Ansible
Ansible Queries List¶
This page contains all queries from Ansible.
AWS¶
Below are listed queries related to Ansible AWS:
| Query | Severity | Category | More info |
|---|---|---|---|
| ECR Repository Is Publicly Accessible fb5a5df7-6d74-4243-ab82-ff779a958bfd |
Critical | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 3ab1f27d-52cc-4943-af1d-43c1939e739a |
Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals 6fa44721-ef21-41c6-8665-330d59461163 |
Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals a0f1bfe0-741e-473f-b3b2-13e66f856fab |
Critical | Access Control | Query details Documentation |
| S3 Bucket With All Permissions 6a6d7e56-c913-4549-b5c5-5221e624d2ec |
Critical | Access Control | Query details Documentation |
| S3 Bucket With Public Access c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9 |
Critical | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible c09e3ca5-f08a-4717-9c87-3919c5e6d209 |
Critical | Insecure Configurations | Query details Documentation |
| DB Security Group With Public Scope 0956aedf-6a7a-478b-ab56-63e2b19923ad |
Critical | Networking and Firewall | Query details Documentation |
| RDS Associated with Public Subnet 16732649-4ff6-4cd2-8746-e72c13fae4b8 |
Critical | Networking and Firewall | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA af167837-9636-4086-b815-c239186b9dda |
High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 7db727c1-1720-468e-b80e-06697f71e09e |
High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions b5ed026d-a772-4f07-97f9-664ba0b116f8 |
High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to All Users a1ef9d2e-4163-40cb-bd92-04f0d602a15d |
High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 75480b31-f349-4b9a-861f-bce19588e674 |
High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals 53bce6a8-5492-4b1b-81cf-664385f0c4bf |
High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals d395a950-12ce-4314-a742-ac5a785ab44e |
High | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible 905f4741-f965-45c1-98db-f7a00a0e5c73 |
High | Access Control | Query details Documentation |
| SQS Policy Allows All Actions ed9b3beb-92cf-44d9-a9d2-171eeba569d4 |
High | Access Control | Query details Documentation |
| SQS Queue Exposed 86b0efa7-4901-4edd-a37a-c034bec6645a |
High | Access Control | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled 7674a686-e4b1-4a95-83d4-1fd53c623d84 |
High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted 7dfb316c-a6c2-454d-b8a2-97f147b0c0ff |
High | Encryption | Query details Documentation |
| EBS Volume Encryption Disabled 4b6012e7-7176-46e4-8108-e441785eae57 |
High | Encryption | Query details Documentation |
| EFS Not Encrypted 727c4fd4-d604-4df6-a179-7713d3c85e20 |
High | Encryption | Query details Documentation |
| ELB Using Weak Ciphers 2034fb37-bc23-4ca0-8d95-2b9f15829ab5 |
High | Encryption | Query details Documentation |
| Kinesis Not Encrypted With KMS f2ea6481-1d31-4d40-946a-520dc6321dd7 |
High | Encryption | Query details Documentation |
| Launch Configuration Is Not Encrypted 66477506-6abb-49ed-803d-3fa174cd5f6a |
High | Encryption | Query details Documentation |
| Redis Not Compliant 9f34885e-c08f-4d13-a7d1-cf190c5bd268 |
High | Encryption | Query details Documentation |
| Redshift Not Encrypted 6a647814-def5-4b85-88f5-897c19f509cd |
High | Encryption | Query details Documentation |
| S3 Bucket Without Server-side-encryption 594f54e7-f744-45ab-93e4-c6dbaf6cd571 |
High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key c09f4d3e-27d2-4d46-9453-abbe9687a64e |
High | Encryption | Query details Documentation |
| Batch Job Definition With Privileged Container Properties defe5b18-978d-4722-9325-4d1975d3699f |
High | Insecure Configurations | Query details Documentation |
| EC2 Group Has Public Interface 5330b503-3319-44ff-9b1c-00ee873f728a |
High | Insecure Configurations | Query details Documentation |
| KMS Key With Vulnerable Policy 5b9d237a-57d5-4177-be0e-71434b0fef47 |
