ec2_instances.yaml index 70e351c5e..7ee444840 100644 --- a/compliance/controls/baseline/aws/ec2/aws_disable_public_ip_address_assignment_for_ec2_instances.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_disable_public_ip_address_assignment_for_ec2_instances.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN public_ip_address IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_ami_too_old.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_ami_too_old.yaml index a26b8eed7..d70191e02 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_ami_too_old.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_ami_too_old.yaml @@ -15,8 +15,8 @@ Query: QueryToExecute: | SELECT image_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN is_aws_backup_managed THEN 'skip' WHEN root_device_type <> 'ebs' THEN 'skip' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_desired_instance_type.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_desired_instance_type.yaml index 98b0f01e4..2014f1b15 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_desired_instance_type.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_desired_instance_type.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN '{{.awsAllowedInstanceTypes}}' = '' THEN 'ok' WHEN '{{.awsAllowedInstanceTypes}}' LIKE '%' || instance_type || '%' THEN 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_in_vpc.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_in_vpc.yaml index 5ab68758d..e2740fc3e 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_in_vpc.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_in_vpc.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN vpc_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_naming_conventions.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_naming_conventions.yaml index 37f8795d9..700f8dc4e 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_naming_conventions.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_naming_conventions.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN '{{.awsEc2NamingPattern}}' = '' THEN 'ok' WHEN tags ->> 'Name' LIKE '{{.awsEc2NamingPattern}}' THEN 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_not_in_public_subnet.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_not_in_public_subnet.yaml index e4e1cf286..9097e3790 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_not_in_public_subnet.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_not_in_public_subnet.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN public_ip_address IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_termination_protection.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_termination_protection.yaml index b9eaf2164..0d7da8f12 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_termination_protection.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_termination_protection.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN disable_api_termination = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_too_old.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_too_old.yaml index fe9109045..eb1043d65 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instance_too_old.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instance_too_old.yaml @@ -11,14 +11,14 @@ Query: QueryToExecute: | SELECT instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE - WHEN now() - (og_description -> 'Instance' ->> 'LaunchTime')::timestamp > '180 days'::interval THEN 'alarm' + WHEN now() - (platform_resource_description -> 'Instance' ->> 'LaunchTime')::timestamp > '180 days'::interval THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN now() - (og_description -> 'Instance' ->> 'LaunchTime')::timestamp > '180 days'::interval THEN instance_id || ' needs to be restarted' + WHEN now() - (platform_resource_description -> 'Instance' ->> 'LaunchTime')::timestamp > '180 days'::interval THEN instance_id || ' needs to be restarted' ELSE instance_id || ' launch time was not much time ago' END AS reason, region, diff --git a/compliance/controls/baseline/aws/ec2/aws_ec2_instances_with_multiple_elastic_network_interfaces.yaml b/compliance/controls/baseline/aws/ec2/aws_ec2_instances_with_multiple_elastic_network_interfaces.yaml index b1fa223d9..56b942868 100644 --- a/compliance/controls/baseline/aws/ec2/aws_ec2_instances_with_multiple_elastic_network_interfaces.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_ec2_instances_with_multiple_elastic_network_interfaces.yaml @@ -24,8 +24,8 @@ Query: SELECT i.instance_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN nis.count > 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_publicly_shared_ami.yaml b/compliance/controls/baseline/aws/ec2/aws_publicly_shared_ami.yaml index f06b9d535..5a658900a 100644 --- a/compliance/controls/baseline/aws/ec2/aws_publicly_shared_ami.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_publicly_shared_ami.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT title AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN public THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_require_imdsv2_for_ec2_instances.yaml b/compliance/controls/baseline/aws/ec2/aws_require_imdsv2_for_ec2_instances.yaml index 4d9789ef3..948ccab0f 100644 --- a/compliance/controls/baseline/aws/ec2/aws_require_imdsv2_for_ec2_instances.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_require_imdsv2_for_ec2_instances.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN metadata_options ->> 'HttpTokens' = 'optional' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_security_group_name_prefixed_with_launch_wizard.yaml b/compliance/controls/baseline/aws/ec2/aws_security_group_name_prefixed_with_launch_wizard.yaml index 922305d31..68ee3e764 100644 --- a/compliance/controls/baseline/aws/ec2/aws_security_group_name_prefixed_with_launch_wizard.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_security_group_name_prefixed_with_launch_wizard.yaml @@ -20,8 +20,8 @@ Query: ) SELECT i.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN sg.arn IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ec2/aws_security_group_port_range.yaml b/compliance/controls/baseline/aws/ec2/aws_security_group_port_range.yaml index 37f0c54e2..e9c65bf49 100644 --- a/compliance/controls/baseline/aws/ec2/aws_security_group_port_range.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_security_group_port_range.yaml @@ -23,8 +23,8 @@ Query: ) SELECT sg.group_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN isg.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ec2/aws_unassociated_elastic_ip_addresses.yaml b/compliance/controls/baseline/aws/ec2/aws_unassociated_elastic_ip_addresses.yaml index 17c4d21ff..341e605fe 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unassociated_elastic_ip_addresses.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unassociated_elastic_ip_addresses.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT 'arn:' || partition || ':ec2:' || region || ':' || account_id || ':eip/' || allocation_id AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN association_id IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_cifs_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_cifs_access.yaml index 4db85009e..26ec55418 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_cifs_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_cifs_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_icmp_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_icmp_access.yaml index 01837c5c9..d8c2543e1 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_icmp_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_icmp_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mongodb_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mongodb_access.yaml index 60e62275a..95c577c0f 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mongodb_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mongodb_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mssql_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mssql_access.yaml index 82c13d7f0..4df87faaf 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mssql_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mssql_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mysql_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mysql_access.yaml index f906e92e5..c49b3c877 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_mysql_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_mysql_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_netbios_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_netbios_access.yaml index e94fce79d..7e4f64b3d 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_netbios_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_netbios_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_opensearch_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_opensearch_access.yaml index dbdf83c93..b2b4760e0 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_opensearch_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_opensearch_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_oracle_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_oracle_access.yaml index 77b0021dd..1938c889f 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_oracle_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_oracle_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_rpc_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_rpc_access.yaml index 45cfc4291..e4fc2225f 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_rpc_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_rpc_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_security_group_ingress_on_uncommon_ports.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_security_group_ingress_on_uncommon_ports.yaml index fdb050058..6a0f0a279 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_security_group_ingress_on_uncommon_ports.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_security_group_ingress_on_uncommon_ports.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_smtp_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_smtp_access.yaml index 16e86f242..841dbfd6e 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_smtp_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_smtp_access.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT group_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ec2/aws_unrestricted_ssh_access.yaml b/compliance/controls/baseline/aws/ec2/aws_unrestricted_ssh_access.yaml index 10b22515b..6f1e68d53 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unrestricted_ssh_access.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unrestricted_ssh_access.yaml @@ -29,8 +29,8 @@ Query: ) SELECT sg.group_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN isg.group_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ec2/aws_unused_ami.yaml b/compliance/controls/baseline/aws/ec2/aws_unused_ami.yaml index 0b2543d39..0f5d6fbfc 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unused_ami.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unused_ami.yaml @@ -14,7 +14,7 @@ Query: QueryToExecute: | WITH dlm_managed AS ( SELECT - og_resource_id + platform_resource_id FROM aws_ec2_ami CROSS JOIN @@ -25,8 +25,8 @@ Query: ) SELECT ami.name AS resource, - ami.og_resource_id, - ami.og_account_id, + ami.platform_resource_id, + ami.platform_account_id, CASE WHEN is_aws_backup_managed THEN 'skip' WHEN ami.root_device_type <> 'ebs' THEN 'skip' @@ -46,7 +46,7 @@ Query: LEFT JOIN aws_ec2_instance AS i ON ami.image_id = i.image_id WHERE - NOT (EXISTS (SELECT * FROM dlm_managed dl WHERE dl.og_resource_id = ami.og_resource_id)) + NOT (EXISTS (SELECT * FROM dlm_managed dl WHERE dl.platform_resource_id = ami.platform_resource_id)) Severity: low Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/aws/ec2/aws_unused_aws_ec2_key_pairs.yaml b/compliance/controls/baseline/aws/ec2/aws_unused_aws_ec2_key_pairs.yaml index 8595b1a04..89e6ddd2b 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unused_aws_ec2_key_pairs.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unused_aws_ec2_key_pairs.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT k.key_name AS resource, - k.og_resource_id, - k.og_account_id, + k.platform_resource_id, + k.platform_account_id, CASE WHEN i.arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ec2/aws_unused_elastic_network_interfaces.yaml b/compliance/controls/baseline/aws/ec2/aws_unused_elastic_network_interfaces.yaml index a23c77048..1e4ad18a9 100644 --- a/compliance/controls/baseline/aws/ec2/aws_unused_elastic_network_interfaces.yaml +++ b/compliance/controls/baseline/aws/ec2/aws_unused_elastic_network_interfaces.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT network_interface_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN status = 'available' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ecr/aws_ecr_repository_exposed.yaml b/compliance/controls/baseline/aws/ecr/aws_ecr_repository_exposed.yaml index 8d0bfecaf..f4915d2b0 100644 --- a/compliance/controls/baseline/aws/ecr/aws_ecr_repository_exposed.yaml +++ b/compliance/controls/baseline/aws/ecr/aws_ecr_repository_exposed.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT repository_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/ecr/aws_enable_cross_region_replication.yaml b/compliance/controls/baseline/aws/ecr/aws_enable_cross_region_replication.yaml index 663598283..002e9b4ab 100644 --- a/compliance/controls/baseline/aws/ecr/aws_enable_cross_region_replication.yaml +++ b/compliance/controls/baseline/aws/ecr/aws_enable_cross_region_replication.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT account_id || ' backup region setting in ' || region AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN rules::text = '[]' THEN 'alarm' WHEN EXISTS ( diff --git a/compliance/controls/baseline/aws/ecr/aws_enable_scan_on_push_for_ecr_container_images.yaml b/compliance/controls/baseline/aws/ecr/aws_enable_scan_on_push_for_ecr_container_images.yaml index 2c121be80..addff9a9d 100644 --- a/compliance/controls/baseline/aws/ecr/aws_enable_scan_on_push_for_ecr_container_images.yaml +++ b/compliance/controls/baseline/aws/ecr/aws_enable_scan_on_push_for_ecr_container_images.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT repository_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN image_scanning_configuration ->> 'ScanOnPush' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ecr/aws_lifecycle_policy_in_use.yaml b/compliance/controls/baseline/aws/ecr/aws_lifecycle_policy_in_use.yaml index afd53dc29..a01a63584 100644 --- a/compliance/controls/baseline/aws/ecr/aws_lifecycle_policy_in_use.yaml +++ b/compliance/controls/baseline/aws/ecr/aws_lifecycle_policy_in_use.yaml @@ -24,8 +24,8 @@ Query: SELECT r.repository_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN p.repository_name IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/ecs/aws_check_for_amazon_ecs_service_placement_strategy.yaml b/compliance/controls/baseline/aws/ecs/aws_check_for_amazon_ecs_service_placement_strategy.yaml index 96496c993..11bbec90d 100644 --- a/compliance/controls/baseline/aws/ecs/aws_check_for_amazon_ecs_service_placement_strategy.yaml +++ b/compliance/controls/baseline/aws/ecs/aws_check_for_amazon_ecs_service_placement_strategy.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT service_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (SELECT ARRAY_AGG(ps ->> 'Type') FROM jsonb_array_elements(placement_strategy) AS ps) = ARRAY['spread', 'binpack'] diff --git a/compliance/controls/baseline/aws/ecs/aws_check_for_ecs_container_instance_agent_version.yaml b/compliance/controls/baseline/aws/ecs/aws_check_for_ecs_container_instance_agent_version.yaml index 37e4edf73..beb249d49 100644 --- a/compliance/controls/baseline/aws/ecs/aws_check_for_ecs_container_instance_agent_version.yaml +++ b/compliance/controls/baseline/aws/ecs/aws_check_for_ecs_container_instance_agent_version.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN version_info ->> 'AgentVersion' < '{{.awsEcsContainerInstanceAgentVersion}}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ecs/aws_check_for_fargate_platform_version.yaml b/compliance/controls/baseline/aws/ecs/aws_check_for_fargate_platform_version.yaml index 0c1f91313..56e8f67a7 100644 --- a/compliance/controls/baseline/aws/ecs/aws_check_for_fargate_platform_version.yaml +++ b/compliance/controls/baseline/aws/ecs/aws_check_for_fargate_platform_version.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN platform_version < '{{.awsEcsServicePlatformVersion}}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ecs/aws_ecs_task_log_driver_in_use.yaml b/compliance/controls/baseline/aws/ecs/aws_ecs_task_log_driver_in_use.yaml index 81310f679..3fec2514c 100644 --- a/compliance/controls/baseline/aws/ecs/aws_ecs_task_log_driver_in_use.yaml +++ b/compliance/controls/baseline/aws/ecs/aws_ecs_task_log_driver_in_use.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT td.task_definition_arn || ' - ' || (c ->> 'Name') AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (c -> 'LogConfiguration' ->> 'LogDriver') IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/ecs/aws_enable_cloudwatch_container_insights.yaml b/compliance/controls/baseline/aws/ecs/aws_enable_cloudwatch_container_insights.yaml index 1dc235be9..c0c931a1a 100644 --- a/compliance/controls/baseline/aws/ecs/aws_enable_cloudwatch_container_insights.yaml +++ b/compliance/controls/baseline/aws/ecs/aws_enable_cloudwatch_container_insights.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT cluster_arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/efs/aws_efs_encryption_enabled.yaml b/compliance/controls/baseline/aws/efs/aws_efs_encryption_enabled.yaml index d811a6af5..727ee0e8a 100644 --- a/compliance/controls/baseline/aws/efs/aws_efs_encryption_enabled.yaml +++ b/compliance/controls/baseline/aws/efs/aws_efs_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN encrypted::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/efs/aws_kms_customer_master_keys_for_efs_encryption.yaml b/compliance/controls/baseline/aws/efs/aws_kms_customer_master_keys_for_efs_encryption.yaml index 7a6fddf11..f1d0f941b 100644 --- a/compliance/controls/baseline/aws/efs/aws_kms_customer_master_keys_for_efs_encryption.yaml +++ b/compliance/controls/baseline/aws/efs/aws_kms_customer_master_keys_for_efs_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT fs.file_system_id AS resource, - fs.og_resource_id, - fs.og_account_id, + fs.platform_resource_id, + fs.platform_account_id, CASE WHEN k.arn IS NULL THEN 'alarm' WHEN k.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/baseline/aws/eks/aws_disable_remote_access_to_eks_cluster_node_groups.yaml b/compliance/controls/baseline/aws/eks/aws_disable_remote_access_to_eks_cluster_node_groups.yaml index f21bd51f2..d7ad2369f 100644 --- a/compliance/controls/baseline/aws/eks/aws_disable_remote_access_to_eks_cluster_node_groups.yaml +++ b/compliance/controls/baseline/aws/eks/aws_disable_remote_access_to_eks_cluster_node_groups.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT nodegroup_name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN remote_access ->> 'Ec2SshKey' IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/eks/aws_eks_cluster_endpoint_public_access.yaml b/compliance/controls/baseline/aws/eks/aws_eks_cluster_endpoint_public_access.yaml index 7b5d43d46..a0697c18a 100644 --- a/compliance/controls/baseline/aws/eks/aws_eks_cluster_endpoint_public_access.yaml +++ b/compliance/controls/baseline/aws/eks/aws_eks_cluster_endpoint_public_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN resources_vpc_config ->> 'EndpointPublicAccess' = 'true' AND (resources_vpc_config ->> 'PublicAccessCidrs')::text LIKE '%"0.0.0.0/0"%' diff --git a/compliance/controls/baseline/aws/eks/aws_eks_cluster_node_group_iam_role_policies.yaml b/compliance/controls/baseline/aws/eks/aws_eks_cluster_node_group_iam_role_policies.yaml index 45ca1ab18..c1f7b9c9f 100644 --- a/compliance/controls/baseline/aws/eks/aws_eks_cluster_node_group_iam_role_policies.yaml +++ b/compliance/controls/baseline/aws/eks/aws_eks_cluster_node_group_iam_role_policies.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ng.nodegroup_name AS resource, - ng.og_account_id, - ng.og_resource_id, + ng.platform_account_id, + ng.