Jump to Content
Guides
API Reference
Changelog
Log In
Guides
Log In
Guides
API Reference
Changelog
My SQL DB Flexible Server
Welcome
Welcome to CheckPoint CloudGuard Guides!
Overview
How to Get Started
Concepts
Platforms
Products
Secrets Scanning
Infrastructure as Code
CI/CD Hardening
Open Source
SpectralOps
Dashboard
Triage Issues
Sources
Reports
Integrations
Profile
Team & User Permissions (RBAC)
Teams and Asset Mapping
Custom Rules
SSO
Setup SSO (SAML 2.0)
Setup SSO with OKTA
Setup SSO with OneLogin
SCM
Usage
CLI
Configuration
Output
Detectors
Quick Start
Building Detectors
Logic Rules (OPA)
Codeprinting
The Detector Engine
Integrations
Productivity
Jira
Confluence
Cloud Automation
Terraform Cloud Run task
Git Provider Bot
Github Bot
Gitlab Bot
Pre receive Git hooks
Gitlab pre receive hook
Bitbucket pre receive hook
CI/CD
Gitlab Pipeline
config policies
Memcached
Memcache: default binding to world
Memcache: configured to run as root
Memcache: configured to use UDP
MySQL
MySQL allowing symbolic links invites various attacks
MySQL: usage of short password
MySQL: configured to run as root
MySQL: binding to world
Kafka
Kafka: using dated SSL/TLS protocols is insecure
Kafka: accepting unauthenticated connections is insecure
Kafka: hardcoded password in configuration is insecure
Kafka: usage of short password
PostgreSQL
Postgres: no password / trusted host configuration
Postgres: no password / trusted host configuration
Postgres: SSL/TLS is off
Postgres: default binding to world
Airflow
Airflow: Use of REST API Token
Airflow: Visible Fernet Key
Airflow: default binding to world
Redis
Redis: usage of weak password (ACL)
Redis: protected-mode no and default binding to world
Redis: protected-mode and weak ACL configuration
Redis: Usage of Visible Host
secrets policies
Secrets
Data files / database files found
SaaS vendor credentials should not be visible
Cloud services keys should not be visible or hardcoded
Cloud services hosts should not be visible or hardcoded
Log shipping access/API detail visible
Build or artifact systems access details visible
Visible private key or sensitive file
SaaS services hosts should not be visible or hardcoded
Visible sensitive data (PII/other)
AWS S3 Buckets: Visible endpoint
Potential keys or passwords are visible/hardcoded
App/framework keys or passwords are visible/hardcoded
Cloud services keys should not be visible or hardcoded
Sensitive File Found
aws policies
Elastic Load Balancing (ELB)
Ensure that AWS Elastic Load Balancers (ELB) have outbound rules in their security groups
Ensure that AWS Elastic Load Balancers (ELB) have inbound rules in their security groups
ELB secured listener certificate expires in one month
ELB is setup with HTTPS for secure communication
Remove Weak Ciphers for ELB
ELB - Recommended SSL/TLS protocol version
ELB secured listener certificate expires in one week
ELB is created with Access logs enabled
Ensure no ELB allows incoming traffic from 0.0.0.0/0 to known TCP port
Ensure no ELB allows incoming traffic from 0.0.0.0/0 to known UDP port
Ensure no ELB allows incoming traffic from 0.0.0.0/0 to known TCP DB port
Ensure no ELB allows incoming traffic from 0.0.0.0/0 to known UDP DB port
ELB with unencrypted Memcached (TCP:11211) is potentially exposed to the public internet
ELB with unencrypted Memcached (UDP:11211) is potentially exposed to the public internet
ELB with unencrypted Oracle DB (TCP:1521) is potentially exposed to the public internet
ELB with unencrypted Oracle DB (TCP:2483) is potentially exposed to the public internet
ELB with unencrypted Oracle DB (UDP:2483) is potentially exposed to the public internet
ELB with unencrypted Mongo (TCP:27017) is potentially exposed to the public internet
ELB with unencrypted LDAP (TCP:389) is potentially exposed to the public internet
ELB with unencrypted LDAP (UDP:389) is potentially exposed to the public internet
ELB with unencrypted Cassandra OpsCenter Monitoring (TCP:61620) is potentially exposed to the public internet
ELB with unencrypted Redis (TCP:6379) is potentially exposed to the public internet
