Netskope Help

Appendix: Fixed Issue 134322

The following rules have been changed for the AWS BPR Predefined Profile.

Rule

Description

Ensure EC2 Instance does not have open DNS port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for DNS Port 53.

Ensure EC2 Instance does not have open MongoDB port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MongoDB Port 27019.

Ensure EC2 Instance does not have open MySQL port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for MySQL Port 3306.

Ensure EC2 Instance does not have open SQL Server port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SQL Server Port 1433.

Ensure EC2 Instance does not have open NFS port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for NFS Ports 2049 and 111.

Ensure EC2 Instance does not have open OracleDb port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for OracleDb Port 1521.

Ensure EC2 Instance does not have open PostgreSQL port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for PostgreSQL Port 5432.

Ensure EC2 Instance does not have open RDP port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for RDP Port 3389.

Ensure EC2 Instance does not have open SMTP port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SMTP Port 25.

Ensure EC2 Instance does not have open SSH port

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for SSH Port 22.

Ensure EC2 Instance does not have open TCP ports

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for TCP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019.

Ensure EC2 Instance does not have open UDP ports

The above CSA rule has been modified to Alert only on EC2 instances having Security Group Inbound Rules open to Public Internet IP’s for UDP Ports 22, 80, 443, 1433, 1521, 3306, 3389, 5432, 27017, 27018, 27019.