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/eks/aws_eks_security_groups.yaml b/compliance/controls/baseline/aws/eks/aws_eks_security_groups.yaml index 2c4e7a2e3..208f600c9 100644 --- a/compliance/controls/baseline/aws/eks/aws_eks_security_groups.yaml +++ b/compliance/controls/baseline/aws/eks/aws_eks_security_groups.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_account_id, - c.og_resource_id, + c.platform_account_id, + c.platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/aws/eks/aws_enable_cloudtrail_logging_for_kubernetes_api_calls.yaml b/compliance/controls/baseline/aws/eks/aws_enable_cloudtrail_logging_for_kubernetes_api_calls.yaml index 2084ce82b..43328aab8 100644 --- a/compliance/controls/baseline/aws/eks/aws_enable_cloudtrail_logging_for_kubernetes_api_calls.yaml +++ b/compliance/controls/baseline/aws/eks/aws_enable_cloudtrail_logging_for_kubernetes_api_calls.yaml @@ -12,13 +12,13 @@ Query: QueryToExecute: | SELECT account_id AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 FROM aws_cloudtrail_trail AS ct - WHERE ct.og_account_id = a.og_account_id + WHERE ct.platform_account_id = a.platform_account_id AND ct.is_logging = 'true' ) THEN 'ok' ELSE 'alarm' @@ -27,7 +27,7 @@ Query: WHEN EXISTS ( SELECT 1 FROM aws_cloudtrail_trail AS ct - WHERE ct.og_account_id = a.og_account_id + WHERE ct.platform_account_id = a.platform_account_id AND ct.is_logging = 'true' ) THEN 'There are active trails' ELSE 'There are no active trails' diff --git a/compliance/controls/baseline/aws/eks/aws_enable_envelope_encryption_for_eks_kubernetes_secrets.yaml b/compliance/controls/baseline/aws/eks/aws_enable_envelope_encryption_for_eks_kubernetes_secrets.yaml index 4041e4c45..a166eb0e7 100644 --- a/compliance/controls/baseline/aws/eks/aws_enable_envelope_encryption_for_eks_kubernetes_secrets.yaml +++ b/compliance/controls/baseline/aws/eks/aws_enable_envelope_encryption_for_eks_kubernetes_secrets.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_logging.yaml b/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_logging.yaml index 7c8004b61..e68836b22 100644 --- a/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_logging.yaml +++ b/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_logging.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_version.yaml b/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_version.yaml index 9eeceb8f7..6026ea766 100644 --- a/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_version.yaml +++ b/compliance/controls/baseline/aws/eks/aws_kubernetes_cluster_version.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN (version)::decimal >= '{{.awsEksClusterLatestVersion}}'::decimal THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_access_amazon_ecr_repositories.yaml b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_access_amazon_ecr_repositories.yaml index 6edbc9986..16d66b83f 100644 --- a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_access_amazon_ecr_repositories.yaml +++ b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_access_amazon_ecr_repositories.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ng.nodegroup_name AS resource, - ng.og_account_id, - ng.og_resource_id, + ng.platform_account_id, + ng.platform_resource_id, CASE WHEN attached_policy_arns::text LIKE '%arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_aws_resources.yaml b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_aws_resources.yaml index e7c567491..7212f80fc 100644 --- a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_aws_resources.yaml +++ b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_aws_resources.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ng.nodegroup_name AS resource, - ng.og_account_id, - ng.og_resource_id, + ng.platform_account_id, + ng.platform_resource_id, CASE WHEN attached_policy_arns::text LIKE '%arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_networking_resources.yaml b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_networking_resources.yaml index 9e908c84a..8c6f952fa 100644 --- a/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_networking_resources.yaml +++ b/compliance/controls/baseline/aws/eks/aws_use_aws_managed_policy_to_manage_networking_resources.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ng.nodegroup_name AS resource, - ng.og_account_id, - ng.og_resource_id, + ng.platform_account_id, + ng.platform_resource_id, CASE WHEN attached_policy_arns::TEXT LIKE '%arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/eks/aws_use_oidc_provider_for_authenticating_kubernetes_api_calls.yaml b/compliance/controls/baseline/aws/eks/aws_use_oidc_provider_for_authenticating_kubernetes_api_calls.yaml index 8c99ee550..2aa1efa10 100644 --- a/compliance/controls/baseline/aws/eks/aws_use_oidc_provider_for_authenticating_kubernetes_api_calls.yaml +++ b/compliance/controls/baseline/aws/eks/aws_use_oidc_provider_for_authenticating_kubernetes_api_calls.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_account_id, - c.og_resource_id, + c.platform_account_id, + c.platform_resource_id, CASE WHEN oidc.url IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/fsx/aws_use_kms_customer_master_keys_for_fsx_windows_file_server_file_systems.yaml b/compliance/controls/baseline/aws/fsx/aws_use_kms_customer_master_keys_for_fsx_windows_file_server_file_systems.yaml index 251f9c98e..769d5d77e 100644 --- a/compliance/controls/baseline/aws/fsx/aws_use_kms_customer_master_keys_for_fsx_windows_file_server_file_systems.yaml +++ b/compliance/controls/baseline/aws/fsx/aws_use_kms_customer_master_keys_for_fsx_windows_file_server_file_systems.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT file_system_id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN kms_key_id IS NULL THEN 'alarm' WHEN k.key_manager = 'CUSTOMER' THEN 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_configure_http_desync_mitigation_mode_for_application_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_configure_http_desync_mitigation_mode_for_application_load_balancers.yaml index f60846481..40014df40 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_configure_http_desync_mitigation_mode_for_application_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_configure_http_desync_mitigation_mode_for_application_load_balancers.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN m.v = ANY(ARRAY ['defensive', 'strictest']) THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_configure_multiple_availability_zones_for_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_configure_multiple_availability_zones_for_load_balancers.yaml index bc22276c9..e65da30d7 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_configure_multiple_availability_zones_for_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_configure_multiple_availability_zones_for_load_balancers.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' @@ -27,8 +27,8 @@ Query: UNION SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' @@ -41,8 +41,8 @@ Query: UNION SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN jsonb_array_length(availability_zones) < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elb_access_log.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elb_access_log.yaml index 77ef1e864..c5b719602 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elb_access_log.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elb_access_log.yaml @@ -11,14 +11,14 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE - WHEN og_description -> 'Attributes' -> 'AccessLog' ->> 'Enabled' = 'true' THEN 'ok' + WHEN platform_resource_description -> 'Attributes' -> 'AccessLog' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN og_description -> 'Attributes' -> 'AccessLog' ->> 'Enabled' = 'true' THEN a.title || ' Access Logging feature is enabled' + WHEN platform_resource_description -> 'Attributes' -> 'AccessLog' ->> 'Enabled' = 'true' THEN a.title || ' Access Logging feature is enabled' ELSE a.title || ' Access Logging feature is not enabled' END AS reason, a.region, diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elb_connection_draining_enabled.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elb_connection_draining_enabled.yaml index 9f2aa8212..4d82210f7 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elb_connection_draining_enabled.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elb_connection_draining_enabled.yaml @@ -11,14 +11,14 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE - WHEN og_description -> 'Attributes' -> 'ConnectionDraining' ->> 'Enabled' = 'true' THEN 'ok' + WHEN platform_resource_description -> 'Attributes' -> 'ConnectionDraining' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN og_description -> 'Attributes' -> 'ConnectionDraining' ->> 'Enabled' = 'true' THEN a.title || ' Connection Draining feature is enabled' + WHEN platform_resource_description -> 'Attributes' -> 'ConnectionDraining' ->> 'Enabled' = 'true' THEN a.title || ' Connection Draining feature is enabled' ELSE a.title || ' Connection Draining feature is not enabled' END AS reason, a.region, diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elb_cross_zone_load_balancing_enabled.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elb_cross_zone_load_balancing_enabled.yaml index 8188b2ac6..5d62b5df6 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elb_cross_zone_load_balancing_enabled.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elb_cross_zone_load_balancing_enabled.yaml @@ -11,14 +11,14 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE - WHEN og_description -> 'Attributes' -> 'CrossZoneLoadBalancing' ->> 'Enabled' = 'true' THEN 'ok' + WHEN platform_resource_description -> 'Attributes' -> 'CrossZoneLoadBalancing' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN og_description -> 'Attributes' -> 'CrossZoneLoadBalancing' ->> 'Enabled' = 'true' THEN a.title || ' Cross-Zone Load Balancing feature is enabled' + WHEN platform_resource_description -> 'Attributes' -> 'CrossZoneLoadBalancing' ->> 'Enabled' = 'true' THEN a.title || ' Cross-Zone Load Balancing feature is enabled' ELSE a.title || ' Cross-Zone Load Balancing feature is not enabled' END AS reason, a.region, diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elb_insecure_ssl_protocols.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elb_insecure_ssl_protocols.yaml index 4def0e5b7..9cce480c7 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elb_insecure_ssl_protocols.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elb_insecure_ssl_protocols.yaml @@ -21,8 +21,8 @@ Query: ) SELECT 'arn:' || a.partition || ':elasticloadbalancing:' || a.region || ':' || a.account_id || ':loadbalancer/' || a.name AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN a.listener_descriptions IS NULL THEN 'skip' WHEN b.name IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_access_log.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_access_log.yaml index ad27b81e8..705ba636e 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_access_log.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_access_log.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN lb ->> 'Value' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_listener_security.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_listener_security.yaml index caec68741..1adf60517 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_listener_security.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_listener_security.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT al.arn AS resource, - al.og_resource_id, - al.og_account_id, + al.platform_resource_id, + al.platform_account_id, CASE WHEN STRING_AGG(ll.protocol, ',') ILIKE '%HTTPS%' THEN 'ok' ELSE 'alarm' @@ -32,8 +32,8 @@ Query: al.arn = ll.load_balancer_arn GROUP BY al.arn, - al.og_resource_id, - al.og_account_id, + al.platform_resource_id, + al.platform_account_id, al.title, al.region, al.account_id; diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_minimum_number_of_ec2_target_instances.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_minimum_number_of_ec2_target_instances.yaml index 653f39385..f6115d365 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_minimum_number_of_ec2_target_instances.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_minimum_number_of_ec2_target_instances.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN b.load_balancer_arn IS NULL OR b.c < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_group.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_group.yaml index dbb92a041..70c203496 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_group.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_group.yaml @@ -32,8 +32,8 @@ Query: ) SELECT al.name AS resource, - al.og_account_id, - al.og_resource_id, + al.platform_account_id, + al.platform_resource_id, sg.ports_and_protocols, lbl.ports_and_protocols, CASE diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_policy.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_policy.yaml index 7f0e8f5fe..b3f670de9 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_policy.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_alb_security_policy.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN '{{.awsLatestPolicies}}' LIKE '%' || li.ssl_policy || '%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_elastic_load_balancing_deletion_protection.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_elastic_load_balancing_deletion_protection.yaml index 93622d61a..db6471e84 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_elastic_load_balancing_deletion_protection.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_elastic_load_balancing_deletion_protection.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN m.v = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_glb_minimum_number_of_ec2_target_instances.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_glb_minimum_number_of_ec2_target_instances.yaml index be00acdff..9773db8a2 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_glb_minimum_number_of_ec2_target_instances.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_glb_minimum_number_of_ec2_target_instances.yaml @@ -22,8 +22,8 @@ Query: ) SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN b.load_balancer_arn IS NULL OR b.c < 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_nlb_listener_security.yaml b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_nlb_listener_security.yaml index 9afe44a92..562be9caa 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_elbv2_nlb_listener_security.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_elbv2_nlb_listener_security.yaml @@ -39,8 +39,8 @@ Query: ) SELECT lb.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN l.load_balancer_arn IS NOT NULL AND lb.arn IN ( diff --git a/compliance/controls/baseline/aws/load_balancer/aws_enable_amazon_waf_integration_for_application_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_enable_amazon_waf_integration_for_application_load_balancers.yaml index 33577b0d4..42b1bfd7a 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_enable_amazon_waf_integration_for_application_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_enable_amazon_waf_integration_for_application_load_balancers.yaml @@ -19,8 +19,8 @@ Query: ) SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN ar.arns IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_enable_cross_zone_load_balancing.yaml b/compliance/controls/baseline/aws/load_balancer/aws_enable_cross_zone_load_balancing.yaml index af269a700..b5757d113 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_enable_cross_zone_load_balancing.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_enable_cross_zone_load_balancing.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN lb ->> 'Value' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_enable_deletion_protection.yaml b/compliance/controls/baseline/aws/load_balancer/aws_enable_deletion_protection.yaml index 921c151c4..d7763e776 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_enable_deletion_protection.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_enable_deletion_protection.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN lb ->> 'Value' = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_enable_http_to_https_redirect_for_application_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_enable_http_to_https_redirect_for_application_load_balancers.yaml index f85a1388a..20ef153d7 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_enable_http_to_https_redirect_for_application_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_enable_http_to_https_redirect_for_application_load_balancers.yaml @@ -26,8 +26,8 @@ Query: ) SELECT a.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN b.load_balancer_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_enable_support_for_grpc_protocol.yaml b/compliance/controls/baseline/aws/load_balancer/aws_enable_support_for_grpc_protocol.yaml index ed64bfc6a..96f108d58 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_enable_support_for_grpc_protocol.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_enable_support_for_grpc_protocol.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE - WHEN tg.og_description -> 'TargetGroup' ->> 'ProtocolVersion' = 'GRPC' THEN 'ok' + WHEN tg.platform_resource_description -> 'TargetGroup' ->> 'ProtocolVersion' = 'GRPC' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN tg.og_description -> 'TargetGroup' ->> 'ProtocolVersion' = 'GRPC' THEN + WHEN tg.platform_resource_description -> 'TargetGroup' ->> 'ProtocolVersion' = 'GRPC' THEN a.title || ' is configured to send requests to targets using the gRPC protocol.' ELSE a.title || ' is not configured to send requests to targets using the gRPC protocol.' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbs.yaml b/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbs.yaml index e4f6e7085..3819c178c 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbs.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN scheme = 'internet-facing' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbv2s.yaml b/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbv2s.yaml index d17ad934e..b98bef69a 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbv2s.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_internet_facing_elbv2s.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT a.arn AS resource, - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN scheme = 'internet-facing' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_unused_application_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_unused_application_load_balancers.yaml index fa4acbe44..0a33dfae0 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_unused_application_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_unused_application_load_balancers.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN b.load_balancer_arn IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_unused_elastic_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_unused_elastic_load_balancers.yaml index 0b92271cd..50835c0b1 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_unused_elastic_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_unused_elastic_load_balancers.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN jsonb_array_length(instances) > 0 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/load_balancer/aws_unused_gateway_load_balancers.yaml b/compliance/controls/baseline/aws/load_balancer/aws_unused_gateway_load_balancers.yaml index 4873a2617..636c51df0 100644 --- a/compliance/controls/baseline/aws/load_balancer/aws_unused_gateway_load_balancers.yaml +++ b/compliance/controls/baseline/aws/load_balancer/aws_unused_gateway_load_balancers.yaml @@ -21,8 +21,8 @@ Query: ) SELECT a.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN jsonb_array_length(b.target_health_descriptions) = 0 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/opensearch/aws_enable_audit_logs.yaml b/compliance/controls/baseline/aws/opensearch/aws_enable_audit_logs.yaml index 2e5b38529..29b406f2b 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_enable_audit_logs.