ELB with unencrypted Cassandra Internode Communication (TCP:7000) is potentially exposed to the public internet
ELB with unencrypted Cassandra Monitoring (TCP:7199) is potentially exposed to the public internet
ELB with unencrypted Cassandra OpsCenter Website (TCP:8888) is potentially exposed to the public internet
ELB with unencrypted Cassandra Client (TCP:9042) is potentially exposed to the public internet
ELB with unencrypted Cassandra Thrift (TCP:9160) is potentially exposed to the public internet
ELB with unencrypted Elastic search (TCP:9200) is potentially exposed to the public internet
ELB with unencrypted Elastic search (TCP:9300) is potentially exposed to the public internet
ELB with service 'POP3' (TCP:110) is exposed to a small network scope
ELB with service 'Memcached SSL' (TCP:11214) is exposed to a small network scope
ELB with service 'Memcached SSL' (UDP:11214) is exposed to a small network scope
ELB with service 'Memcached SSL' (TCP:11215) is exposed to a small network scope
ELB with service 'Memcached SSL' (UDP:11215) is exposed to a small network scope
ELB with service 'MSSQL Debugger' (TCP:135) is exposed to a small network scope
ELB with service 'NetBIOS Name Service' (TCP:137) is exposed to a small network scope
ELB with service 'NetBIOS Name Service' (UDP:137) is exposed to a small network scope
ELB with service 'NetBios Datagram Service' (TCP:138) is exposed to a small network scope
ELB with service 'NetBios Datagram Service' (UDP:138) is exposed to a small network scope
ELB with service 'NetBios Session Service' (TCP:139) is exposed to a small network scope
ELB with service 'NetBios Session Service' (UDP:139) is exposed to a small network scope
ELB with service 'MSSQL Server' (TCP:1433) is exposed to a small network scope
ELB with service 'MSSQL Admin' (TCP:1434) is exposed to a small network scope
ELB with service 'MSSQL Browser Service' (UDP:1434) is exposed to a small network scope
ELB with service 'SNMP' (UDP:161) is exposed to a small network scope
ELB with service 'Telnet' (TCP:23) is exposed to a small network scope
ELB with service 'SQL Server Analysis Service browser' (TCP:2382) is exposed to a small network scope
ELB with service 'SQL Server Analysis Services' (TCP:2383) is exposed to a small network scope
ELB with service 'Oracle DB SSL' (TCP:2484) is exposed to a small network scope
ELB with service 'Oracle DB SSL' (UDP:2484) is exposed to a small network scope
ELB with service 'SMTP' (TCP:25) is exposed to a small network scope
ELB with service 'Mongo Web Portal' (TCP:27018) is exposed to a small network scope
ELB with service 'Prevalent known internal port' (TCP:3000) is exposed to a small network scope
ELB with service 'CIFS / SMB' (TCP:3020) is exposed to a small network scope
ELB with service 'MySQL' (TCP:3306) is exposed to a small network scope
ELB with service 'Microsoft-DS' (TCP:445) is exposed to a small network scope
ELB with service 'SaltStack Master' (TCP:4505) is exposed to a small network scope
ELB with service 'SaltStack Master' (TCP:4506) is exposed to a small network scope
ELB with service 'DNS' (UDP:53) is exposed to a small network scope
ELB with service 'Postgres SQL' (TCP:5432) is exposed to a small network scope
ELB with service 'Postgres SQL' (UDP:5432) is exposed to a small network scope
ELB with service 'VNC Listener' (TCP:5500) is exposed to a small network scope
ELB with service 'VNC Server' (TCP:5900) is exposed to a small network scope
ELB with service 'Cassandra OpsCenter agent' (TCP:61621) is exposed to a small network scope
ELB with service 'LDAP SSL' (TCP:636) is exposed to a small network scope
ELB with service 'Cassandra' (TCP:7001) is exposed to a small network scope
ELB with service 'Known internal web port' (TCP:8000) is exposed to a small network scope
ELB with service 'Known internal web port' (TCP:8080) is exposed to a small network scope
ELB with service 'Puppet Master' (TCP:8140) is exposed to a small network scope
ELB with service 'Hadoop Name Node' (TCP:9000) is exposed to a small network scope
ELB with administrative service: SSH (TCP:22) is potentially exposed to the public internet
ELB with administrative service: Remote Desktop (TCP:3389) is potentially exposed to the public internet
