- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.yaml files (309):

terraform/ecc-azure-362-vm_without_va_extension/iam/ecc-azure-362-vm_without_va_extension.yml
policies/ecc-azure-177-asb_waf_enabled_for_app_gateway.yml
policies/ecc-azure-129-nsg_postgresql.yml
policies/ecc-azure-056-cis_secret_exp.yml
policies/ecc-azure-043-cis_log_del_nsg.yml
policies/ecc-azure-071-51_cis_app_last_php.yml
policies/ecc-azure-161-asb_appconfig_private_link.yml
policies/ecc-azure-415-dep_depr_mysql_instance.yml
policies/ecc-azure-128-nsg_pop3.yml
policies/ecc-azure-008-cis_sa_sec_transfer_req.yml
policies/ecc-azure-163-asb_eg_domains_private_link.yml
policies/ecc-azure-015-cis_db_auditing_90d.yml
policies/ecc-azure-178-asb_waf_enabled_for_front_door.yml
policies/ecc-azure-101-cis_sec_defender_keyvaults.yml
policies/ecc-azure-334-cosmosdb_priveleged_escalation.yml
policies/ecc-azure-445-00_delete_unattached_disk.yml
policies/ecc-azure-372-cis_mysql_audit_log_events.yml
policies/ecc-azure-055-cis_key_exp_on.yml
policies/ecc-azure-439-disable_premium_ssd.yml
policies/ecc-azure-119-nsg_all.yml
policies/ecc-azure-143-asb_api_mgmt_vnet.yml
policies/ecc-azure-441-delete_empty_vmss.yml
policies/ecc-azure-354-acr_anonymous_pull.yml
policies/ecc-azure-044-cis_log_create_upd_solutions.yml
policies/ecc-azure-226-asb_reslogs_servicebus.yml
policies/ecc-azure-126-nsg_netbios.yml
policies/ecc-azure-435-dep_retired_appgw_conf.yml
policies/ecc-azure-455-11_last_dotNet_funcapp.yml
policies/ecc-azure-281-11_aks_non_vulnerable_version.yml
policies/ecc-azure-164-asb_eg_topics_private_link.yml
policies/ecc-azure-342-11_mssql_latest_tls.yml
policies/ecc-azure-184-asb_vm_linux_ssh_auth_req.yml
policies/ecc-azure-105-cis_sa_keys_regen.yml
policies/ecc-azure-108-cis_sa_tms.yml
policies/ecc-azure-150-asb_vm_net_access_protected_by_nsg.yml
policies/ecc-azure-455-51_last_dotNet_funcapp.yml
policies/ecc-azure-025-cis_db_mysql_ssl.yml
policies/ecc-azure-224-asb_reslogs_logicapps.yml
policies/ecc-azure-368-vmss_omi_vulnerability.yml
policies/ecc-azure-293-sql_data_replication_failover_groups.yml
policies/ecc-azure-310-asb_defender_open_source_rds.yml
policies/ecc-azure-343-postgresql_threat_detection_policy.yml
policies/ecc-azure-332-app_service_request_tracing.yml
policies/ecc-azure-170-asb_keyvault_private_endpoint.yml
policies/ecc-azure-333-iot_hub_public_access.yml
policies/ecc-azure-305-51_cis_storage_account_minimum_tls.yml
policies/ecc-azure-424-dep_vm_w_diag_ext.yml
policies/ecc-azure-094-cis_sec_defender_servers.yml
policies/ecc-azure-379-cis_appservice_http_logs.yml
policies/ecc-azure-167-asb_spring_cloud_net_injection.yml
policies/ecc-azure-442-delete_unused_lb.yml
policies/ecc-azure-358-synapse_workspace_managed_vnet.yml
policies/ecc-azure-267-51_asb_java_funcapp.yml
policies/ecc-azure-172-asb_mysql_private_endpoint.yml
policies/ecc-azure-098-cis_sec_defender_storages.yml
policies/ecc-azure-155-asb_mssql_public_access_disabled.yml
policies/ecc-azure-004-cis_sec_auto_provisioning.yml
policies/ecc-azure-433-11_dep_appenv_latest_tls.yml
policies/ecc-azure-007-cis_sec_owners_email_notifications.yml
policies/ecc-azure-283-aks_reslogs_aks.yml
policies/ecc-azure-106-cis_sa_logging_queue.yml
policies/ecc-azure-095-cis_sec_defender_app.yml
policies/ecc-azure-430-dep_dotNet_funcapp.yml