High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible 5c6b727b-1382-4629-8ba9-abd1365e5610 |
High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40 |
High | Insecure Configurations | Query details Documentation |
| DB Security Group Open To Large Scope ea0ed1c7-9aef-4464-b7c7-94c762da3640 |
High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic 8010e17a-00e9-4635-a692-90d6bcec68bd |
High | Networking and Firewall | Query details Documentation |
| Public Port Wide 71ea648a-d31a-4b5a-a589-5674243f1c33 |
High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet eda7301d-1f3e-47cf-8d4e-976debc64341 |
High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 445dce51-7e53-4e50-80ef-7f94f14169e4 |
High | Networking and Firewall | Query details Documentation |
| Security Group Ingress Not Restricted ea6bc7a6-d696-4dcf-a788-17fa03c17c81 |
High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 722b0f24-5a64-4cca-aa96-cfc26b7e3a5b |
High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 83c5fa4c-e098-48fc-84ee-0a537287ddd2 |
High | Networking and Firewall | Query details Documentation |
| Hardcoded AWS Access Key c2f15af3-66a0-4176-a56e-e4711e502e5c |
High | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda f34508b9-f574-4330-b42d-88c44cced645 |
High | Secret Management | Query details Documentation |
| AMI Shared With Multiple Accounts a19b2942-142e-4e2b-93b7-6cf6a6c8d90f |
Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer b16cdb37-ce15-4ab2-8401-d42b05d123fc |
Medium | Access Control | Query details Documentation |
| Certificate Has Expired 5a443297-19d4-4381-9e5b-24faf947ec22 |
Medium | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group 8d03993b-8384-419b-a681-d1f55149397c |
Medium | Access Control | Query details Documentation |
| IAM Access Key Is Exposed 7f79f858-fbe8-4186-8a2c-dfd0d958a40f |
Medium | Access Control | Query details Documentation |
| IAM Group Without Users f509931b-bbb0-443c-bd9b-10e92ecf2193 |
Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User eafe4bc3-1042-4f88-b988-1939e64bf060 |
Medium | Access Control | Query details Documentation |
| IAM Policies With Full Privileges e401d614-8026-4f4b-9af9-75d1197461ba |
Medium | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services 12a7a7ce-39d6-49dd-923d-aeb4564eb66c |
Medium | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume babdedcf-d859-43da-9a7b-6d72e661a8fd |
Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard 1d972c56-8ec2-48c1-a578-887adb09c57a |
Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 5e92d816-2177-4083-85b4-f61b4f7176d9 |
Medium | Access Control | Query details Documentation |
| SES Policy With Allowed IAM Actions 8ed0bfce-f780-46d4-b086-21c3628f09ad |
Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access d994585f-defb-4b51-b6d2-c70f020ceb10 |
Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB 050f085f-a8db-4072-9010-2cca235cc02f |
Medium | Availability | Query details Documentation |
| CMK Is Unusable 133fee21-37ef-45df-a563-4d07edc169f4 |
Medium | Availability | Query details Documentation |
| RDS With Backup Disabled e69890e6-fce5-461d-98ad-cb98318dfc96 |
Medium | Backup | Query details Documentation |
| S3 Bucket Without Versioning 9232306a-f839-40aa-b3ef-b352001da9a5 |
Medium | Backup | Query details Documentation |
| Stack Retention Disabled 17d5ba1d-7667-4729-b1a6-b11fde3db7f7 |
Medium | Backup | Query details Documentation |
| AMI Not Encrypted 97707503-a22c-4cd7-b7c0-f088fa7cf830 |
Medium | Encryption | Query details Documentation |
| CA Certificate Identifier Is Outdated 5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce |
Medium | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP a6d27cf7-61dc-4bde-ae08-3b353b609f76 |
Medium | Encryption | Query details Documentation |
| CodeBuild Not Encrypted a1423864-2fbc-4f46-bfe1-fbbf125c71c9 |
Medium | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 730a5951-2760-407a-b032-dd629b55c23a |
