Ensure activitys are captured for all locations

Property
Languageterraform
Severitymedium
Servicemonitor
ProviderAzure
Vulnerability Typeomission

Description

The log profile is configured to capture activity logs from only a subset of Azure regions, leaving events in other regions unmonitored. This incomplete coverage can result in important activities going unlogged.

Impact

Failure to log activities in all regions creates visibility gaps, allowing unauthorized or malicious actions in unmonitored regions to go undetected. This can hinder incident response, auditability, and compliance, increasing the risk of undetected breaches or policy violations.

Ensure AKS cluster has Network Policy configured

Property
Languageterraform
Severityhigh
Servicecontainer
ProviderAzure
Vulnerability Typeomission

Description

The AKS cluster is not configured with a network policy, allowing unrestricted communication between all pods within the cluster. Without network policies, traffic cannot be controlled or isolated between workloads.

Impact

An attacker who compromises a single pod could freely access and interact with any other pod in the cluster, increasing the risk of lateral movement, data exposure, and disruption of services across the entire Kubernetes environment.

Ensure AKS has an API Server Authorized IP Ranges enabled

Property
Languageterraform
Severitycritical
Servicecontainer
ProviderAzure
Vulnerability Typeomission

Description

The AKS cluster’s API server is accessible from any IP address because no authorized IP ranges are configured, leaving the management endpoint exposed to the public internet.

Impact

Without restricted IP ranges, malicious actors can attempt to access and compromise the Kubernetes API server, potentially gaining control over the cluster, exposing sensitive workloads, and disrupting services.

Ensure AKS logging to Azure Monitoring is Configured

Property
Languageterraform
Severitymedium
Servicecontainer
ProviderAzure
Vulnerability Typeomission

Description

AKS clusters are not configured to send logs to Azure Monitoring, resulting in a lack of visibility into container activity and workload performance. Without logging, critical operational and security events may go undetected.

Impact

Failure to enable logging can lead to undetected security incidents, difficulty in troubleshooting, and non-compliance with monitoring requirements. Attackers or misconfigurations may persist unnoticed, increasing operational and security risks.

Ensure all data stored in the launch configuration EBS is securely encrypted

Property
Languageterraform
Severityhigh
Serviceec2
ProviderAWS
Vulnerability Typemisconfiguration

Description

Sensitive information, such as credentials or secrets, is included in EC2 Launch Configuration user data, which is stored in plaintext and accessible to anyone with instance or API access. This exposes confidential data in an insecure manner.

Impact

If exploited, attackers or unauthorized users with access to the instance or AWS APIs can retrieve sensitive data from user data scripts, leading to potential credential theft, unauthorized access to systems, or further compromise of cloud resources.

Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image

Property
Languageterraform
Severitylow
Servicegke
ProviderGoogle

Description

Kubernetes Engine cluster nodes are not configured to use Container-Optimized OS (COS), which is the recommended image for enhanced security. Using alternative images like Ubuntu increases the attack surface and may lack key security features provided by COS.

Impact

Not using COS can expose cluster nodes to additional vulnerabilities and reduce protection against threats. This increases the risk of node compromise, privilege escalation, or persistence by attackers, potentially leading to broader cluster or data breaches.

Ensure database firewalls do not permit public access

Property
Languageterraform
Severityhigh
Servicedatabase
ProviderAzure
Vulnerability Typeomission

Description

The firewall rule is configured to allow public access to the Azure database by using a wide IP range (e.g., 0.0.0.0 to 255.255.255.255), exposing the database to the entire internet. This misconfiguration permits any external source to attempt connections to the database server.

Impact

Publicly exposing the database increases the risk of unauthorized access, data breaches, and potential compromise of sensitive information. Attackers could exploit the open access to exfiltrate data, disrupt database services, or launch further attacks against the organization’s infrastructure.

Ensure databases are not publicly accessible

Property
Languageterraform
Severitymedium
Servicedatabase
ProviderAzure
Vulnerability Typeomission

Description

Database resources are configured to allow public network access, exposing them to the internet. This increases the risk of unauthorized access by bypassing network-level restrictions.

Impact

If exploited, attackers could connect to the database from anywhere on the internet, potentially leading to data breaches, data loss, or manipulation of sensitive information. This exposure may also make the database a target for automated attacks and exploits.