policies/ecc-azure-241-asb_certif_func.yml
policies/ecc-azure-416-dep_depr_postgresql_instance.yml
policies/ecc-azure-428-11_dep_eventgrid_latest_tls.yml
policies/ecc-azure-367-vm_omi_vulnerability.yml
policies/ecc-azure-231-asb_vm_wo_ama.yml
policies/ecc-azure-151-asb_vm_disable_ip_forward.yml
policies/ecc-azure-326-data_explorer_cmk.yml
policies/ecc-azure-057-cis_key_recoverable.yml
policies/ecc-azure-228-asb_guest_extension.yml
policies/ecc-azure-227-asb_reslogs_vmss.yml
policies/ecc-azure-205-asb_acs_ecnrypted_cmk.yml
policies/ecc-azure-168-asb_acs_private_link.yml
policies/ecc-azure-238-asb_cors_web.yml
policies/ecc-azure-453-11_vm_deallocated_instance.yml
policies/ecc-azure-222-asb_reslogs_iot.yml
policies/ecc-azure-313-cis_postgresql_log_min_messages.yml
policies/ecc-azure-294-vm_availability_set.yml
policies/ecc-azure-445-11_delete_unattached_disk.yml
policies/ecc-azure-300-11_app_gateway_tls_version.yml
policies/ecc-azure-010-cis_sa_net_defaultAction.yml
policies/ecc-azure-342-51_mssql_latest_tls.yml
policies/ecc-azure-036-cis_log_storage_cont_access.yml
policies/ecc-azure-157-asb_mysql_public_access_disabled.yml
policies/ecc-azure-012-cis_sa_enc.yml
policies/ecc-azure-130-nsg_smtp.yml
policies/ecc-azure-147-asb_cognitive_disable_public_access.yml
policies/ecc-azure-131-nsg_telnet.yml
policies/ecc-azure-413-dep_vm_w_mma.yml
policies/ecc-azure-032-cis_db_aad_admin.yml
policies/ecc-azure-324-data_explorer_double_encryption.yml
policies/ecc-azure-181-asb_web_app_managed_identity.yml
policies/ecc-azure-351-sql_mode.yml
policies/ecc-azure-448-00_vm_stopped_instance.yml
policies/ecc-azure-355-ml_min_cluster_nodes.yml
policies/ecc-azure-336-vmss_encryption_at_host.yml
policies/ecc-azure-327-data_factory_git_repo.yml
policies/ecc-azure-337-vm_antimalware_auto_updates.yml
policies/ecc-azure-064-cis_app_ftp_disabled.yml
policies/ecc-azure-418-cis_app_deprecated_python.yml
policies/ecc-azure-414-dep_vmss_w_mma.yml
policies/ecc-azure-200-asb_auto_acc_encrypted.yml
policies/ecc-azure-066-cis_log_delete_policy.yml
policies/ecc-azure-180-asb_func_app_managed_identity.yml
policies/ecc-azure-434-dep_retired_storage_classic.yml
policies/ecc-azure-071-11_cis_app_last_php.yml
policies/ecc-azure-451-11_delete_unused_waf.yml
policies/ecc-azure-347-mysql_cmk.yml
policies/ecc-azure-422-dep_depr_mariadb_instance.yml
policies/ecc-azure-440-enable_lifecycle_sa.yml
policies/ecc-azure-282-aks_temp_disks_and_cache_encryptedathost.yml
policies/ecc-azure-206-asb_service_fabric_property.yml
policies/ecc-azure-357-databricks_public_access.yml
policies/ecc-azure-258-asb_remotedebug_web.yml
policies/ecc-azure-356-api_mgmt_client_cert.yml
policies/ecc-azure-235-asb_k8s_policy.yml
policies/ecc-azure-046-cis_log_create_update_sql.yml
policies/ecc-azure-174-asb_sa_private_link.yml
policies/ecc-azure-049-cis_net_ssh.yml
policies/ecc-azure-286-aks_network_policy.yml
policies/ecc-azure-277-asb_geo_mysql.yml
policies/ecc-azure-318-cis_postgresql_log_line_prefix_set_correctly.yml
policies/ecc-azure-329-batch_cmk.yml
policies/ecc-azure-045-cis_log_del_solutions.yml
policies/ecc-azure-103-cis_sec_mcas.yml
policies/ecc-azure-319-cis_postgresql_log_min_error_statement.yml
policies/ecc-azure-427-dep_powershell_funcapp.yml
policies/ecc-azure-053-cis_vm_attached_disks.yml