ELB with administrative service: CiscoSecure,websm (TCP:9090) is potentially exposed to the public internet
Public ELB with service POP3 (TCP:110) is potentially exposed to the public internet
Public ELB with service Memcached SSL (TCP:11214) is potentially exposed to the public internet
Public ELB with service Memcached SSL (UDP:11214) is potentially exposed to the public internet
Public ELB with service Memcached SSL (TCP:11215) is potentially exposed to the public internet
Public ELB with service Memcached SSL (UDP:11215) is potentially exposed to the public internet
Public ELB with service MSSQL Debugger (TCP:135) is potentially exposed to the public internet
Public ELB with service NetBIOS Name Service (TCP:137) is potentially exposed to the public internet
Public ELB with service NetBIOS Name Service (UDP:137) is potentially exposed to the public internet
Public ELB with service NetBios Datagram Service (TCP:138) is potentially exposed to the public internet
Public ELB with service NetBios Datagram Service (UDP:138) is potentially exposed to the public internet
Public ELB with service NetBios Session Service (TCP:139) is potentially exposed to the public internet
Public ELB with service NetBios Session Service (UDP:139) is potentially exposed to the public internet
Public ELB with service MSSQL Server (TCP:1433) is potentially exposed to the public internet
Public ELB with service MSSQL Admin (TCP:1434) is potentially exposed to the public internet
Public ELB with service MSSQL Browser Service (UDP:1434) is potentially exposed to the public internet
Public ELB with service SNMP (UDP:161) is potentially exposed to the public internet
Public ELB with service Telnet (TCP:23) is potentially exposed to the public internet
Public ELB with service SQL Server Analysis Service browser (TCP:2382) is potentially exposed to the public internet
Public ELB with service SQL Server Analysis Services (TCP:2383) is potentially exposed to the public internet
Public ELB with service Oracle DB SSL (TCP:2484) is potentially exposed to the public internet
Public ELB with service Oracle DB SSL (UDP:2484) is potentially exposed to the public internet
Public ELB with service SMTP (TCP:25) is potentially exposed to the public internet
Public ELB with service Mongo Web Portal (TCP:27018) is potentially exposed to the public internet
Public ELB with service Prevalent known internal port (TCP:3000) is potentially exposed to the public internet
Public ELB with service CIFS / SMB (TCP:3020) is potentially exposed to the public internet
Public ELB with service MySQL (TCP:3306) is potentially exposed to the public internet
Public ELB with service Microsoft-DS (TCP:445) is potentially exposed to the public internet
Public ELB with service SaltStack Master (TCP:4505) is potentially exposed to the public internet
Public ELB with service SaltStack Master (TCP:4506) is potentially exposed to the public internet
Public ELB with service DNS (UDP:53) is potentially exposed to the public internet
Public ELB with service Postgres SQL (TCP:5432) is potentially exposed to the public internet
Public ELB with service Postgres SQL (UDP:5432) is potentially exposed to the public internet
Public ELB with service VNC Listener (TCP:5500) is potentially exposed to the public internet
Public ELB with service VNC Server (TCP:5900) is potentially exposed to the public internet
Public ELB with service Cassandra OpsCenter agent (TCP:61621) is potentially exposed to the public internet
Public ELB with service LDAP SSL (TCP:636) is potentially exposed to the public internet
Public ELB with service Cassandra (TCP:7001) is potentially exposed to the public internet
Public ELB with service Known internal web port (TCP:8000) is potentially exposed to the public internet
Public ELB with service Known internal web port (TCP:8080) is potentially exposed to the public internet
Public ELB with service Puppet Master (TCP:8140) is potentially exposed to the public internet
Public ELB with service Hadoop Name Node (TCP:9000) is potentially exposed to the public internet
ELB with unencrypted Memcached (TCP:11211) is exposed to a wide network scope
ELB with unencrypted Memcached (UDP:11211) is exposed to a wide network scope
ELB with unencrypted Oracle DB (TCP:1521) is exposed to a wide network scope
ELB with unencrypted Oracle DB (TCP:2483) is exposed to a wide network scope
ELB with unencrypted Oracle DB (UDP:2483) is exposed to a wide network scope
ELB with unencrypted Mongo (TCP:27017) is exposed to a wide network scope
ELB with unencrypted LDAP (TCP:389) is exposed to a wide network scope
ELB with unencrypted LDAP (UDP:389) is exposed to a wide network scope
ELB with unencrypted Cassandra OpsCenter Monitoring (TCP:61620) is exposed to a wide network scope
ELB with unencrypted Redis (TCP:6379) is exposed to a wide network scope
ELB with unencrypted Cassandra Internode Communication (TCP:7000) is exposed to a wide network scope
ELB with unencrypted Cassandra Monitoring (TCP:7199) is exposed to a wide network scope
ELB with unencrypted Cassandra OpsCenter Website (TCP:8888) is exposed to a wide network scope
ELB with unencrypted Cassandra Client (TCP:9042) is exposed to a wide network scope
ELB with unencrypted Cassandra Thrift (TCP:9160) is exposed to a wide network scope
ELB with unencrypted Elastic search (TCP:9200) is exposed to a wide network scope
ELB with unencrypted Elastic search (TCP:9300) is exposed to a wide network scope
ELB with administrative service: SSH (TCP:22) is exposed to a wide network scope
ELB with administrative service: Remote Desktop (TCP:3389) is exposed to a wide network scope
ELB with administrative service: CiscoSecure,websm (TCP:9090) is exposed to a wide network scope
ELB with service 'POP3' (TCP:110) is exposed to a wide network scope
ELB with service 'Memcached SSL' (TCP:11214) is exposed to a wide network scope
ELB with service 'Memcached SSL' (UDP:11214) is exposed to a wide network scope
ELB with service 'Memcached SSL' (TCP:11215) is exposed to a wide network scope
ELB with service 'Memcached SSL' (UDP:11215) is exposed to a wide network scope
ELB with service 'MSSQL Debugger' (TCP:135) is exposed to a wide network scope
ELB with service 'NetBIOS Name Service' (TCP:137) is exposed to a wide network scope
ELB with service 'NetBIOS Name Service' (UDP:137) is exposed to a wide network scope
ELB with service 'NetBios Datagram Service' (TCP:138) is exposed to a wide network scope
ELB with service 'NetBios Datagram Service' (UDP:138) is exposed to a wide network scope
ELB with service 'NetBios Session Service' (TCP:139) is exposed to a wide network scope
ELB with service 'NetBios Session Service' (UDP:139) is exposed to a wide network scope
ELB with service 'MSSQL Server' (TCP:1433) is exposed to a wide network scope
ELB with service 'MSSQL Admin' (TCP:1434) is exposed to a wide network scope
ELB with service 'MSSQL Browser Service' (UDP:1434) is exposed to a wide network scope
ELB with service 'SNMP' (UDP:161) is exposed to a wide network scope
ELB with service 'Telnet' (TCP:23) is exposed to a wide network scope
ELB with service 'SQL Server Analysis Service browser' (TCP:2382) is exposed to a wide network scope
ELB with service 'SQL Server Analysis Services' (TCP:2383) is exposed to a wide network scope
ELB with service 'Oracle DB SSL' (TCP:2484) is exposed to a wide network scope
ELB with service 'Oracle DB SSL' (UDP:2484) is exposed to a wide network scope
ELB with service 'SMTP' (TCP:25) is exposed to a wide network scope
ELB with service 'Mongo Web Portal' (TCP:27018) is exposed to a wide network scope
ELB with service 'Prevalent known internal port' (TCP:3000) is exposed to a wide network scope
ELB with service 'CIFS / SMB' (TCP:3020) is exposed to a wide network scope
ELB with service 'MySQL' (TCP:3306) is exposed to a wide network scope
ELB with service 'Microsoft-DS' (TCP:445) is exposed to a wide network scope
ELB with service 'SaltStack Master' (TCP:4505) is exposed to a wide network scope
ELB with service 'SaltStack Master' (TCP:4506) is exposed to a wide network scope
ELB with service 'DNS' (UDP:53) is exposed to a wide network scope
ELB with service 'Postgres SQL' (TCP:5432) is exposed to a wide network scope
