diff --git a/README.md b/README.md index 873d4874a..93a3d1763 100755 --- a/README.md +++ b/README.md @@ -50,20 +50,4 @@ The above report was generated by running Scout Suite against https://github.com Additional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki). There are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks. -## NCC Scout - -Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice. - -It features: - -- Persistent monitoring - so you know about changes or issues as they arise -- One tool - all configuration checks in one place for speed and simplicity -- Multi-vendor support - AWS, Azure and GCP public cloud accounts -- Agnostic platform - a trusted third-party tool - -Additional details can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/NCC-Scout). - -**NCC Scout now has a free tier under our "Freemium" offering**. -This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring. - diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-exists.json b/ScoutSuite/providers/aws/rules/findings/iam-user-exists.json new file mode 100755 index 000000000..adcc63e9e --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-exists.json @@ -0,0 +1,31 @@ +{ + "description": "IAM User Exists", + "rationale": "In an account whose external access is managed through some SSO system, there should normally be no Users. IAM Users in such an environment are, as often than not, either old and forgotten or created by some dev looking for a shortcut.", + "remediation": "Remove all users in the AWS account", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.2" + } + ], + "references": [ + ], + "dashboard_name": "Users", + "path": "iam.users.id", + "conditions": [[ "iam.users.id", "moreThan", "0" ]], + "keys": [ + "iam.users.id" + ], + "id_suffix": "iam_user_exists" +} diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index b3afbb226..f085a5f4e 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -805,6 +805,12 @@ "level": "danger" } ], + "iam-user-exists.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kms-cmk-rotation-disabled.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index d1043c5c1..058604f24 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -834,6 +834,12 @@ "level": "danger" } ], + "iam-user-exists.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kms-cmk-rotation-disabled.json": [ { "enabled": true,