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_enable_audit_logs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN log_publishing_options ->> 'AUDIT_LOGS' IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_enable_in_transit_encryption.yaml b/compliance/controls/baseline/aws/opensearch/aws_enable_in_transit_encryption.yaml index f9198f3c1..ffd8b0e11 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_enable_in_transit_encryption.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_enable_in_transit_encryption.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (domain_endpoint_options ->> 'EnforceHTTPS')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_encryption_at_rest.yaml b/compliance/controls/baseline/aws/opensearch/aws_encryption_at_rest.yaml index e0746ccc2..3d712fc0e 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_encryption_at_rest.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_encryption_at_rest.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (encryption_at_rest_options ->> 'Enabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_accessible_only_from_safelisted_ip_addresses.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_accessible_only_from_safelisted_ip_addresses.yaml index 4aae6c232..4f49c8962 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_accessible_only_from_safelisted_ip_addresses.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_accessible_only_from_safelisted_ip_addresses.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_dedicated_master_enabled.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_dedicated_master_enabled.yaml index 7a074b79e..6b45875d3 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_dedicated_master_enabled.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_dedicated_master_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (cluster_config ->> 'DedicatedMasterEnabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_encrypted_with_kms_cmks.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_encrypted_with_kms_cmks.yaml index 7dec49e98..e2096f307 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_encrypted_with_kms_cmks.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_encrypted_with_kms_cmks.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN kms.key_manager IS NULL THEN 'alarm' WHEN kms.key_manager = 'AWS' THEN 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_exposed.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_exposed.yaml index b372d2459..520b6f9eb 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_exposed.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_exposed.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_in_vpc.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_in_vpc.yaml index 38e39e0dd..3edcbd58c 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_in_vpc.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_domain_in_vpc.yaml @@ -37,8 +37,8 @@ Query: ) SELECT d.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN d.vpc_options ->> 'VPCId' IS NULL THEN 'alarm' WHEN d.vpc_options ->> 'VPCId' IS NOT NULL AND p.arn IS NOT NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_node_to_node_encryption.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_node_to_node_encryption.yaml index ec8844347..de13f9558 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_node_to_node_encryption.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_node_to_node_encryption.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN NOT node_to_node_encryption_options_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_slow_logs.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_slow_logs.yaml index 261a0b49e..9f2dbfa63 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_slow_logs.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_slow_logs.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (COALESCE((log_publishing_options -> 'INDEX_SLOW_LOGS' ->> 'Enabled')::bool, false)::bool AND COALESCE((log_publishing_options -> 'SEARCH_SLOW_LOGS' ->> 'Enabled')::bool, false)::bool) THEN 'ok' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_version.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_version.yaml index cfc0ec0ad..0084ee74b 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_version.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_version.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN engine_version = '{{.awsOpensearchLatestVersion}}' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_opensearch_zone_awareness_enabled.yaml b/compliance/controls/baseline/aws/opensearch/aws_opensearch_zone_awareness_enabled.yaml index 71bdeb02e..f6a309add 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_opensearch_zone_awareness_enabled.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_opensearch_zone_awareness_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN (cluster_config ->> 'ZoneAwarenessEnabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/opensearch/aws_tls_security_policy_version.yaml b/compliance/controls/baseline/aws/opensearch/aws_tls_security_policy_version.yaml index 39ab23060..541126818 100644 --- a/compliance/controls/baseline/aws/opensearch/aws_tls_security_policy_version.yaml +++ b/compliance/controls/baseline/aws/opensearch/aws_tls_security_policy_version.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT domain_name AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN log_publishing_options IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_aurora_database_cluster_activity_streams.yaml b/compliance/controls/baseline/aws/rds/aws_aurora_database_cluster_activity_streams.yaml index 488bfd3e3..b1292ad10 100644 --- a/compliance/controls/baseline/aws/rds/aws_aurora_database_cluster_activity_streams.yaml +++ b/compliance/controls/baseline/aws/rds/aws_aurora_database_cluster_activity_streams.yaml @@ -23,8 +23,8 @@ Query: SELECT c.db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN a.count = 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_aurora_database_instance_accessibility.yaml b/compliance/controls/baseline/aws/rds/aws_aurora_database_instance_accessibility.yaml index 594bc717b..d6fd6ce63 100644 --- a/compliance/controls/baseline/aws/rds/aws_aurora_database_instance_accessibility.yaml +++ b/compliance/controls/baseline/aws/rds/aws_aurora_database_instance_accessibility.yaml @@ -23,8 +23,8 @@ Query: SELECT c.db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN a.count = 2 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_backtrack.yaml b/compliance/controls/baseline/aws/rds/aws_backtrack.yaml index 82a077947..50a5ef1ec 100644 --- a/compliance/controls/baseline/aws/rds/aws_backtrack.yaml +++ b/compliance/controls/baseline/aws/rds/aws_backtrack.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backtrack_window IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_cluster_deletion_protection.yaml b/compliance/controls/baseline/aws/rds/aws_cluster_deletion_protection.yaml index 0bc074656..f5354d287 100644 --- a/compliance/controls/baseline/aws/rds/aws_cluster_deletion_protection.yaml +++ b/compliance/controls/baseline/aws/rds/aws_cluster_deletion_protection.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT deletion_protection THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_db_instance_generation.yaml b/compliance/controls/baseline/aws/rds/aws_db_instance_generation.yaml index a45ca99f9..fc2f162d0 100644 --- a/compliance/controls/baseline/aws/rds/aws_db_instance_generation.yaml +++ b/compliance/controls/baseline/aws/rds/aws_db_instance_generation.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, class, CASE WHEN ARRAY['db.m1.small', 'db.m1.medium', 'db.m1.large', 'db.m1.xlarge', diff --git a/compliance/controls/baseline/aws/rds/aws_enable_aurora_cluster_copy_tags_to_snapshots.yaml b/compliance/controls/baseline/aws/rds/aws_enable_aurora_cluster_copy_tags_to_snapshots.yaml index affb5891b..7258c4c4f 100644 --- a/compliance/controls/baseline/aws/rds/aws_enable_aurora_cluster_copy_tags_to_snapshots.yaml +++ b/compliance/controls/baseline/aws/rds/aws_enable_aurora_cluster_copy_tags_to_snapshots.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT copy_tags_to_snapshot THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_enable_aws_rds_transport_encryption.yaml b/compliance/controls/baseline/aws/rds/aws_enable_aws_rds_transport_encryption.yaml index 257a7b9d0..22be96b1c 100644 --- a/compliance/controls/baseline/aws/rds/aws_enable_aws_rds_transport_encryption.yaml +++ b/compliance/controls/baseline/aws/rds/aws_enable_aws_rds_transport_encryption.yaml @@ -13,8 +13,8 @@ Query: WITH instance_pg AS ( SELECT g ->> 'DBParameterGroupName' AS pg_name, - i.og_account_id, - i.og_resource_id, + i.platform_account_id, + i.platform_resource_id, i.engine, i.title, i.arn, @@ -43,8 +43,8 @@ Query: SELECT i.arn AS resource, i.engine, - i.og_account_id, - i.og_resource_id, + i.platform_account_id, + i.platform_resource_id, CASE WHEN i.engine NOT IN ('sqlserver', 'postgres') THEN 'skip' WHEN p.name IS NOT NULL THEN 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_enable_instance_storage_auto_scaling.yaml b/compliance/controls/baseline/aws/rds/aws_enable_instance_storage_auto_scaling.yaml index 1571c8e17..46585f1ee 100644 --- a/compliance/controls/baseline/aws/rds/aws_enable_instance_storage_auto_scaling.yaml +++ b/compliance/controls/baseline/aws/rds/aws_enable_instance_storage_auto_scaling.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN max_allocated_storage IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_enable_rds_snapshot_encryption.yaml b/compliance/controls/baseline/aws/rds/aws_enable_rds_snapshot_encryption.yaml index 0123d3cd2..36e0508ef 100644 --- a/compliance/controls/baseline/aws/rds/aws_enable_rds_snapshot_encryption.yaml +++ b/compliance/controls/baseline/aws/rds/aws_enable_rds_snapshot_encryption.yaml @@ -21,8 +21,8 @@ Query: ) SELECT r.db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN b.db_instance_identifier IS NULL THEN 'skip' WHEN NOT b.encrypted THEN 'alarm' diff --git a/compliance/controls/baseline/aws/rds/aws_enable_serverless_log_exports.yaml b/compliance/controls/baseline/aws/rds/aws_enable_serverless_log_exports.yaml index f9bed21c3..8b3c744fa 100644 --- a/compliance/controls/baseline/aws/rds/aws_enable_serverless_log_exports.yaml +++ b/compliance/controls/baseline/aws/rds/aws_enable_serverless_log_exports.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_cluster_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enabled_cloudwatch_logs_exports IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_instance_deletion_protection.yaml b/compliance/controls/baseline/aws/rds/aws_instance_deletion_protection.yaml index 2c03bf330..fe5e3f112 100644 --- a/compliance/controls/baseline/aws/rds/aws_instance_deletion_protection.yaml +++ b/compliance/controls/baseline/aws/rds/aws_instance_deletion_protection.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN engine LIKE ANY(ARRAY ['aurora%', 'docdb', 'neptune']) THEN 'skip' WHEN deletion_protection THEN 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_instance_level_events_subscriptions.yaml b/compliance/controls/baseline/aws/rds/aws_instance_level_events_subscriptions.yaml index 5d22ea3d1..7ecd8e572 100644 --- a/compliance/controls/baseline/aws/rds/aws_instance_level_events_subscriptions.yaml +++ b/compliance/controls/baseline/aws/rds/aws_instance_level_events_subscriptions.yaml @@ -11,8 +11,8 @@ Query: PrimaryTable: aws_account QueryToExecute: | SELECT DISTINCT - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN s.arn IS NULL THEN 'alarm' ELSE 'ok' @@ -27,7 +27,7 @@ Query: LEFT JOIN ( SELECT * FROM aws_rds_db_event_subscription WHERE source_type = 'db-instance' - ) s ON s.og_account_id = a.og_account_id + ) s ON s.platform_account_id = a.platform_account_id Severity: high Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/aws/rds/aws_log_exports.yaml b/compliance/controls/baseline/aws/rds/aws_log_exports.yaml index a4bf95f14..7070c9704 100644 --- a/compliance/controls/baseline/aws/rds/aws_log_exports.yaml +++ b/compliance/controls/baseline/aws/rds/aws_log_exports.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN enabled_cloudwatch_logs_exports IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_performance_insights.yaml b/compliance/controls/baseline/aws/rds/aws_performance_insights.yaml index 87190bf89..46cdf200c 100644 --- a/compliance/controls/baseline/aws/rds/aws_performance_insights.yaml +++ b/compliance/controls/baseline/aws/rds/aws_performance_insights.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT performance_insights_enabled THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_automated_backups_enabled.yaml b/compliance/controls/baseline/aws/rds/aws_rds_automated_backups_enabled.yaml index 4275c1352..e0cc64b81 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_automated_backups_enabled.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_automated_backups_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN backup_retention_period < 1 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_db_instance_no_public_subnet.yaml b/compliance/controls/baseline/aws/rds/aws_rds_db_instance_no_public_subnet.yaml index 200376806..98406adc6 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_db_instance_no_public_subnet.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_db_instance_no_public_subnet.yaml @@ -89,8 +89,8 @@ Query: ) SELECT c.arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN s.subnet_group_name IS NOT NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_default_port.yaml b/compliance/controls/baseline/aws/rds/aws_rds_default_port.yaml index 807dd9cf7..a08005dd5 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_default_port.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_default_port.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN endpoint_port = 3306 AND engine IN ('mysql', 'mariadb', 'aurora-mysql') OR diff --git a/compliance/controls/baseline/aws/rds/aws_rds_desired_instance_type.yaml b/compliance/controls/baseline/aws/rds/aws_rds_desired_instance_type.yaml index 3f5685c00..b3b1f2a8c 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_desired_instance_type.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_desired_instance_type.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN '{{.awsRdsInstanceDesiredClasses}}' LIKE '%' || class || '%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_encrypted_with_kms_customer_master_keys.yaml b/compliance/controls/baseline/aws/rds/aws_rds_encrypted_with_kms_customer_master_keys.yaml index 83e37c5fd..de17aeea9 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_encrypted_with_kms_customer_master_keys.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_encrypted_with_kms_customer_master_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN storage_encrypted = 'false' THEN 'alarm' WHEN k.arn IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_encryption_enabled.yaml b/compliance/controls/baseline/aws/rds/aws_rds_encryption_enabled.yaml index 366d6d6f8..eec079126 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_encryption_enabled.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_encryption_enabled.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN storage_encrypted THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_event_notifications.yaml b/compliance/controls/baseline/aws/rds/aws_rds_event_notifications.yaml index c9ddc6dfd..56b83bf64 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_event_notifications.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_event_notifications.yaml @@ -11,8 +11,8 @@ Query: PrimaryTable: aws_account QueryToExecute: | SELECT DISTINCT - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN s.arn IS NULL THEN 'alarm' ELSE 'ok' @@ -24,7 +24,7 @@ Query: a.account_id FROM aws_account a LEFT JOIN aws_rds_db_event_subscription s - ON s.og_account_id = a.og_account_id + ON s.platform_account_id = a.platform_account_id Severity: high Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/aws/rds/aws_rds_instance_counts.yaml b/compliance/controls/baseline/aws/rds/aws_rds_instance_counts.yaml index a3b1ed2b2..99c865fca 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_instance_counts.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_instance_counts.yaml @@ -10,8 +10,8 @@ Query: PrimaryTable: aws_rds_db_instance QueryToExecute: | SELECT - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, COUNT(*) AS RDS_Instances_Count, CASE WHEN COUNT(*) > 10 THEN 'alarm' @@ -25,8 +25,8 @@ Query: FROM aws_rds_db_instance GROUP BY - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, account_id; Severity: medium Tags: diff --git a/compliance/controls/baseline/aws/rds/aws_rds_multi_az.yaml b/compliance/controls/baseline/aws/rds/aws_rds_multi_az.yaml index 3068214b5..b9ca47d28 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_multi_az.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_multi_az.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN NOT multi_az THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_public_snapshots.yaml b/compliance/controls/baseline/aws/rds/aws_rds_public_snapshots.yaml index f22d1f8a8..3aae1fac4 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_public_snapshots.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_public_snapshots.yaml @@ -21,8 +21,8 @@ Query: ) SELECT s.db_snapshot_identifier AS resource, - s.og_account_id AS og_account_id, - s.og_resource_id AS og_resource_id, + s.platform_account_id AS platform_account_id, + s.platform_resource_id AS platform_resource_id, CASE WHEN rv.attrValues LIKE '%all%' THEN 'alarm' diff --git a/compliance/controls/baseline/aws/rds/aws_rds_publicly_accessible.yaml b/compliance/controls/baseline/aws/rds/aws_rds_publicly_accessible.yaml index 0f0375355..19d16c37b 100644 --- a/compliance/controls/baseline/aws/rds/aws_rds_publicly_accessible.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rds_publicly_accessible.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN publicly_accessible THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_rotate_ssltls_certificates_for_database_instances.yaml b/compliance/controls/baseline/aws/rds/aws_rotate_ssltls_certificates_for_database_instances.yaml index c1adf9839..2eae6f4e2 100644 --- a/compliance/controls/baseline/aws/rds/aws_rotate_ssltls_certificates_for_database_instances.yaml +++ b/compliance/controls/baseline/aws/rds/aws_rotate_ssltls_certificates_for_database_instances.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN ((c ->> 'ValidTill')::DATE - CURRENT_DATE)::INT < 15 THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/rds/aws_security_groups_events_subscriptions.yaml b/compliance/controls/baseline/aws/rds/aws_security_groups_events_subscriptions.yaml index f5039271e..72aac41c5 100644 --- a/compliance/controls/baseline/aws/rds/aws_security_groups_events_subscriptions.yaml +++ b/compliance/controls/baseline/aws/rds/aws_security_groups_events_subscriptions.yaml @@ -11,8 +11,8 @@ Query: PrimaryTable: aws_account QueryToExecute: | SELECT DISTINCT - a.og_account_id, - a.og_resource_id, + a.platform_account_id, + a.platform_resource_id, CASE WHEN s.arn IS NULL THEN 'alarm' ELSE 'ok' @@ -28,7 +28,7 @@ Query: SELECT * FROM aws_rds_db_event_subscription WHERE source_type = 'db-security-group' ) s - ON s.og_account_id = a.og_account_id + ON s.platform_account_id = a.platform_account_id Severity: high Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/aws/rds/aws_use_aws_backup_service_in_use_for_amazon_rds.yaml b/compliance/controls/baseline/aws/rds/aws_use_aws_backup_service_in_use_for_amazon_rds.yaml index ea7fa4331..a88c71b22 100644 --- a/compliance/controls/baseline/aws/rds/aws_use_aws_backup_service_in_use_for_amazon_rds.yaml +++ b/compliance/controls/baseline/aws/rds/aws_use_aws_backup_service_in_use_for_amazon_rds.yaml @@ -20,8 +20,8 @@ Query: ) SELECT r.db_instance_identifier AS resource, - og_account_id AS og_account_id, - og_resource_id AS og_resource_id, + platform_account_id AS platform_account_id, + platform_resource_id AS platform_resource_id, CASE WHEN b.db_instance_identifier IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/vpc/aws_managed_nat_gateway_in_use.yaml b/compliance/controls/baseline/aws/vpc/aws_managed_nat_gateway_in_use.yaml index bef24b0ce..c46b45e77 100644 --- a/compliance/controls/baseline/aws/vpc/aws_managed_nat_gateway_in_use.