├── .bumpversion.cfg ├── .dockerignore ├── .env-sample ├── .gitignore ├── Azure_Security_Stages.xml ├── CONTRIBUTING.md ├── Dockerfile ├── HISTORY.rst ├── MANIFEST.in ├── Makefile ├── README.md ├── README.rst ├── alpine.Dockerfile ├── azure_cis_scanner ├── azure_cis_scanner.ipynb ├── controller.py ├── credentials.py ├── generate_latex_tables.py ├── modules │ ├── logging_and_monitoring.py │ ├── networking.py │ ├── other_security_considerations.py │ ├── security_center.py │ ├── sql_servers.py │ ├── storage_accounts.py │ └── virtual_machines.py ├── report │ ├── app-test.py │ ├── app.py │ ├── cis_structure.yaml │ ├── manage.py │ ├── render_utils.py │ ├── settings.py │ ├── static │ │ ├── base.css │ │ └── style.css │ └── templates │ │ ├── base.html │ │ ├── finding.html │ │ ├── index.html │ │ ├── service.html │ │ └── site.html ├── tests │ └── test_notes.py └── utils.py ├── bin └── azscan ├── cloudbuild.yaml ├── collaborators.txt ├── dev.Dockerfile ├── docker-compose-dev.yml ├── docker-compose.yml ├── example_scan ├── Pay-As-You-Go-510f92e0 │ ├── 2018-08-22 │ │ ├── filtered │ │ │ ├── logging_and_monitoring_filtered.json │ │ │ ├── networking_filtered.json │ │ │ ├── other_security_considerations_filtered.json │ │ │ ├── security_center_filtered.json │ │ │ ├── sql_servers_filtered.json │ │ │ ├── storage_accounts_filtered.json │ │ │ └── virtual_machines_filtered.json │ │ └── raw │ │ │ ├── activity_log_alerts.json │ │ │ ├── activity_logs.json │ │ │ ├── keyvault_keys_and_secrets_metadata.json │ │ │ ├── keyvaults.json │ │ │ ├── locked_resources.json │ │ │ ├── monitor_diagnostic_settings.json │ │ │ ├── monitor_log_profiles.json │ │ │ ├── network_flows.json │ │ │ ├── network_security_groups.json │ │ │ ├── network_watcher.json │ │ │ ├── resource_diagnostic_settings.json │ │ │ ├── resource_groups.json │ │ │ ├── resource_ids_for_diagnostic_settings.json │ │ │ ├── security_center.json │ │ │ ├── sql_databases.json │ │ │ ├── sql_server_policies.json │ │ │ ├── sql_servers.json │ │ │ ├── storage_accounts.json │ │ │ └── virtual_machines.json │ └── 2018-08-23 │ │ ├── filtered │ │ ├── logging_and_monitoring_filtered.json │ │ ├── networking_filtered.json │ │ ├── other_security_considerations_filtered.json │ │ ├── security_center_filtered.json │ │ ├── sql_servers_filtered.json │ │ ├── storage_accounts_filtered.json │ │ └── virtual_machines_filtered.json │ │ └── raw │ │ ├── activity_log_alerts.json │ │ ├── activity_logs.json │ │ ├── keyvault_keys_and_secrets_metadata.json │ │ ├── keyvaults.json │ │ ├── locked_resources.json │ │ ├── monitor_diagnostic_settings.json │ │ ├── monitor_log_profiles.json │ │ ├── network_flows.json │ │ ├── network_security_groups.json │ │ ├── network_watcher.json │ │ ├── resource_diagnostic_settings.json │ │ ├── resource_groups.json │ │ ├── resource_ids_for_diagnostic_settings.json │ │ ├── security_center.json │ │ ├── sql_databases.json │ │ ├── sql_server_policies.json │ │ ├── sql_servers.json │ │ ├── storage_accounts.json │ │ └── virtual_machines.json ├── accounts.json └── credentials_tuples.json ├── frozen_requirements.txt ├── images ├── Azure_Security_Stages.png ├── azure_cis_scanner_git_vuln_scan.png ├── cis_test_azure_scanner_files.png ├── cis_test_secure_transfer_graph.png └── cis_test_vm_section.png ├── install ├── alpine.sh ├── ubuntu.sh └── windows.ps1 ├── permissions ├── log_alert_remediation.json.j2 ├── minimal_tester_role.json.j2 └── permissions.sh ├── remediations └── logging_and_monitoring_remediations.py ├── requirements.txt ├── run.sh ├── sample_deploy ├── azurecli-quickstart │ └── test_deploy.sh ├── azurecli │ └── sql_databases.sh ├── powershell │ └── test_deploy.ps1 └── terraform-azure │ ├── apply_all.py │ ├── common │ ├── common.tf │ └── variables.tf │ ├── destroy_all.py │ ├── keyvault │ ├── keyvault.tf │ ├── terraform.tfvars │ └── variables.tf │ ├── logging_monitoring │ ├── monitoring.tf │ ├── terraform.tfvars │ └── variables.tf │ ├── sql_database │ ├── sql_database.tf │ ├── terraform.tfvars │ └── variables.tf │ ├── storage │ ├── generate.sh │ ├── storage.tf │ ├── storage_vars.tpl │ ├── terraform.tfvars │ └── variables.tf │ ├── vault │ └── terraform.tf │ └── vm │ ├── snapshot.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── vm.tf ├── scans ├── .DS_Store └── .keep ├── setup.py └── stable.Dockerfile /.bumpversion.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/.bumpversion.cfg -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/.dockerignore -------------------------------------------------------------------------------- /.env-sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/.env-sample -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/.gitignore -------------------------------------------------------------------------------- /Azure_Security_Stages.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/Azure_Security_Stages.xml -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/Dockerfile -------------------------------------------------------------------------------- /HISTORY.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/HISTORY.rst -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/README.md -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/README.rst -------------------------------------------------------------------------------- /alpine.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/alpine.Dockerfile -------------------------------------------------------------------------------- /azure_cis_scanner/azure_cis_scanner.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/azure_cis_scanner.ipynb -------------------------------------------------------------------------------- /azure_cis_scanner/controller.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/controller.py -------------------------------------------------------------------------------- /azure_cis_scanner/credentials.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/credentials.py -------------------------------------------------------------------------------- /azure_cis_scanner/generate_latex_tables.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/generate_latex_tables.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/logging_and_monitoring.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/logging_and_monitoring.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/networking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/networking.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/other_security_considerations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/other_security_considerations.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/security_center.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/security_center.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/sql_servers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/sql_servers.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/storage_accounts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/storage_accounts.py -------------------------------------------------------------------------------- /azure_cis_scanner/modules/virtual_machines.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/modules/virtual_machines.py -------------------------------------------------------------------------------- /azure_cis_scanner/report/app-test.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /azure_cis_scanner/report/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/app.py -------------------------------------------------------------------------------- /azure_cis_scanner/report/cis_structure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/cis_structure.yaml -------------------------------------------------------------------------------- /azure_cis_scanner/report/manage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/manage.py -------------------------------------------------------------------------------- /azure_cis_scanner/report/render_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/render_utils.py -------------------------------------------------------------------------------- /azure_cis_scanner/report/settings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/settings.py -------------------------------------------------------------------------------- /azure_cis_scanner/report/static/base.