Reflexive Security's repositories
reflex-cli
CLI Tool for Running Reflex Engine
reflex-aws-cloudwatch-alarms-deleted
Reflex AWS Rule to check when Cloudwatch Alarms are Deleted
reflex-aws-rds-deletion-protection-disabled
Rule to detect when deletion protection is disabled for an RDS instance.
reflex-aws-s3-versioning-disabled
A Reflex rule to alert when S3 bucket versioning is disabled
reflex-aws-account-password-policy-insecure
Rule to detect the deletion of an AWS account password policy.
reflex-aws-cloudwatch-logs-unencrypted
A Reflex Rule for enforcing CloudWatch log encryption.
reflex-aws-config-rule-deleted
Rule to detect the deletion of AWS Config Rules.
reflex-aws-ebs-snapshot-unencrypted
A Reflex Rule for detecting unencrypted EBS snapshots.
reflex-aws-ec2-ami-not-encrypted
Detective measure that alerts when an AMI is created that's not encrypted.
reflex-aws-ec2-instance-termination-protection-disabled
Rule that determines if termination protection has been disabled for an EC2 instance.
reflex-aws-ec2-security-group-open-ingress
Measure to detect when a security group with open to anywhere ingress is allowed.
reflex-aws-role-permissions-boundary-changed-or-deleted
Rule for detecting the modification or deletion of IAM Role permission boundary.
reflex-aws-root-user-activity
Reflex detective measure for any user activity by the root user
reflex-aws-s3-bucket-acl-public-access
Detect when a bucket has ACL rules that grant public access.
reflex-aws-s3-bucket-not-encrypted
Reflex rule that detects and remediates an S3 bucket with no SSE.
reflex-aws-s3-logging-not-enabled
Measure that detects when S3 logging is not enabled on a new bucket or disabled on an existing bucket.
reflex-aws-cloudfront-logging-disabled
Reflex rule to detect when Cloudfront logging is disabled
reflex-aws-cloudfront-viewer-tls-protocol
A Reflex rule to specify minimum tls version for CloudFront viewer
reflex-aws-cloudtrail-deleted
Rule to detect when a CloudTrail trail has been deleted.
reflex-aws-cloudtrail-log-file-validation-disabled
Rule to detect the disabling of log file validation for a CloudTrail trail.
reflex-aws-cloudtrail-not-encrypted
Rule to detect when a CloudTrail trail has been created or updated without encryption.
reflex-aws-ebs-public-snapshot
Measure that automatically sets an EBS snapshot to private if made public.
reflex-aws-kms-key-deletion-scheduled
A Reflex Rule for detecting the scheduling of KMS Keys for deletion.
reflex-aws-kms-key-rotation-disabled
A Reflex Rule for enforcing KMS Key rotation.
reflex-aws-rds-automated-backup-disabled
Rule to detect when automated backup is disabled for an RDS instance.
reflex-aws-rds-public-snapshot
Rule to detect the sharing of an RDS snapshot with the public.
reflex-aws-rds-snapshot-unencrypted
Rule to determine if a snapshot is created in an unencrypted state.
reflex-aws-s3-bucket-policy-public-access
Detect when a bucket has a Bucket Policy that grant public access.
reflex-aws-sqs-queue-not-encrypted
Enforces SQS queue encryption. Will encrypt queues with the default KMS key.
reflex-www
Placeholder website for Cloudmitigator