Update remediation guides repo with changes from the upstream repo

    "google.mysqlLocalInfile"=true

README.md

@@ -69,6 +69,7 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
         * [Instance Limit](en/aws/ec2/instance-limit.md)
         * [Managed NAT Gateway In Use](en/aws/ec2/managed-nat-gateway-in-use.md)
         * [NAT Multiple AZ](en/aws/ec2/nat-multiple-az.md)
+        * [Network Acl Has Tags](en/aws/ec2/network-acl-has-tags.md)
         * [Open All Ports Protocols](en/aws/ec2/open-all-ports-protocols.md)
         * [Open CIFS](en/aws/ec2/open-cifs.md)
         * [Open DNS](en/aws/ec2/open-dns.md)
@@ -231,8 +232,26 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
     * CDN Profiles
         * [Detect Insecure Custom Origin](en/azure/cdnprofiles/detect-insecure-custom-origin.md)
         * [Endpoint Logging Enabled](en/azure/cdnprofiles/endpoint-logging-enabled.md)
+    * Container App
+        * [Container Apps Volume Mount Configured ](en/azure/containerapps/container-apps-volume-mount-configured.md)
+        * [Container Apps Has Tags](en/azure/containerapps/container-apps-has-tags.md)
     * Container Registry
         * [ACR Admin User](en/azure/containerregistry/acr-admin-user.md)
+    * Defender
+        * [Auto Provisioning Enabled](en/azure/defender/auto-provisioning-enabled.md)
+        * [High Severity Alerts Enabled](en/azure/defender/high-severity-alerts-enabled.md)
+        * [Monitor Endpoint Protection](en/azure/defender/monitor-endpoint-protection.md)
+        * [Monitor External Accounts with Write Permissions](en/azure/defender/monitor-external-accounts-with-write-permissions.md)
+        * [Monitor IP Forwarding](en/azure/defender/monitor-ip-forwarding.md)
+        * [Monitor JIT Network Access](en/azure/defender/monitor-jit-network-access.md)
+        * [Monitor Next Generation Firewall](en/azure/defender/monitor-next-generation-firewall.md)
+        * [Monitor System Updates](en/azure/defender/monitor-system-updates.md)
+        * [Monitor Total Number of Subscription Owners](en/azure/defender/monitor-total-number-of-subscription-owners.md)
+        * [Security Configuration Monitoring](en/azure/defender/security-configuration-monitoring.md)
+        * [Security Contact Additional Email](en/azure/defender/security-contact-additional-email.md)
+        * [Security Contacts Enabled](en/azure/defender/security-contacts-enabled.md)
+        * [Security Contact Enabled for Subscription Owner](en/azure/defender/security-contact-enabled-for-subscription-owner.md)
+        * [Standard Pricing Enabled](en/azure/defender/standard-pricing-enabled.md)
     * File Service
         * [File Service All Access ACL](en/azure/fileservice/file-service-all-access-acl.md)
     * Key Vaults
@@ -245,6 +264,7 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
     * Load Balancer
         * [LB HTTPS Only](en/azure/loadbalancer/lb-https-only.md)
         * [LB No Instances](en/azure/loadbalancer/lb-no-instances.md)
+        * [Public Load Balancer](en/azure/loadbalancer/public-load-balancer.md)
     * Log Alerts
         * [Network Security Groups Logging Enabled](en/azure/logalerts/network-security-groups-logging-enabled.md)
         * [Network Security Groups Rule Logging Enabled](en/azure/logalerts/network-security-groups-rule-logging-enabled.md)
@@ -313,23 +333,6 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
         * [Send Alerts Enabled](en/azure/sqlserver/send-alerts-enabled.md)
         * [Server Auditing Enabled](en/azure/sqlserver/server-auditing-enabled.md)
         * [TDE Protector Encrypted](en/azure/sqlserver/tde-protector-encrypted.md)
-    * Security Center
-        * [Admin Security Alerts Enabled](en/azure/securitycenter/admin-security-alerts-enabled.md)
-        * [Application Whitelisting Enabled](en/azure/securitycenter/application-whitelisting-enabled.md)
-        * [Auto Provisioning Enabled](en/azure/securitycenter/auto-provisioning-enabled.md)
-        * [High Severity Alerts Enabled](en/azure/securitycenter/high-severity-alerts-enabled.md)
-        * [Monitor Blob Encryption](en/azure/securitycenter/monitor-blob-encryption.md)
-        * [Monitor Disk Encryption](en/azure/securitycenter/monitor-disk-encryption.md)
-        * [Monitor Endpoint Protection](en/azure/securitycenter/monitor-endpoint-protection.md)
-        * [Monitor JIT Network Access](en/azure/securitycenter/monitor-jit-network-access.md)
-        * [Monitor NSG Enabled](en/azure/securitycenter/monitor-nsg-enabled.md)
-        * [Monitor SQL Auditing](en/azure/securitycenter/monitor-sql-auditing.md)
-        * [Monitor SQL Encryption](en/azure/securitycenter/monitor-sql-encryption.md)
-        * [Monitor System Updates](en/azure/securitycenter/monitor-system-updates.md)
-        * [Monitor VM Vulnerability](en/azure/securitycenter/monitor-vm-vulnerability.md)
-        * [Security Configuration Monitoring](en/azure/securitycenter/security-configuration-monitoring.md)
-        * [Security Contacts Enabled](en/azure/securitycenter/security-contacts-enabled.md)
-        * [Standard Pricing Enabled](en/azure/securitycenter/standard-pricing-enabled.md)
     * Storage Accounts
         * [Blob Service Encryption](en/azure/storageaccounts/blob-service-encryption.md)
         * [File Service Encryption](en/azure/storageaccounts/file-service-encryption.md)
@@ -356,6 +359,8 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
         * [VM OS Disk Encryption](en/azure/virtualmachines/vm-os-disk-encryption.md)
     * Virtual Networks
         * [Multiple Subnets](en/azure/virtualnetworks/multiple-subnets.md)
+    * Virtual Machine Scale Set
+        * [VM Scale Set Approved Extensions](en/azure/virtualmachinescaleset/vmss-approved-extensions.md)
 * Google
     * CLB
         * [CLB CDN Enabled](en/google/clb/clb-cdn-enabled.md)
@@ -424,8 +429,11 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
         * [Database SSL Enabled](en/google/sql/database-ssl-enabled.md)
     * Storage
         * [Bucket Logging](en/google/storage/bucket-logging.md)
+        * [Storage Bucket Retention Policy](en/google/storage/storage-bucket-retention-policy.md)
         * [Bucket Versioning](en/google/storage/bucket-versioning.md)
+        * [Bucket Lifecycle Configured](en/google/storage/bucket-lifecycle-configured.md)
         * [Storage Bucket All Users Policy](en/google/storage/storage-bucket-all-users-policy.md)
+        * [Bucket Encryption](en/google/storage/bucket-encryption.md)
     * VPC Network
         * [Default VPC In Use](en/google/vpcnetwork/default-vpc-in-use.md)
         * [Excessive Firewall Rules](en/google/vpcnetwork/excessive-firewall-rules.md)