ELB with service 'Postgres SQL' (UDP:5432) is exposed to a wide network scope
ELB with service 'VNC Listener' (TCP:5500) is exposed to a wide network scope
ELB with service 'VNC Server' (TCP:5900) is exposed to a wide network scope
ELB with service 'Cassandra OpsCenter agent' (TCP:61621) is exposed to a wide network scope
ELB with service 'LDAP SSL' (TCP:636) is exposed to a wide network scope
ELB with service 'Cassandra' (TCP:7001) is exposed to a wide network scope
ELB with service 'Known internal web port' (TCP:8000) is exposed to a wide network scope
ELB with service 'Known internal web port' (TCP:8080) is exposed to a wide network scope
ELB with service 'Puppet Master' (TCP:8140) is exposed to a wide network scope
ELB with service 'Hadoop Name Node' (TCP:9000) is exposed to a wide network scope
Public ELB with service 'POP3' (TCP:110) is exposed to a small public network
Public ELB with service 'Memcached SSL' (TCP:11214) is exposed to a small public network
Public ELB with service 'Memcached SSL' (UDP:11214) is exposed to a small public network
Public ELB with service 'Memcached SSL' (TCP:11215) is exposed to a small public network
Public ELB with service 'Memcached SSL' (UDP:11215) is exposed to a small public network
Public ELB with service 'MSSQL Debugger' (TCP:135) is exposed to a small public network
Public ELB with service 'NetBIOS Name Service' (TCP:137) is exposed to a small public network
Public ELB with service 'NetBIOS Name Service' (UDP:137) is exposed to a small public network
Public ELB with service 'NetBios Datagram Service' (TCP:138) is exposed to a small public network
Public ELB with service 'NetBios Datagram Service' (UDP:138) is exposed to a small public network
Public ELB with service 'NetBios Session Service' (TCP:139) is exposed to a small public network
Public ELB with service 'NetBios Session Service' (UDP:139) is exposed to a small public network
Public ELB with service 'MSSQL Server' (TCP:1433) is exposed to a small public network
Public ELB with service 'MSSQL Admin' (TCP:1434) is exposed to a small public network
Public ELB with service 'MSSQL Browser Service' (UDP:1434) is exposed to a small public network
Public ELB with service 'SNMP' (UDP:161) is exposed to a small public network
Public ELB with service 'Telnet' (TCP:23) is exposed to a small public network
Public ELB with service 'SQL Server Analysis Service browser' (TCP:2382) is exposed to a small public network
Public ELB with service 'SQL Server Analysis Services' (TCP:2383) is exposed to a small public network
Public ELB with service 'Oracle DB SSL' (TCP:2484) is exposed to a small public network
Public ELB with service 'Oracle DB SSL' (UDP:2484) is exposed to a small public network
Public ELB with service 'SMTP' (TCP:25) is exposed to a small public network
Public ELB with service 'Mongo Web Portal' (TCP:27018) is exposed to a small public network
Public ELB with service 'Prevalent known internal port' (TCP:3000) is exposed to a small public network
Public ELB with service 'CIFS / SMB' (TCP:3020) is exposed to a small public network
Public ELB with service 'MySQL' (TCP:3306) is exposed to a small public network
Public ELB with service 'Microsoft-DS' (TCP:445) is exposed to a small public network
Public ELB with service 'SaltStack Master' (TCP:4505) is exposed to a small public network
Public ELB with service 'SaltStack Master' (TCP:4506) is exposed to a small public network
Public ELB with service 'DNS' (UDP:53) is exposed to a small public network
Public ELB with service 'Postgres SQL' (TCP:5432) is exposed to a small public network
Public ELB with service 'Postgres SQL' (UDP:5432) is exposed to a small public network
Public ELB with service 'VNC Listener' (TCP:5500) is exposed to a small public network
Public ELB with service 'VNC Server' (TCP:5900) is exposed to a small public network
Public ELB with service 'Cassandra OpsCenter agent' (TCP:61621) is exposed to a small public network
Public ELB with service 'LDAP SSL' (TCP:636) is exposed to a small public network
Public ELB with service 'Cassandra' (TCP:7001) is exposed to a small public network
Public ELB with service 'Known internal web port' (TCP:8000) is exposed to a small public network
Public ELB with service 'Known internal web port' (TCP:8080) is exposed to a small public network
Public ELB with service 'Puppet Master' (TCP:8140) is exposed to a small public network
Public ELB with service 'Hadoop Name Node' (TCP:9000) is exposed to a small public network
Public ELB with service 'POP3' (TCP:110) is exposed to the entire internet
Public ELB with service 'Memcached SSL' (TCP:11214) is exposed to the entire internet
Public ELB with service 'Memcached SSL' (UDP:11214) is exposed to the entire internet
Public ELB with service 'Memcached SSL' (TCP:11215) is exposed to the entire internet
Public ELB with service 'Memcached SSL' (UDP:11215) is exposed to the entire internet
Public ELB with service 'MSSQL Debugger' (TCP:135) is exposed to the entire internet
Public ELB with service 'NetBIOS Name Service' (TCP:137) is exposed to the entire internet
Public ELB with service 'NetBIOS Name Service' (UDP:137) is exposed to the entire internet
Public ELB with service 'NetBios Datagram Service' (TCP:138) is exposed to the entire internet
Public ELB with service 'NetBios Datagram Service' (UDP:138) is exposed to the entire internet
Public ELB with service 'NetBios Session Service' (TCP:139) is exposed to the entire internet
Public ELB with service 'NetBios Session Service' (UDP:139) is exposed to the entire internet
Public ELB with service 'MSSQL Server' (TCP:1433) is exposed to the entire internet
Public ELB with service 'MSSQL Admin' (TCP:1434) is exposed to the entire internet
Public ELB with service 'MSSQL Browser Service' (UDP:1434) is exposed to the entire internet
Public ELB with service 'SNMP' (UDP:161) is exposed to the entire internet
Public ELB with service 'Telnet' (TCP:23) is exposed to the entire internet
Public ELB with service 'SQL Server Analysis Service browser' (TCP:2382) is exposed to the entire internet
Public ELB with service 'SQL Server Analysis Services' (TCP:2383) is exposed to the entire internet
Public ELB with service 'Oracle DB SSL' (TCP:2484) is exposed to the entire internet
Public ELB with service 'Oracle DB SSL' (UDP:2484) is exposed to the entire internet
Public ELB with service 'SMTP' (TCP:25) is exposed to the entire internet
Public ELB with service 'Mongo Web Portal' (TCP:27018) is exposed to the entire internet
Public ELB with service 'Prevalent known internal port' (TCP:3000) is exposed to the entire internet
Public ELB with service 'CIFS / SMB' (TCP:3020) is exposed to the entire internet
Public ELB with service 'MySQL' (TCP:3306) is exposed to the entire internet
Public ELB with service 'Microsoft-DS' (TCP:445) is exposed to the entire internet
Public ELB with service 'SaltStack Master' (TCP:4505) is exposed to the entire internet
Public ELB with service 'SaltStack Master' (TCP:4506) is exposed to the entire internet
Public ELB with service 'DNS' (UDP:53) is exposed to the entire internet
Public ELB with service 'Postgres SQL' (TCP:5432) is exposed to the entire internet
Public ELB with service 'Postgres SQL' (UDP:5432) is exposed to the entire internet
Public ELB with service 'VNC Listener' (TCP:5500) is exposed to the entire internet
Public ELB with service 'VNC Server' (TCP:5900) is exposed to the entire internet
Public ELB with service 'Cassandra OpsCenter agent' (TCP:61621) is exposed to the entire internet
Public ELB with service 'LDAP SSL' (TCP:636) is exposed to the entire internet
Public ELB with service 'Cassandra' (TCP:7001) is exposed to the entire internet
Public ELB with service 'Known internal web port' (TCP:8000) is exposed to the entire internet
Public ELB with service 'Known internal web port' (TCP:8080) is exposed to the entire internet
Public ELB with service 'Puppet Master' (TCP:8140) is exposed to the entire internet
Public ELB with service 'Hadoop Name Node' (TCP:9000) is exposed to the entire internet
ELB with unencrypted Memcached (TCP:11211) is exposed to a small network scope
ELB with unencrypted Memcached (UDP:11211) is exposed to a small network scope
ELB with unencrypted Oracle DB (TCP:1521) is exposed to a small network scope
