- CNS Policies
- Azure Knowledge Base
- Network Security Group
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
No Network Watcher
Risk Level: Low
Description:
This plugin guarantees Network Watcher is set up correctly. Network Watcher aids with the discovery, diagnosis, and analysis of Azure networks. By enabling Network Watcher in every location, you can ensure that no resources are being used in places where they aren't supposed to be.
PingSafe strongly recommends enabling the Network Watcher service in all locations.
About the Service :
In an Azure virtual network, a network security group may be used to restrict network traffic to and from Azure resources. A network security group is a collection of security rules that allow or disallow incoming and outgoing network traffic to and from various Azure services. Source and destination, port, and protocol can all be specified for each rule.
Impact :
By enabling Network Watcher in every location, you can ensure that no resources are being used in places where they aren't supposed to be.
Steps to reproduce :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home
- Navigate to Azure’s Network Watcher.
- We can clearly see that there are no Network Watchers.
- Follow the same steps for other accounts as well.
Steps for remediation :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s Network Watcher.
- We can clearly see that there are no Network Watchers.
- Next, click on Add and then add the region and click Add.
- Now we have a Network watcher enabled for the region we selected.
- Follow the same steps for other Network Watchers as well.
References :
Please feel free to reach out to support@pingsafe.com with any questions that you may have.
Thanks
PingSafe Support