Skip to content

Add owasp LLM category to AI rules #2122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add owasp LLM category to AI rules #2122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions plugins/aws/bedrock/customModelEncryptionEnabled.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Custom Model Encryption Enabled',
category: 'AI & ML',
owasp: ['LLM10'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensure that an Amazon Bedrock custom models are encrypted with desired encryption level.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/bedrock/customModelInVpc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Custom Model In VPC',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Low',
description: 'Ensure that an Amazon Bedrock custom model is configured with a VPC.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/bedrock/privateCustomModel.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Private Custom Model',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensure that an Amazon Bedrock custom model is configured within a private VPC.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/comprehend/flywheelInVpc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Amazon Comprehend Flywheel In VPC',
category: 'AI & ML',
owasp: ['LLM07', 'LLM04', 'LLM02'],
domain: 'Compute',
severity: 'Low',
description: 'Ensure that an Amazon Comprehend Flywheel is configured with a VPC.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/comprehend/outputResultEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Amazon Comprehend Output Result Encryption',
category: 'AI & ML',
owasp: ['LLM07', 'LLM02'],
domain: 'Compute',
severity: 'High',
description: 'Ensures the Comprehend service is using encryption for all result output.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/comprehend/volumeEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Amazon Comprehend Volume Encryption',
category: 'AI & ML',
owasp: ['LLM07', 'LLM02'],
domain: 'Compute',
severity: 'High',
description: 'Ensures the Comprehend service is using encryption for all volumes storing data at rest.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/forecast/datasetExportEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Forecast Dataset Export Encrypted',
category: 'AI & ML',
owasp: ['LLM02'],
domain: 'Content Delivery',
severity: 'High',
description: 'Ensure that AWS Forecast exports have encryption enabled before they are being saved on S3.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/forecast/forecastDatasetEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Forecast Dataset Encrypted',
category: 'AI & ML',
owasp: ['LLM04', 'LLM02'],
domain: 'Content Delivery',
severity: 'High',
description: 'Ensure that AWS Forecast datasets are using desired KMS key for data encryption.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/frauddetector/fraudDetectorDataEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Fraud Detector Data Encrypted',
category: 'AI & ML',
owasp: ['LLM04', 'LLM02'],
domain: 'Application Integration',
severity: 'High',
description: 'Ensure that Amazon Fraud Detector has encryption enabled for data at rest with desired KMS encryption level.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/healthlake/dataStoreEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'HealthLake Data Store Encrypted',
category: 'AI & ML',
owasp: ['LLM04', 'LLM02'],
domain: 'Content Delivery',
severity: 'High',
description: 'Ensure that AWS HealthLake Data Store is using desired encryption level.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/kendra/kendraIndexEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Kendra Index Encrypted',
category: 'AI & ML',
owasp: ['LLM02'],
domain: 'Databases',
severity: 'High',
description: 'Ensure that the Kendra index is encrypted using desired encryption level.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/lex/lexAudioLogsEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Audio Logs Encrypted',
category: 'AI & ML',
owasp: ['LLM02'],
domain: 'Content Delivery',
severity: 'High',
description: 'Ensure that Amazon Lex audio logs are encrypted using desired KMS encryption level',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/lookout/modelDataEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Model Data Encrypted',
category: 'AI & ML',
owasp: ['LLM10', 'LLM04', 'LLM02'],
domain: 'Management and Governance',
severity: 'High',
description: 'Ensure that Lookout for Vision model data is encrypted using desired KMS encryption level',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/sagemaker/notebookDataEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Notebook Data Encrypted',
category: 'AI & ML',
owasp: ['LLM07', 'LLM02', 'LLM10'],
domain: 'Compute',
severity: 'High',
description: 'Ensure Notebook data is encrypted',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/sagemaker/notebookDirectInternetAccess.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Notebook Direct Internet Access',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Compute',
severity: 'Medium',
description: 'Ensure Notebook Instance is not publicly available.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/sagemaker/notebookInstanceInVpc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Notebook instance in VPC',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Compute',
severity: 'Medium',
description: 'Ensure that Amazon SageMaker Notebook instances are launched within a VPC.',
Expand Down
1 change: 1 addition & 0 deletions plugins/aws/translate/translateJobOutputEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
