Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify rule description #98

Merged
merged 3 commits into from
Sep 5, 2024
Merged

Clarify rule description #98

merged 3 commits into from
Sep 5, 2024

Conversation

austintraver
Copy link
Contributor

QA Checklist

Alerts Rule Packs

  • Does a related alert already exist, and should it be tweaked or added to instead?
    Yes! See below:
  • Test each query to make sure it works
  • Look for hardcoded variables/parameter values in the query
  • Consider Severity for Alerts
  • Spellcheck
  • Use all caps for J1QL keywords and relationship classes
  • Upload the alerts rule pack JSON into JupiterOne to validate

@austintraver austintraver requested a review from a team as a code owner February 6, 2024 22:02
@austintraver
Copy link
Contributor Author

I'm open to rewording it further, but the current wording of this alert leads the developer to think this rule is checking that a non-default security group is attached to EC2 instances or an ENI.

@SeaBlooms
Copy link
Contributor

Thanks @austintraver we will review

SeaBlooms
SeaBlooms reviewed Feb 8, 2024
View reviewed changes
rule-packs/aws-config.json Outdated
@@ -921,7 +921,7 @@
},
{
"name": "ec2-security-group-attached-to-eni",
"description": "Checks that non-default security groups are attached to EC2 instances or an ENI.",
"description": "Checks that any non-default security groups are in use and attached to EC2 instances or an ENI.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The J1QL includes '!PROTECTS' which indicates that the non-default SecGroups returned are not configured to protect any EC2 instances or ENIs.. they could be configured to protect another resource type (or none at all)

A more accurate description could be "Checks for any existing non-default security groups which are not configured to protect an EC2 instance or an ENI."

@SeaBlooms SeaBlooms merged commit 93aa0ce into JupiterOne:main Sep 5, 2024
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SeaBlooms SeaBlooms SeaBlooms approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@austintraver @SeaBlooms