Medium | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 0ed012a4-9199-43d2-b9e4-9bd049a48aa4 |
Medium | Encryption | Query details Documentation |
| Secure Ciphers Disabled 218413a0-c716-4b94-9e08-0bb70d854709 |
Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled e1e7b278-2a8b-49bd-a26e-66a7f70b17eb |
Medium | Encryption | Query details Documentation |
| API Gateway Without SSL Certificate b47b98ab-e481-4a82-8bb1-1ab39fd36e33 |
Medium | Insecure Configurations | Query details Documentation |
| Certificate RSA Key Bytes Lower Than 256 d5ec2080-340a-4259-b885-f833c4ea6a31 |
Medium | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 d0c13053-d2c8-44a6-95da-d592996e9e67 |
Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable 60bfbb8a-c72f-467f-a6dd-a46b7d612789 |
Medium | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 01aec7c2-3e4d-4274-ae47-2b8fea22fd1f |
Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket with Unsecured CORS Rule 3505094c-f77c-4ba0-95da-f83db712f86c |
Medium | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate fb8f8929-afeb-4c46-99f0-a6cf410f7df4 |
Medium | Insecure Defaults | Query details Documentation |
| ALB Listening on HTTP f81d63d2-c5d7-43a4-a5b5-66717a41c895 |
Medium | Networking and Firewall | Query details Documentation |
| API Gateway Endpoint Config is Not Private 559439b2-3e9c-4739-ac46-17e3b24ec215 |
Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF f5f38943-664b-4acc-ab11-f292fa10ed0b |
Medium | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 22c80725-e390-4055-8d14-a872230f6607 |
Medium | Networking and Firewall | Query details Documentation |
| EC2 Instance Has Public IP a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1 |
Medium | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled d6c2d06f-43c1-488a-9ba1-8d75b40fc62d |
Medium | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet a14ad534-acbe-4a8e-9404-2f7e1045646e |
Medium | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 57ced4b9-6ba4-487b-8843-b65562b90c77 |
Medium | Networking and Firewall | Query details Documentation |
| SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 7af1c447-c014-4f05-bd8b-ebe3a15734ac |
Medium | Networking and Firewall | Query details Documentation |
| API Gateway With CloudWatch Logging Disabled 72a931c2-12f5-40d1-93cc-47bff2f7aa2a |
Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled d31cb911-bf5b-4eb6-9fc3-16780c77c7bd |
Medium | Observability | Query details Documentation |
| CloudTrail Logging Disabled d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5 |
Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d |
Medium | Observability | Query details Documentation |
| No Stack Policy ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9 |
Medium | Resource Management | Query details Documentation |
| Authentication Without MFA eee107f9-b3d8-45d3-b9c6-43b5a7263ce1 |
Low | Access Control | Query details Documentation |
| ECS Service Without Running Tasks f5c45127-1d28-4b49-a692-0b97da1c3a84 |
Low | Availability | Query details Documentation |
| Automatic Minor Upgrades Disabled 857f8808-e96a-4ba8-a9b7-f2d4ec6cad94 |
Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing b25398a2-0625-4e61-8e4d-a1bb23905bf6 |
Low | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length 8bc2168c-1723-4eeb-a6f3-a1ba614b9a6d |
Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 3ddf3417-424d-420d-8275-0724dc426520 |
Low | Best Practices | Query details Documentation |
| Misconfigured Password Policy Expiration 3f2cf811-88fa-4eda-be45-7a191a18aba9 |
Low | Best Practices | Query details Documentation |
| Password Without Reuse Prevention 6f5f5444-1422-495f-81ef-24cefd61ed2c |
Low | Best Practices | Query details Documentation |
| EFS Without Tags b8a9852c-9943-4973-b8d5-77dae9352851 |
Low | Build Process | Query details Documentation |
| Stack Without Template 32d31f1f-0f83-4721-b7ec-1e6948c60145 |
