PAR1D, 2018-10-08 2018-10-08( 2018-10-08 2018-10-08b``020545ك,7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19(7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19cb```f4źiy)%y9ũɥE%I%E%ɩezzFzA H, Security Hub Security Hub( Security Hub Security Huba``NM.-,T(M~,6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub(6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhubcb```f4EyVVũɥE%IVź%VVE)%@%HJ@6,AWSAWS(AWSAWScf``p D H, Security Hub Security Hub( Security Hub Security Huba``NM.-,T(M~,J,cloudcloud(cloudcloudcb```B sKSG,D, 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2b``033-J3 8,DE jDE j(DE jDE jsqjbd`< 4,6cb```fkS',P, 123456789100 123456789100( 123456789100 123456789100cb```fF&f*M&J, us-east-1 us-east-1( us-east-1 us-east-1cb```fź%S746,AWSAWS(AWSAWScf``p DHf,AwsEc2SecurityGroupAwsEc2SecurityGroup(AwsEc2SecurityGroupAwsEc2SecurityGroupcb```B ˋ]SK2K*݋K k$,Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900(Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900cb```B ˋRJuSKt ML-, SK2K*uӋK uҖ#ZGS(@,awsaws(awsawscb```B ˋӏ4R, us-east-1 us-east-1( us-east-1 us-east-1cb```B JuSKt >;~,6(needsPatching=truebillingCode=abcd-1-2-3cf`````Q* b@:)3''3/9?%61)9EPHX(RX-)*Mi B?,{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}({"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}}M 0 '=;n""(zFWFq[K)2ZP@y B:;d#nY znA֊ 5.)8 )+.ft`aj'| 4?JoE1Ӿ+@ (d46]d%̵Rc|HX;m_ 81)3nZPohbd RϏX<,6cb```B J =W D,d|d|(d|d|cb```fy8D #NaB,varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample(varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsampleI0 @23Z"nOœYq9G;NWlߵ{Y&&xlq=[B: KO,}f/kef E@dS,This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.(This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.]PQN0 "Ֆ6ރ?GicK8e\7 H'rCUUCU=ybr w¸yKBr@+9i")& (`Nq[2Xuq.ZdSfD|9+avŕCJK)fYM*ǿx:{R?-ۗ\,SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk(SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk 0 y+!Y Yb:CCo,4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty(4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guarddutycb```fb@ ],6($123e4567-e89b-12d3-a456-426655440000$123e4567-e89b-12d3-a456-426655411111cb```fb *@8\72I(X7512335511"],lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices(lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices] 0CH.z-|lk0da޵ 3SrBȴ#[ۍA|dj|'A1U+2Ghz0m+~?},yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.(yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.E1@ >RDH)/>X gl44[R:6iL.Z Zx_ fgPDZzDŽ)[5jD^d`s[mbCQWy|?,Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation(Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation QoX! Mqܝw ջՖToYNF 1KU"޲oSghTQ3=S 4,6cb```fkS' 4,6cb```fkS':,6cb```Bk e  4,6cb```fkS'4R, Stringler Stringler( Stringler Stringlercb```B K2sR!Hf,/usr/sbin/stringler/usr/sbin/stringler(/usr/sbin/stringler/usr/sbin/stringlercb```B K2K2sR1~$&D,(cf```f``Q@HUZY2P,AdwareAdware(AdwareAdwarecf```f``Q@ H;'m* 4,6cb```fkS' 4,6cb```fkS' 4,6cb```fkS'8,(cb```f U\ <,''''(''''cb```fd  4,6cb```fkS' 4,6cb```fkS' 4,6cb```fkS'"D,ff@ff@(ff@ff@cb```B ̐6pWhx,#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N(#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:Ncb```B ̠ ì|PO lR4&D,V3V3(V3V3cb```B Œ>\,CVE-2020-12345CVE-2020-12345(CVE-2020-12345CVE-2020-12345cb```B \u t ML*L,XާoXާo(XާoXާocb```B qo|FѺ*L,XާoXާo(XާoXާocb```B qo|FѺ,^, 16.amzn2.0.3 16.amzn2.0.3( 16.amzn2.0.3 16.amzn2.0.3cf```f``Q <@L/1*H@32R,1.0.2k1.0.2k(1.0.2k1.0.2kcf```f``Q l@P@(11(P,Security FindingSecurity Finding(Security FindingSecurity Finding```NM.