[PFR] More auditor changes and Check additions & MITRE ATT&CK time
jonrau1 opened this issue · comments
Jonathan Rau commented
Story
As the maintainer of ElectricEye I want to continue to improve Auditors, add Checks, have more "Pythonic" code so that ElectricEye continues to kickass and is prepared to go "Pro"...Also I'll forget if I don't write this down.
Definition of Done
- Revise the following Auditors, since their cache implementation/usage sucks
BackupDONE- Shodan
- Shield (also us-east-1 override)
- WAF (also us-east-1 override)
DocumentDBDONENeptuneDONE
- Add new Auditors/Checks to existing Auditors
- (NEW) Elastic Beanstalk: Enhanced health, managed platform updates, IMDSv2, more??
- Backup: FSx, Aurora, DocDB, Neptune, SGW, Audit reports
- DynamoDB: DAX Encryption
- RDS: Auto-updates, auto-snapshotting, Cluster checks, SSL enforcement for certain engines...
- MITRE ATT&CK Compliance mappings added where it makes sense
- Shodan checks
- Public accessible checks
- SG checks?
- Default user checks
- Cross-account/shared checks?
Nice to Have
New Auditor R&D / "Is this shit even possible?"
- Storage Gateway
- Athena THIS IS POSSIBLE
- Metrics
- Encryption for query results (vary levels on CSE/KMS/SSE)
- EMR-on-EKS
- Well-Architected Tool
Additional Information