Low | Build Process | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS f5587077-3f57-4370-9b4e-4eb5b1bac85b |
Low | Encryption | Query details Documentation |
| EFS Without KMS bd77554e-f138-40c5-91b2-2a09f878608e |
Low | Encryption | Query details Documentation |
| AWS Password Policy With Unchangeable Passwords e28ceb92-d588-4166-aac5-766c8f5b7472 |
Low | Insecure Configurations | Query details Documentation |
| Instance With No VPC 61d1a2d0-4db8-405a-913d-5d2ce49dff6f |
Low | Insecure Configurations | Query details Documentation |
| Lambda Function Without Tags 265d9725-2fb8-42a2-bc57-3279c5db82d5 |
Low | Insecure Configurations | Query details Documentation |
| EC2 Instance Using Default VPC 8833f180-96f1-46f4-9147-849aafa56029 |
Low | Networking and Firewall | Query details Documentation |
| ElastiCache Using Default Port 7cc6c791-5f68-4816-a564-b9b699f9d26e |
Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC 5527dcfc-94f9-4bf6-b7d4-1b78850cf41f |
Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port 2cb674f6-32f9-40be-97f2-62c0dc38f0d5 |
Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port e01de151-a7bd-4db4-b49b-3c4775a5e881 |
Low | Networking and Firewall | Query details Documentation |
| API Gateway X-Ray Disabled 2059155b-27fd-441e-b616-6966c468561f |
Low | Observability | Query details Documentation |
| CloudTrail Log File Validation Disabled 4d8681a2-3d30-4c89-8070-08acd142748e |
Low | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 6ad087d7-a509-4b20-b853-9ef6f5ebaa98 |
Low | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch ebb2118a-03bc-4d53-ab43-d8750f5cb8d3 |
Low | Observability | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 5ba316a9-c466-4ec1-8d5b-bc6107dc9a92 |
Low | Observability | Query details Documentation |
| CMK Rotation Disabled af96d737-0818-4162-8c41-40d969bd65d1 |
Low | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled a2fdf451-89dd-451e-af92-bf6c0f4bab96 |
Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 71397b34-1d50-4ee1-97cb-c96c34676f74 |
Low | Observability | Query details Documentation |
| Stack Notifications Disabled d39761d7-94ab-45b0-ab5e-27c44e381d58 |
Low | Observability | Query details Documentation |
| EC2 Not EBS Optimized 338b6cab-961d-4998-bb49-e5b6a11c9a5c |
Info | Best Practices | Query details Documentation |
| CloudWatch Without Retention Period Specified e24e18d9-4c2b-4649-b3d0-18c088145e24 |
Info | Observability | Query details Documentation |
AZURE¶
Below are listed queries related to Ansible AZURE:
| Query | Severity | Category | More info |
|---|---|---|---|
| CosmosDB Account IP Range Filter Not Set e8c80448-31d8-4755-85fc-6dbab69c2717 |
Critical | Networking and Firewall | Query details Documentation |
| Redis Entirely Accessible 0d0c12b9-edce-4510-9065-13f6a758750c |
Critical | Networking and Firewall | Query details Documentation |
| Redis Publicly Accessible 0632d0db-9190-450a-8bb3-c283bffea445 |
Critical | Networking and Firewall | Query details Documentation |
| SQLServer Ingress From Any IP f4e9ff70-0f3b-4c50-a713-26cbe7ec4039 |
Critical | Networking and Firewall | Query details Documentation |
| Unrestricted SQL Server Access 3f23c96c-f9f5-488d-9b17-605b8da5842f |
Critical | Networking and Firewall | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive ca4df748-613a-4fbf-9c76-f02cbd580307 |
High | Access Control | Query details Documentation |
| Public Storage Account 35e2f133-a395-40de-a79d-b260d973d1bd |
High | Access Control | Query details Documentation |
| Storage Container Is Publicly Accessible 4d3817db-dd35-4de4-a80d-3867157e7f7f |
High | Access Control | Query details Documentation |
| Azure Container Registry With No Locks 581dae78-307d-45d5-aae4-fe2b0db267a5 |
High | Insecure Configurations | Query details Documentation |
| Security Group is Not Configured da4f2739-174f-4cdd-b9ef-dc3f14b5931f |
High | Insecure Configurations | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 0ac9abbc-6d7a-41cf-af23-2e57ddb3dbfc |
