GET /cspm/rules
This endpoint returns information on the rules currently used by Cloud Security to run checks on your cloud accounts.
Request
Format
GET /cspm/rules/{id}Parameters
Parameter | Type | Optional | Description |
|---|---|---|---|
| String | Yes | The ID of the rule you want to display the information for. If this parameter is not specified in the request, the response will include information for all the rules applicable across your cloud accounts. |
Examples
Request information for all rules available on your cloud accounts:
GET/cspm/rules
Request information for rule 0010fb5f-06a1-4afd-9f59-f01c76******:
GET/cspm/rules/0010fb5f-06a1-4afd-9f59-f01c76******
Response
Format
{
"data": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f******",
"type": "rule",
"attributes": {
"name": "string",
"version": 0,
"title": "string",
"original_severity": "informational",
"description": "string",
"implication": "string",
"recommendation": "string",
"references": "string"
},
"relationships": {
"controls": {
"data": [
{
"id": "string",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "string",
"section_id": "string"
}
}
]
}
},
"links": {
"self": "string"
}
}
],
"links": {
"self": "string",
"next": "string"
},
"meta": {
"total": 0,
"elapsed": 0
}
}Attributes
Attribute | Type | Description |
|---|---|---|
| Array | A list of attributes containing information on a specific rule. |
| String | The ID of the rule. |
| String | The type of the rule. Possible values: |
| Array | Provides rule information. |
| String | The name of the rule. |
| Integer | The version of the rule currently being used. |
| String | The title of the rule. |
| String | Only displays rules that, when failed, result in findings of these severities. Possible values: |
| Array | Provides links relevant to this rule. |
| String | A direct link this rule information. |
The below attributes are returned only when requesting information for all rules applicable to your cloud accounts (no | ||
| Array | Provides links that allow you navigate between pages. |
| String | A direct link this rule information. |
| String | A direct link the next rule information. |
| Array | Provides overall information regarding to the information returned by the request. |
| Integer | The total number of results returned by your request. |
| Integer | The number of results you have viewed, including the one being displayed. |
Examples
Information was requested for all rules available for your cloud accounts:
{
"data": [
{
"id": "0010fb5f-06a1-4afd-9f59-f01c76******",
"type": "rule",
"attributes": {
"name": "cloud_scan/aws/iam/access_key_rotation_90_days",
"version": 1,
"title": "IAM User Access Key Rotated Every 90 days",
"original_severity": "high",
"description": "It was discovered that one or more access keys belonging to IAM Users have not been rotated for at least 90 days.\n\nAn IAM user is an entity that you create in AWS. The IAM user represents the person or service who uses the IAM user to interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user. You can also clone the permissions of an existing IAM user, which automatically makes the new user a member of the same groups and attaches all the same policies.\n\nAccess keys are long-term credentials for an IAM user or the AWS account root user.\n\nAccess keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services.\n\nAs a security best practice, we recommend that you regularly rotate (change) IAM user access keys. If your administrator granted you the necessary permissions, you can rotate your own access keys.",
"implication": "Rotating access keys reduces the window of opportunity for an access key that is associated with a compromised or terminated account to be used.\n\nAccess keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.",
"recommendation": "It is recommended to rotate IAM access keys every 90 days.\n\n1. Sign in to the IAM dashboard at https://console.aws.amazon.com/iam/.\n2. Click **Users** in the navigation panel.\n3. Click on the IAM user whose access key you want to rotate.\n4. Select the **Security Credentials** tab\n5. Click **Create Access Key** to create a new set of access keys.\n6. Save out the credentials to somewhere on your machine. \n - IMPORTANT: You will not have access to the secret access key again after this dialog box closes.\n7. Click **Close** to return to the configuration page. You should now see two active access keys.\n8. Update your application and replace the existing access key ID and secret access key with the new ones. Test to make sure that the new key pair is working.\n9. Select the previous key and click **Make Inactive**. The access key status should change from Active to Inactive.\n10. Once you are sure that no applications are using the original key, return to the IAM user page and remove the old access key by clicking the cross button against each access key.\n11. Click **Delete** to remove the old key.\n",
"references": "- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html"
},
"relationships": {
"controls": {
"data": [
{
"id": "CC6.0.24",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "sg-pdpa-26-2012",
"section_id": "CC6"
}
},
{
"id": "10.54",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "bnm-rmit",
"section_id": "10"
}
},
{
"...": "..."
