Reflexive Security

Reflex documentation: https://docs.reflexivesecurity.com/

Pinned Repositories

reflex-aws-cloudwatch-alarms-deleted
Reflex AWS Rule to check when Cloudwatch Alarms are Deleted
Language:HCL3 4 50
reflex-aws-ebs-volume-not-encrypted
Measure that detects when an EBS volume is created unencrypted.
Language:HCL2 4 50
reflex-aws-rds-deletion-protection-disabled
Rule to detect when deletion protection is disabled for an RDS instance.
Language:HCL3 1 40
reflex-aws-role-permissions-boundary-changed-or-deleted
Rule for detecting the modification or deletion of IAM Role permission boundary.
Language:HCL2 4 40
reflex-aws-s3-logging-not-enabled
Measure that detects when S3 logging is not enabled on a new bucket or disabled on an existing bucket.
Language:HCL2 4 60
reflex-aws-s3-versioning-disabled
A Reflex rule to alert when S3 bucket versioning is disabled
Language:HCL3 4 60
reflex-cli
CLI Tool for Running Reflex Engine
Language:Python17 5 742
reflex-core
The core logic for Reflex rules.
Language:Python16 4 160
reflex-docs
Documentation for Reflex
Language:Python4 4 170
reflex-engine
Terraform modules for establishing event-driven security rules in AWS.
Language:HCL22 7 722

Reflexive Security's Repositories

reflexivesecurity/reflex-cli
CLI Tool for Running Reflex Engine
Language:Python17 5 742
reflexivesecurity/reflex-aws-cloudwatch-alarms-deleted
Reflex AWS Rule to check when Cloudwatch Alarms are Deleted
Language:HCL3 4 50
reflexivesecurity/reflex-aws-rds-deletion-protection-disabled
Rule to detect when deletion protection is disabled for an RDS instance.
Language:HCL3 1 40
reflexivesecurity/reflex-aws-s3-versioning-disabled
A Reflex rule to alert when S3 bucket versioning is disabled
Language:HCL3 4 60
reflexivesecurity/reflex-aws-account-password-policy-insecure
Rule to detect the deletion of an AWS account password policy.
Language:HCL2 4 4
reflexivesecurity/reflex-aws-cloudwatch-logs-unencrypted
A Reflex Rule for enforcing CloudWatch log encryption.
Language:HCL2 4 40
reflexivesecurity/reflex-aws-config-rule-deleted
Rule to detect the deletion of AWS Config Rules.
Language:HCL2 1 4
reflexivesecurity/reflex-aws-ebs-snapshot-unencrypted
A Reflex Rule for detecting unencrypted EBS snapshots.
Language:HCL2 4 4
reflexivesecurity/reflex-aws-ec2-ami-not-encrypted
Detective measure that alerts when an AMI is created that's not encrypted.
Language:HCL2 4 70
reflexivesecurity/reflex-aws-ec2-instance-termination-protection-disabled
Rule that determines if termination protection has been disabled for an EC2 instance.
Language:HCL2 4 4
reflexivesecurity/reflex-aws-ec2-security-group-open-ingress
Measure to detect when a security group with open to anywhere ingress is allowed.
Language:HCL2 4 51
reflexivesecurity/reflex-aws-role-permissions-boundary-changed-or-deleted
Rule for detecting the modification or deletion of IAM Role permission boundary.
Language:HCL2 4 40
reflexivesecurity/reflex-aws-root-user-activity
Reflex detective measure for any user activity by the root user
Language:HCL2 4 5
reflexivesecurity/reflex-aws-s3-bucket-acl-public-access
Detect when a bucket has ACL rules that grant public access.
Language:HCL2 4 4
reflexivesecurity/reflex-aws-s3-bucket-not-encrypted
Reflex rule that detects and remediates an S3 bucket with no SSE.
Language:HCL2 4 13
reflexivesecurity/reflex-aws-s3-logging-not-enabled
Measure that detects when S3 logging is not enabled on a new bucket or disabled on an existing bucket.
Language:HCL2 4 60
reflexivesecurity/reflex-aws-cloudfront-logging-disabled
Reflex rule to detect when Cloudfront logging is disabled
Language:HCL1 4 3
reflexivesecurity/reflex-aws-cloudfront-viewer-tls-protocol
A Reflex rule to specify minimum tls version for CloudFront viewer
Language:HCL1 1 6
reflexivesecurity/reflex-aws-cloudtrail-deleted
Rule to detect when a CloudTrail trail has been deleted.
Language:HCL1 2 3
reflexivesecurity/reflex-aws-cloudtrail-log-file-validation-disabled
Rule to detect the disabling of log file validation for a CloudTrail trail.
Language:HCL1 4 4
reflexivesecurity/reflex-aws-cloudtrail-not-encrypted
Rule to detect when a CloudTrail trail has been created or updated without encryption.
Language:HCL1 2 4
reflexivesecurity/reflex-aws-ebs-public-snapshot
Measure that automatically sets an EBS snapshot to private if made public.
Language:HCL1 4 5
reflexivesecurity/reflex-aws-kms-key-deletion-scheduled
A Reflex Rule for detecting the scheduling of KMS Keys for deletion.
Language:HCL1 4 3
reflexivesecurity/reflex-aws-kms-key-rotation-disabled
A Reflex Rule for enforcing KMS Key rotation.
Language:HCL1
reflexivesecurity/reflex-aws-rds-automated-backup-disabled
Rule to detect when automated backup is disabled for an RDS instance.
Language:HCL1 4 3
reflexivesecurity/reflex-aws-rds-public-snapshot
Rule to detect the sharing of an RDS snapshot with the public.
Language:HCL1 2 3
reflexivesecurity/reflex-aws-rds-snapshot-unencrypted
Rule to determine if a snapshot is created in an unencrypted state.
Language:HCL1 4 3
reflexivesecurity/reflex-aws-s3-bucket-policy-public-access
Detect when a bucket has a Bucket Policy that grant public access.
Language:HCL1 4 3
reflexivesecurity/reflex-aws-sqs-queue-not-encrypted
Enforces SQS queue encryption. Will encrypt queues with the default KMS key.
Language:HCL1 4 6
reflexivesecurity/reflex-www
Placeholder website for Cloudmitigator
Language:HTML1 3 2