en/aws/acm/acm-certificate-validation.md

@@ -15,10 +15,9 @@
 | **Recommended Action** | Configure ACM managed certificates to use DNS validation. |
 
 ## Detailed Remediation Steps
-
-1. Log into the AWS console and navigate to the ACM service page.
-2. Click into each certificate that has been requested.
-3. Expand the domains associated with the certificate.
-4. Ensure each domain listed has DNS validation configured. If DNS validation is used, DNS records will be listed for the domain.
+1. Log in to the AWS console and search for "Certificate Manager".</br> <img src="/resources/aws/acm/acm-certificate-validation/step1.png"/>
+2. Click into each certificate that has been requested. </br> <img src="/resources/aws/acm/acm-certificate-validation/step2.png"/>
+3. Expand the domains associated with the certificate.</br> <img src="/resources/aws/acm/acm-certificate-validation/step3.png"/>
+4. Ensure each domain listed has DNS validation configured. If DNS validation is used, DNS records will be listed for the domain and the type will be CNAME.</br> <img src="/resources/aws/acm/acm-certificate-validation/step4.png"/>
 5. Ensure that the records provided by AWS are configured and valid within your DNS provider (such as Route 53).
-6. If DNS validation is not used, request a new certificate for the same domains using DNS validation and update the downstream services to use this new certificate. Once done, delete the old certificate to ensure it can no longer be used.
+6. If DNS validation is not used, request a new certificate for the same domains using DNS validation and update the downstream services to use this new certificate. Once done, delete the old certificate to ensure it can no longer be used.</br> <img src="/resources/aws/acm/acm-certificate-validation/step6.png"/>

en/aws/autoscaling/asg-multiple-az.md

@@ -15,11 +15,13 @@
 | **Recommended Action** | Modify the autoscaling instance to enable scaling across multiple availability zones. |
 
