Feat updating to integrations

compliance/controls/aws/aws_account_alternate_contact_security_registered.yaml

@@ -1,8 +1,6 @@
 ID: aws_account_alternate_contact_security_registered
 Title: "Security contact information should be provided for an AWS account"
 Description: "This control checks if an AWS Web Services (AWS) account has security contact information. The control fails if security contact information is not provided for the account."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
   QueryToExecute: |
@@ -36,26 +34,28 @@ Query:
       left join alternate_security_contact as c on c.account_id = a.account_id;
   PrimaryTable: aws_account
   ListOfTables:
-  - aws_account
-  - aws_account_alternate_contact
+    - aws_account
+    - aws_account_alternate_contact
   Parameters: []
 Severity: low
 Tags:
   category:
-  - Compliance
+    - Compliance
   cis:
-  - "true"
+    - "true"
   cis_item_id:
-  - "1.18"
+    - "1.18"
   cis_level:
-  - "1"
+    - "1"
   cis_section_id:
-  - "1"
+    - "1"
   cis_type:
-  - not_scored
+    - not_scored
   cis_version:
-  - v1.2.0
+    - v1.2.0
   plugin:
-  - aws
+    - aws
   service:
-  - AWS/IAM
+    - AWS/IAM
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_account_part_of_organizations.yaml

@@ -1,8 +1,6 @@
 ID: aws_account_part_of_organizations
 Title: "AWS account should be part of AWS Organizations"
 Description: "Ensure that an AWS account is part of AWS Organizations. The rule is non-compliant if an AWS account is not part of AWS Organizations or AWS Organizations master account ID does not match rule parameter MasterAccountId."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
   QueryToExecute: |
@@ -23,21 +21,23 @@ Query:
       aws_account;
   PrimaryTable: aws_account
   ListOfTables:
-  - aws_account
+    - aws_account
   Parameters: []
 Severity: medium
 Tags:
   category:
-  - Compliance
+    - Compliance
   cis_controls_v8_ig1:
-  - "true"
+    - "true"
   gxp_21_cfr_part_11:
-  - "true"
+    - "true"
   nist_800_53_rev_5:
-  - "true"
+    - "true"
   nist_csf:
-  - "true"
+    - "true"
   plugin:
-  - aws
+    - aws
   service:
-  - AWS/IAM
+    - AWS/IAM
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_expires_30_days.yaml

@@ -1,66 +1,48 @@
 ID: aws_acm_certificate_expires_30_days
 Title: "ACM certificates should not expire within 30 days"
 Description: "Ensure network integrity is protected by ensuring X509 certificates are issued by AWS ACM."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |
-    select
-      certificate_arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when renewal_eligibility = 'INELIGIBLE' then 'skip'
-        when date(not_after) - date(current_date) >= 30 then 'ok'
-        else 'alarm'
-      end as status,
-      case
-        when renewal_eligibility = 'INELIGIBLE' then title || ' not eligible for renewal.'
-        else title || ' expires ' || to_char(not_after, 'DD-Mon-YYYY') ||
-        ' (' || extract(day from not_after - current_date) || ' days).'
-      end as reason
-
-      , region, account_id
-    from
-      aws_acm_certificate;
+  QueryToExecute: "select\n  certificate_arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when renewal_eligibility = 'INELIGIBLE' then 'skip'\n    when date(not_after) - date(current_date) >= 30 then 'ok'\n    else 'alarm'\n  end as status,\n  case\n    when renewal_eligibility = 'INELIGIBLE' then title || ' not eligible for renewal.'\n    else title || ' expires ' || to_char(not_after, 'DD-Mon-YYYY') ||\n    ' (' || extract(day from not_after - current_date) || ' days).'\n  end as reason\n  \n  , region, account_id\nfrom\n  aws_acm_certificate;\n"
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: high
 Tags:
   category:
-  - Compliance
+    - Compliance
   cisa_cyber_essentials:
-  - "true"
+    - "true"
   fedramp_low_rev_4:
-  - "true"
+    - "true"
   fedramp_moderate_rev_4:
-  - "true"
+    - "true"
   ffiec:
-  - "true"
+    - "true"
   gdpr:
-  - "true"
+    - "true"
   hipaa_final_omnibus_security_rule_2013:
-  - "true"
+    - "true"
   hipaa_security_rule_2003:
-  - "true"
+    - "true"
   nist_800_171_rev_2:
-  - "true"
+    - "true"
   nist_800_53_rev_4:
-  - "true"
+    - "true"
   nist_800_53_rev_5:
-  - "true"
+    - "true"
   nist_csf:
-  - "true"
+    - "true"
   pci_dss_v321:
-  - "true"
+    - "true"
   plugin:
-  - aws
+    - aws
   rbi_cyber_security:
-  - "true"
+    - "true"
   service:
-  - AWS/ACM
+    - AWS/ACM
   soc_2:
-  - "true"
+    - "true"
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_no_failed_certificate.yaml

