Here are the steps to add your own custom security rule:

  1. Create a file under backend/rules like this one.
    • Specify a UID like iam/no_root_access_keys. This is made from a service (e.g. iam) and a rule name (e.g. no_root_access_keys).
    • Specify a short Description for the rule.
    • Choose a Severity level from Low, Moderate, High, and Critical.
    • List out RiskCategories that describe the rule. Choose from Insufficient Monitoring, Publicly Exposed, Poor Encryption, IAM Misconfiguration, Patching Issue, Unused Resource, Data Access, and Poor Backup.
    • Fill out rule execution logic under Execute. This is a Cypher query that returns a resource_id, resource_type, account_id, status, and context.
  2. Add your rule to MisconfigurationRulesToExecute or AttackPathsRulesToExecute here
  3. Optionally add remediation steps like here.
  4. Optionally add a displayType entry here. (This is to set the label of the resource in the UI.)