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/static/base.css -------------------------------------------------------------------------------- /azure_cis_scanner/report/static/style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/static/style.css -------------------------------------------------------------------------------- /azure_cis_scanner/report/templates/base.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/templates/base.html -------------------------------------------------------------------------------- /azure_cis_scanner/report/templates/finding.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/templates/finding.html -------------------------------------------------------------------------------- /azure_cis_scanner/report/templates/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/templates/index.html -------------------------------------------------------------------------------- /azure_cis_scanner/report/templates/service.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/templates/service.html -------------------------------------------------------------------------------- /azure_cis_scanner/report/templates/site.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/report/templates/site.html -------------------------------------------------------------------------------- /azure_cis_scanner/tests/test_notes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/tests/test_notes.py -------------------------------------------------------------------------------- /azure_cis_scanner/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/azure_cis_scanner/utils.py -------------------------------------------------------------------------------- /bin/azscan: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/bin/azscan -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/cloudbuild.yaml -------------------------------------------------------------------------------- /collaborators.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/collaborators.txt -------------------------------------------------------------------------------- /dev.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/dev.Dockerfile -------------------------------------------------------------------------------- /docker-compose-dev.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/docker-compose-dev.yml -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/logging_and_monitoring_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/logging_and_monitoring_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/networking_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/networking_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/other_security_considerations_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/other_security_considerations_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/security_center_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/security_center_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/sql_servers_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/sql_servers_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/storage_accounts_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/storage_accounts_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/virtual_machines_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/filtered/virtual_machines_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/activity_log_alerts.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/activity_logs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/activity_logs.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/keyvault_keys_and_secrets_metadata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/keyvault_keys_and_secrets_metadata.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/keyvaults.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/keyvaults.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/locked_resources.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/monitor_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/monitor_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/monitor_log_profiles.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_flows.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_flows.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_security_groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_security_groups.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_watcher.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/network_watcher.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_groups.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_ids_for_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/resource_ids_for_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/security_center.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/security_center.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/sql_databases.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/sql_server_policies.json: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/sql_servers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/sql_servers.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/storage_accounts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/storage_accounts.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/virtual_machines.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-22/raw/virtual_machines.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/logging_and_monitoring_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/logging_and_monitoring_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/networking_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/networking_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/other_security_considerations_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/other_security_considerations_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/security_center_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/security_center_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/sql_servers_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/sql_servers_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/storage_accounts_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/storage_accounts_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/virtual_machines_filtered.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/filtered/virtual_machines_filtered.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/activity_log_alerts.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/activity_logs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/activity_logs.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/keyvault_keys_and_secrets_metadata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/keyvault_keys_and_secrets_metadata.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/keyvaults.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/keyvaults.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/locked_resources.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/monitor_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/monitor_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/monitor_log_profiles.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_flows.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_flows.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_security_groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_security_groups.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_watcher.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/network_watcher.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_groups.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_ids_for_diagnostic_settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/resource_ids_for_diagnostic_settings.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/security_center.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/security_center.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/sql_databases.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/sql_server_policies.json: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/sql_servers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/sql_servers.