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_managed_nat_gateway_in_use.yaml @@ -17,8 +17,8 @@ Query: ) SELECT v.arn AS resource, - v.og_account_id, - v.og_resource_id, + v.platform_account_id, + v.platform_resource_id, CASE WHEN ng.arn IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/vpc/aws_unrestricted_inbound_traffic_on_remote_server_administration_ports.yaml b/compliance/controls/baseline/aws/vpc/aws_unrestricted_inbound_traffic_on_remote_server_administration_ports.yaml index 91fa41ff9..255e9155b 100644 --- a/compliance/controls/baseline/aws/vpc/aws_unrestricted_inbound_traffic_on_remote_server_administration_ports.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_unrestricted_inbound_traffic_on_remote_server_administration_ports.yaml @@ -45,8 +45,8 @@ Query: ) SELECT 'arn:' || acl.partition || ':ec2:' || acl.region || ':' || acl.account_id || ':network-acl/' || acl.network_acl_id AS resource, - acl.og_resource_id, - acl.og_account_id, + acl.platform_resource_id, + acl.platform_account_id, CASE WHEN bad_rules.network_acl_id IS NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_inbound_traffic.yaml b/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_inbound_traffic.yaml index 09f2bd7b7..6881ff99b 100644 --- a/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_inbound_traffic.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_inbound_traffic.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_outbound_traffic.yaml b/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_outbound_traffic.yaml index c5f1a2ccd..aea3f9226 100644 --- a/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_outbound_traffic.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_unrestricted_network_acl_outbound_traffic.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT arn AS resource, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_cross_account_access.yaml b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_cross_account_access.yaml index 545dc215c..442014845 100644 --- a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_cross_account_access.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_cross_account_access.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT vpc_endpoint_id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_exposed.yaml b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_exposed.yaml index 135c70044..2900e023f 100644 --- a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_exposed.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoint_exposed.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT arn AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN p ->> 'Principal' = '*' OR p ->> 'Principal' = '{"AWS": ["*"]}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoints_in_use.yaml b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoints_in_use.yaml index a3ad2c20b..218d39d76 100644 --- a/compliance/controls/baseline/aws/vpc/aws_vpc_endpoints_in_use.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_vpc_endpoints_in_use.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT v.vpc_id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN EXISTS ( SELECT 1 FROM aws_vpc_endpoint AS e WHERE e.vpc_id = v.vpc_id diff --git a/compliance/controls/baseline/aws/vpc/aws_vpc_flow_logs_enabled.yaml b/compliance/controls/baseline/aws/vpc/aws_vpc_flow_logs_enabled.yaml index 62268b625..a79c89119 100644 --- a/compliance/controls/baseline/aws/vpc/aws_vpc_flow_logs_enabled.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_vpc_flow_logs_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT DISTINCT arn AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN v.account_id <> v.owner_id THEN 'skip' WHEN f.resource_id IS NOT NULL THEN 'ok' diff --git a/compliance/controls/baseline/aws/vpc/aws_vpc_peering_connections_to_accounts_outside_aws_organization.yaml b/compliance/controls/baseline/aws/vpc/aws_vpc_peering_connections_to_accounts_outside_aws_organization.yaml index 126152826..a3adb9e46 100644 --- a/compliance/controls/baseline/aws/vpc/aws_vpc_peering_connections_to_accounts_outside_aws_organization.yaml +++ b/compliance/controls/baseline/aws/vpc/aws_vpc_peering_connections_to_accounts_outside_aws_organization.yaml @@ -13,7 +13,7 @@ Query: QueryToExecute: | WITH account_org AS ( SELECT - og_account_id, + platform_account_id, organization_id FROM aws_account @@ -23,13 +23,13 @@ Query: ao.organization_id AS org FROM aws_vpc AS vpc - LEFT JOIN account_org AS ao ON ao.og_account_id = vpc.og_account_id + LEFT JOIN account_org AS ao ON ao.platform_account_id = vpc.platform_account_id ) SELECT c.id AS resource, - og_resource_id, - og_account_id, + platform_resource_id, + platform_account_id, CASE WHEN accepter_org.org = requester_org.org THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_app_tier_customer_managed_key_in_use.yaml b/compliance/controls/baseline/azure/KeyVault/azure_app_tier_customer_managed_key_in_use.yaml index 0c1cb830e..abc33594c 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_app_tier_customer_managed_key_in_use.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_app_tier_customer_managed_key_in_use.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT display_name AS resource, - sub.og_resource_id, - sub.og_account_id, + sub.platform_resource_id, + sub.platform_account_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_allowed_certificate_key_types.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_allowed_certificate_key_types.yaml index cf6fdb133..776ac0f8d 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_allowed_certificate_key_types.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_allowed_certificate_key_types.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT name AS resource, - k.og_resource_id, - k.og_account_id, + k.platform_resource_id, + k.platform_account_id, CASE WHEN '{{.azureAllowedKeyTypes}}' ILIKE '%' || k.key_type || '%' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_keys_expiration_date.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_keys_expiration_date.yaml index d021379d6..47226f92e 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_keys_expiration_date.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_keys_expiration_date.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT name AS resource, - k.og_resource_id, - k.og_account_id, + k.platform_resource_id, + k.platform_account_id, CASE WHEN expires_at IS NULL THEN 'skip' WHEN '{{.azureKeyVaultKeyExpirationDateDays}}' = '' THEN diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_secrets_expiration_date.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_secrets_expiration_date.yaml index 59e88f82c..f230e3671 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_secrets_expiration_date.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_azure_key_vault_secrets_expiration_date.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT s.name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN NOW() + '{{.azureCmkSecretExpireDays}} days'::interval < expires_at THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_certificate_minimum_key_size.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_certificate_minimum_key_size.yaml index 84b48b308..bab78c433 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_certificate_minimum_key_size.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_certificate_minimum_key_size.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT k.name AS resource, - k.og_resource_id, - k.og_account_id, + k.platform_resource_id, + k.platform_account_id, CASE WHEN NOT (key_type = 'RSA') THEN 'skip' WHEN key_size::INT < '{{.azureRsaCertificateMinSize}}'::INT THEN 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_key_vault_full_administrator_permissions.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_key_vault_full_administrator_permissions.yaml index 26baf3ca4..12a72355c 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_key_vault_full_administrator_permissions.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_key_vault_full_administrator_permissions.yaml @@ -22,8 +22,8 @@ Query: SELECT v.name AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/azure/KeyVault/azure_check_for_sufficient_certificate_auto_renewal_period.yaml b/compliance/controls/baseline/azure/KeyVault/azure_check_for_sufficient_certificate_auto_renewal_period.yaml index 76b814ae4..538c20258 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_check_for_sufficient_certificate_auto_renewal_period.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_check_for_sufficient_certificate_auto_renewal_period.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN (la -> 'Trigger' ->> 'DaysBeforeExpiry')::int < '{{.azureSufficientDaysBeforeCertificateExpiry}}'::int THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_database_tier_customer_managed_key_in_use.yaml b/compliance/controls/baseline/azure/KeyVault/azure_database_tier_customer_managed_key_in_use.yaml index 4843b3992..f96f23a04 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_database_tier_customer_managed_key_in_use.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_database_tier_customer_managed_key_in_use.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT display_name AS resource, - sub.og_resource_id, - sub.og_account_id, + sub.platform_resource_id, + sub.platform_account_id, CASE WHEN EXISTS( SELECT 1 FROM azure_key_vault_key AS k diff --git a/compliance/controls/baseline/azure/KeyVault/azure_enable_auditevent_logging_for_azure_key_vaults.yaml b/compliance/controls/baseline/azure/KeyVault/azure_enable_auditevent_logging_for_azure_key_vaults.yaml index 4c10042ed..1fe078844 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_enable_auditevent_logging_for_azure_key_vaults.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_enable_auditevent_logging_for_azure_key_vaults.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/azure/KeyVault/azure_enable_certificate_transparency.yaml b/compliance/controls/baseline/azure/KeyVault/azure_enable_certificate_transparency.yaml index 10b669f67..697a67af0 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_enable_certificate_transparency.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_enable_certificate_transparency.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN c.issuer_parameters ->> 'CertificateTransparency' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_enable_key_vault_recoverability.yaml b/compliance/controls/baseline/azure/KeyVault/azure_enable_key_vault_recoverability.yaml index 4e9c2d07c..92883cb9d 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_enable_key_vault_recoverability.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_enable_key_vault_recoverability.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN soft_delete_enabled AND purge_protection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_enable_ssl_certificate_auto_renewal.yaml b/compliance/controls/baseline/azure/KeyVault/azure_enable_ssl_certificate_auto_renewal.yaml index 8ae4e61bb..acf3ebee0 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_enable_ssl_certificate_auto_renewal.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_enable_ssl_certificate_auto_renewal.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.id AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN la -> 'Action' ->> 'ActionType' = 'EmailContacts' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_enable_trusted_microsoft_services_for_key_vault_access.yaml b/compliance/controls/baseline/azure/KeyVault/azure_enable_trusted_microsoft_services_for_key_vault_access.yaml index aefa91c0e..aabfa8f00 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_enable_trusted_microsoft_services_for_key_vault_access.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_enable_trusted_microsoft_services_for_key_vault_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN network_acls IS NULL THEN 'alarm' WHEN network_acls ->> 'bypass' = 'None' THEN 'alarm' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_restrict_default_network_access_for_azure_key_vaults.yaml b/compliance/controls/baseline/azure/KeyVault/azure_restrict_default_network_access_for_azure_key_vaults.yaml index 51fe60f24..c1a004110 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_restrict_default_network_access_for_azure_key_vaults.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_restrict_default_network_access_for_azure_key_vaults.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE WHEN network_acls IS NULL OR network_acls ->> 'defaultAction' = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_set_azure_secret_key_expiration.yaml b/compliance/controls/baseline/azure/KeyVault/azure_set_azure_secret_key_expiration.yaml index 860dcf359..0992bdce7 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_set_azure_secret_key_expiration.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_set_azure_secret_key_expiration.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_set_encryption_key_expiration.yaml b/compliance/controls/baseline/azure/KeyVault/azure_set_encryption_key_expiration.yaml index 100e2058e..ca5f17f5d 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_set_encryption_key_expiration.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_set_encryption_key_expiration.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT k.name AS resource, - k.og_resource_id, - k.og_account_id, + k.platform_resource_id, + k.platform_account_id, CASE WHEN expires_at IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/KeyVault/azure_web_tier_customer_managed_key_in_use.yaml b/compliance/controls/baseline/azure/KeyVault/azure_web_tier_customer_managed_key_in_use.yaml index b3126f1c5..d49f62371 100644 --- a/compliance/controls/baseline/azure/KeyVault/azure_web_tier_customer_managed_key_in_use.yaml +++ b/compliance/controls/baseline/azure/KeyVault/azure_web_tier_customer_managed_key_in_use.yaml @@ -26,8 +26,8 @@ Query: SELECT sub.display_name AS resource, - sub.og_resource_id, - sub.og_account_id, + sub.platform_resource_id, + sub.platform_account_id, CASE WHEN wtk.name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_check_for_kubernetes_version.yaml b/compliance/controls/baseline/azure/aks/azure_check_for_kubernetes_version.yaml index b1177649c..512584e67 100644 --- a/compliance/controls/baseline/azure/aks/azure_check_for_kubernetes_version.yaml +++ b/compliance/controls/baseline/azure/aks/azure_check_for_kubernetes_version.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN kubernetes_version < '{{.azureAksLatestVersion}}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_enable_defender_for_cloud_for_aks_clusters.yaml b/compliance/controls/baseline/azure/aks/azure_enable_defender_for_cloud_for_aks_clusters.yaml index 9df742f31..2fe320d52 100644 --- a/compliance/controls/baseline/azure/aks/azure_enable_defender_for_cloud_for_aks_clusters.yaml +++ b/compliance/controls/baseline/azure/aks/azure_enable_defender_for_cloud_for_aks_clusters.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN (addon_profiles -> 'omsagent' ->> 'enabled')::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/aks/azure_enable_kubernetes_role_based_access_control.yaml b/compliance/controls/baseline/azure/aks/azure_enable_kubernetes_role_based_access_control.yaml index 06c617633..c207eacf7 100644 --- a/compliance/controls/baseline/azure/aks/azure_enable_kubernetes_role_based_access_control.yaml +++ b/compliance/controls/baseline/azure/aks/azure_enable_kubernetes_role_based_access_control.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, kubernetes_version, CASE WHEN enable_rbac THEN 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_kubernetes_api_version.yaml b/compliance/controls/baseline/azure/aks/azure_kubernetes_api_version.yaml index 7e657b831..11a93a0d6 100644 --- a/compliance/controls/baseline/azure/aks/azure_kubernetes_api_version.yaml +++ b/compliance/controls/baseline/azure/aks/azure_kubernetes_api_version.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN kubernetes_version < '{{.azureKubernetesLatestVersion}}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_secure_access_to_kubernetes_api_server_using_authorized_ip_address_ranges.yaml b/compliance/controls/baseline/azure/aks/azure_secure_access_to_kubernetes_api_server_using_authorized_ip_address_ranges.yaml index 2335d050e..448adbeee 100644 --- a/compliance/controls/baseline/azure/aks/azure_secure_access_to_kubernetes_api_server_using_authorized_ip_address_ranges.yaml +++ b/compliance/controls/baseline/azure/aks/azure_secure_access_to_kubernetes_api_server_using_authorized_ip_address_ranges.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, kubernetes_version, CASE WHEN api_server_access_profile IS NULL THEN 'alarm' diff --git a/compliance/controls/baseline/azure/aks/azure_use_azure_cni_add_on_for_managing_network_resources.yaml b/compliance/controls/baseline/azure/aks/azure_use_azure_cni_add_on_for_managing_network_resources.yaml index 303a7c660..86bd06d93 100644 --- a/compliance/controls/baseline/azure/aks/azure_use_azure_cni_add_on_for_managing_network_resources.yaml +++ b/compliance/controls/baseline/azure/aks/azure_use_azure_cni_add_on_for_managing_network_resources.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kc.id AS resource, - kc.og_account_id, - kc.og_resource_id, + kc.platform_account_id, + kc.platform_resource_id, CASE WHEN network_profile ->> 'networkPlugin' = 'kubenet' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_use_microsoft_entra_id_integration_for_aks_clusters.yaml b/compliance/controls/baseline/azure/aks/azure_use_microsoft_entra_id_integration_for_aks_clusters.yaml index e1f1ab2ac..87d235bc3 100644 --- a/compliance/controls/baseline/azure/aks/azure_use_microsoft_entra_id_integration_for_aks_clusters.yaml +++ b/compliance/controls/baseline/azure/aks/azure_use_microsoft_entra_id_integration_for_aks_clusters.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT kc.id AS resource, - kc.og_account_id, - kc.og_resource_id, + kc.platform_account_id, + kc.platform_resource_id, CASE WHEN network_profile ->> 'networkPlugin' = 'kubenet' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/aks/azure_use_network_contributor_role_for_managing_azure_network_resources.yaml b/compliance/controls/baseline/azure/aks/azure_use_network_contributor_role_for_managing_azure_network_resources.yaml index d46616864..76d8b988b 100644 --- a/compliance/controls/baseline/azure/aks/azure_use_network_contributor_role_for_managing_azure_network_resources.yaml +++ b/compliance/controls/baseline/azure/aks/azure_use_network_contributor_role_for_managing_azure_network_resources.yaml @@ -26,8 +26,8 @@ Query: SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN rd.roles::text ILIKE '%Network Contributor%' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/aks/azure_use_system_assigned_managed_identities_for_aks_clusters.yaml b/compliance/controls/baseline/azure/aks/azure_use_system_assigned_managed_identities_for_aks_clusters.yaml index c24113a23..66688b801 100644 --- a/compliance/controls/baseline/azure/aks/azure_use_system_assigned_managed_identities_for_aks_clusters.yaml +++ b/compliance/controls/baseline/azure/aks/azure_use_system_assigned_managed_identities_for_aks_clusters.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, kubernetes_version, CASE WHEN identity ->> 'type' = 'UserAssigned' THEN 'alarm' diff --git a/compliance/controls/baseline/azure/aks/azure_use_user_assigned_managed_identities_for_aks_clusters.yaml b/compliance/controls/baseline/azure/aks/azure_use_user_assigned_managed_identities_for_aks_clusters.yaml index f61f3a6d5..69d20bac9 100644 --- a/compliance/controls/baseline/azure/aks/azure_use_user_assigned_managed_identities_for_aks_clusters.yaml +++ b/compliance/controls/baseline/azure/aks/azure_use_user_assigned_managed_identities_for_aks_clusters.