-,TpKK d0,(e@,FindingsFindings(FindingsFindings```pKK//N5 0,(cb``M0,(ce``./@,CriticalCritical(CriticalCritical```p.,LNeȶ <,UpdateUpdate(UpdateUpdatecc``-HI,I܉ 0,(cb``M0,  (  [UYj8`,Security Finding: UpdateSecurity Finding: Update(Security Finding: UpdateSecurity Finding: Update```NM.-,TpKKR-HI,IZLՉ8,(cb```fdL>N (L, Suppressed Suppressed( Suppressed Suppressedcb```fEũ)`E ,26( WorkflowState CompanyNameRMK@՛AK+BUMa;n4/NB~yɐ7JeVzS=Y Qkm'[dg@e+ϸ A [=ry oia!7z #2/gQaΦ$^7xW3X\ӡHsʏ4n$_bMƶm23GQF*3`H^>בTbeFHNYs8gEbBNza>,;$ea6C@g@7.v/kPȢŨwmjuSb,[NZtfH,26(3securityhub-vpc-sg-restricted-common-ports-2af29baf0ˏ0!ܹVpv K|kFbKݳ86#?Zx8VEh8<&דKX˟`>i95ύ-ՈSmP@pv(}¤0JvJZQRJA;tEAQfZ5='q>7ߒ;^gmR09`sk5emxR\< 8cN-9]j7a \kzG! 3/U+VX k@ApHsecurity_finding.5metadata5product  %version%5feature %uid% %name% %uid% % vendor_name% %name%5profiles %array% %version%%time% confidence5cloud % account_uid% %region% %provider%5 resources5array %type% %uid% %cloud_partition% %region%5labels %array% %details% % criticality%5finding% created_time %uid% %desc% %title%% modified_time%first_seen_time%last_seen_time5related_events5array % product_uid% %uid%5types %array%5 remediation %desc%5 kb_articles %array% %src_url%5 compliance %status%5 requirements %array% % status_detail%5malware5array %name% %path%5classification_ids%array5classifications %array%5process  %name%%pid5file %path%%type_id %name%5parent_process%pid% created_time%terminated_time5vulnerabilities5array 5cve5cvss% base_score % vector_string% %version% %uid%% created_time% modified_time5 references %array%5related_vulnerabilities %array% % vendor_name%5 kb_articles %array%5packages5array  % architecture% %name%%epoch %release% %version% % class_name%% class_uid % category_name%% category_uid% severity_id %severity% % activity_name%% activity_id%type_uid % type_name%%state_id %state%5unmapped5map %key% %value%M& %8metadataproductversion&< 2018-10-08 2018-10-08( 2018-10-08 2018-10-08& 5Hmetadataproductfeatureuid&<7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19(7aws-foundational-security-best-practices/v/1.0.0/EC2.197aws-foundational-security-best-practices/v/1.0.0/EC2.19& %Hmetadataproductfeaturename&< Security Hub Security Hub( Security Hub Security Hub& 58metadataproductuid&<6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub(6arn:aws:securityhub:us-east-1::product/aws/securityhub6arn:aws:securityhub:us-east-1::product/aws/securityhub&  %8metadataproduct vendor_name`& <AWSAWS(AWSAWS& %8metadataproductname&< Security Hub Security Hub( Security Hub Security Hub& %8metadataprofilesarray&<cloudcloud(cloudcloud& %(metadataversion&< 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2&%time&<DE jDE j(DE jDE j&5 confidence6^&<6& 5(cloud account_uid&< 123456789100 123456789100( 123456789100 123456789100& 5(cloudregion&< us-east-1 us-east-1( us-east-1 us-east-1& %(cloudprovider`&<AWSAWS(AWSAWS& %8 resourcesarraytype&<AwsEc2SecurityGroupAwsEc2SecurityGroup(AwsEc2SecurityGroupAwsEc2SecurityGroup& %8 resourcesarrayuid&<Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900(Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900Barn:aws:ec2:us-east-1:123456789100:security-group/sg-1234567899900&" %8 resourcesarraycloud_partitionz&"<awsaws(awsaws&# %8 resourcesarrayregion&#< us-east-1 us-east-1( us-east-1 us-east-1&% %H resourcesarraylabelsarray&%<6(needsPatching=truebillingCode=abcd-1-2-3&' %8 resourcesarraydetails&'<{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}({"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}{"AwsEc2SecurityGroup":{"GroupName":"eks-cluster-sg","GroupId":"sg-1234567899900","OwnerId":"123456789100","VpcId":"vpc-1234567890","IpPermissions":[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-1234567899900","UserId":"123456789100"}]}],"IpPermissionsEgress":[{"IpProtocol":"-1","IpRanges":[{"CidrIp":"0.0.0.0/0"}]}]}}&? %8 resourcesarray criticalityDf&?