Bot TemplatesΒΆ

DivvyCloud ships with over 100 bots focused on Security, Curation, Optimization, and Best Practices. You can use the bots as-is or use them as templates to simplify your bot creation and management. Listed below are the bots that ship with version 17.06 of our software.

Name Category Description
Big Data Instance Type Audit Optimization Identify Big Data instances running unapproved instance types
Big Data Instances Publicly Accessible Security Identify Big Data instances that are accessible to the public
Big Data Instances With Low Retention Policy Security Identify Big Data instances with a retention policy below a threshold (30 days by default)
Big Data Instances Without Encryption Enabled Security Identify Big Data instances that do not have encryption enabled
Big Data Username Audit Security Identify Big Data instances running noncompliant usernames for the master account
Cloud Users With Inactive Accounts Best Practices Identify inactive cloud service users who have not logged into the cloud provider console recently (45 days by default)
Cloud Users With Older API Keys Best Practices Identify cloud users with older API key credentials that should be rotated (90 days by default)
Cloud Users With Unauthorized Policies Best Practices Identify cloud users running unauthorized policies
Cloud Users Without MFA Enabled Security Identify cloud users without two-factor (MFA) enabled
Clouds With Active Root Account Best Practices Identify accounts that have root login access active
Clouds With Weak Password Policy Best Practices Identify accounts with a weak or missing password policy
Clouds Without Global API Accounting Security Identify accounts with API accounting such as AWS CloudTrail inactive/disabled across all regions
Clouds Without Protected Root Account Best Practices Identify root login accounts that are not two-factor enabled
Clouds Without Service Users Best Practices Identify accounts without any active service users
Compute Instance Type Audit Best Practices Audit compute instance types against select clouds
Database Engine Types Best Practices Identify unsupported/blacklisted database engines
Database Instance Daily Backup Optimization Backup database instances daily with snapshots
Database Instance Type Audit Optimization Audit database instance types against select clouds
Database Instances Not Encrypted Security Identify database instances that are not encrypted
Database Instances Publicly Accessible Security Identify database instances that are accessible to the public
Database Instances Recently Snapshot Best Practices Identify database instances with a recent manual snapshot
Database Instances Username Audit Security Identify database instances running noncompliant usernames for the master account
Database Instances With Zero Connections Optimization Identify database instances with zero connections over a period of time (14 days default)
Database Security Groups Exposing Public Access Security Identify database security groups that expose public access
Databases Not Multi-AZ Best Practices Identify databases that are not configured across multiple availablity zones for resiliency
Databases With Low Retention Policy Best Practices Identify database instances with a retention policy that is too low
Hypervisors Nearing Saturation Optimization Identify hypervisors with high instance usage (90 percent by default)
Hypervisors Not In Service Optimization Identify hypervisors that are not in a functional state
Hypervisors With No Instances Optimization Identify hypervisors that contain zero instances
Instance Cores Exceed Optimization Identify instances exceeding a defined number of CPU cores (default is 4 cores)
Instance Daily Backup Optimization Backup compute instances daily with private images
Instance Lifecycle State Best Practice Identify instances in a particular lifecycle state, e.g., Running
Instance Lifecycle State Exceeds Threshold Best Practice This bot identifies instances by their lifecycle state, e.g., Running, and how long they have been in that state, e.g., 7 days.
Instance Memory Exceeds Optimization Identify instances exceeding a user-defined amount of GB in RAM (default is 32 GB)
Instance Security Group Associations Security Identify instances associated with user-provided Security Groups (n.b., AWS only)
Instances Averaging High CPU Optimization Identify compute instances that have been averaging a high CPU over a period of time (n.b., AWS only)
Instances Averaging Low CPU Optimization Identify compute instances that have been averaging a low CPU over a period of time (n.b., AWS only)
Instances Exposing Public SSH Security Identify compute instances with an attached security group that exposes SSH access to the world (0.0.0.0/0)
Instances Running 24x7 Optimization Identify compute instances that have been running 24x7 over a period of time (default is 1 day)
Instances Running Unauthorized Image Best Practices Identify instances that were created with an unauthorized image
Instances Scheduler Optimization Schedule instance stop/start across one or more clouds/resource groups
Instances Using Unauthorized Root Key Pair Security Identify instances created without specific SSH key pairs
Instances With Ephemeral Public IP Optimization Identify instances with an ephemeral public-facing IP address
Instances With Ephemeral Root Volume Optimization Identify instances with an ephemeral root volume
Instances With Failed Status Checks Best Practices Identify instances that fail the system/reachability status checks
Instances With No Name Best Practices Identify instances that are missing a name
Instances With TTL Optimization Identify compute instances with Time To Live (TTL) tags and schedule their deletion accordingly
Instances Without Tags Best Practices Identify compute instances without any tag key/value pairs
Load Balancer Scheme Security Identify whether a load balancer is internet-facing or internal
Load Balancers With Access Logging Disabled Security Identify load balancers that have access logging disabled
Load Balancers With Connection Draining Disabled Best Practices Identify load balancers that have connection draining disabled
Load Balancers With Cross Zone Balancing Disabled Best Practices Identify load balancers that have cross zone balancing disabled
Load Balancers With No Instances Optimization Identify load balancers with no instance associations
Load Balancers With SSL Listener Optimization Identify load balancers with an SSL listener
Load Balancers Without SSL Listener Security Identify load balancers without an SSL listener
Memcache Instance Type Audit Optimization Audit memcache instance types against select clouds
Network Peering Connections Security Identify network peering connections (n.b., AWS only)
Network Resources With Traffic Logging Configured Security Identify network resources which have traffic logging such as AWS VPC Flow Log enabled
Network Resources Without Traffic Logging Configured Security Identify network resources which do not have traffic logging such as AWS VPC Flow Log enabled
Networks Not On Whitelist With Instances Security Identify unapproved networks with at least one instance
Networks With Impaired Flow Logs Security Identify network resources having their flow log delivery impaired (n.b., AWS only)
Networks With Instances Security Identify networks with at least one instance
Networks With Internet Access Security Identify networks with an attached Internet gateway
Networks With No Instances Optimization Identify networks with zero instances
Networks Without Internet Access Best Practices Identify networks without an attached Internet gateway
Port 21 (FTP) Open to the World Security Identify TCP port 21 open to the world
Port 22 (SSH) Open to the World Security Identify TCP port 22 open to the world
Port 23 (Telnet) Open to the World Security Identify TCP port 23 open to the world
Port 25 (SMTP) Open to the World Security Identify TCP port 25 open to the world
Port 53 (DNS) Open to the World Security Identify TCP/UDP port 53 open to the world
Port 135 (Windows RPC) Open to the World Security Identify TCP port 135 open to the world
Port 137/138 (NetBIOS) Open to the World Security Identify UDP 137/138 open to the world
Port 445 (CIFS) Open to the World Security Identify TCP/UDP port 445 open to the world
Port 445 (SMB) Open to the World Security Identify TCP port 445 open to the world
Port 1433/1434 (SQL Server) Open to the World Security Identify TCP port 1433/1434 open to the world
Port 1443 (Microsoft SQL) Open to the World Security Identify TCP port 1443 open to the world
Port 3306 (MySQL) Open to the World Security Identify TCP port 3306 open to the world
Port 3389 (Windows RDP) Open to the World Security Identify TCP port 3389 open to the world
Port 5432 (PostgresSQL) Open to the World Security Identify TCP port 5432 open to the world
Port 5500 (VNC Listener) Open to the World Security Identify TCP port 5500 open to the world
Port 5900 (VNC Server) Open to the World Security Identify TCP port 5900 open to the world
Ports other than 80/443 (HTTP/HTTPS) Open to the World Security Identify TCP ports other than 80/443 open to the world
Protocol (ICMP) Open to the World Security Identify ICMP open to the world
Public IP Addresses Orphaned Optimization Identify unattached IP addresses
Region Audit Security Audit select resource types across specific cloud regions
Region Limits Optimization Identify regions within 80% or more of the threshold for any resource type
Region Limits – Cache Instances Optimization Identify regions within 80% or more of the cache instance threshold
Region Limits – Compute Instances Optimization Identify regions within 80% or more of the compute instance threshold
Region Limits – Database Instances Optimization Identify regions within 80% or more of the database instance threshold
Region Limits – Internet Gateways Optimization Identify regions within 80% or more of the Internet gateway threshold
Region Limits – Private Networks Optimization Identify regions within 80% or more of the private network threshold
Region Limits – Public IPs Optimization Identify regions within 80% or more of the public IP threshold
Region Limits – Security Groups Optimization Identify regions within 80% or more of the security group threshold
Region Limits – Snapshots Optimization Identify regions within 80% or more of the snapshot threshold
Region Limits – Storage Containers Optimization Identify regions within 80% or more of the storage container threshold
Region Limits – Volumes Optimization Identify regions within 80% or more of the volume threshold
Regions With Impaired Availability Zone Best Practices Identify regions with one or more zones in an impaired state
Regions Without Default Network Best Practices Identify regions without a default network
Reserved Instances Expiring Soon Optimization Identify reserved instances set to expire within a set number of days (default is 30 days)
Resource Age Check Best Practices Identify resources based on their age/creation date
Resource Cost Exceeds Optimization Identify resources whose monthly cost exceeds a user-defined value (default $100)
Resource Group Curation Curation Curate target resources into one or more resource groups
Resource Has No Owner Best Practices This bot identifies resources that do not have an owner, which is a basic requirement for effective management of a cloud environment.
