Introduced a handler to high alert anyone who has changed a security group via the UI.
In this example we would see a high alert if someone has opened all TCP/UDP to 0.0.0.0/0.
Here's another example of the idea. In this example we're excluding rules that pertain to :80 and :433. This rule also specifically targets actions that were performed
via a cloudformation script.
This would catch anyone who has launched a CF stack which has an obvious security problem. In this case that might be something like :22 from 0.0.0.0/0 or basically
any combination of ports that isn't :80 or :443 and is open to the world.
More rules files
This version also improves the rule ingestion in that we can now have many files in the ./rules/ dir.
Slightly better output
Next up
I seem to have a pattern of completely ignoring my "next up" section.
Grading system which can produce A,B,C,D,Failing grades based on the execution of the rules.