High | Networking and Firewall | Query details Documentation |
| Admin User Enabled For Container Registry 29f35127-98e6-43af-8ec1-201b79f99604 |
Medium | Access Control | Query details Documentation |
| AKS RBAC Disabled 149fa56c-4404-4f90-9e25-d34b676d5b39 |
Medium | Access Control | Query details Documentation |
| Role Definition Allows Custom Role Creation 5c80db8e-03f5-43a2-b4af-1f3f87018157 |
Medium | Access Control | Query details Documentation |
| Key Vault Soft Delete Is Disabled 881696a8-68c5-4073-85bc-7c38a3deb854 |
Medium | Backup | Query details Documentation |
| Azure Instance Using Basic Authentication e2d834b7-8b25-4935-af53-4a60668dcbe0 |
Medium | Best Practices | Query details Documentation |
| MySQL SSL Connection Disabled 2a901825-0f3b-4655-a0fe-e0470e50f8e6 |
Medium | Encryption | Query details Documentation |
| SSL Enforce Disabled 961ce567-a16d-4d7d-9027-f0ec2628a555 |
Medium | Encryption | Query details Documentation |
| Storage Account Not Forcing HTTPS 2c99a474-2a3c-4c17-8294-53ffa5ed0522 |
Medium | Encryption | Query details Documentation |
| Storage Account Not Using Latest TLS Encryption Version c62746cf-92d5-4649-9acf-7d48d086f2ee |
Medium | Encryption | Query details Documentation |
| AD Admin Not Configured For SQL Server b176e927-bbe2-44a6-a9c3-041417137e5f |
Medium | Insecure Configurations | Query details Documentation |
| Redis Cache Allows Non SSL Connections 869e7fb4-30f0-4bdb-b360-ad548f337f2f |
Medium | Insecure Configurations | Query details Documentation |
| VM Not Attached To Network 1e5f5307-3e01-438d-8da6-985307ed25ce |
Medium | Insecure Configurations | Query details Documentation |
| Web App Accepting Traffic Other Than HTTPS eb8c2560-8bee-4248-9d0d-e80c8641dd91 |
Medium | Insecure Configurations | Query details Documentation |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache 69f72007-502e-457b-bd2d-5012e31ac049 |
Medium | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled 1bc398a8-d274-47de-a4c8-6ac867b353de |
Medium | Networking and Firewall | Query details Documentation |
| WAF Is Disabled For Azure Application Gateway 2fc5ab5a-c5eb-4ae4-b687-0f16fe77c255 |
Medium | Networking and Firewall | Query details Documentation |
| AKS Monitoring Logging Disabled d5e83b32-56dd-4247-8c2e-074f43b38a5e |
Medium | Observability | Query details Documentation |
| Log Retention Is Not Set 0461b4fd-21ef-4687-929e-484ee4796785 |
Medium | Observability | Query details Documentation |
| Monitoring Log Profile Without All Activities 89f84a1e-75f8-47c5-83b5-bee8e2de4168 |
Medium | Observability | Query details Documentation |
| PostgreSQL Log Checkpoints Disabled 7ab33ac0-e4a3-418f-a673-50da4e34df21 |
Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Not Set 7b47138f-ec0e-47dc-8516-e7728fe3cc17 |
Medium | Observability | Query details Documentation |
| PostgreSQL Log Disconnections Not Set 054d07b5-941b-4c28-8eef-18989dc62323 |
Medium | Observability | Query details Documentation |
| PostgreSQL Log Duration Not Set 729ebb15-8060-40f7-9017-cb72676a5487 |
Medium | Observability | Query details Documentation |
| PostgreSQL Server Without Connection Throttling a9becca7-892a-4af7-b9e1-44bf20a4cd9a |
Medium | Observability | Query details Documentation |
| SQL Server Predictable Active Directory Account Name 530e8291-2f22-4bab-b7ea-306f1bc2a308 |
Low | Best Practices | Query details Documentation |
| SQL Server Predictable Admin Account Name 663062e9-473d-4e87-99bc-6f3684b3df40 |
Low | Best Practices | Query details Documentation |
| Cosmos DB Account Without Tags 23a4dc83-4959-4d99-8056-8e051a82bc1e |
Low | Build Process | Query details Documentation |
| AKS Network Policy Misconfigured 8c3bedf1-c570-4c3b-b414-d068cd39a00c |
Low | Insecure Configurations | Query details Documentation |
| Small Activity Log Retention Period 37fafbea-dedb-4e0d-852e-d16ee0589326 |
Low | Observability | Query details Documentation |
CONFIG¶
Below are listed queries related to Ansible CONFIG:
| Query | Severity | Category | More info |
|---|---|---|---|
| Allow Unsafe Lookups Enabled 86b97bb4-85c9-462d-8635-cbc057c5c8c5 |
High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Using Become Plugin 404908b6-4954-4611-98f0-e8ceacdabcb1 |
Medium | Access Control | Query details Documentation |
| Communication over HTTP d7dc9350-74bc-485b-8c85-fed22d276c43 |
Medium | Insecure Configurations | Query details Documentation |
| Logging of Sensitive Data c6473dae-8477-4119-88b7-b909b435ce7b |
Low | Best Practices | Query details Documentation |
GCP¶
Below are listed queries related to Ansible GCP:
| Query | Severity | Category | More info |
|---|---|---|---|
| Cloud Storage Anonymous or Publicly Accessible 086031e1-9d4a-4249-acb3-5bfe4c363db2 |
Critical | Access Control | Query details Documentation |
| SQL DB Instance Publicly Accessible 7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b |
Critical | Insecure Configurations | Query details Documentation |
| BigQuery Dataset Is Public 2263b286-2fe9-4747-a0ae-8b4768a2bbd2 |
High | Access Control | Query details Documentation |
| SQL DB Instance With SSL Disabled d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb |
High | Encryption | Query details Documentation |
| Client Certificate Disabled 20180133-a0d0-4745-bfe0-94049fbb12a9 |
High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Contained Database Authentication On 6d34aff3-fdd2-460c-8190-756a3b4969e8 |
High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Cross DB Ownership Chaining On 9e0c33ed-97f3-4ed6-8be9-bcbf3f65439f |
High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled 300a9964-b086-41f7-9378-b6de3ba1c32b |
High | Insecure Configurations | Query details Documentation |
| MySQL Instance With Local Infile On a7b520bb-2509-4fb0-be05-bc38f54c7a4c |
High | Insecure Configurations | Query details Documentation |
| RDP Access Is Not Restricted 75418eb9-39ec-465f-913c-6f2b6a80dc77 |
High | Networking and Firewall | Query details Documentation |
| VM With Full Cloud Access bc20bbc6-0697-4568-9a73-85af1dd97bdd |
Medium | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled 0c82eae2-aca0-401f-93e4-fb37a0f9e5e8 |
Medium | Backup | Query details Documentation |
| Disk Encryption Disabled 092bae86-6105-4802-99d2-99cd7e7431f3 |
Medium | Encryption | Query details Documentation |
| DNSSEC Using RSASHA1 6cf4c3a7-ceb0-4475-8892-3745b84be24a |
Medium | Encryption | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use b28bcd2f-c309-490e-ab7c-35fc4023eb26 |
Medium | Encryption | Query details Documentation |
| Cloud DNS Without DNSSEC 80b15fb1-6207-40f4-a803-6915ae619a03 |
Medium | Insecure Configurations | Query details Documentation |
| Cluster Master Authentication Disabled 9df7f78f-ebe3-432e-ac3b-b67189c15518 |
Medium | Insecure Configurations | Query details Documentation |
| GKE Basic Authentication Enabled 344bf8ab-9308-462b-a6b2-697432e40ba1 |
Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled d58c6f24-3763-4269-9f5b-86b2569a003b |
Medium | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled ed672a9f-fbf0-44d8-a47d-779501b0db05 |
Medium | Insecure Configurations | Query details Documentation |
| Network Policy Disabled 98e04ca0-34f5-4c74-8fec-d2e611ce2790 |
Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled In VM Instance 66dae697-507b-4aef-be18-eec5bd707f33 |
Medium | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 3b30e3d6-c99b-4318-b38f-b99db74578b5 |
Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 18d3a83d-4414-49dc-90ea-f0387b2856cc |
Medium | Insecure Configurations | Query details Documentation |
| Using Default Service Account 2775e169-e708-42a9-9305-b58aadd2c4dd |
Medium | Insecure Configurations | Query details Documentation |
| GKE Using Default Service Account dc126833-125a-40fb-905a-ce5f2afde240 |
Medium | Insecure Defaults | Query details Documentation |
| Compute Instance Is Publicly Accessible 829f1c60-2bab-44c6-8a21-5cd9d39a2c82 |