Resources With TTL Optimization Identify resources with Time To Live (TTL) tags and schedule their deletion accordingly
Security Groups Orphaned Security Identify security groups unattached to instances
Security Rules Audit Security Identify access lists with ports open to the world (SSH as default)
Service Encryption Key Disabled Security Identify encryption keys that are disabled
Service Encryption Key Expired or Expiring Soon Security Identify encryption keys that are expired or are expiring within user-defined number of days (default is 14 days)
Service Encryption Key Rotation Disabled Security Identify encryption keys that have key rotation disabled
Snapshots of Type Best Practices Identify database or memcache snapshots based upon their type, e.g., manual or automated
Snapshots Older Than X Days Optimization Identify snapshots that are older than X days, e.g., 30, 60, or 90
Snapshots Publicly Available Security Identify snapshots that are accessible to the public
SSL Certificates Expired Security Identify SSL certificates that have expired or will expire soon (14 days by default)
SSL Certificates With Heartbleed Vulnerability Security Identify SSL certificates that may be vulnerable to SSL Heartbleed
Storage Containers Exceeding Max Objects Optimization Identify storage containers that exceed a total number of objects (10,000 objects by default)
Storage Containers Exceeding Max Size Optimization Identify storage containers that exceed a total size (1TB by default)
Storage Containers Permissions Check Security Identify storage containers exposing data with permissive access lists
Storage Containers Permissions Check – ACL Security Identify storage containers exposing access list permissions to the world
Storage Containers Permissions Check – Delete Security Identify storage containers exposing delete permissions to the world
Storage Containers Permissions Check – Read (GET) Security Identify storage containers exposing read permissions to the world
Storage Containers Permissions Check – Write (PUT) Security Identify storage containers exposing write permissions to the world
Storage Containers With No Permissions Security Identify storage containers without any permission sets
Storage Containers Without Logging Security Identify storage containers without logging enabled
Storage Containers Without Versioning Security Identify storage containers without object versioning enabled
Subnet CIDR Exceeds Maximum Netblock Optimization Identify subnets where the number of IPs exceeds a defined limit
Subnets Running Out Of Space Best Practices Identify subnets with limited IP block available for use
Tag Audit Best Practices Enforce tagging standards and policy across select resource types
Volume State Time Threshold Optimization Identify volumes that have been in a user-selected state for a user-defined period of time (defaults are ‘available’ and 1 day)
Volume Type Audit Best Practices Identify volumes running unapproved types
Volumes In Error State Best Practices Identify unhealthy volumes that are not functional
Volumes Unattached Optimization Identify unattached volumes
Volumes With Auto-Termination Best Practices Volumes With Auto-Termination Identify volumes set to automatically delete when the parent instance is terminated
Volumes With Excessive IOPS Optimization Identify volumes with an excessively high number of IOPS
Volumes Without A Recent Snapshot Optimization Identify volumes without a snapshot in the past fourteen days
Volumes Without Encryption Enabled Optimization Identify volumes without encryption enabled