policies/ecc-azure-116-cis_vm_endpoint_protection.yml
policies/ecc-azure-325-data_explorer_disc_encryption.yml
policies/ecc-azure-454-11_last_powershell_funcapp.yml
policies/ecc-azure-048-cis_net_rdp.yml
policies/ecc-azure-042-cis_log_create_upd_nsg.yml
policies/ecc-azure-419-cis_app_deprecated_php.yml
policies/ecc-azure-166-asb_signalr_private_link.yml
policies/ecc-azure-030-cis_db_postgresql_connection_throttling.yml
policies/ecc-azure-142-asb_vm_net_ports_restrict.yml
policies/ecc-azure-145-asb_cosmosdb_fw_rules.yml
policies/ecc-azure-437-51_dep_redis_latest_tls.yml
policies/ecc-azure-267-11_asb_java_funcapp.yml
policies/ecc-azure-417-cis_app_deprecated_java.yml
policies/ecc-azure-431-dep_retired_frontdoor_classic.yml
policies/ecc-azure-362-vm_without_va_extension.yml
policies/ecc-azure-444-11_delete_old_snapshot.yml
policies/ecc-azure-378-cis_nsg_flow_log_analytics.yml
policies/ecc-azure-412-cis_tpm_and_secure_boot.yml
policies/ecc-azure-197-asb_vm_disk_encryption_on.yml
policies/ecc-azure-123-nsg_microsoft_ds.yml
policies/ecc-azure-100-cis_sec_defender_acr.yml
policies/ecc-azure-257-asb_remotedebug_func.yml
policies/ecc-azure-453-00_vm_deallocated_instance.yml
policies/ecc-azure-110-cis_sa_logging_table.yml
policies/ecc-azure-202-asb_azl_encrypt_cmk.yml
policies/ecc-azure-027-cis_db_postgresql_log_connections.yml
policies/ecc-azure-299-function_app_health_check.yml
policies/ecc-azure-122-cis_nsg_http.yml
policies/ecc-azure-300-51_app_gateway_tls_version.yml
policies/ecc-azure-016-cis_db_sql_ads_atp.yml
policies/ecc-azure-061-11_cis_app_last_tls.yml
policies/ecc-azure-220-asb_reslogs_synapseanalytics.yml
policies/ecc-azure-072-cis-app-keyvaults.yml
policies/ecc-azure-272-asb_scaleset.yml
policies/ecc-azure-028-cis_db_postgresql_log_disconnections.yml
policies/ecc-azure-068-cis_log_del_nsg_rule.yml
policies/ecc-azure-436-dep_retired_unmanaged_disk.yml
policies/ecc-azure-039-cis_log_create_policy.yml
policies/ecc-azure-002-cis_iam_owner_roles.yml
policies/ecc-azure-339-kv_secrets_content_type.yml
policies/ecc-azure-287-aks_azure_cni_networking.yml
policies/ecc-azure-067-cis_log_create_upd_nsg_rule.yml
policies/ecc-azure-124-nsg_mongo_db.yml
policies/ecc-azure-232-asb_vmss_wo_ama.yml
policies/ecc-azure-132-vm_wo_del_lock.yml
policies/ecc-azure-284-aks_disks_encrypted.yml
policies/ecc-azure-033-cis_db_sql_tde_protector.yml
policies/ecc-azure-117-cis_vm_vhd_encrypted.yml
policies/ecc-azure-448-11_vm_stopped_instance.yml
policies/ecc-azure-097-cis_sec_defender_sql_machines.yml
policies/ecc-azure-365-resource_tag_api_management.yml
policies/ecc-azure-127-nsg_oracle_db.yml
policies/ecc-azure-321-cis_postgresql_log_statement_set_correctly.yml
policies/ecc-azure-348-mysql_harden_usage_for_local_infile.yml
policies/ecc-azure-340-appgw_waf_log4j.yml
policies/ecc-azure-323-linux_vmss_ssh.yml
policies/ecc-azure-058-cis_aks_rbac.yml
policies/ecc-azure-052-cis_net_udp.yml
policies/ecc-azure-374-cis_activity_log_alert_delete_pip.yml
policies/ecc-azure-295-sql_avoid_ad_admin_name.yml
policies/ecc-azure-059-cis_app_auth_set.yml
policies/ecc-azure-279-aks_local_auth_disabled.yml
policies/ecc-azure-225-asb_reslogs_search.yml
policies/ecc-azure-070-51_cis_app_last_python.yml
policies/ecc-azure-317-cis_postgresql_log_error_verbosity_set_correctly.yml
