Releases: vmware-samples/secureclouds-remediation-jobs
Releases · vmware-samples/secureclouds-remediation-jobs
release/v1.4.0
Release notes:
New remediation jobs added for Azure:
- Enable Soft Delete for Storage Account BlobService (azure_storage_soft_delete_not_enabled)
- Enable Logging for Key Vault (azure_key_vault_logging_for_keyvault_enabled)
- Enable SQL Server Auditing (azure_sql_auditing_on_server)
- Enable Transparent Data Encryption for SQL Database (azure_sql_data_encryption_on)
- Configure Storage Account Encryption at rest with Customer Managed Keys
(azure_storage_encryption_at_rest_not_configured_with_customer_managed_key)
release/v1.3.0
Release notes:
- Cleanup for logs
- New remediation jobs added:
- Enable DDoS protection for Virtual Network
- Enable Threat Detection for SQL Database Server
- Set Storage Account Default Network Access to Deny
- Enable Elastic Load Balancer access logs
release/v1.2.0
Release notes:
Added applicable rule information for jobs
Updated remediation job payload
release/v1.1.0
Release notes :
Added remediation job support for Azure
- azure_blob_remove_public_access
- azure_network_security_group_close_port_22
- azure_network_security_group_close_port_3389
- azure_storage_account_allow_https_traffic_only
- azure_vm_close_port_22
Bug fixes
- s3_enable_logging_job keeps adding ACL permissions
release/v1.0.0
Release notes:
Update list of minimal permissions needed for S3 access logging
Added s3:ListBucket to minimum_policy.json
Added more meaningful error when the user doesn't have the correct permissions for S3 access logging job
Refactored constraints hashes
Added a check to ensure S3 logging bucket does not log to itself