nccgroup · alexanderdean111 · Jul 5, 2023 · Sep 22, 2023 · Oct 31, 2023 · Oct 31, 2023
diff --git a/README.md b/README.md
@@ -50,20 +50,4 @@ The above report was generated by running Scout Suite against https://github.com
 Additional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki). 
 There are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks.
 
-## NCC Scout 
-
-Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.
-
-It features:
-
-- Persistent monitoring - so you know about changes or issues as they arise
-- One tool - all configuration checks in one place for speed and simplicity
-- Multi-vendor support - AWS, Azure and GCP public cloud accounts
-- Agnostic platform - a trusted third-party tool
-
-Additional details can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/NCC-Scout).
-
-**NCC Scout now has a free tier under our "Freemium" offering**. 
-This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring.
-
 
diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-exists.json b/ScoutSuite/providers/aws/rules/findings/iam-user-exists.json
@@ -0,0 +1,31 @@
+{
+    "description": "IAM User Exists",
+    "rationale": "In an account whose external access is managed through some SSO system, there should normally be no Users. IAM Users in such an environment are, as often than not, either old and forgotten or created by some dev looking for a shortcut.",
+    "remediation": "Remove all users in the AWS account",
+    "compliance": [
+        {
+            "name": "CIS Amazon Web Services Foundations",
+            "version": "1.0.0",
+            "reference": "1.2"
+        },
+        {
+            "name": "CIS Amazon Web Services Foundations",
+            "version": "1.1.0",
+            "reference": "1.2"
+        },
+        {
+            "name": "CIS Amazon Web Services Foundations",
+            "version": "1.2.0",
+            "reference": "1.2"
+        }
+    ],
+    "references": [
+    ],
+    "dashboard_name": "Users",
+    "path": "iam.users.id",
+    "conditions": [[ "iam.users.id", "moreThan", "0" ]],
+    "keys": [
+        "iam.users.id"
+    ],
+    "id_suffix": "iam_user_exists"
+}
diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json
@@ -805,6 +805,12 @@
                 "level": "danger"
             }
         ],
+        "iam-user-exists.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
         "kms-cmk-rotation-disabled.json": [
             {
                 "enabled": true,

diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json
@@ -834,6 +834,12 @@
                 "level": "danger"
             }
         ],
+        "iam-user-exists.json": [
+            {
+                "enabled": true,
+                "level": "warning"
+            }
+        ],
         "kms-cmk-rotation-disabled.json": [
             {
                 "enabled": true,