module.exports = {
title: 'Translate Job Output Encrypted',
category: 'AI & ML',
owasp: ['LLM02'],
domain: 'Compute',
severity: 'High',
description: 'Ensure that your Amazon Translate jobs have CMK encryption enabled for output data residing on S3.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/databricks/workspaceDbfsInfraEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Databricks Workspace DBFS Infrastructure Encryption',
category: 'AI & ML',
owasp: ['LLM02', 'LLM04'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that DBFS root storage for Databricks premium workspace has infrastructure encryption enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/databricks/workspaceManagedDiskCmk.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Databricks Workspace Managed Disk CMK Encrypted',
category: 'AI & ML',
owasp: ['LLM02', 'LLM04'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Databricks premium workspace managed disk is encrypted with CMK.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/databricks/workspaceManagedServicesCmk.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Databricks Workspace Managed Services CMK Encrypted',
category: 'AI & ML',
owasp: ['LLM02', 'LLM04'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Databricks premium workspace managed services are encrypted with CMK.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/databricks/workspaceSecureCluster.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Databricks Workspace Secure Cluster',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Azure Databricks Workspace has secure cluster connectivity enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/machinelearning/mlRegistryPublicAccess.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Machine Learning Registry Public Access Disabled',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Azure Machine Learning registries are not publicly accessible.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/machinelearning/mlWorkspaceHBI.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Machine Learning Workspace High Business Impact Enabled',
category: 'AI & ML',
owasp: ['LLM02'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Machine Learning workspaces have High Business Impact (HBI) feature enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/machinelearning/workspacePublicAccessDisabled.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Machine Learning Workspace Public Access Disabled',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensures that Azure Machine Learning workspaces are not publicly accessible.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/openai/accountCMKEncrypted.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'OpenAI Account CMK Encrypted',
category: 'AI & ML',
owasp: ['LLM02', 'LLM04'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensures that Azure OpenAI accounts are encrypted using CMK.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/openai/accountManagedIdentity.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'OpenAI Account Managed Identity Enabled',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures a system or user assigned managed identity is enabled to authenticate to Azure OpenAI accounts.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/openai/accountPublicAccessDisabled.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'OpenAI Account Public Access Disabled',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensures that Azure OpenAI accounts are not publicly accessible.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Synapse Workspace Private Endpoints',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensure that Azure Synapse workspace is accessible only through managed private endpoints.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Synapse Workspace AD Auth Enabled',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensures that Azure Synapse workspace has Active Directory (AD) authentication enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/synapse/workspaceDoubleEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Synapse Workspace Double Encryption Enabled',
category: 'AI & ML',
owasp: ['LLM10', 'LLM04', 'LLM02'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensures that Azure Synapse workspaces have double Encryption enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/azure/synapse/workspaceManagedIdentity.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
module.exports = {
title: 'Synapse Workspace Managed Identity',
category: 'AI & ML',
owasp: ['LLM07'],
domain: 'Machine Learning',
severity: 'Medium',
description: 'Ensure that Azure Synapse workspace has managed identity enabled.',
Expand Down
1 change: 1 addition & 0 deletions plugins/google/vertexai/modelEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google');
module.exports = {
title: 'Vertex AI Model Encryption',
category: 'AI & ML',
owasp: ['LLM010', 'LLM07'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensure that Vertex AI models are encrypted using desired encryption protection level.',
Expand Down
1 change: 1 addition & 0 deletions plugins/google/vertexai/vertexAIDatasetEncryption.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google');
module.exports = {
title: 'Vertex AI Dataset Encryption',
category: 'AI & ML',
owasp: ['LLM02', 'LLM04', 'LLM10'],
domain: 'Machine Learning',
severity: 'High',
description: 'Ensure that Vertex AI datasets are encrypted using desired encryption protection level.',
Expand Down
Loading