Medium | Networking and Firewall | Query details Documentation |
| GKE Master Authorized Networks Disabled d43366c5-80b0-45de-bbe8-2338f4ab0a83 |
Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Default Firewall Rule 29b8224a-60e9-4011-8ac2-7916a659841f |
Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows All Ports 3602d273-3290-47b2-80fa-720162b1a8af |
Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled 11bd3554-cd56-4257-8e25-7aaf30cf8f5f |
Medium | Networking and Firewall | Query details Documentation |
| Serial Ports Are Enabled For VM Instances c6fc6f29-dc04-46b6-99ba-683c01aff350 |
Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted b2fbf1df-76dd-4d78-a6c0-e538f4a9b016 |
Medium | Networking and Firewall | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 507df964-ad97-4035-ab14-94a82eabdfdd |
Medium | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled 7814ddda-e758-4a56-8be3-289a81ded929 |
Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Disabled d7a5616f-0a3f-4d43-bc2b-29d1a183e317 |
Medium | Observability | Query details Documentation |
| PostgreSQL log_checkpoints Flag Not Set To ON 89afe3f0-4681-4ce3-89ed-896cebd4277c |
Medium | Observability | Query details Documentation |
| Stackdriver Logging Disabled 19c9e2a0-fc33-4264-bba1-e3682661e8f7 |
Medium | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled 20dcd953-a8b8-4892-9026-9afa6d05a525 |
Medium | Observability | Query details Documentation |
| Node Auto Upgrade Disabled d6e10477-2e19-4bcd-b8a8-19c65b89ccdf |
Medium | Resource Management | Query details Documentation |
| High Google KMS Crypto Key Rotation Period f9b7086b-deb8-4034-9330-d7fd38f1b8de |
Medium | Secret Management | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 099b4411-d11e-4537-a0fc-146b19762a79 |
Medium | Secret Management | Query details Documentation |
| Cluster Labels Disabled fbe9b2d0-a2b7-47a1-a534-03775f3013f7 |
Low | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used be41f891-96b1-4b9d-b74f-b922a918c778 |
Low | Insecure Configurations | Query details Documentation |
| PostgreSQL Misconfigured Logging Duration Flag aed98a2a-e680-497a-8886-277cea0f4514 |
Low | Insecure Configurations | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows Port Range 7289eebd-a477-4064-8ad4-3c044bd70b00 |
Low | Networking and Firewall | Query details Documentation |
| Google Compute Subnetwork with Private Google Access Disabled 6a4080ae-79bd-42f6-a924-8f534c1c018b |
Low | Networking and Firewall | Query details Documentation |
| PostgreSQL Logging Of Temporary Files Disabled d6fae5b6-ada9-46c0-8b36-3108a2a2f77b |
Low | Observability | Query details Documentation |
| PostgreSQL Misconfigured Log Messages Flag 28a757fc-3d8f-424a-90c0-4233363b2711 |
Low | Observability | Query details Documentation |
HOSTS¶
Below are listed queries related to Ansible HOSTS:
| Query | Severity | Category | More info |
|---|---|---|---|
| Ansible Tower Exposed To Internet 1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc |
Medium | Best Practices | Query details Documentation |
SHARED (V2/V3)¶
Below are listed queries related to Ansible SHARED (V2/V3):
| Query | Severity | Category | More info |
|---|---|---|---|
| Privilege Escalation Using Become Plugin 0e75052f-cc02-41b8-ac39-a78017527e95 |
Medium | Access Control | Query details Documentation |
| Communication Over HTTP 2e8d4922-8362-4606-8c14-aa10466a1ce3 |
Medium | Insecure Configurations | Query details Documentation |
| Insecure Relative Path Resolution 8d22ae91-6ac1-459f-95be-d37bd373f244 |
Low | Best Practices | Query details Documentation |
| Logging of Sensitive Data 59029ddf-e651-412b-ae7b-ff6d403184bc |
Low | Best Practices | Query details Documentation |
| Unpinned Package Version c05e2c20-0a2c-4686-b1f8-5f0a5612d4e8 |
Low | Supply-Chain | Query details Documentation |
| Risky File Permissions 88841d5c-d22d-4b7e-a6a0-89ca50e44b9f |
Info | Supply-Chain | Query details Documentation |