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT c.name AS resource, - c.og_resource_id, - c.og_account_id, + c.platform_resource_id, + c.platform_account_id, CASE WHEN identity ->> 'type' = 'SystemAssigned' AND identity ->> 'userAssignedIdentities' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/app_services/azure_disable_plain_ftp_deployment.yaml b/compliance/controls/baseline/azure/app_services/azure_disable_plain_ftp_deployment.yaml index 0c8fa7a63..0f131438d 100644 --- a/compliance/controls/baseline/azure/app_services/azure_disable_plain_ftp_deployment.yaml +++ b/compliance/controls/baseline/azure/app_services/azure_disable_plain_ftp_deployment.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT wa.name AS resource, - wa.og_resource_id, - wa.og_account_id, + wa.platform_resource_id, + wa.platform_account_id, CASE WHEN configuration -> 'properties' ->> 'ftpsState' = 'AllAllowed' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/cosmosdb/azure_enable_automatic_failover.yaml b/compliance/controls/baseline/azure/cosmosdb/azure_enable_automatic_failover.yaml index 6afc4ab14..f5656e2c1 100644 --- a/compliance/controls/baseline/azure/cosmosdb/azure_enable_automatic_failover.yaml +++ b/compliance/controls/baseline/azure/cosmosdb/azure_enable_automatic_failover.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN enable_automatic_failover = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/monitor/azure_monitor_log_all_activities.yaml b/compliance/controls/baseline/azure/monitor/azure_monitor_log_all_activities.yaml index a406a4962..21966b2b6 100644 --- a/compliance/controls/baseline/azure/monitor/azure_monitor_log_all_activities.yaml +++ b/compliance/controls/baseline/azure/monitor/azure_monitor_log_all_activities.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT p.id AS resource, - p.og_resource_id, - p.og_account_id, + p.platform_resource_id, + p.platform_account_id, CASE WHEN p.categories @> '["Write", "Delete", "Action"]' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mongodb_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mongodb_access.yaml index 1fe121571..726caa4a0 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mongodb_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mongodb_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mssql_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mssql_access.yaml index 0e17779ef..189105515 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mssql_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mssql_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mysql_database_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mysql_database_access.yaml index 53aa735df..10c23990d 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mysql_database_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_mysql_database_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') OR diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_netbios_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_netbios_access.yaml index 6782e7aa3..003689acb 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_netbios_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_netbios_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_oracle_database_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_oracle_database_access.yaml index aa910f6c4..ee049dfec 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_oracle_database_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_oracle_database_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') OR diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_postgresql_database_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_postgresql_database_access.yaml index 4223cfbc2..c575d9228 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_postgresql_database_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_postgresql_database_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rdp_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rdp_access.yaml index 8e0c2b846..7f5ae8145 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rdp_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rdp_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rpc_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rpc_access.yaml index 0f1cc7dee..d3810d15c 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rpc_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_rpc_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_smtp_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_smtp_access.yaml index e73244aef..15d3706b2 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_smtp_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_smtp_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') OR diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_ssh_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_ssh_access.yaml index 4084e1795..fda4804d1 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_ssh_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_ssh_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') OR diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_telnet_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_telnet_access.yaml index 0f7d95bbe..02ae5ac6a 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_telnet_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_telnet_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_udp_access.yaml b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_udp_access.yaml index 988e5f2cd..3075597c9 100644 --- a/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_udp_access.yaml +++ b/compliance/controls/baseline/azure/network/azure_check_for_unrestricted_udp_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sg.id AS resource, - sg.og_account_id, - sg.og_resource_id, + sg.platform_account_id, + sg.platform_resource_id, CASE WHEN (sr -> 'properties' ->> 'sourceAddressPrefix' = '*') OR (sr -> 'properties' ->> 'sourceAddressPrefix' = 'any') diff --git a/compliance/controls/baseline/azure/network/azure_enable_azure_network_watcher.yaml b/compliance/controls/baseline/azure/network/azure_enable_azure_network_watcher.yaml index cb64958ec..5d859325a 100644 --- a/compliance/controls/baseline/azure/network/azure_enable_azure_network_watcher.yaml +++ b/compliance/controls/baseline/azure/network/azure_enable_azure_network_watcher.yaml @@ -22,8 +22,8 @@ Query: SELECT sub.id AS resource, - sub.og_account_id, - sub.og_resource_id, + sub.platform_account_id, + sub.platform_resource_id, CASE WHEN nw.regions @> ARRAY[ 'eastus', 'eastus2', 'southcentralus', 'westus2', 'westus3', diff --git a/compliance/controls/baseline/azure/network/azure_enable_ddos_standard_protection_for_virtual_networks.yaml b/compliance/controls/baseline/azure/network/azure_enable_ddos_standard_protection_for_virtual_networks.yaml index 269cccf67..967ea2c01 100644 --- a/compliance/controls/baseline/azure/network/azure_enable_ddos_standard_protection_for_virtual_networks.yaml +++ b/compliance/controls/baseline/azure/network/azure_enable_ddos_standard_protection_for_virtual_networks.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vn.id AS resource, - vn.og_account_id, - vn.og_resource_id, + vn.platform_account_id, + vn.platform_resource_id, CASE WHEN enable_ddos_protection = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/network/azure_review_network_interfaces_with_ip_forwarding_enabled.yaml b/compliance/controls/baseline/azure/network/azure_review_network_interfaces_with_ip_forwarding_enabled.yaml index 3924bfff0..8a44cc1f1 100644 --- a/compliance/controls/baseline/azure/network/azure_review_network_interfaces_with_ip_forwarding_enabled.yaml +++ b/compliance/controls/baseline/azure/network/azure_review_network_interfaces_with_ip_forwarding_enabled.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT ni.id AS resource, - ni.og_account_id, - ni.og_resource_id, + ni.platform_account_id, + ni.platform_resource_id, CASE WHEN enable_ip_forwarding = 'true' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_alert_for_job_failures_enabled.yaml b/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_alert_for_job_failures_enabled.yaml index c2f6ef490..c18d03511 100644 --- a/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_alert_for_job_failures_enabled.yaml +++ b/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_alert_for_job_failures_enabled.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT v.id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE - WHEN v.og_description -> 'Vault' -> 'Properties' -> 'MonitoringSettings' -> 'AzureMonitorAlertSettings' ->> 'AlertsForAllJobFailures' = 'Enabled' THEN 'ok' + WHEN v.platform_resource_description -> 'Vault' -> 'Properties' -> 'MonitoringSettings' -> 'AzureMonitorAlertSettings' ->> 'AlertsForAllJobFailures' = 'Enabled' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN v.og_description -> 'Vault' -> 'Properties' -> 'MonitoringSettings' -> 'AzureMonitorAlertSettings' ->> 'AlertsForAllJobFailures' = 'Enabled' THEN v.name || ' alert for job failures is enabled.' + WHEN v.platform_resource_description -> 'Vault' -> 'Properties' -> 'MonitoringSettings' -> 'AzureMonitorAlertSettings' ->> 'AlertsForAllJobFailures' = 'Enabled' THEN v.name || ' alert for job failures is enabled.' ELSE v.name || ' alert for job failures is not enabled.' END AS reason, v.resource_group AS resource_group, diff --git a/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_not_publicly_accessible_and_not_encrypted.yaml b/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_not_publicly_accessible_and_not_encrypted.yaml index 9d12f5ead..71f588ece 100644 --- a/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_not_publicly_accessible_and_not_encrypted.yaml +++ b/compliance/controls/baseline/azure/recovery_service/azure_recovery_service_vault_not_publicly_accessible_and_not_encrypted.yaml @@ -12,17 +12,17 @@ Query: QueryToExecute: | SELECT v.id AS resource, - v.og_resource_id, - v.og_account_id, + v.platform_resource_id, + v.platform_account_id, CASE - WHEN v.og_description -> 'Vault' -> 'Properties' ->> 'Encryption' IS NULL - AND v.og_description -> 'Vault' -> 'Properties' ->> 'PublicNetworkAccess' = 'Enabled' + WHEN v.platform_resource_description -> 'Vault' -> 'Properties' ->> 'Encryption' IS NULL + AND v.platform_resource_description -> 'Vault' -> 'Properties' ->> 'PublicNetworkAccess' = 'Enabled' THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN v.og_description -> 'Vault' -> 'Properties' ->> 'Encryption' IS NULL - AND v.og_description -> 'Vault' -> 'Properties' ->> 'PublicNetworkAccess' = 'Enabled' + WHEN v.platform_resource_description -> 'Vault' -> 'Properties' ->> 'Encryption' IS NULL + AND v.platform_resource_description -> 'Vault' -> 'Properties' ->> 'PublicNetworkAccess' = 'Enabled' THEN v.name || ' is not encrypted and publicly accessible.' ELSE v.name || ' is not publicly accessible.' END AS reason, diff --git a/compliance/controls/baseline/azure/sql/azure_advanced_data_security_for_sql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_advanced_data_security_for_sql_servers.yaml index c66ae56fa..103dd11ec 100644 --- a/compliance/controls/baseline/azure/sql/azure_advanced_data_security_for_sql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_advanced_data_security_for_sql_servers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN security -> 'properties' ->> 'state' = 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_check_for_publicly_accessible_sql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_check_for_publicly_accessible_sql_servers.yaml index 35c6cdc75..c58575d47 100644 --- a/compliance/controls/baseline/azure/sql/azure_check_for_publicly_accessible_sql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_check_for_publicly_accessible_sql_servers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN public_network_access != 'Disabled' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period.yaml b/compliance/controls/baseline/azure/sql/azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period.yaml index a340cef1b..4e26167ac 100644 --- a/compliance/controls/baseline/azure/sql/azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period.yaml +++ b/compliance/controls/baseline/azure/sql/azure_check_for_sufficient_point_in_time_restore_pitr_backup_retention_period.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN (p -> 'properties' ->> 'retentionDays')::int < '{{.azureDatabaseServerRetentionPeriodDays}}'::int THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_check_for_unrestricted_sql_database_access.yaml b/compliance/controls/baseline/azure/sql/azure_check_for_unrestricted_sql_database_access.yaml index a9d4330eb..ffa8595a7 100644 --- a/compliance/controls/baseline/azure/sql/azure_check_for_unrestricted_sql_database_access.yaml +++ b/compliance/controls/baseline/azure/sql/azure_check_for_unrestricted_sql_database_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN s.public_network_access = 'Enabled' AND (r -> 'properties' ->> 'startIpAddress' = '0.0.0.0') THEN 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_configure_audit_action_group_for_sql_server_auditing.yaml b/compliance/controls/baseline/azure/sql/azure_configure_audit_action_group_for_sql_server_auditing.yaml index b1dc0e01d..99ee2208b 100644 --- a/compliance/controls/baseline/azure/sql/azure_configure_audit_action_group_for_sql_server_auditing.yaml +++ b/compliance/controls/baseline/azure/sql/azure_configure_audit_action_group_for_sql_server_auditing.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN ( SELECT ARRAY_AGG(g) diff --git a/compliance/controls/baseline/azure/sql/azure_configure_emails_for_vulnerability_assessment_scan_reports_and_alerts.yaml b/compliance/controls/baseline/azure/sql/azure_configure_emails_for_vulnerability_assessment_scan_reports_and_alerts.yaml index f3e0bcf18..d808b73e0 100644 --- a/compliance/controls/baseline/azure/sql/azure_configure_emails_for_vulnerability_assessment_scan_reports_and_alerts.yaml +++ b/compliance/controls/baseline/azure/sql/azure_configure_emails_for_vulnerability_assessment_scan_reports_and_alerts.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN vs -> 'properties' -> 'recurringScans' ->> 'emails' IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_all_types_of_threat_detection_on_sql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_enable_all_types_of_threat_detection_on_sql_servers.yaml index b013c967d..60f2c434c 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_all_types_of_threat_detection_on_sql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_all_types_of_threat_detection_on_sql_servers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN alert_length = 1 AND disabled_alerts = '' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_auditing_for_sql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_enable_auditing_for_sql_servers.yaml index 19da5fd60..0574e1330 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_auditing_for_sql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_auditing_for_sql_servers.yaml @@ -18,8 +18,8 @@ Query: ) SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN a.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_auto_failover_groups.yaml b/compliance/controls/baseline/azure/sql/azure_enable_auto_failover_groups.yaml index a98b220ef..1f075d310 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_auto_failover_groups.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_auto_failover_groups.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN failover_groups IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_automatic_tuning_for_sql_database_servers.yaml b/compliance/controls/baseline/azure/sql/azure_enable_automatic_tuning_for_sql_database_servers.yaml index 2c737de8b..db1bc0bb2 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_automatic_tuning_for_sql_database_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_automatic_tuning_for_sql_database_servers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN s.automatic_tuning -> 'properties' -> 'options' -> 'forceLastGoodPlan' ->> 'actualState' = 'On' OR s.automatic_tuning -> 'properties' -> 'options' -> 'dropIndex' ->> 'actualState' = 'On' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_in_transit_encryption_for_mysql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_enable_in_transit_encryption_for_mysql_servers.yaml index fabe4d6ad..ef002b86b 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_in_transit_encryption_for_mysql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_in_transit_encryption_for_mysql_servers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN ssl_enforcement = 'Enabled' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_transparent_data_encryption_for_sql_managed_instance_using_customer_managed_keys.yaml b/compliance/controls/baseline/azure/sql/azure_enable_transparent_data_encryption_for_sql_managed_instance_using_customer_managed_keys.yaml index 1548b1e3e..da07bd167 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_transparent_data_encryption_for_sql_managed_instance_using_customer_managed_keys.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_transparent_data_encryption_for_sql_managed_instance_using_customer_managed_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT s.id AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN encryption ->> 'kind' = 'servicemanaged' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_email_notifications_for_admins_and_subscription_owners.yaml b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_email_notifications_for_admins_and_subscription_owners.yaml index 248321e25..79d3a585a 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_email_notifications_for_admins_and_subscription_owners.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_email_notifications_for_admins_and_subscription_owners.yaml @@ -21,8 +21,8 @@ Query: ) SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN v.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_for_microsoft_sql_servers.yaml b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_for_microsoft_sql_servers.yaml index df582a024..c47e00c52 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_for_microsoft_sql_servers.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_for_microsoft_sql_servers.yaml @@ -21,8 +21,8 @@ Query: ) SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN v.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_periodic_recurring_scans.yaml b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_periodic_recurring_scans.yaml index 73914e47d..ad5f4185d 100644 --- a/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_periodic_recurring_scans.yaml +++ b/compliance/controls/baseline/azure/sql/azure_enable_vulnerability_assessment_periodic_recurring_scans.yaml @@ -21,8 +21,8 @@ Query: ) SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN v.id IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_restrict_default_network_access_for_azure_cosmos_db_accounts.yaml b/compliance/controls/baseline/azure/sql/azure_restrict_default_network_access_for_azure_cosmos_db_accounts.yaml index 392f267ad..f8a755174 100644 --- a/compliance/controls/baseline/azure/sql/azure_restrict_default_network_access_for_azure_cosmos_db_accounts.yaml +++ b/compliance/controls/baseline/azure/sql/azure_restrict_default_network_access_for_azure_cosmos_db_accounts.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN NOT is_virtual_network_filter_enabled AND ip_rules IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_sql_auditing_retention.yaml b/compliance/controls/baseline/azure/sql/azure_sql_auditing_retention.yaml index b0ef6ea1c..f545a0779 100644 --- a/compliance/controls/baseline/azure/sql/azure_sql_auditing_retention.yaml +++ b/compliance/controls/baseline/azure/sql/azure_sql_auditing_retention.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN (ap -> 'properties' ->> 'retentionDays')::INT = 0 THEN 'ok' WHEN (ap -> 'properties' ->> 'retentionDays')::INT >= 90 THEN 'ok' diff --git a/compliance/controls/baseline/azure/sql/azure_use_byok_for_transparent_data_encryption.yaml b/compliance/controls/baseline/azure/sql/azure_use_byok_for_transparent_data_encryption.yaml index afc964a4b..a1c5d8b23 100644 --- a/compliance/controls/baseline/azure/sql/azure_use_byok_for_transparent_data_encryption.yaml +++ b/compliance/controls/baseline/azure/sql/azure_use_byok_for_transparent_data_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, encryption ->> 'kind', CASE WHEN (encryption ->> 'kind') = 'servicemanaged' THEN 'alarm' diff --git a/compliance/controls/baseline/azure/sql/azure_use_microsoft_entra_admin_for_sql_authentication.yaml b/compliance/controls/baseline/azure/sql/azure_use_microsoft_entra_admin_for_sql_authentication.yaml index 8fc1842b4..59ea57e91 100644 --- a/compliance/controls/baseline/azure/sql/azure_use_microsoft_entra_admin_for_sql_authentication.yaml +++ b/compliance/controls/baseline/azure/sql/azure_use_microsoft_entra_admin_for_sql_authentication.