@@ -1,27 +1,14 @@
 ID: aws_acm_certificate_no_failed_certificate
 Title: "Ensure that ACM certificates are not in failed state"
 Description: "This control ensures that ACM certificates are not in failed state."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      certificate_arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when status in ('VALIDATION_TIMED_OUT', 'FAILED') then 'alarm'
-        else 'ok'
-      end as status,
-      title || ' status is ' || status || '.'  as reason
-
-
-    from
-      aws_acm_certificate;
+  QueryToExecute: "select\n  certificate_arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when status in ('VALIDATION_TIMED_OUT', 'FAILED') then 'alarm'\n    else 'ok'\n  end as status,\n  title || ' status is ' || status || '.'  as reason\n  \n  \nfrom\n  aws_acm_certificate;"
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_no_pending_validation_certificate.yaml

@@ -1,27 +1,14 @@
 ID: aws_acm_certificate_no_pending_validation_certificate
 Title: "Ensure that ACM certificates are not in pending validation state"
 Description: "This control ensures that ACM certificates are not in pending validation state. When certificates are not validated within 72 hours after the request is made, those certificates become invalid."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      certificate_arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when status = 'PENDING_VALIDATION' then 'info'
-        else 'ok'
-      end as status,
-      title || ' status is ' || status || '.'  as reason
-
-
-    from
-      aws_acm_certificate;
+  QueryToExecute: "select\n  certificate_arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when status = 'PENDING_VALIDATION' then 'info'\n    else 'ok'\n  end as status,\n  title || ' status is ' || status || '.'  as reason\n  \n  \nfrom\n  aws_acm_certificate;"
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_no_wildcard_domain_name.yaml

@@ -1,8 +1,6 @@
 ID: aws_acm_certificate_no_wildcard_domain_name
 Title: "ACM certificates should not use wildcard certificates"
 Description: "Ensure that ACM single domain name certificates are used instead of wildcard certificates within your AWS account in order to follow security best practices and protect each domain/subdomain with its own unique private key."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
   QueryToExecute: |-
@@ -22,7 +20,9 @@ Query:
       aws_acm_certificate;
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_not_expired.yaml

@@ -1,34 +1,14 @@
 ID: aws_acm_certificate_not_expired
 Title: "Ensure that all the expired ACM certificates are removed"
 Description: "This control ensures that all expired ACM certificates are removed from AWS account."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      certificate_arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when renewal_eligibility = 'INELIGIBLE' then 'skip'
-        when date(not_after) < (current_date - interval '1' minute) then 'alarm'
-        else 'ok'
-      end as status,
-      case
-        when renewal_eligibility = 'INELIGIBLE' then title || ' not eligible for renewal.'
-        when date(not_after) < (current_date - interval '1' minute) then title || ' expired ' || to_char(not_after, 'DD-Mon-YYYY') ||
-        ' (' || extract(day from not_after - current_date) || ' days ago).'
-        else title || ' expires ' || to_char(not_after, 'DD-Mon-YYYY') ||
-        ' (' || extract(day from not_after - current_date) || ' days).'
-       end as reason
-
-
-    from
-      aws_acm_certificate;
+  QueryToExecute: "select\n  certificate_arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when renewal_eligibility = 'INELIGIBLE' then 'skip'\n    when date(not_after) < (current_date - interval '1' minute) then 'alarm'\n    else 'ok'\n  end as status,\n  case\n    when renewal_eligibility = 'INELIGIBLE' then title || ' not eligible for renewal.'\n    when date(not_after) < (current_date - interval '1' minute) then title || ' expired ' || to_char(not_after, 'DD-Mon-YYYY') ||\n    ' (' || extract(day from not_after - current_date) || ' days ago).'\n    else title || ' expires ' || to_char(not_after, 'DD-Mon-YYYY') ||\n    ' (' || extract(day from not_after - current_date) || ' days).'\n   end as reason\n  \n  \nfrom\n  aws_acm_certificate;"
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_rsa_key_length_2048_bits_or_greater.yaml