ELB with unencrypted Oracle DB (TCP:2483) is exposed to a small network scope
ELB with unencrypted Oracle DB (UDP:2483) is exposed to a small network scope
ELB with unencrypted Mongo (TCP:27017) is exposed to a small network scope
ELB with unencrypted LDAP (TCP:389) is exposed to a small network scope
ELB with unencrypted LDAP (UDP:389) is exposed to a small network scope
ELB with unencrypted Cassandra OpsCenter Monitoring (TCP:61620) is exposed to a small network scope
ELB with unencrypted Redis (TCP:6379) is exposed to a small network scope
ELB with unencrypted Cassandra Internode Communication (TCP:7000) is exposed to a small network scope
ELB with unencrypted Cassandra Monitoring (TCP:7199) is exposed to a small network scope
ELB with unencrypted Cassandra OpsCenter Website (TCP:8888) is exposed to a small network scope
ELB with unencrypted Cassandra Client (TCP:9042) is exposed to a small network scope
ELB with unencrypted Cassandra Thrift (TCP:9160) is exposed to a small network scope
ELB with unencrypted Elastic search (TCP:9200) is exposed to a small network scope
ELB with unencrypted Elastic search (TCP:9300) is exposed to a small network scope
Region
Ensure AWS Config is enabled in all regions
Ensure that IAM Access analyzer is enabled for all regions
Process for Security Group Management - Detection of new Security Groups
Ensure CloudTrail is enabled in all regions
Ensure VPC Flow Logging is Enabled in all Applicable Regions
Amazon GuardDuty service is enabled
Application Load Balancer
ALB secured listener certificate expires in one week
ALB secured listener certificate about to expire in one month
Ensure AWS Application Load Balancer (ALB) listeners block connection requests over HTTP
Make sure that ALB is protected by a WAF
Enable ALB Elastic Load Balancer v2 (ELBv2) access log
Ensure no Application Load Balancer allows incoming traffic from 0.0.0.0/0 to known TCP port
Ensure no Application Load Balancer allows incoming traffic from 0.0.0.0/0 to known UDP port
Ensure no Application Load Balancer allows incoming traffic from 0.0.0.0/0 to known TCP DB port
Ensure no Application Load Balancer allows incoming traffic from 0.0.0.0/0 to known UDP DB port
Ensure Invalid Headers Are Dropped In ALB
ApplicationLoadBalancer with unencrypted Memcached (TCP:11211) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Memcached (UDP:11211) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Oracle DB (TCP:1521) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Oracle DB (TCP:2483) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Oracle DB (UDP:2483) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Mongo (TCP:27017) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted LDAP (TCP:389) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted LDAP (UDP:389) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra OpsCenter Monitoring (TCP:61620) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Redis (TCP:6379) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra Internode Communication (TCP:7000) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra Monitoring (TCP:7199) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra OpsCenter Website (TCP:8888) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra Client (TCP:9042) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Cassandra Thrift (TCP:9160) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Elastic search (TCP:9200) is potentially exposed to the public internet
ApplicationLoadBalancer with unencrypted Elastic search (TCP:9300) is potentially exposed to the public internet
ApplicationLoadBalancer with service 'POP3' (TCP:110) is exposed to a small network scope
ApplicationLoadBalancer with service 'Memcached SSL' (TCP:11214) is exposed to a small network scope
ApplicationLoadBalancer with service 'Memcached SSL' (UDP:11214) is exposed to a small network scope
ApplicationLoadBalancer with service 'Memcached SSL' (TCP:11215) is exposed to a small network scope
ApplicationLoadBalancer with service 'Memcached SSL' (UDP:11215) is exposed to a small network scope
