Skip to content

Commit

Permalink
Merge branch 'dev' of https://github.com/kexa-io/helm-charts into dev
Browse files Browse the repository at this point in the history
  • Loading branch information
@aeppling
aeppling committed Sep 16, 2024
2 parents 6a18504 + 1759e5c commit cbe071b
Show file tree
Hide file tree
Showing 21 changed files with 2,692 additions and 0 deletions.
133 changes: 133 additions & 0 deletions kexa-chart/files/rules/AwsComplianceSetRules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
- version: 1.0.0
date: 02-23-2024
alert:
fatal:
enabled: true
type:
- log
#- email
to:
- [email protected]
error:
enabled: true
type:
- log
#- email
#- sms
to:
- [email protected]
warning:
enabled: true
type:
- log
#- email
to:
- [email protected]
info:
enabled: true
type:
- log
#- email
to:
- [email protected]
global:
enabled: true
type:
- log
#- webhook
#- sms
#- email
to:
#- http://127.0.0.1:5000/test
- [email protected]
conditions:
- level: 0
min: 1
- level: 1
min: 1
- level: 2
min: 1
- level: 3
min: 1
rules:
- name: "aws-rg-tagsvalue-check-for-expiration-date"
description: "this rule is to check if tags contain an expiration date (separate with \"-\")"
applied: false
level: 1
cloudProvider: aws
objectName: KexaAwsCustoms.tagsValueListing
conditions:
- property: name
condition: REGEX
value: '\b\d{1,4}[-]\d{1,4}[-]\d{1,4}\b'
# need to define behavior
- name: "aws-resources-tags-key-value-check"
description: "this rule is to check if tags and their value match your tagging policy"
applied: false
level: 1
cloudProvider: aws
objectName: KexaAwsCustoms.resourcesTags
conditions:
- property: Tags
condition: ALL
value:
- operator: OR
criteria:
- operator: AND
criteria:
- property: Key
condition : EQUAL
value : Name
- property: Value
condition: DIFFERENT
value: null
- operator: AND
criteria:
- property: Key
condition : EQUAL
value : Environment
- property: Value
condition : REGEX
value : ^(prod|dev)$
- operator: AND
criteria:
- property: Key
condition : EQUAL
value : AmazonECSManaged
- property: Value
condition : REGEX
value : ^(true|false)$
# need to define behavior
- name: "aws-user-tags-check"
description: "this rule is to check if tags contain an expiration date (separate with \"-\")"
applied: false
level: 1
cloudProvider: aws
objectName: IAMClient.UserTags
conditions:
- property: Tags
condition: ALL
value:
- property: Key
condition : REGEX
value : ^AKIA
- property: Value
condition: DIFFERENT
value: 'titi'
# need to define behavior
- name: "aws-instance-profile-tags-check"
description: "this rule is to check if tags contain an expiration date (separate with \"-\")"
applied: false
level: 1
cloudProvider: aws
objectName: IAMClient.InstanceProfileTags
conditions:
- property: Tags
condition: ALL
value:
- property: Key
condition : REGEX
value : ^AKIA
- property: Value
condition: DIFFERENT
value: 'titi'
111 changes: 111 additions & 0 deletions kexa-chart/files/rules/AzureComplianceSetRules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
- version: 1.0.0
date: 02-23-2024
alert:
fatal:
enabled: true
type:
- log
#- email
to:
- [email protected]
error:
enabled: true
type:
- log
#- email
#- sms
to:
- [email protected]
warning:
enabled: true
type:
- log
#- email
to:
- [email protected]
info:
enabled: true
type:
- log
#- email
to:
- [email protected]
global:
enabled: true
type:
- log
#- webhook
#- sms
#- email
to:
#- http://127.0.0.1:5000/test
- [email protected]
conditions:
- level: 0
min: 1
- level: 1
min: 1
- level: 2
min: 1
- level: 3
min: 1
rules:
# Azure tag/value checking
- name: "azure-tags-check"
description: "this rule is to check on azure tags for a specific pattern"
applied: true
level: 1
cloudProvider: azure
objectName: ResourceManagementClient.tagsOperations
conditions:
- operator: OR
criteria:
- operator: AND
criteria:
- property: tagName
condition: EQUAL
value: environment
- property: values
condition: ALL
value:
- property: tagValue
condition: REGEX
value : ^(npr|prd)$
- operator: AND
criteria:
- property: tagName
condition: EQUAL
value: billing
- property: values
condition: ALL
value:
- property: tagValue
condition: REGEX
value : ^(project1|project2)$
# Azure naming convention : resouceType-WorkloadApplication-Environment-Region-Instance
# Example : pip-sharepoint-prod-westus-001
- name: "azure-resources-name-convention-check"
description: "this rule is to check on azure resources name for a Azure naming convention pattern"
applied: true
level: 1
cloudProvider: azure
objectName: ResourceManagementClient.resources
conditions:
- property: name
condition: REGEX
value: '^[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+-[a-zA-Z0-9]+$'
- name: "azure-check-logs"
description: "this rule is to check logs"
applied: true
level: 1
cloudProvider: azure
objectName: OperationalInsightsManagementClient.operationStatuses
conditions:
- operator: OR
criteria:
- property: tagName
condition: REGEX
value: 'ExpirationDate'
- property: tagName
condition: REGEX
value: 'expirationdate'
Loading

0 comments on commit cbe071b

Please sign in to comment.