Backup vault should have a policy
AWS Backup is a fully-managed service that protects data across AWS services. We identified a Backup vault '{AwsBackupVault}' which does...
Cloud Risks
Backup vault should be using Customer Master Keys
AWS Backup is a fully-managed service that protects data across AWS services. We identified a Backup vault '{AwsBackupVault}' that uses...
Azure SQL Database with basic sku
Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database...
Oslogin feature is disabled
Enabling osLogin ensures that SSH keys used to connect to instances are mapped with IAM users. Revoking access to IAM...
VM instance with ‘Block Project-wide SSH keys’ disabled
Project-wide SSH keys are stored in Compute/Project-meta-data. Project wide SSH keys can be used to login into all the instances...
Privileged user MFA is disabled
Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like Service Co-Administrators,...
Leaked Os Password
Leaked passwords were found on the operating system's user accounts. Leaked passwords are taken from known major data leaks and...
Redshift using default port
It was found that Redshift uses the default port (5439) for database access. It exposes the database to brute force...
Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
There is no custom role to administer resource locks. Azure resource locks allow you to protect sensitive resources from accidental...