Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule to check if secrets are rotated every 90 days #1402

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Rule to check if secrets are rotated every 90 days #1402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions ScoutSuite/providers/aws/rules/findings/secretsmanager-lack-of-secrets-rotation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"description": "Lack of Secrets Rotation",
"rationale": "Rotating secrets can help you to reduce the risk of an unauthorized use of your secrets in your AWS account. Examples include database credentials, passwords, third-party API keys, and even arbitrary text. If you do not change your secrets for a long period of time, the secrets are more likely to be compromised.\n\nAs more users get access to a secret, it can become more likely that someone mishandled and leaked it to an unauthorized entity. Secrets can be leaked through logs and cache data. They can be shared for debugging purposes and not changed or revoked once the debugging completes. For all these reasons, secrets should be rotated frequently.",
"references": [
"https://docs.aws.amazon.com/console/securityhub/SecretsManager.4/remediation"
],
"dashboard_name": "secrets",
"display_path": "secrets.secretsmanager.regions.id.secrets",
"path": "secretsmanager.regions.id.secrets.id",
"conditions": [
"and",
[
"secretsmanager.regions.id.secrets.id.last_changed_date",
"olderThan",
[
"90",
"days"
]
]
]
}
6 changes: 6 additions & 0 deletions ScoutSuite/providers/aws/rules/rulesets/default.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1161,6 +1161,12 @@
"level": "danger"
}
],
"secretsmanager-lack-of-secrets-rotation.json": [
{
"enabled": false,
"level": "warning"
}
],
"ses-identity-dkim-not-enabled.json": [
{
"enabled": true,
Expand Down
6 changes: 6 additions & 0 deletions ScoutSuite/providers/aws/rules/rulesets/detailed.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1190,6 +1190,12 @@
"level": "danger"
}
],
"secretsmanager-lack-of-secrets-rotation.json": [
{
"enabled": false,
"level": "warning"
}
],
"ses-identity-dkim-not-enabled.json": [
{
"enabled": true,
Expand Down