Versions Compared

Version Old Version 1 New Version Current
Changes made by

Guy Shteinberg

Omer Shliva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

January

...

28, 2025

Rule ID

Rule Name

Description

Severity

Change Type

Updated Content

Before

After

Affected Rulesets

D9.AWS.CRY.170

Ensure that sensitive parameters should be encrypted

High

New

  • AWS HIPAA

  • AWS MITRE ATT&CK Framework v11.3

  • AWS HITRUST CSF v11.0

  • AWS CIS Critical Security Controls v8

  • AWS CSA CCM v4

  • CloudGuard AWS All Rules Ruleset

  • AWS EU GDPR

  • AWS ISO 27001:2022

  • AWS APRA 234

  • AWS ENS 2022 Spain

  • AWS CMMC 2.0 v1.02

  • AWS CRI Profile v1.2

  • AWS NIST SP 800-171 R2

  • AWS NY DFS 23 CRR 500

  • AWS New Zealand ISM v3.6

  • AWS RMiT Malaysia

  • AWS ACSC ISM

  • AWS ISO 27017:2015

  • AWS SWIFT Customer Security Programme CSCF

  • AWS NIST SP 800-172

  • AWS SOX (Section 404)

  • AWS Secure Controls Framework (SCF) v2024.1

  • AWS ISO 27002:2022

  • AWS FedRAMP R5 (low)

  • AWS MPA Content Security Program

  • AWS DORA

  • AWS GLBA

  • AWS IEC/ISO 27701:2019

  • AWS NAIC Insurance Data Security Model Law

  • AWS NIST CSF v2.0

  • AWS NIS 2 Directive

  • AWS NIST SP 800-82 R3 (high)

  • AWS Security for Industrial Automation and Control Systems, Part 4-2

  • AWS NIST SP 800-171A R3

  • AWS NIST Privacy Framework

  • AWS SCF-Z Zero Trust Architecture (ZTA)

  • AWS NIST SP 800-207

  • AWS OWASP Top 10 - 2021

  • AWS Shared Assessments SIG Questionnaire

  • AWS TISAX ISA

  • AWS NIST SP 800-171 R3

  • AWS FISC

  • AWS CloudGuard Best Practices

  • AWS HITRUST CSF v9.2

  • AWS ITSG-33 Canada

  • AWS MITRE ATT&CK Framework v10

D9.AWS.CAM.260

Ensure that Amazon System Manager Document should not be publicly available

Critical

New

  • AWS CSA CCM v4

  • CloudGuard AWS All Rules Ruleset

  • AWS SWIFT Customer Security Programme CSCF

  • AWS SOX (Section 404)

  • AWS Secure Controls Framework (SCF) v2024.1

  • AWS ISO/SAE 21434:2021

  • AWS NIST SP 800-171A R3

  • AWS ISO/IEC 42001:2023

  • AWS Shared Assessments SIG Questionnaire

  • AWS NIST SP 800-171 R3

D9.AWS.CAM.261

Ensure that public System Manager Documents should have parameters included

High

New

  • AWS CSA CCM v4

  • CloudGuard AWS All Rules Ruleset

  • AWS SWIFT Customer Security Programme CSCF

  • AWS SOX (Section 404)

  • AWS Secure Controls Framework (SCF) v2024.1

  • AWS ISO/SAE 21434:2021

  • AWS NIST SP 800-171A R3

  • AWS ISO/IEC 42001:2023

  • AWS Shared Assessments SIG Questionnaire

    • AWS NIST SP 800-171 R3

    Platform

    CGN-SecurityGraph-103

    Virtual Machine infected with cryptomining malware

    This virtual machine (VM) is infected with a cryptomining malware. This poses a significant security risk, it is crucial to address and fix this issue promptly to prevent a potential performance degradation and data breach.

    medium

    azure,aws

    CGN-SecurityGraph-104

    Function infected with cryptomining malware

    A function was detected that has been infected with cryptomining malware. This is a risk that should be addressed immediately.

    medium

    aws, azure

    CGN-SecurityGraph-114

    Function infected with a virus

    This serverless function is infected with a virus. This finding poses a significant security risk, it is crucial to address and fix this issue promptly to prevent a potential data breach.

    medium

    azure

    CGN-SecurityGraph-117

    A Virtual Machine with access to a database containing sensitive data has communicated with a malicious IP

    This virtual machine (VM) has communicated with a malicious IP while having access to a sensitive database, creating a critical security risk that demands immediate action to prevent a data breach.

    critical

    aws

    CGN-SecurityGraph-118

    Virtual Machine with suspected CNC communication and access to sensitive database

    This virtual machine was detected communicating with Command and Control (CNC) server, indicating potential unauthorized access or malware activity.The machine has access to database containing sensitive data, making it a high-value target for attackers.If CNC communication was detected, it could mean that data was exfiltrated or further compromise of the system is ongoing.Immediate action is required to investigate and mitigate this threat to prevent potential data breaches and ensure the security of sensitive information.

    critical

    aws

    January 22, 2025

    Rule ID

    Rule Name

    Description

    Severity

    Platform

    CGN-SecurityGraph-112

    VM infected with infostealer

    This virtual machine (VM) is infected with an infostealer, i.e. information stealing malware.  This finding poses a risk that should be addressed immediately.

    High

    azure,aws

    CGN-SecurityGraph-113

    VM infected with a virus

    This virtual machine (VM) is infected with a virus. This finding poses a risk that should be addressed immediately.

    High

    azure,aws

    CGN-SecurityGraph-109

    Function with CVE can connect to Database with sensitive data

    This serverless function has an exploitable CVE and can connect to a database with sensitive data resulting in a potential severe data compromise.

    Critical

    aws

    CGN-SecurityGraph-110

    Workload with CVE can connect to Database with sensitive data

    This container workload has an exploitable CVE and can connect to a database with sensitive data resulting in a potential severe data compromise.

    Critical

    aws

    CGN-SecurityGraph-111

    Serverless function infected with infostealer

    This serverless function is infected with an infostealer, i.e. information stealing malware.  This finding poses a risk that should be addressed immediately.

    High

    azure

    January 15, 2025

    Rule ID

    Rule Name

    Description

    Severity

    Platform

    CGN-SecurityGraph-102

    VM with CVE can connect to Database with sensitive data

    This VM has an exploitable CVE and can connect to a Database with sensitive data resulting in a potential severe data compromise.

    critical

    aws

    CGN-SecurityGraph-105

    Serverless function critically infected with a hacking tool

    This serverless function is infected with a hacking tool. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach.

    high

    azure

    CGN-SecurityGraph-106

    VM critically infected with a hacking tool

    This virtual machine (VM) is infected with a hacking tool. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach.

    high

    aws,azure

    CGN-SecurityGraph-107

    Serverless function infected with critical ransomware

    This serverless function is infected with ransomware. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach.

    critical

    azure

    CGN-SecurityGraph-108

    VM infected with critical ransomware

    This virtual machine (VM) is infected with ransomware. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach.

    critical

    aws,azure