此工作流程將協助您為特定帳戶建立新的自訂規則,並將例外情況應用於其現有的掃描框架。
自訂規則僅允許 SUCCESS、FAILURE、ERROR 結果,旨在簡化 Cloud Risk Management 現有檢查框架的複雜業務邏輯。(注意:ERROR
結果代表資源資料和/或規則邏輯的問題,並不會被掃瞄保存,而是由執行端點返回以協助開發。)
可以透過建立條件來實現與例外相當的功能,這些條件會自動對符合特定參數的資源暫不處理並傳回成功。
這是一個配置範例,用於檢查 S3 加密和公共訪問封鎖,但對於任何名稱包含test的儲存桶會自動通過。
{
"accountId": "a0b1c2d3-e4f5-a6b7-c8d9-e0f1a2b3c4d5",
"configuration": {
"name": "S3 encrypted and public access block - with safelist for 'test'",
"description": "Check S3 has encryption AND public access block, but safelist 'test' buckets",
"service": "S3",
"resourceType": "s3-bucket",
"riskLevel": "HIGH",
"enabled": true,
"provider": "aws",
"categories": ["security"],
"remediationNote": "To remediate, follow these steps:\n1. Do as you wish \n2. Step two\n",
"attributes": [
{
"name": "bucketEncryption",
"path": "data.Encryption",
"required": true
},
{
"name": "publicAccessBlockConfiguration",
"path": "data.PublicAccessBlockConfiguration",
"required": true
},
{
"name": "safeList",
"path": "data.resourceId",
"required": true
}
],
"eventRules": [
{
"conditions": {
"any": [
{
"fact": "safeList",
"operator": "pattern",
"value": ".*test.*"
},
{
"all": [
{
"fact": "bucketEncryption",
"operator": "notEqual",
"value": null
},
{
"fact": "publicAccessBlockConfiguration",
"operator": "notEqual",
"value": null
}
]
}
]
},
"description": "Bucket has encryption enabled"
}
]
}
}