policies/ecc-azure-006-cis_sec_high_sev_notifications.yml
policies/ecc-azure-345-mysql_infrastructure_encryption.yml
policies/ecc-azure-444-00_delete_old_snapshot.yml
policies/ecc-azure-013-cis_db_auditing_on.yml
policies/ecc-azure-346-11_mysql_latest_tls.yml
policies/ecc-azure-344-mysql_threat_detection_policy.yml
policies/ecc-azure-070-11_cis_app_last_python.yml
policies/ecc-azure-302-redis_cache_disabled_public_access.yml
policies/ecc-azure-005-cis_sec_email.yml
policies/ecc-azure-451-00_delete_unused_waf.yml
policies/ecc-azure-201-asb_cosmosdb_encrypt_cmk.yml
policies/ecc-azure-425-dep_vmss_w_diag_ext.yml
policies/ecc-azure-234-asb_guest_extension_mi.yml
policies/ecc-azure-376-cis_defender_cosmodb.yml
policies/ecc-azure-137-storage_replication.yml
policies/ecc-azure-289-acr_admin_user_disabled.yml
policies/ecc-azure-173-asb_postgresql_private_endpoint.yml
policies/ecc-azure-349-mysql_max_user_connections.yml
policies/ecc-azure-120-nsg_dns.yml
policies/ecc-azure-301-redis_cache_fw_rules.yml
policies/ecc-azure-125-nsg_mysql.yml
policies/ecc-azure-341-front_door_waf_log4j.yml
policies/ecc-azure-203-asb_postgresql_encrypt_cmk.yml
policies/ecc-azure-031-cis_db_postgresql_log_retention_days.yml
policies/ecc-azure-426-dep_nsg_w_flow_logs.yml
policies/ecc-azure-433-51_dep_appenv_latest_tls.yml
policies/ecc-azure-065-51_cis_app_last_http.yml
policies/ecc-azure-275-asb_vm_backup.yml
policies/ecc-azure-296-sql_avoid_local_admin_name.yml
policies/ecc-azure-176-asb_ddos_protection_enabled.yml
policies/ecc-azure-054-cis_vm_unattached_disks.yml
policies/ecc-azure-298-function_app_service_logging.yml
policies/ecc-azure-291-storage_accounts_regions.yml
policies/ecc-azure-159-asb_sa_restrict_net_access_vnet_rules.yml
policies/ecc-azure-218-asb_reslogs_stream.yml
policies/ecc-azure-133-vm_wo_tags.yml
policies/ecc-azure-069-11_cis_app_last_java.yml
policies/ecc-azure-237-asb_cors_func.yml
policies/ecc-azure-371-cis_mysql_audit_log_enabled.yml
policies/ecc-azure-311-cis_postgresql_logging_collector.yml
policies/ecc-azure-280-aks_private_clusters.yml
policies/ecc-azure-331-app_service_detailed_error_messages.yml
policies/ecc-azure-182-asb_service_fabric_aad_auth.yml
policies/ecc-azure-278-asb_geo_postgresql.yml
policies/ecc-azure-304-app_gateway_https.yml
policies/ecc-azure-011-cis_sa_soft_del.yml
policies/ecc-azure-144-asb_aks_auth_ip_ranges.yml
policies/ecc-azure-024-cis_db_postgresql_ssl.yml
policies/ecc-azure-214-asb_defender_arm.yml
policies/ecc-azure-037-cis_log_sa_activ_logs.yml
policies/ecc-azure-281-51_aks_non_vulnerable_version.yml
policies/ecc-azure-113-cis_vm_utilizing_managed_disks.yml
policies/ecc-azure-270-51_asb_python_funcapp.yml
policies/ecc-azure-060-cis_app_https.yml
policies/ecc-azure-454-51_last_powershell_funcapp.yml
policies/ecc-azure-061-51_cis_app_last_tls.yml
policies/ecc-azure-204-asb_cognitive_sa_encrypt_cmk.yml
policies/ecc-azure-353-vmss_auto_image_patching.yml
policies/ecc-azure-213-asb_lt_defender_dns.yml
policies/ecc-azure-158-asb_postgresql_public_access_disabled.yml
policies/ecc-azure-290-acr_resource_locks.yml
policies/ecc-azure-148-asb_cognitive_disable_net_access.yml
policies/ecc-azure-069-51_cis_app_last_java.yml
policies/ecc-azure-121-nsg_ftp.yml
policies/ecc-azure-026-cis_db_postgresql_log_checkpoints.yml