 ## Detailed Remediation Steps
-1. Log into the AWS Management Console and choose the desired region where the Auto Scaling Group is hosted.
-2. In the left navigation panel, scroll down and choose Auto Scaling Group(s) option and select the Auto Scaling Group(s) that needs to be modified.</br> <img src="/resources/aws/autoscaling/asg-multiple-az/step2.png"/>
-3. Select the Details tab and check the Availability Zone(s). If Availability Zone(s) value is set to a single availability zone (e.g. us-east-1b), it cannot launch instances to multiple Availability Zone(s) hence if one Availability Zone becomes unavailable, Amazon EC2 Auto Scaling cannot launch instances in another one to atone.</br><img src="/resources/aws/autoscaling/asg-multiple-az/step3.png"/>
-4. Select the Auto Scaling Group and go to "Actions" Option.</br><img src="/resources/aws/autoscaling/asg-multiple-az/step4.png"/>
-5. Select the option to "Edit" the configuration and choose the "Launch Configuration" Option.</br><img src="/resources/aws/autoscaling/asg-multiple-az/Step5.png"/>
-6. Edit the Subnet(s) and add the Subnet(s) to make the Auto Scaling Group available to Multiple Availability Zone(s).</br><img src="/resources/aws/autoscaling/asg-multiple-az/step6.png"/>
-7. Save the changes. Go to "Details" option and now Availability Zone(s) have multiple regions and subnets as well.</br><img src="/resources/aws/autoscaling/asg-multiple-az/step7.png"/>
-8. Repeat the steps number 2 and 3 to establish any other Auto Scaling Group hosted in multiple Availability Zone(s) or not. 
+1. Log in to the AWS Management Console and Search for "EC2" to reach EC2 dashboard.</br><img src="/resources/aws/autoscaling/asg-multiple-az/step1.png"/>
+2. In the left navigation panel, scroll down and choose Auto Scaling Groups option under "Auto Scaling".</br> <img src="/resources/aws/autoscaling/asg-multiple-az/step2.png"/>
+3. Select the Auto Scaling Group(s) that needs to be modified.</br> <img src="/resources/aws/autoscaling/asg-multiple-az/step3.png"/>
+4. Scroll down to select the "Details" tab and check the Availability Zone(s). </br> <img src="/resources/aws/autoscaling/asg-multiple-az/step4.png"/>
+5. If Availability Zone(s) value under "Network" is set to a single availability zone (e.g. us-east-1b), then it cannot launch instances to multiple Availability Zone(s). /br><img src="/resources/aws/autoscaling/asg-multiple-az/Step5.png"/>
+6. Select the Auto Scaling Group and click on "Edit".</br><img src="/resources/aws/autoscaling/asg-multiple-az/step6.png"/>
+7. In the Edit Web-ASG page scroll down to "Network" and from the dropdown select the desired multiple availability zones one by one and add the Subnet(s) to make the Auto Scaling Group available to Multiple Availability Zone(s).</br><img src="/resources/aws/autoscaling/asg-multiple-az/step7.png"/>
+8. Scroll down to the end of the page and click "Update" to save the changes. </br><img src="/resources/aws/autoscaling/asg-multiple-az/step8.png"/>
+9. Go to "Details" tab and under "Network" check if the Availability Zone(s) shows multiple regions and subnets as well.</br><img src="/resources/aws/autoscaling/asg-multiple-az/step9.png"/>
+11. Repeat the steps number 2 to 9 to check whether other Auto Scaling Group(s) are hosted in multiple Availability Zone(s) or not. 

en/aws/cloudfront/cloudfront-https-only.md

@@ -15,13 +15,11 @@
 | **Recommended Action** | Remove HTTP-only listeners from distributions. |
 