@@ -1,32 +1,14 @@
 ID: aws_acm_certificate_rsa_key_length_2048_bits_or_greater
 Title: "RSA certificates managed by ACM should use a key length of at least 2,048 bits"
 Description: "This control checks whether RSA certificates managed by AWS Certificate Manager use a key length of at least 2,048 bits. The control fails if the key length is smaller than 2,048 bits."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      certificate_arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when not key_algorithm like 'RSA-%' then 'skip'
-        when key_algorithm = 'RSA_1024' then 'alarm'
-        else 'ok'
-      end as status,
-      case
-        when not key_algorithm like 'RSA-%' then title || ' is not a RSA certificate.'
-        when key_algorithm = 'RSA_1024' then title || ' is using 1024 bits key length.'
-        else title || ' is using ' || split_part(key_algorithm, '-', 2) || ' bits key length.'
-      end as reason
-
-
-    from
-      aws_acm_certificate;
+  QueryToExecute: "select\n  certificate_arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when not key_algorithm like 'RSA-%' then 'skip'\n    when key_algorithm = 'RSA_1024' then 'alarm'\n    else 'ok'\n  end as status,\n  case\n    when not key_algorithm like 'RSA-%' then title || ' is not a RSA certificate.'\n    when key_algorithm = 'RSA_1024' then title || ' is using 1024 bits key length.'\n    else title || ' is using ' || split_part(key_algorithm, '-', 2) || ' bits key length.'\n  end as reason\n  \n  \nfrom\n  aws_acm_certificate;"
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acm_certificate_transparency_logging_enabled.yaml

@@ -1,8 +1,6 @@
 ID: aws_acm_certificate_transparency_logging_enabled
 Title: "ACM certificates should have transparency logging enabled"
 Description: "Ensure ACM certificates transparency logging is enabled as certificate transparency logging guards against SSL/TLS certificates issued by mistake or by a compromised certificate authority."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
   QueryToExecute: |-
@@ -24,7 +22,9 @@ Query:
       aws_acm_certificate;
   PrimaryTable: aws_acm_certificate
   ListOfTables:
-  - aws_acm_certificate
+    - aws_acm_certificate
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud

compliance/controls/aws/aws_acmpca_root_certificate_authority_disabled.yaml

@@ -1,32 +1,14 @@
 ID: aws_acmpca_root_certificate_authority_disabled
 Title: "AWS Private CA root certificate authority should be disabled"
 Description: "This control checks if AWS Private CA has a root certificate authority (CA) that is disabled. The control fails if the root CA is enabled."
-Connector:
-- aws
 Query:
   Engine: CloudQL-v0.0.1
-  QueryToExecute: |-
-    select
-      arn as resource,
-      og_account_id as og_account_id,
-      og_resource_id as og_resource_id,
-      case
-        when type <> 'ROOT' then 'skip'
-        when status = 'DISABLED' then 'ok'
-        else 'alarm'
-      end as status,
-      case
-        when type <> 'ROOT' then title || ' is not root CA.'
-        when status = 'DISABLED' then title || ' root CA disabled.'
-        else title || ' root CA not disabled.'
-      end as reason
-
-
-    from
-      aws_acmpca_certificate_authority;
+  QueryToExecute: "select\n  arn as resource,\n  og_account_id as og_account_id,\n  og_resource_id as og_resource_id,\n  case\n    when type <> 'ROOT' then 'skip'\n    when status = 'DISABLED' then 'ok'\n    else 'alarm'\n  end as status,\n  case\n    when type <> 'ROOT' then title || ' is not root CA.'\n    when status = 'DISABLED' then title || ' root CA disabled.'\n    else title || ' root CA not disabled.'\n  end as reason\n  \n  \nfrom\n  aws_acmpca_certificate_authority;"
   PrimaryTable: aws_acmpca_certificate_authority
   ListOfTables:
-  - aws_acmpca_certificate_authority
+    - aws_acmpca_certificate_authority
   Parameters: []
 Severity: low
 Tags: {}
+IntegrationTypeName:
+  - aws_cloud