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN server_azure_ad_administrator IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_check_for_publicly_accessible_web_containers.yaml b/compliance/controls/baseline/azure/storage_account/azure_check_for_publicly_accessible_web_containers.yaml index 7bc58dc3c..a6658f8c3 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_check_for_publicly_accessible_web_containers.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_check_for_publicly_accessible_web_containers.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT container.id AS resource, - container.og_resource_id, - container.og_account_id, + container.platform_resource_id, + container.platform_account_id, CASE WHEN NOT account.allow_blob_public_access AND container.public_access = 'None' THEN 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_check_for_sufficient_soft_deleted_data_retention_period.yaml b/compliance/controls/baseline/azure/storage_account/azure_check_for_sufficient_soft_deleted_data_retention_period.yaml index 916d9ad04..70b00a4ed 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_check_for_sufficient_soft_deleted_data_retention_period.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_check_for_sufficient_soft_deleted_data_retention_period.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN blob_soft_delete_retention_days IS NULL THEN 'alarm' WHEN blob_soft_delete_retention_days <> '{{.azureStorageBlobSoftDeleteSufficientDays}}'::int THEN 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_configure_minimum_tls_version.yaml b/compliance/controls/baseline/azure/storage_account/azure_configure_minimum_tls_version.yaml index a00de91a9..f89bb4b7d 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_configure_minimum_tls_version.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_configure_minimum_tls_version.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN minimum_tls_version = '{{.azureLatestTlsVersion}}' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_disable_anonymous_access_to_blob_containers.yaml b/compliance/controls/baseline/azure/storage_account/azure_disable_anonymous_access_to_blob_containers.yaml index 42a23ba38..73f859b13 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_disable_anonymous_access_to_blob_containers.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_disable_anonymous_access_to_blob_containers.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN c.public_access IS NULL THEN 'skip' WHEN c.public_access = 'container' THEN 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_disable_public_access_to_storage_accounts_with_blob_containers.yaml b/compliance/controls/baseline/azure/storage_account/azure_disable_public_access_to_storage_accounts_with_blob_containers.yaml index 38c09e8e8..d32b2e9d7 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_disable_public_access_to_storage_accounts_with_blob_containers.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_disable_public_access_to_storage_accounts_with_blob_containers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN allow_blob_public_access THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_blob_storage_lifecycle_management.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_blob_storage_lifecycle_management.yaml index 3255089ed..23eb70a9d 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_blob_storage_lifecycle_management.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_blob_storage_lifecycle_management.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN lifecycle_management_policy = '{}' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_immutable_blob_storage.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_immutable_blob_storage.yaml index c72ef94e1..eee56b54d 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_immutable_blob_storage.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_immutable_blob_storage.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sc.id AS resource, - sc.og_account_id, - sc.og_resource_id, + sc.platform_account_id, + sc.platform_resource_id, CASE WHEN has_immutability_policy = 'false' AND has_legal_hold = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_infrastructure_encryption.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_infrastructure_encryption.yaml index a4fb0f302..9eee672bd 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_infrastructure_encryption.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_infrastructure_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN require_infrastructure_encryption IS NULL OR require_infrastructure_encryption = 'false' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_blob_service.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_blob_service.yaml index f7386a72f..5da821256 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_blob_service.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_blob_service.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN (blob_service_logging ->> 'Read' = 'false' AND blob_service_logging ->> 'Write' = 'false' AND diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_queue_service.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_queue_service.yaml index 4d706f795..92d2e4d63 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_queue_service.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_queue_service.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN (queue_logging_read = 'false' AND queue_logging_write = 'false' AND queue_logging_delete = 'false') THEN 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_table_service.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_table_service.yaml index 30f068523..884e0536a 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_table_service.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_logging_for_azure_storage_table_service.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN (table_logging_read = 'false' AND table_logging_write = 'false' AND table_logging_delete = 'false') THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_secure_transfer_in_azure_storage.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_secure_transfer_in_azure_storage.yaml index ae3b9d49a..6b3be4d15 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_secure_transfer_in_azure_storage.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_secure_transfer_in_azure_storage.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN enable_https_traffic_only = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_soft_delete_for_azure_blob_storage.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_soft_delete_for_azure_blob_storage.yaml index cfd966ae6..ef6ec9cbb 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_soft_delete_for_azure_blob_storage.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_soft_delete_for_azure_blob_storage.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN blob_container_soft_delete_enabled = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_enable_trusted_microsoft_services_for_storage_account_access.yaml b/compliance/controls/baseline/azure/storage_account/azure_enable_trusted_microsoft_services_for_storage_account_access.yaml index eec2a5993..fb83b85b0 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_enable_trusted_microsoft_services_for_storage_account_access.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_enable_trusted_microsoft_services_for_storage_account_access.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN network_rule_bypass = 'None' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_limit_storage_account_access_by_ip_address.yaml b/compliance/controls/baseline/azure/storage_account/azure_limit_storage_account_access_by_ip_address.yaml index 0df490735..8c0953c4c 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_limit_storage_account_access_by_ip_address.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_limit_storage_account_access_by_ip_address.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT name AS resource, - s.og_resource_id, - s.og_account_id, + s.platform_resource_id, + s.platform_account_id, CASE WHEN network_ip_rules IS NULL THEN 'skip' WHEN EXISTS ( diff --git a/compliance/controls/baseline/azure/storage_account/azure_private_endpoint_in_use.yaml b/compliance/controls/baseline/azure/storage_account/azure_private_endpoint_in_use.yaml index dd5348254..7aa3e8e31 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_private_endpoint_in_use.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_private_endpoint_in_use.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN a.private_endpoint_connections IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_restrict_default_network_access_for_storage_accounts.yaml b/compliance/controls/baseline/azure/storage_account/azure_restrict_default_network_access_for_storage_accounts.yaml index 598e6d559..2d9b7d12e 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_restrict_default_network_access_for_storage_accounts.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_restrict_default_network_access_for_storage_accounts.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN network_rule_default_action = 'Allow' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/storage_account/azure_storage_account_encryption_using_customer_managed_keys.yaml b/compliance/controls/baseline/azure/storage_account/azure_storage_account_encryption_using_customer_managed_keys.yaml index 8f6915b97..9f57e1046 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_storage_account_encryption_using_customer_managed_keys.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_storage_account_encryption_using_customer_managed_keys.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT a.name AS resource, - a.og_resource_id, - a.og_account_id, + a.platform_resource_id, + a.platform_account_id, CASE WHEN encryption_key_source = 'Microsoft.Keyvault' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/storage_account/azure_use_byok_for_storage_account_encryption.yaml b/compliance/controls/baseline/azure/storage_account/azure_use_byok_for_storage_account_encryption.yaml index 73ae90700..68a40b312 100644 --- a/compliance/controls/baseline/azure/storage_account/azure_use_byok_for_storage_account_encryption.yaml +++ b/compliance/controls/baseline/azure/storage_account/azure_use_byok_for_storage_account_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT sa.id AS resource, - sa.og_account_id, - sa.og_resource_id, + sa.platform_account_id, + sa.platform_resource_id, CASE WHEN encryption_key_vault_properties_key_name IS NOT NULL THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_approved_azure_machine_image_in_use.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_approved_azure_machine_image_in_use.yaml index ae59d5afb..2aebaebe8 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_approved_azure_machine_image_in_use.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_approved_azure_machine_image_in_use.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'ImageReference' ->> 'ID' IS NULL THEN 'alarm' + WHEN vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'ImageReference' ->> 'ID' IS NULL THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'ImageReference' ->> 'ID' IS NULL THEN 'Virtual Machine instance was launched without using an approved Azure machine image' + WHEN vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'ImageReference' ->> 'ID' IS NULL THEN 'Virtual Machine instance was launched without using an approved Azure machine image' ELSE 'Virtual Machine instance was launched using an approved Azure machine image' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_accelerated_networking_for_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_accelerated_networking_for_virtual_machines.yaml index b7df7908c..e2d85f1cb 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_accelerated_networking_for_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_accelerated_networking_for_virtual_machines.yaml @@ -15,8 +15,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN nic.enable_accelerated_networking = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_associated_load_balancers.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_associated_load_balancers.yaml index 016b137bf..dd1431f62 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_associated_load_balancers.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_associated_load_balancers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN (SELECT COUNT(*) FROM jsonb_array_elements_text(zones)) > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_instance_repairs.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_instance_repairs.yaml index c534091f1..43031eb3b 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_instance_repairs.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_instance_repairs.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN vm.og_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'AutomaticRepairsPolicy' ->> 'Enabled' = 'true' THEN 'ok' + WHEN vm.platform_resource_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'AutomaticRepairsPolicy' ->> 'Enabled' = 'true' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN vm.og_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'AutomaticRepairsPolicy' ->> 'Enabled' = 'true' THEN 'Automatic repairs feature is enabled' + WHEN vm.platform_resource_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'AutomaticRepairsPolicy' ->> 'Enabled' = 'true' THEN 'Automatic repairs feature is enabled' ELSE 'Automatic repairs feature is not currently enabled' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_os_upgrades.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_os_upgrades.yaml index 71bf34d55..2c9a1a1c3 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_os_upgrades.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_automatic_os_upgrades.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN upgrade_policy -> 'automaticOSUpgradePolicy' ->> 'enableAutomaticOSUpgrade' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_autoscale_notifications.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_autoscale_notifications.yaml index cce7953fe..6d5b0c518 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_autoscale_notifications.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_autoscale_notifications.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN s.notifications ->> 'enabled' = 'true' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_backups_for_azure_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_backups_for_azure_virtual_machines.yaml index 91b861a9b..9f8bbbca0 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_backups_for_azure_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_backups_for_azure_virtual_machines.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN bi.name IS NULL THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_configure_health_monitoring.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_configure_health_monitoring.yaml index 60e67b5a5..a4378be46 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_configure_health_monitoring.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_configure_health_monitoring.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vmss.id AS resource, - vmss.og_account_id, - vmss.og_resource_id, + vmss.platform_account_id, + vmss.platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_desired_vm_sku_sizes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_desired_vm_sku_sizes.yaml index 4c66e2053..69eaa0798 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_desired_vm_sku_sizes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_desired_vm_sku_sizes.yaml @@ -14,14 +14,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN '{{.azureAllowedVmSizes}}' NOT LIKE '%' || (vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'HardwareProfile' ->> 'VMSize') || '%' THEN 'alarm' + WHEN '{{.azureAllowedVmSizes}}' NOT LIKE '%' || (vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'HardwareProfile' ->> 'VMSize') || '%' THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN '{{.azureAllowedVmSizes}}' NOT LIKE '%' || (vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'HardwareProfile' ->> 'VMSize') || '%' THEN 'the virtual machine vm size is not allowed by your organization' + WHEN '{{.azureAllowedVmSizes}}' NOT LIKE '%' || (vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'HardwareProfile' ->> 'VMSize') || '%' THEN 'the virtual machine vm size is not allowed by your organization' ELSE 'the virtual machine vm size is allowed by your organization' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_encryption_for_web_tier_disk_volumes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_encryption_for_web_tier_disk_volumes.yaml index cc018963c..3f294dc25 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_encryption_for_web_tier_disk_volumes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_encryption_for_web_tier_disk_volumes.yaml @@ -14,14 +14,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN (vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'OSDisk' -> 'EncryptionSettings' ->> 'Enabled')::bool THEN 'ok' + WHEN (vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'OSDisk' -> 'EncryptionSettings' ->> 'Enabled')::bool THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN (vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'OSDisk' -> 'EncryptionSettings' ->> 'Enabled')::bool THEN 'OS disk encrypted' + WHEN (vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'StorageProfile' -> 'OSDisk' -> 'EncryptionSettings' ->> 'Enabled')::bool THEN 'OS disk encrypted' ELSE 'OS disk not encrypted' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_guest_level_diagnostics_for_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_guest_level_diagnostics_for_virtual_machines.yaml index 6c3ccbb83..37eb079d7 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_guest_level_diagnostics_for_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_guest_level_diagnostics_for_virtual_machines.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_installataion_for_latest_os_patches.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_installataion_for_latest_os_patches.yaml index 5348f1805..6fcad21d5 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_installataion_for_latest_os_patches.