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/storage_accounts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/storage_accounts.json -------------------------------------------------------------------------------- /example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/virtual_machines.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/Pay-As-You-Go-510f92e0/2018-08-23/raw/virtual_machines.json -------------------------------------------------------------------------------- /example_scan/accounts.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/accounts.json -------------------------------------------------------------------------------- /example_scan/credentials_tuples.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/example_scan/credentials_tuples.json -------------------------------------------------------------------------------- /frozen_requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/frozen_requirements.txt -------------------------------------------------------------------------------- /images/Azure_Security_Stages.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/images/Azure_Security_Stages.png -------------------------------------------------------------------------------- /images/azure_cis_scanner_git_vuln_scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/images/azure_cis_scanner_git_vuln_scan.png -------------------------------------------------------------------------------- /images/cis_test_azure_scanner_files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/images/cis_test_azure_scanner_files.png -------------------------------------------------------------------------------- /images/cis_test_secure_transfer_graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/images/cis_test_secure_transfer_graph.png -------------------------------------------------------------------------------- /images/cis_test_vm_section.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/images/cis_test_vm_section.png -------------------------------------------------------------------------------- /install/alpine.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/install/alpine.sh -------------------------------------------------------------------------------- /install/ubuntu.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/install/ubuntu.sh -------------------------------------------------------------------------------- /install/windows.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/install/windows.ps1 -------------------------------------------------------------------------------- /permissions/log_alert_remediation.json.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/permissions/log_alert_remediation.json.j2 -------------------------------------------------------------------------------- /permissions/minimal_tester_role.json.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/permissions/minimal_tester_role.json.j2 -------------------------------------------------------------------------------- /permissions/permissions.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/permissions/permissions.sh -------------------------------------------------------------------------------- /remediations/logging_and_monitoring_remediations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/remediations/logging_and_monitoring_remediations.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/requirements.txt -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/run.sh -------------------------------------------------------------------------------- /sample_deploy/azurecli-quickstart/test_deploy.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/azurecli-quickstart/test_deploy.sh -------------------------------------------------------------------------------- /sample_deploy/azurecli/sql_databases.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/azurecli/sql_databases.sh -------------------------------------------------------------------------------- /sample_deploy/powershell/test_deploy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/powershell/test_deploy.ps1 -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/apply_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/apply_all.py -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/common/common.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/common/common.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/common/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/common/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/destroy_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/destroy_all.py -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/keyvault/keyvault.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/keyvault/keyvault.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/keyvault/terraform.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/keyvault/terraform.tfvars -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/keyvault/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/keyvault/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/logging_monitoring/monitoring.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/logging_monitoring/monitoring.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/logging_monitoring/terraform.tfvars: -------------------------------------------------------------------------------- 1 | alert_email = "kesten.broughton@praetorian.com" -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/logging_monitoring/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/logging_monitoring/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/sql_database/sql_database.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/sql_database/sql_database.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/sql_database/terraform.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/sql_database/terraform.tfvars -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/sql_database/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/sql_database/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/storage/generate.sh: -------------------------------------------------------------------------------- 1 | echo "start_time = `date \"+%Y-%m-%d\"`" >> terraform.tfvars 2 | -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/storage/storage.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/storage/storage.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/storage/storage_vars.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/storage/storage_vars.tpl -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/storage/terraform.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/storage/terraform.tfvars -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/storage/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/storage/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/vault/terraform.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/vault/terraform.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/vm/snapshot.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/vm/snapshot.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/vm/terraform.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/vm/terraform.tfvars -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/vm/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/vm/variables.tf -------------------------------------------------------------------------------- /sample_deploy/terraform-azure/vm/vm.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/sample_deploy/terraform-azure/vm/vm.tf -------------------------------------------------------------------------------- /scans/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/scans/.DS_Store -------------------------------------------------------------------------------- /scans/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/setup.py -------------------------------------------------------------------------------- /stable.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kbroughton/azure_cis_scanner/HEAD/stable.Dockerfile --------------------------------------------------------------------------------