ApplicationLoadBalancer with service 'MSSQL Debugger' (TCP:135) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBIOS Name Service' (TCP:137) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBIOS Name Service' (UDP:137) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBios Datagram Service' (TCP:138) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBios Datagram Service' (UDP:138) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBios Session Service' (TCP:139) is exposed to a small network scope
ApplicationLoadBalancer with service 'NetBios Session Service' (UDP:139) is exposed to a small network scope
ApplicationLoadBalancer with service 'MSSQL Server' (TCP:1433) is exposed to a small network scope
ApplicationLoadBalancer with service 'MSSQL Admin' (TCP:1434) is exposed to a small network scope
ApplicationLoadBalancer with service 'MSSQL Browser Service' (UDP:1434) is exposed to a small network scope
ApplicationLoadBalancer with service 'SNMP' (UDP:161) is exposed to a small network scope
ApplicationLoadBalancer with service 'Telnet' (TCP:23) is exposed to a small network scope
ApplicationLoadBalancer with service 'SQL Server Analysis Service browser' (TCP:2382) is exposed to a small network scope
ApplicationLoadBalancer with service 'SQL Server Analysis Services' (TCP:2383) is exposed to a small network scope
ApplicationLoadBalancer with service 'Oracle DB SSL' (TCP:2484) is exposed to a small network scope
ApplicationLoadBalancer with service 'Oracle DB SSL' (UDP:2484) is exposed to a small network scope
ApplicationLoadBalancer with service 'SMTP' (TCP:25) is exposed to a small network scope
ApplicationLoadBalancer with service 'Mongo Web Portal' (TCP:27018) is exposed to a small network scope
ApplicationLoadBalancer with service 'Prevalent known internal port' (TCP:3000) is exposed to a small network scope
ApplicationLoadBalancer with service 'CIFS / SMB' (TCP:3020) is exposed to a small network scope
ApplicationLoadBalancer with service 'MySQL' (TCP:3306) is exposed to a small network scope
ApplicationLoadBalancer with service 'Microsoft-DS' (TCP:445) is exposed to a small network scope
ApplicationLoadBalancer with service 'SaltStack Master' (TCP:4505) is exposed to a small network scope
ApplicationLoadBalancer with service 'SaltStack Master' (TCP:4506) is exposed to a small network scope
ApplicationLoadBalancer with service 'DNS' (UDP:53) is exposed to a small network scope
ApplicationLoadBalancer with service 'Postgres SQL' (TCP:5432) is exposed to a small network scope
ApplicationLoadBalancer with service 'Postgres SQL' (UDP:5432) is exposed to a small network scope
ApplicationLoadBalancer with service 'VNC Listener' (TCP:5500) is exposed to a small network scope
ApplicationLoadBalancer with service 'VNC Server' (TCP:5900) is exposed to a small network scope
ApplicationLoadBalancer with service 'Cassandra OpsCenter agent' (TCP:61621) is exposed to a small network scope
ApplicationLoadBalancer with service 'LDAP SSL' (TCP:636) is exposed to a small network scope
ApplicationLoadBalancer with service 'Cassandra' (TCP:7001) is exposed to a small network scope
ApplicationLoadBalancer with service 'Known internal web port' (TCP:8000) is exposed to a small network scope
ApplicationLoadBalancer with service 'Known internal web port' (TCP:8080) is exposed to a small network scope
ApplicationLoadBalancer with service 'Puppet Master' (TCP:8140) is exposed to a small network scope
ApplicationLoadBalancer with service 'Hadoop Name Node' (TCP:9000) is exposed to a small network scope
ApplicationLoadBalancer with administrative service: SSH (TCP:22) is potentially exposed to the public internet
ApplicationLoadBalancer with administrative service: Remote Desktop (TCP:3389) is potentially exposed to the public internet
ApplicationLoadBalancer with administrative service: CiscoSecure,websm (TCP:9090) is potentially exposed to the public internet
Public ApplicationLoadBalancer with service POP3 (TCP:110) is potentially exposed to the public internet
Public ApplicationLoadBalancer with service Memcached SSL (TCP:11214) is potentially exposed to the public internet