policies/ecc-azure-109-cis_sa_logging_blob.yml
policies/ecc-azure-014-cis_db_sql_db_encryption_on.yml
policies/ecc-azure-449-vm_idle_cpu_utilization.yml
policies/ecc-azure-370-cis_cosmosdb_private_endpoint.yml
policies/ecc-azure-359-synapse_workspace_data_exfiltration_protection.yml
policies/ecc-azure-050-cis_net_db_firewall.yml
policies/ecc-azure-446-delete_unused_ip.yml
policies/ecc-azure-065-11_cis_app_last_http.yml
policies/ecc-azure-160-asb_nsg_assoc_subnet.yml
policies/ecc-azure-111-cis_db_postgre_access.yml
policies/ecc-azure-421-asb_deprecated_python_funcapp.yml
policies/ecc-azure-099-cis_sec_defender_aks.yml
policies/ecc-azure-165-asb_ml_workspaces_private_link.yml
policies/ecc-azure-350-mysql_slow_query_log_permissions.yml
policies/ecc-azure-219-asb_reslogs_batch.yml
policies/ecc-azure-215-asb_networktraffic_linuxvm.yml
policies/ecc-azure-305-11_cis_storage_account_minimum_tls.yml
policies/ecc-azure-288-aks_cluster_pool_contains_nodes.yml
policies/ecc-azure-009-cis_sa_private.yml
policies/ecc-azure-102-cis_sec_defender_wdatp.yml
policies/ecc-azure-240-asb_certif_web.yml
policies/ecc-azure-314-cis_postgresql_debug_print_plan_disabled.yml
policies/ecc-azure-270-11_asb_python_funcapp.yml
policies/ecc-azure-149-asb_acs_not_allow_unrestr_access.yml
policies/ecc-azure-364-resource_tag_activity_log_alert.yml
policies/ecc-azure-373-cis_activity_log_alert_create_or_update_pip.yml
policies/ecc-azure-112-cis_net_netwatcher.yml
policies/ecc-azure-199-asb_redis_ssl.yml
policies/ecc-azure-428-51_dep_eventgrid_latest_tls.yml
policies/ecc-azure-328-data_factory_cmk.yml
policies/ecc-azure-420-asb_deprecated_java_funcapp.yml
policies/ecc-azure-216-asb_networktraffic_winvm.yml
policies/ecc-azure-423-dep_retired_spring_instance.yml
policies/ecc-azure-306-cis_postgresql_infrastructure_double_enc.yml
policies/ecc-azure-038-cis_log_keyvaults.yml
policies/ecc-azure-096-cis_sec_defender_azure_sql.yml
policies/ecc-azure-437-11_dep_redis_latest_tls.yml
policies/ecc-azure-162-asb_redis_cache_reside_vnet.yml
policies/ecc-azure-346-51_mysql_latest_tls.yml
policies/ecc-azure-146-asb_keyvault_disable_public_access.yml
policies/ecc-azure-429-dep_retired_vm_skus.yml
policies/ecc-azure-369-cis_sa_infrastructure_encryption.yml
.github/workflows/changelog.yml
non-compatible/policies/ecc-azure-196-asb_sql_managed_instance_atp.yml
non-compatible/policies/ecc-azure-139-snapshots.yml
non-compatible/policies/ecc-azure-265-asb_sqlmi.yml
non-compatible/policies/ecc-azure-141-asb_fw_traffic_route.yml
non-compatible/policies/ecc-azure-207-asb_sql_managed_inst_cmk.yml
non-compatible/policies/ecc-azure-152-asb_vm_jit_port_protection.yml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.gitkeep files (8):

terraform/ecc-azure-277-asb_geo_mysql/green/.gitkeep
terraform/ecc-azure-277-asb_geo_mysql/.gitkeep
terraform/ecc-azure-277-asb_geo_mysql/red/.gitkeep
terraform/ecc-azure-277-asb_geo_mysql/iam/.gitkeep
terraform/ecc-azure-278-asb_geo_postgresql/green/.gitkeep
terraform/ecc-azure-278-asb_geo_postgresql/.gitkeep
terraform/ecc-azure-278-asb_geo_postgresql/red/.gitkeep
terraform/ecc-azure-278-asb_geo_postgresql/iam/.gitkeep
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*. files (3):

LICENSE
version
version-custodian
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -