Pre-Defined Rules

Multicloud Defense Controller has some basic pre-defined rules:

• Application load balancers with no cloud service provider WAF enabled.

• Security groups with few instances (< 5) that have ingress open. Lots of low utilization security groups can create gaps that are hard to see and may make it easy to exploit.

• Instances with two or more network interfaces.

• Security groups with open outbound (0.0.0.0/0) access.

• Public subnets - all AWS subnets with Auto-Assign Public IP enabled.

• Security groups with with too many egress ports (25 or more) open to the internet.

• Security ports with too many ingress ports (5 or more) open to the internet.

• Security groups with 65,535 ports open for ingress with public access enabled.

• Certificates expiring in 30 days - AWS Certificate Manager only.

The cloud resources that match the rules, will be flagged as findings with a matching severity.

For information on custom rules, see Pre-Defined Rules.