<6&@5(finding created_time&@<d|d|(d|d|&B 5(findinguid  &B<varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample(varn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsamplevarn:aws:securityhub:us-east-1:123456789100:subscription/cis-aws-foundations-benchmark/v/1.2.0/3.9/finding/randomsample&L 5(findingdesc&L<This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.(This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.This control checks whether unrestricted incoming traffic for the security groups is accessible to the specified ports [3389, 20, 23, 110, 143, 3306, 8080, 1433, 9200, 9300, 25, 445, 135, 21, 1434, 4333, 5432, 5500, 5601, 22, 3000, 5000, 8088, 8888] that have the highest risk. This control passes when none of the rules in a security group allow ingress traffic from 0.0.0.0/0 for the listed ports.&i 5(findingtitle&i<SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk(SEC2.19 Security groups should not allow unrestricted access to ports with high riskSEC2.19 Security groups should not allow unrestricted access to ports with high risk&q5(finding modified_time&q<DE jDE j(DE jDE j&r5(findingfirst_seen_time&r<d|d|(d|d|&t5(findinglast_seen_time&t<DE jDE j(DE jDE j&u %Hfindingrelated_eventsarray product_uid&u<4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty(4arn:aws:securityhub:us-east-1::product/aws/guardduty4arn:aws:securityhub:us-east-1::product/aws/guardduty,&{ %Hfindingrelated_eventsarrayuid&{<6($123e4567-e89b-12d3-a456-426655440000$123e4567-e89b-12d3-a456-426655411111&} %8findingtypesarray  &}<lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices(lSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-PracticeslSoftware and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices& 58finding remediationdesc  &<yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.(yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.yFor directions on how to fix this issue, consult the AWS Security Hub Foundational Security Best Practices documentation.& %Hfinding remediation kb_articlesarray&<Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation(Bhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediationBhttps://docs.aws.amazon.com/console/securityhub/EC2.19/remediation& 5(findingsrc_url6^&<6& 5( compliancestatus6^&<6&˜ %8 compliance requirementsarrayDd&˜<6& 5( compliance status_detail6^&<6& %8malwarearrayname&< Stringler Stringler( Stringler Stringler&؛ %8malwarearraypath&؛</usr/sbin/stringler/usr/sbin/stringler(/usr/sbin/stringler/usr/sbin/stringler&%Hmalwarearrayclassification_idsarray&<(& %Hmalwarearrayclassificationsarray&<AdwareAdware(AdwareAdware& 5(processname6^&<6&ơ5(processpid6^&ơ<6& 58processfilepath6^&<6&58processfiletype_idn&<(& 58processfilenameb&<''''(''''&58processparent_processpid6^&<6&5(process created_time6^&<6&֦5(processterminated_time6^&֦<6&%Xvulnerabilitiesarraycvecvss base_score|&<ff@ff@(ff@ff@&Ҩ %Xvulnerabilitiesarraycvecvss vector_string&Ҩ<#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N(#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N& %Xvulnerabilitiesarraycvecvssversionp&<V3V3(V3V3& %Hvulnerabilitiesarraycveuid&<CVE-2020-12345CVE-2020-12345(CVE-2020-12345CVE-2020-12345&%Hvulnerabilitiesarraycve created_time&<XާoXާo(XާoXާo&%Hvulnerabilitiesarraycve modified_time&<XާoXާo(XާoXާo& %Hvulnerabilitiesarray referencesarray&<