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_installataion_for_latest_os_patches.yaml @@ -12,16 +12,16 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN COALESCE((vm.og_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'CriticalAndSecurityPatchCount')::int) + - COALESCE((vm.og_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'OtherPatchCount')::int) > 0 THEN 'alarm' + WHEN COALESCE((vm.platform_resource_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'CriticalAndSecurityPatchCount')::int) + + COALESCE((vm.platform_resource_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'OtherPatchCount')::int) > 0 THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN COALESCE((vm.og_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'CriticalAndSecurityPatchCount')::int) + - COALESCE((vm.og_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'OtherPatchCount')::int) > 0 THEN 'There are pending updates in this virtual machine' + WHEN COALESCE((vm.platform_resource_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'CriticalAndSecurityPatchCount')::int) + + COALESCE((vm.platform_resource_description -> 'VirtualMachineInstanceView' -> 'PatchStatus' -> 'AvailablePatchSummary' ->> 'OtherPatchCount')::int) > 0 THEN 'There are pending updates in this virtual machine' ELSE 'There is no pending updates in this virtual machine' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets.yaml index 300a5a489..93f1d03bb 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_instance_termination_notifications_for_virtual_machine_scale_sets.yaml @@ -12,15 +12,15 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN vm.og_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'VirtualMachineProfile' -> 'ScheduledEventsProfile' -> 'TerminateNotificationProfile' ->> 'Enable' = 'true' + WHEN vm.platform_resource_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'VirtualMachineProfile' -> 'ScheduledEventsProfile' -> 'TerminateNotificationProfile' ->> 'Enable' = 'true' THEN 'ok' ELSE 'alarm' END AS status, CASE - WHEN vm.og_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'VirtualMachineProfile' -> 'ScheduledEventsProfile' -> 'TerminateNotificationProfile' ->> 'Enable' = 'true' + WHEN vm.platform_resource_description -> 'VirtualMachineScaleSet' -> 'Properties' -> 'VirtualMachineProfile' -> 'ScheduledEventsProfile' -> 'TerminateNotificationProfile' ->> 'Enable' = 'true' THEN 'Instance Termination Notifications feature is enabled' ELSE 'Instance Termination Notifications feature is not enabled' END AS reason, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_just_in_time_access_for_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_just_in_time_access_for_virtual_machines.yaml index 21119b4ea..a137398f1 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_just_in_time_access_for_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_just_in_time_access_for_virtual_machines.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT DISTINCT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN NOT EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_old_virtual_machine_disk_snapshots.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_old_virtual_machine_disk_snapshots.yaml index c51a833a1..b6b3f078e 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_old_virtual_machine_disk_snapshots.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_old_virtual_machine_disk_snapshots.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT s.name AS resource, - s.og_account_id, - s.og_resource_id, + s.platform_account_id, + s.platform_resource_id, NOW() - s.time_created AS age, CASE WHEN NOW() - s.time_created > '{{.azureDiskSnapshotAgeThreshold}} days'::interval THEN 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_performance_diagnostics_for_azure_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_performance_diagnostics_for_azure_virtual_machines.yaml index 7b5d34444..406dd5bc7 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_performance_diagnostics_for_azure_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_performance_diagnostics_for_azure_virtual_machines.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN EXISTS( SELECT 1 FROM jsonb_array_elements(vm.extensions) AS ex diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_ssh_authentication_type.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_ssh_authentication_type.yaml index 85b365e93..5bbe080a2 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_ssh_authentication_type.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_ssh_authentication_type.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'OSProfile' -> 'LinuxConfiguration' ->> 'DisablePasswordAuthentication' = 'false' THEN 'alarm' + WHEN vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'OSProfile' -> 'LinuxConfiguration' ->> 'DisablePasswordAuthentication' = 'false' THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN vm.og_description -> 'VirtualMachine' -> 'Properties' -> 'OSProfile' -> 'LinuxConfiguration' ->> 'DisablePasswordAuthentication' = 'false' THEN 'SSH authentication type for the selected Microsoft Azure virtual machine is password-based and is not secured' + WHEN vm.platform_resource_description -> 'VirtualMachine' -> 'Properties' -> 'OSProfile' -> 'LinuxConfiguration' ->> 'DisablePasswordAuthentication' = 'false' THEN 'SSH authentication type for the selected Microsoft Azure virtual machine is password-based and is not secured' ELSE 'SSH authentication type for the selected Microsoft Azure virtual machine is secured' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_daily_backup_retention_period.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_daily_backup_retention_period.yaml index b1b5f225a..ef25fcb49 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_daily_backup_retention_period.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_daily_backup_retention_period.yaml @@ -16,8 +16,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN (bp.properties -> 'RetentionPolicy' -> 'dailySchedule' -> 'retentionDuration' ->> 'count')::int < '{{.azureSufficientDailyBackupRetention}}'::int THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_instant_restore_retention_period.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_instant_restore_retention_period.yaml index 1ce6ac7cb..d042c099b 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_instant_restore_retention_period.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_sufficient_instant_restore_retention_period.yaml @@ -16,8 +16,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN (bp.properties ->> 'InstantRpRetentionRangeInDays')::int < '{{.azureSufficientInstantRestoreRetention}}'::int THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_system_assigned_managed_identities.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_system_assigned_managed_identities.yaml index 1e20624ca..06b91b390 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_system_assigned_managed_identities.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_system_assigned_managed_identities.yaml @@ -12,14 +12,14 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE - WHEN (vm.og_description -> 'VirtualMachine' ->> 'Identity') IS NULL THEN 'alarm' + WHEN (vm.platform_resource_description -> 'VirtualMachine' ->> 'Identity') IS NULL THEN 'alarm' ELSE 'ok' END AS status, CASE - WHEN (vm.og_description -> 'VirtualMachine' ->> 'Identity') IS NULL THEN 'system-assigned managed identity is not enabled' + WHEN (vm.platform_resource_description -> 'VirtualMachine' ->> 'Identity') IS NULL THEN 'system-assigned managed identity is not enabled' ELSE 'system-assigned managed identity is enabled' END AS reason, vm.resource_group, diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unattached_virtual_machine_disk_volumes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unattached_virtual_machine_disk_volumes.yaml index 21ded3c79..27f7f7eb3 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unattached_virtual_machine_disk_volumes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unattached_virtual_machine_disk_volumes.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN disk.disk_state = 'Unattached' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unused_load_balancers.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unused_load_balancers.yaml index e1e8dc765..52dc32217 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unused_load_balancers.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_unused_load_balancers.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT lb.name AS resource, - lb.og_resource_id, - lb.og_account_id, + lb.platform_resource_id, + lb.platform_account_id, CASE WHEN EXISTS ( SELECT 1 FROM jsonb_array_elements(backend_address_pools) AS p diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_approved_extensions_only.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_approved_extensions_only.yaml index e48b82581..33987c6c6 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_approved_extensions_only.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_approved_extensions_only.yaml @@ -14,8 +14,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 FROM jsonb_array_elements(vm.extensions) AS ex diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_byok_for_disk_volumes_encryption.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_byok_for_disk_volumes_encryption.yaml index 5039b7685..07e056c2a 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_byok_for_disk_volumes_encryption.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_byok_for_disk_volumes_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithCustomerKey' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_customer_managed_keys_for_virtual_hard_disk_encryption.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_customer_managed_keys_for_virtual_hard_disk_encryption.yaml index f5aa12031..bbbcb7aa2 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_customer_managed_keys_for_virtual_hard_disk_encryption.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_customer_managed_keys_for_virtual_hard_disk_encryption.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithPlatformKey' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_endpoint_protection.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_endpoint_protection.yaml index 7779853f0..c62721294 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_endpoint_protection.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_endpoint_protection.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN EXISTS( SELECT 1 diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines.yaml index 8f71f5e17..371637d61 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_usage_of_managed_disk_volumes_for_virtual_machines.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.name AS resource, - vm.og_resource_id, - vm.og_account_id, + vm.platform_resource_id, + vm.platform_account_id, CASE WHEN (vm.managed_disk_id IS NULL AND NOT EXISTS ( SELECT 1 FROM jsonb_array_elements(data_disks) AS d WHERE d->>'managedDisk' IS NOT NULL diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_access_using_microsoft_entra_id_authentication.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_access_using_microsoft_entra_id_authentication.yaml index e771b113b..8c7463915 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_access_using_microsoft_entra_id_authentication.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_access_using_microsoft_entra_id_authentication.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN EXISTS ( SELECT 1 diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_boot_diagnostics.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_boot_diagnostics.yaml index 76c250a6a..e6e1a43ca 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_boot_diagnostics.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_virtual_machine_boot_diagnostics.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN (boot_diagnostics_enabled)::bool THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_zone_redundant_virtual_machine_scale_sets.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_zone_redundant_virtual_machine_scale_sets.yaml index f81685c72..36cb99dfa 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_check_for_zone_redundant_virtual_machine_scale_sets.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_check_for_zone_redundant_virtual_machine_scale_sets.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT vm.id AS resource, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN (SELECT COUNT(*) FROM jsonb_array_elements_text(zones)) > 1 THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_boot_disk_volumes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_boot_disk_volumes.yaml index 47d95ce22..a96ac3bcf 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_boot_disk_volumes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_boot_disk_volumes.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT vm.name AS resource, - vm.og_resource_id, - vm.og_account_id, + vm.platform_resource_id, + vm.platform_account_id, CASE WHEN encryption_settings_collection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_non_boot_disk_volumes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_non_boot_disk_volumes.yaml index ae3a91326..6f8719309 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_non_boot_disk_volumes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_non_boot_disk_volumes.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT vm.name AS resource, - vm.og_resource_id, - vm.og_account_id, + vm.platform_resource_id, + vm.platform_account_id, CASE WHEN d.encryption_settings_collection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_unattached_disk_volumes.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_unattached_disk_volumes.yaml index bf2942d62..83db22592 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_unattached_disk_volumes.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_disk_encryption_for_unattached_disk_volumes.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT d.name AS resource, - d.og_resource_id, - d.og_account_id, + d.platform_resource_id, + d.platform_account_id, CASE WHEN d.encryption_settings_collection_enabled THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_disks_should_use_standard_snapshots.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_disks_should_use_standard_snapshots.yaml index 4619dd42d..786ad1375 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_disks_should_use_standard_snapshots.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_disks_should_use_standard_snapshots.yaml @@ -6,8 +6,8 @@ Query: QueryToExecute: | SELECT ss.id AS resource, - ss.og_resource_id, - ss.og_account_id, + ss.platform_resource_id, + ss.platform_account_id, CASE WHEN ss.sku_tier = 'Standard' THEN 'ok' ELSE 'alarm' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_boot_disk_using_cmk.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_boot_disk_using_cmk.yaml index 16afc0ad3..4fcf3e443 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_boot_disk_using_cmk.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_boot_disk_using_cmk.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithPlatformKey' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_non_boot_disk_using_cmk.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_non_boot_disk_using_cmk.yaml index 591e5a8b6..0ad725aff 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_non_boot_disk_using_cmk.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_non_boot_disk_using_cmk.yaml @@ -13,8 +13,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithPlatformKey' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_unattached_disk_using_cmk.yaml b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_unattached_disk_using_cmk.yaml index c6d12c7a4..82826f815 100644 --- a/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_unattached_disk_using_cmk.yaml +++ b/compliance/controls/baseline/azure/virtual_machine/azure_server_side_encryption_for_unattached_disk_using_cmk.yaml @@ -12,8 +12,8 @@ Query: QueryToExecute: | SELECT disk.id AS resource, - disk.og_account_id, - disk.og_resource_id, + disk.platform_account_id, + disk.platform_resource_id, CASE WHEN encryption_type = 'EncryptionAtRestWithPlatformKey' THEN 'alarm' ELSE 'ok' diff --git a/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml b/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml index e09db5548..aef7e7acb 100644 --- a/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml +++ b/compliance/controls/baseline/shared/cost/kaytu_connection_mom_cost_growth.yaml @@ -48,17 +48,17 @@ Query: WHEN az.subscription_id IS NOT NULL THEN az.subscription_id END AS resource, CASE - WHEN aw.og_account_id IS NOT NULL THEN aw.og_account_id - WHEN az.og_account_id IS NOT NULL THEN az.og_account_id - END AS og_account_id, + WHEN aw.platform_account_id IS NOT NULL THEN aw.platform_account_id + WHEN az.platform_account_id IS NOT NULL THEN az.platform_account_id + END AS platform_account_id, CASE - WHEN aw.og_resource_id IS NOT NULL THEN aw.og_resource_id - WHEN az.og_resource_id IS NOT NULL THEN az.og_resource_id - END AS og_resource_id, + WHEN aw.platform_resource_id IS NOT NULL THEN aw.platform_resource_id + WHEN az.platform_resource_id IS NOT NULL THEN az.platform_resource_id + END AS platform_resource_id, CASE WHEN aw.account_id IS NOT NULL THEN 'aws_account' WHEN az.subscription_id IS NOT NULL THEN 'azure_subscription' - END AS og_table_name, + END AS platform_table_name, CASE WHEN (l.last30_cost_value - l.last60to30_cost_value) / l.last30_cost_value > {{.kaytuConnectionMoMCostGrowthAllowedGrowth}} THEN 'alarm' @@ -74,8 +74,8 @@ Query: ELSE 'Connection did not have more than allowed growth' END AS reason FROM last_valid_60 AS l - LEFT JOIN aws_account AS aw ON aw.og_account_id = l.connection_id - LEFT JOIN azure_subscription AS az ON az.og_account_id = l.connection_id + LEFT JOIN aws_account AS aw ON aw.platform_account_id = l.connection_id + LEFT JOIN azure_subscription AS az ON az.platform_account_id = l.connection_id Severity: high Tags: platform_score_cloud_service_name: diff --git a/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml b/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml index 798c8a1fa..ace6ff4d3 100644 --- a/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml +++ b/compliance/controls/baseline/shared/cost/kaytu_mom_cost_growth_15.yaml @@ -47,17 +47,17 @@ Query: WHEN az.subscription_id IS NOT NULL THEN az.subscription_id || ' - ' || l.metric_id END AS resource, CASE - WHEN aw.og_account_id IS NOT NULL THEN aw.og_account_id - WHEN az.og_account_id IS NOT NULL THEN az.og_account_id - END AS og_account_id, + WHEN aw.platform_account_id IS NOT NULL THEN aw.platform_account_id + WHEN az.platform_account_id IS NOT NULL THEN az.platform_account_id + END AS platform_account_id, CASE - WHEN aw.og_resource_id IS NOT NULL THEN aw.og_resource_id - WHEN az.og_resource_id IS NOT NULL THEN az.og_resource_id - END AS og_resource_id, + WHEN aw.platform_resource_id IS NOT NULL THEN aw.platform_resource_id + WHEN az.platform_resource_id IS NOT NULL THEN az.platform_resource_id + END AS platform_resource_id, CASE WHEN aw.account_id IS NOT NULL THEN 'aws_account' WHEN az.subscription_id IS NOT NULL THEN 'azure_subscription' - END AS og_table_name, + END AS platform_table_name, CASE WHEN (l.last30_cost_value - l.last60to30_cost_value) / l.last30_cost_value > {{.kaytuMoMCostGrowthAllowedGrowth}} THEN 'alarm' @@ -69,8 +69,8 @@ Query: ELSE l.metric_name || ' did not have more than allowed growth' END AS reason FROM last_valid_60 AS l - LEFT JOIN aws_account AS aw ON aw.og_account_id = l.connection_id - LEFT JOIN azure_subscription AS az ON az.og_account_id = l.connection_id + LEFT JOIN aws_account AS aw ON aw.platform_account_id = l.connection_id + LEFT JOIN azure_subscription AS az ON az.platform_account_id = l.connection_id Severity: high Tags: platform_score_cloud_service_name: diff --git a/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml b/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml index eada871ea..45ce6e217 100644 --- a/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml +++ b/queries/1-aws_insight_lambda_function_not_cmk_encrypted.yaml @@ -13,8 +13,8 @@ Query: name, kms_key_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_lambda_function WHERE diff --git a/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml b/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml index 913813d3f..5d0fdd585 100644 --- a/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml +++ b/queries/10-aws_insight_acm_certificate_transparency_logging_disabled.yaml @@ -9,7 +9,7 @@ Query: Parameters: [] PrimaryTable: aws_acm_certificate QueryToExecute: | - SELECT certificate_arn, domain_name, status, account_id, og_account_id, og_resource_id + SELECT certificate_arn, domain_name, status, account_id, platform_account_id, platform_resource_id FROM aws_acm_certificate WHERE certificate_transparency_logging_preference <> 'ENABLED'; Tags: diff --git a/queries/11-aws_insight_acm_certificate_expired.yaml b/queries/11-aws_insight_acm_certificate_expired.yaml index 8fff50e34..693509090 100644 --- a/queries/11-aws_insight_acm_certificate_expired.yaml +++ b/queries/11-aws_insight_acm_certificate_expired.yaml @@ -13,8 +13,8 @@ Query: domain_name, status, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_acm_certificate WHERE status = 