action_trail_enabledaction_trail_oss_bucket_not_publiccs_kubernetes_cluster_ipvlan_enabledcs_kubernetes_cluster_network_policy_enabledecs_disk_encryption_enabledecs_instance_with_no_legacy_networkecs_security_group_remote_administrationecs_security_group_restrict_ingress_rdp_allecs_security_group_restrict_ingress_ssh_allecs_unattached_disk_encryption_enabledmanual_controloss_bucket_encrypted_with_byokoss_bucket_encrypted_with_servcie_keyoss_bucket_enforces_ssloss_bucket_logging_enabledoss_bucket_public_access_blockedram_account_password_policy_min_length_14ram_account_password_policy_one_lowercase_letterram_account_password_policy_one_numberram_account_password_policy_one_symbolram_account_password_policy_one_uppercase_letterram_account_password_policy_reuse_5ram_password_policy_expire_90ram_password_policy_max_login_attempts_5ram_root_account_mfa_enabledram_root_account_no_access_keysram_root_account_unusedram_user_access_key_rotated_90ram_user_console_access_mfa_enabledram_user_no_policiesram_user_unused_90rds_instance_postgresql_log_connections_parameter_onrds_instance_postgresql_log_disconnections_parameter_onrds_instance_postgresql_log_duration_parameter_onrds_instance_restrict_access_to_internetrds_instance_sql_audit_enabledrds_instance_sql_audit_retention_period_180_daysrds_instance_ssl_enabledrds_instance_tde_enabledsecurity_center_advanced_or_enterprise_edition
Query: manual_control
Usage
powerpipe query alicloud_compliance.query.manual_controlSteampipe Tables
SQL
select 'arn:acs:::' || account_id as resource, 'info' as status, 'Manual verification required.' as reason , account_id as account_idfrom alicloud_account;
Controls
The query is being used by the following controls:
- 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
- 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
- 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
- 2.13 Ensure log monitoring and alerts are set up for VPC changes
- 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
- 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
- 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
- 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
- 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
- 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
- 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
- 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
- 2.22 Ensure a log monitoring and alerts are set up for security group changes
- 2.23 Ensure that Logstore data retention period is set 365 days or greater
- 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
- 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
- 2.5 Ensure virtual network flow log service is enabled
- 2.6 Ensure Anti-DDoS access and security log service is enabled
- 2.7 Ensure Web Application Firewall access and security log service is enabled
- 2.8 Ensure Cloud Firewall access and security log analysis is enabled
- 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
- 3.3 Ensure VPC flow logging is enabled in all VPCs
- 3.4 Ensure routing tables for VPC peering are 'least access'
- 3.5 Ensure the security group are configured with fine grained rules
- 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied
- 5.2 Ensure that there are no publicly accessible objects in storage buckets
- 5.5 Ensure that the shared URL signature expires within an hour
- 5.6 Ensure that URL signature is allowed only over https
- 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters
- 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters
- 7.5 Ensure Kubernetes web UI / Dashboard is not enabled
- 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine
- 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled
- 8.3 Ensure that Automatic Quarantine is enabled
- 8.4 Ensure that Webshell detection is enabled on all web servers
- 8.5 Ensure that notification is enabled on all high risk items
- 8.6 Ensure that Config Assessment is granted with privilege
- 8.7 Ensure that scheduled vulnerability scan is enabled on all servers
- 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data