}
]
}
},
"links": {
"self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/rules/0010fb5f-06a1-4afd-9f59-f01c76******"
}
},
{
"id": "00e9ee7e-ff8e-4cba-b81b-8fd530******",
"type": "rule",
"attributes": {
"name": "cloud_scan/aws/iam/password_policy_require_symbols",
"version": 1,
"title": "IAM Password Policy - Symbols Required Not Configured",
"original_severity": "medium",
"description": "It was discovered that one or more AWS account(s) has a weak IAM Password Policy which is not configured with symbols being required.",
"implication": "Ensuring AWS IAM users are required to create strong passwords through setting a robust IAM Password Policy will reduce the risk of password-guessing and brute-force attacks.",
"recommendation": "It is recommended to enable the option which requires the use of symbols in passwords for the IAM Password Policy on all AWS accounts.\n\n1. Open the Identity and Access Management (IAM) dashboard at https://console.aws.amazon.com/iam/.\n2. Click on **Account Settings** under AWS Account header on the left navigation menu.\n3. Ensure the **Require at least one non-alphanumeric character** option of the Password Policy form is selected.\n4. Click **Apply password policy** to save changes.",
"references": "- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html"
},
"relationships": {
"controls": {
"data": [
{
"id": "I.c.2.g",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "seojk-29-2022",
"section_id": "I"
}
},
{
"id": "sec.1.6",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "aws-waf",
"section_id": "sec"
}
},
{
"...": "..."
}
]
}
},
"links": {
"self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/rules/00e9ee7e-ff8e-4cba-b81b-8fd530******"
}
},
{
"...": "..."
}
],
"links": {
"self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/rules?page_limit=500",
"next": null
},
"meta": {
"total": 395,
"elapsed": 395
}
}Request information for rule 0010fb5f-06a1-4afd-9f59-f01c76******:
{
"data": {
"id": "0010fb5f-06a1-4afd-9f59-f01c76******",
"type": "rule",
"attributes": {
"name": "cloud_scan/aws/iam/access_key_rotation_90_days",
"version": 1,
"title": "IAM User Access Key Rotated Every 90 days",
"original_severity": "high",
"description": "It was discovered that one or more access keys belonging to IAM Users have not been rotated for at least 90 days.\n\nAn IAM user is an entity that you create in AWS. The IAM user represents the person or service who uses the IAM user to interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user. You can also clone the permissions of an existing IAM user, which automatically makes the new user a member of the same groups and attaches all the same policies.\n\nAccess keys are long-term credentials for an IAM user or the AWS account root user.\n\nAccess keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services.\n\nAs a security best practice, we recommend that you regularly rotate (change) IAM user access keys. If your administrator granted you the necessary permissions, you can rotate your own access keys.",
"implication": "Rotating access keys reduces the window of opportunity for an access key that is associated with a compromised or terminated account to be used.\n\nAccess keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.",
"recommendation": "It is recommended to rotate IAM access keys every 90 days.\n\n1. Sign in to the IAM dashboard at https://console.aws.amazon.com/iam/.\n2. Click **Users** in the navigation panel.\n3. Click on the IAM user whose access key you want to rotate.\n4. Select the **Security Credentials** tab\n5. Click **Create Access Key** to create a new set of access keys.\n6. Save out the credentials to somewhere on your machine. \n - IMPORTANT: You will not have access to the secret access key again after this dialog box closes.\n7. Click **Close** to return to the configuration page. You should now see two active access keys.\n8. Update your application and replace the existing access key ID and secret access key with the new ones. Test to make sure that the new key pair is working.\n9. Select the previous key and click **Make Inactive**. The access key status should change from Active to Inactive.\n10. Once you are sure that no applications are using the original key, return to the IAM user page and remove the old access key by clicking the cross button against each access key.\n11. Click **Delete** to remove the old key.\n",
"references": "- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html"
},
"relationships": {
"controls": {
"data": [
{
"id": "AC-2(1)",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "nist-sp-800-53-r5",
"section_id": "AC"
}
},
{
"id": "8.3.10.1",
"type": "control",
"meta": {
"compliance_type": "system_compliance",
"compliance_id": "pci-dss-v4-0",
"section_id": "8"
}
},
{
"...": "..."
}
]
}
},
"links": {
"self": "https://api.staging.cs.gravityzone.bitdefender.com/v1/cspm/rules/0010fb5f-06a1-4afd-9f59-f01c76******"
}
}
}