 ## Detailed Remediation Steps
-1. Log into the AWS Management Console.
+1. Log in to the AWS Management Console.
 2. Select the "Services" option and search for CloudFront. </br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step2.png"/>
-3. Select the "CloudFront Distribution" that needs to be verified.</br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step3.png"/>
-4. Click the "Distribution Settings" button from menu to get into the "CloudFront Distribution" configuration page. </br><img src="/resources/aws/cloudfront/cloudfront-https-only/step4.png"/>
-5. Click the "Behaviors" button from the top menu to get into the "Behaviors" configuration page and select the "Behavior" which needs to be verified.</br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step5.png"/>
-6. Click the "Edit" button from the "Behaviors" tab on the menu.</br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step6.png"/>
-7. On the Default Cache Behavior Settings, verify the "Viewer Protocol Policy" and if "HTTP and HTTPS" is selected than CloudFront allows viewers to access your web content using either HTTP or HTTPS. </br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step7.png"/>
-8. On the "Viewer Protocol Policy" choose "Redirect HTTP to HTTPS" to redirect all HTTP requests to HTTPS.</br><img src="/resources/aws/cloudfront/cloudfront-https-only/step8.png"/>
-9. On the "Viewer Protocol Policy" choose "HTTPS Only" so CloudFront allows viewers to access your content only if they're using HTTPS.</br><img src="/resources/aws/cloudfront/cloudfront-https-only/step9.png"/>
-10. Repeat the steps number 5 , 6 and 7 to verify if any other CloudFront Distribution is using HTTP-only listeners.</br>
+3. Select the "CloudFront Distribution" that needs to be verified and click on it to open its configuration settings.</br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step3.png"/>
+4. Click the "Behaviors" tab, select the "Behavior" which needs to be verified and click "Edit" </br><img src="/resources/aws/cloudfront/cloudfront-https-only/step4.png"/>
+5. On the Edit Behavior page scroll down to "Viewer" Settings, verify the "Viewer Protocol Policy" and if "HTTP and HTTPS" is selected than CloudFront allows viewers to access your web content using either HTTP or HTTPS. </br> <img src="/resources/aws/cloudfront/cloudfront-https-only/step5.png"/>
+6. To redirect all HTTP traffic to HTTPS under the "Viewer Protocol Policy" choose "Redirect HTTP to HTTPS" to redirect all HTTP requests to HTTPS.</br><img src="/resources/aws/cloudfront/cloudfront-https-only/step6.png"/>
+7. If you want to drop all HTTP traffic then under the "Viewer Protocol Policy" choose "HTTPS Only" so CloudFront allows viewers to access your content only if they're using HTTPS.</br><img src="/resources/aws/cloudfront/cloudfront-https-only/step7.png"/>
+8. Repeat steps number 3 to 7 for all other CloudFront Distributions using HTTP-only listeners.</br>

en/aws/cloudfront/cloudfront-logging-enabled.md

@@ -15,14 +15,13 @@
 | **Recommended Action** | Enable CloudFront request logging. |
 
 ## Detailed Remediation Steps
-1. Log into to the AWS Management Console.
+1. Log in to the AWS Management Console.
 2. Select the "Services" option and search for CloudFront. </br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step2.png"/>
 3. Select the "CloudFront Distribution" that needs to be verified.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step3.png"/>
-4. Click the "Distribution Settings" button from menu to get into the "CloudFront Distribution" configuration page. </br><img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step4.png"/>
-5. Click the "Edit" button from the  "General" tab on the top menu. </br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step5.png"/>
-6. In the "Distribution Settings" tab scroll down and verify the "Logging" feature configuration status. If Logging is "Off" then it cannot create log files that contain detailed information about every user request that CloudFront receives.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step6.png"/>
-7. Click on the "ON" option to initiate the Logging feature of CloudFront to log all viewer requests for files in your distribution.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step7.png"/>
-8. Click on "Bucket for Logs" feature and specify the Amazon S3 bucket in which you want CloudFront to save web access logs.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step8.png"/>
-9. Click on Log Prefix which is optional for the names of log files.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step9.png"/>
-10. Scroll down and click on "Yes,Edit" to save the changes.</br><img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step10.png"/>
-11. Repeat the steps number 5 and 6 to establish any other "CloudFront Distribution" has Logging enabled or not.
+4. Click on the selected Distribution to get into the CloudFront Distribution configuration page. </br><img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step4.png"/>
+5. In the "General" tab scroll down to settings and verify the "Standard logging" feature configuration status. If Logging is "Off" then it cannot create log files that contain detailed information about every user request that CloudFront receives.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step5.png"/>
+6. To change the status click on "Edit" to get to the "Edit Settings" page. Scroll down to "Standard Logging" and select the "On" option to initiate the Logging feature of CloudFront to log all viewer requests for files in your distribution.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step6.png"/>
+7. Click on "Bucket for Logs" feature and specify the Amazon S3 bucket in which you want CloudFront to save web access logs.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step7.png"/>
+8. Click on Log Prefix which is optional for the names of log files.</br> <img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step8.png"/>
+9. Scroll down and click on "Save changes" to save the new settings.</br><img src="/resources/aws/cloudfront/cloudfront-logging-enabled/step9.png"/>
+10. Repeat the steps number 3 to 9 to verify if any other "CloudFront Distribution" has Logging enabled or not.