Security policies missing descriptions in Palo Alto Networks devices

Description

This policy ensures that all security policies in Palo Alto Networks devices have a populated 'description' field. Descriptions are essential for providing context and understanding the purpose of each security rule, facilitating easier management and auditing of security policies. This check verifies that the `description` attribute in `panos_security_rule` resources is not empty, promoting better documentation and clarity in security rule definitions.

Code Example

yaml

- name: Example
  tasks:
    - name: Example
      paloaltonetworks.panos.panos_security_rule:
        ...
+        description: "Block traffic from untrusted zones to critical servers"

Remediation

Palo Alto Networks

Resource: panos_security_rule
Attribute: description

To mitigate this issue, ensure that every panos_security_rule resource contains a descriptive description attribute. This description should offer clear and concise information about the rule's purpose, facilitating effective management and documentation of security policies.

Secure Code Example:

Rule Details

Field	Value
ID	IAC-1290
Severity	INFO
IaC Type	Terraform
Frameworks	Ansible
Checkov ID	CKV_PAN_8

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Security policies missing descriptions in Palo Alto Networks devices

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Security policies missing descriptions in Palo Alto Networks devices ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Security policies missing descriptions in Palo Alto Networks devices

Description

Code Example

Remediation

Rule Details

References