'EXPIRED'; Tags: diff --git a/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml b/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml index dff4210b7..973af17bf 100644 --- a/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml +++ b/queries/12-aws_insight_ebs_snapshot_older_than_year.yaml @@ -9,7 +9,7 @@ Query: Parameters: [] PrimaryTable: aws_ebs_snapshot QueryToExecute: | - SELECT snapshot_id, arn, start_time, account_id, og_account_id, og_resource_id + SELECT snapshot_id, arn, start_time, account_id, platform_account_id, platform_resource_id FROM aws_ebs_snapshot WHERE start_time < NOW() - INTERVAL '1 year'; Tags: diff --git a/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml b/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml index c0aaf2f4b..53a7fee83 100644 --- a/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml +++ b/queries/14-aws_insight_elb_classic_lb_use_ssl_certificate.yaml @@ -32,7 +32,7 @@ Query: ELSE a.title || ' uses certificates provided by ACM.' END AS reason, region, - account_id, og_account_id, og_resource_id + account_id, platform_account_id, platform_resource_id FROM aws_ec2_classic_load_balancer AS a LEFT JOIN detailed_classic_listeners AS b ON a.name = b.name; diff --git a/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml b/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml index db36833be..db5691da9 100644 --- a/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml +++ b/queries/15-aws_insight_elb_application_lb_waf_enabled.yaml @@ -12,8 +12,8 @@ Query: SELECT arn AS resource, account_id, - og_account_id, - og_resource_id, + platform_account_id, + platform_resource_id, CASE WHEN load_balancer_attributes @> '[{"Key":"waf.fail_open.enabled","Value":"true"}]' THEN 'ok' ELSE 'alarm' diff --git a/queries/16-aws_insight_vpc_with_public_cidr.yaml b/queries/16-aws_insight_vpc_with_public_cidr.yaml index 4ff71ce8b..65e065529 100644 --- a/queries/16-aws_insight_vpc_with_public_cidr.yaml +++ b/queries/16-aws_insight_vpc_with_public_cidr.yaml @@ -15,8 +15,8 @@ Query: state, region, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_vpc WHERE diff --git a/queries/17-azure_insight_compute_disk_unattached.yaml b/queries/17-azure_insight_compute_disk_unattached.yaml index 80770222c..54d806fad 100644 --- a/queries/17-azure_insight_compute_disk_unattached.yaml +++ b/queries/17-azure_insight_compute_disk_unattached.yaml @@ -13,8 +13,8 @@ Query: name, disk_state, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_compute_disk WHERE diff --git a/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml b/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml index 2a627453d..af6f06248 100644 --- a/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml +++ b/queries/18-azure_insight_compute_disk_unavailable_in_multiple_az.yaml @@ -14,8 +14,8 @@ Query: az, region, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_compute_disk CROSS JOIN jsonb_array_elements(zones) az diff --git a/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml b/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml index f0ca3d8d2..dfd459302 100644 --- a/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml +++ b/queries/19-azure_insight_compute_disk_not_encrypted_with_customer_key.yaml @@ -13,8 +13,8 @@ Query: name, encryption_type, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_compute_disk WHERE diff --git a/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml b/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml index 08b1c3023..a3f0ab0c9 100644 --- a/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml +++ b/queries/2-aws_insight_lambda_function_retention_period_less_than_30_days.yaml @@ -16,12 +16,12 @@ Query: lg.name, lg.retention_in_days, fn.account_id, - fn.og_account_id, - fn.og_resource_id + fn.platform_account_id, + fn.platform_resource_id FROM aws_lambda_function AS fn INNER JOIN aws_cloudwatch_log_group AS lg ON ( - lg.og_account_id = fn.og_account_id + lg.platform_account_id = fn.platform_account_id AND ( lg.name = '/aws/lambda/' OR lg.name = fn.name diff --git a/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml b/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml index 81d54ef9b..293143ba8 100644 --- a/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml +++ b/queries/20-azure_insight_cosmosdb_account_with_disabled_automatic_failover.yaml @@ -15,8 +15,8 @@ Query: enable_automatic_failover, resource_group, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_cosmosdb_account WHERE diff --git a/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml b/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml index a6ac209e5..98ed127b7 100644 --- a/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml +++ b/queries/21-azure_insight_cosmosdb_account_which_allows_traffic_from_all_networks_and_internet.yaml @@ -14,8 +14,8 @@ Query: region, virtual_network_rules, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_cosmosdb_account WHERE diff --git a/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml b/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml index 58c5481fe..5c551376a 100644 --- a/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml +++ b/queries/22-azure_insight_key_vault_with_disabled_soft_delete.yaml @@ -15,8 +15,8 @@ Query: soft_delete_enabled, soft_delete_retention_in_days, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_key_vault WHERE diff --git a/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml b/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml index cc11a4c40..1c3221eeb 100644 --- a/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml +++ b/queries/23-azure_insight_kubernetes_cluster_with_rbac_disabled.yaml @@ -18,8 +18,8 @@ Query: enable_rbac, sku, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_kubernetes_cluster WHERE diff --git a/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml b/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml index d948f732d..48c30fb3b 100644 --- a/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml +++ b/queries/24-azure_insight_kubernetes_cluster_with_undesired_version.yaml @@ -16,8 +16,8 @@ Query: type, kubernetes_version, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_kubernetes_cluster WHERE diff --git a/queries/25-azure_insight_lb_failed.yaml b/queries/25-azure_insight_lb_failed.yaml index b3a91e606..fe1f5b841 100644 --- a/queries/25-azure_insight_lb_failed.yaml +++ b/queries/25-azure_insight_lb_failed.yaml @@ -15,8 +15,8 @@ Query: type, provisioning_state, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_lb WHERE diff --git a/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml b/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml index 7d45ac6d7..4f3ba8e19 100644 --- a/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml +++ b/queries/26-azure_insight_compute_availability_set_without_managed_disk_configuration.yaml @@ -13,8 +13,8 @@ Query: name, sku_name, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_compute_availability_set WHERE diff --git a/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml b/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml index 725204140..355e761ff 100644 --- a/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml +++ b/queries/27-azure_insight_mysql_server_with_minimum_ssl_older_than_1_point_2.yaml @@ -14,8 +14,8 @@ Query: id, minimal_tls_version, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_mysql_server WHERE diff --git a/queries/28-azure_insight_virtual_network_with_public_cidr.yaml b/queries/28-azure_insight_virtual_network_with_public_cidr.yaml index 5f13f6f4d..e6296b2eb 100644 --- a/queries/28-azure_insight_virtual_network_with_public_cidr.yaml +++ b/queries/28-azure_insight_virtual_network_with_public_cidr.yaml @@ -15,8 +15,8 @@ Query: region, resource_group, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_virtual_network CROSS JOIN diff --git a/queries/29-azure_insight_storage_account_with_public_blob_access.yaml b/queries/29-azure_insight_storage_account_with_public_blob_access.yaml index 7cfcf8ddb..0fc7a54f8 100644 --- a/queries/29-azure_insight_storage_account_with_public_blob_access.yaml +++ b/queries/29-azure_insight_storage_account_with_public_blob_access.yaml @@ -13,8 +13,8 @@ Query: name, allow_blob_public_access, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_storage_account WHERE diff --git a/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml b/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml index 898c43a09..085ee6bc1 100644 --- a/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml +++ b/queries/3-aws_insight_lambda_function_with_unsupported_engine.yaml @@ -15,8 +15,8 @@ Query: handler, arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_lambda_function WHERE diff --git a/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml b/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml index e0107273c..6d5afbcc6 100644 --- a/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml +++ b/queries/30-azure_insight_storage_account_with_disabled_encryption_in_transit.yaml @@ -13,8 +13,8 @@ Query: name, enable_https_traffic_only, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_storage_account WHERE diff --git a/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml b/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml index a3042472e..ea3a0c511 100644 --- a/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml +++ b/queries/31-azure_compute_vm_remote_access_restricted_all_ports.yaml @@ -27,8 +27,8 @@ Query: SELECT vm.vm_id AS resource, vm.subscription_id, - vm.og_account_id, - vm.og_resource_id, + vm.platform_account_id, + vm.platform_resource_id, CASE WHEN sg.sg_name IS NULL THEN 'ok' ELSE 'alarm' diff --git a/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml b/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml index da750f110..b5eb2dcda 100644 --- a/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml +++ b/queries/32-aws_insight_loadbalancer_classic_no_logging.yaml @@ -13,8 +13,8 @@ Query: name, access_log_enabled, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_classic_load_balancer WHERE diff --git a/queries/33-aws_insight_loadbalancer_application_no_logging.yaml b/queries/33-aws_insight_loadbalancer_application_no_logging.yaml index f8dc4bfa7..6b0641859 100644 --- a/queries/33-aws_insight_loadbalancer_application_no_logging.yaml +++ b/queries/33-aws_insight_loadbalancer_application_no_logging.yaml @@ -14,8 +14,8 @@ Query: lb ->> 'Key' AS logging_key, lb ->> 'Value' AS logging_value, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_application_load_balancer CROSS JOIN diff --git a/queries/34-aws_insight_loadbalancer_network_no_logging.yaml b/queries/34-aws_insight_loadbalancer_network_no_logging.yaml index 13dbd6edf..2d4eda87b 100644 --- a/queries/34-aws_insight_loadbalancer_network_no_logging.yaml +++ b/queries/34-aws_insight_loadbalancer_network_no_logging.yaml @@ -14,8 +14,8 @@ Query: lb ->> 'Key' AS logging_key, lb ->> 'Value' AS logging_value, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_network_load_balancer CROSS JOIN jsonb_array_elements(load_balancer_attributes) AS lb diff --git a/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml b/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml index b3272c337..7a76b477b 100644 --- a/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml +++ b/queries/35-azure_insight_functionapp_with_unsupported_runtime.yaml @@ -14,8 +14,8 @@ Query: language_runtime_type, language_runtime_version, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_app_service_function_app WHERE ( diff --git a/queries/36-aws_insight_deprecated_eks.yaml b/queries/36-aws_insight_deprecated_eks.yaml index 3315fc944..b090b36b5 100644 --- a/queries/36-aws_insight_deprecated_eks.yaml +++ b/queries/36-aws_insight_deprecated_eks.yaml @@ -14,8 +14,8 @@ Query: arn, version, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_eks_cluster WHERE diff --git a/queries/37-azure_insight_legacy_application_gateway.yaml b/queries/37-azure_insight_legacy_application_gateway.yaml index 4719eef23..2a370db1d 100644 --- a/queries/37-azure_insight_legacy_application_gateway.yaml +++ b/queries/37-azure_insight_legacy_application_gateway.yaml @@ -14,8 +14,8 @@ Query: id, sku->'tier' AS tier, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_application_gateway WHERE diff --git a/queries/38-azure_insight_legacy_virtual_machine.yaml b/queries/38-azure_insight_legacy_virtual_machine.yaml index 83737beae..287ec0b36 100644 --- a/queries/38-azure_insight_legacy_virtual_machine.yaml +++ b/queries/38-azure_insight_legacy_virtual_machine.yaml @@ -14,8 +14,8 @@ Query: power_state, id, subscription_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM azure_compute_virtual_machine WHERE diff --git a/queries/39-aws_insight_legacy_rds_instances.yaml b/queries/39-aws_insight_legacy_rds_instances.yaml index 5204f70e0..1b043022c 100644 --- a/queries/39-aws_insight_legacy_rds_instances.yaml +++ b/queries/39-aws_insight_legacy_rds_instances.yaml @@ -14,8 +14,8 @@ Query: status, class, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_rds_db_instance WHERE class LIKE ANY(ARRAY['db.m1.%', 'db.m2.%', 'db.r3.%']) Tags: diff --git a/queries/4-aws_insight_ebs_volume_unencrypted.yaml b/queries/4-aws_insight_ebs_volume_unencrypted.yaml index e5cb264ba..bf864f55d 100644 --- a/queries/4-aws_insight_ebs_volume_unencrypted.yaml +++ b/queries/4-aws_insight_ebs_volume_unencrypted.yaml @@ -13,8 +13,8 @@ Query: volume_id, encrypted, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ebs_volume WHERE diff --git a/queries/40-aws_insight_accounts_without_cloudtrail.yaml b/queries/40-aws_insight_accounts_without_cloudtrail.yaml index 29bf40431..743a6f992 100644 --- a/queries/40-aws_insight_accounts_without_cloudtrail.yaml +++ b/queries/40-aws_insight_accounts_without_cloudtrail.yaml @@ -12,7 +12,7 @@ Query: QueryToExecute: | SELECT id AS account_id, - og_id AS og_account_id + og_id AS platform_account_id FROM og_connections WHERE diff --git a/queries/41-aws_insight_root_login_last_90_days.yaml b/queries/41-aws_insight_root_login_last_90_days.yaml index e41358f2f..9ceada5b2 100644 --- a/queries/41-aws_insight_root_login_last_90_days.yaml +++ b/queries/41-aws_insight_root_login_last_90_days.yaml @@ -13,8 +13,8 @@ Query: user_arn, password_last_used, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/42-aws_insight_account_with_root_access_key.yaml b/queries/42-aws_insight_account_with_root_access_key.yaml index 4e79ed2fe..2d4d8598b 100644 --- a/queries/42-aws_insight_account_with_root_access_key.yaml +++ b/queries/42-aws_insight_account_with_root_access_key.yaml @@ -12,8 +12,8 @@ Query: SELECT user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/43-aws_insight_account_without_root_mfa.yaml b/queries/43-aws_insight_account_without_root_mfa.yaml index d9b03dd13..5a90fa46f 100644 --- a/queries/43-aws_insight_account_without_root_mfa.yaml +++ b/queries/43-aws_insight_account_without_root_mfa.yaml @@ -12,8 +12,8 @@ Query: SELECT user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/44-aws_insight_account_with_many_saml_providers.yaml b/queries/44-aws_insight_account_with_many_saml_providers.yaml index 838e2dadf..9e8fcff9d 100644 --- a/queries/44-aws_insight_account_with_many_saml_providers.yaml +++ b/queries/44-aws_insight_account_with_many_saml_providers.yaml @@ -11,33 +11,33 @@ Query: QueryToExecute: | SELECT account_id, - og_account_id, + platform_account_id, CAST(SUM(saml_provider_count) AS INTEGER) AS saml_provider_count FROM ( SELECT account_id, - og_account_id, + platform_account_id, COUNT(*) AS saml_provider_count FROM aws_iam_saml_provider GROUP BY account_id, - og_account_id + platform_account_id UNION SELECT account_id, - og_account_id, + platform_account_id, COUNT(*) AS saml_provider_count FROM aws_iam_open_id_connect_provider GROUP BY account_id, - og_account_id + platform_account_id ) AS final WHERE saml_provider_count > 1 - GROUP BY account_id, og_account_id + GROUP BY account_id, platform_account_id Tags: category: - Security diff --git a/queries/45-aws_insight_account_without_mfa.yaml b/queries/45-aws_insight_account_without_mfa.yaml index 9e8369e46..1176d5c84 100644 --- a/queries/45-aws_insight_account_without_mfa.yaml +++ b/queries/45-aws_insight_account_without_mfa.yaml @@ -11,7 +11,7 @@ Query: QueryToExecute: | SELECT account_id, - og_account_id + platform_account_id FROM aws_iam_account_summary WHERE diff --git a/queries/46-aws_insight_account_with_key_and_password.yaml b/queries/46-aws_insight_account_with_key_and_password.yaml index 229f2c237..298409a64 100644 --- a/queries/46-aws_insight_account_with_key_and_password.yaml +++ b/queries/46-aws_insight_account_with_key_and_password.yaml @@ -11,8 +11,8 @@ Query: QueryToExecute: | SELECT user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE password_enabled = TRUE AND (access_key_1_active = TRUE diff --git a/queries/47-aws_insight_account_with_unused_key.yaml b/queries/47-aws_insight_account_with_unused_key.yaml index 948fa390e..64363c585 100644 --- a/queries/47-aws_insight_account_with_unused_key.yaml +++ b/queries/47-aws_insight_account_with_unused_key.yaml @@ -16,8 +16,8 @@ Query: access_key_2_last_used_date, user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/48-aws_insight_iam_user_with_old_keys.yaml b/queries/48-aws_insight_iam_user_with_old_keys.yaml index e030f4722..7deb63f34 100644 --- a/queries/48-aws_insight_iam_user_with_old_keys.yaml +++ b/queries/48-aws_insight_iam_user_with_old_keys.yaml @@ -16,8 +16,8 @@ Query: access_key_2_last_rotated, user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/49-aws_insight_iam_user_with_old_password.yaml b/queries/49-aws_insight_iam_user_with_old_password.yaml index 8b570c4b7..d77de3fd3 100644 --- a/queries/49-aws_insight_iam_user_with_old_password.yaml +++ b/queries/49-aws_insight_iam_user_with_old_password.yaml @@ -14,8 +14,8 @@ Query: password_last_changed, user_arn, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_credential_report WHERE diff --git a/queries/5-aws_insight_ebs_volume_unattached.yaml b/queries/5-aws_insight_ebs_volume_unattached.yaml index 02a623456..be979865d 100644 --- a/queries/5-aws_insight_ebs_volume_unattached.yaml +++ b/queries/5-aws_insight_ebs_volume_unattached.yaml @@ -13,8 +13,8 @@ Query: volume_id, volume_type, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ebs_volume WHERE diff --git a/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml b/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml index 754961963..7cfc1e6a1 100644 --- a/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml +++ b/queries/6-aws_insight_ec2_instance_of_undesired_type.yaml @@ -15,8 +15,8 @@ Query: instance_type, instance_state, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_ec2_instance WHERE diff --git a/queries/7-aws_insight_iam_user_with_admin_access.yaml b/queries/7-aws_insight_iam_user_with_admin_access.yaml index f4289dfa3..532092c02 100644 --- a/queries/7-aws_insight_iam_user_with_admin_access.yaml +++ b/queries/7-aws_insight_iam_user_with_admin_access.yaml @@ -13,8 +13,8 @@ Query: name AS user_name, SPLIT_PART(attachments, '/', 2) AS attached_policies, aws_iam_user.account_id, - aws_iam_user.og_account_id, - aws_iam_user.og_resource_id + aws_iam_user.platform_account_id, + aws_iam_user.platform_resource_id FROM aws_iam_user CROSS JOIN jsonb_array_elements_text(attached_policy_arns) AS attachments diff --git a/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml b/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml index 79b2ef810..1634b0b23 100644 --- a/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml +++ b/queries/8-aws_insight_iam_user_with_mfa_disabled.yaml @@ -14,8 +14,8 @@ Query: user_id, mfa_enabled, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_user WHERE diff --git a/queries/9-aws_insight_iam_user_with_inline_policies.yaml b/queries/9-aws_insight_iam_user_with_inline_policies.yaml index b18917c90..9c860d455 100644 --- a/queries/9-aws_insight_iam_user_with_inline_policies.yaml +++ b/queries/9-aws_insight_iam_user_with_inline_policies.yaml @@ -13,8 +13,8 @@ Query: name AS user_name, inline_policies, account_id, - og_account_id, - og_resource_id + platform_account_id, + platform_resource_id FROM aws_iam_user WHERE