Quality updates for WAF #2570 (#3079)

docs/en/rules/Azure.AKS.HttpAppRouting.md

@@ -1,8 +1,8 @@
 ---
-reviewed: 2021/12/10
+reviewed: 2021-12-10
 severity: Important
 pillar: Security
-category: Application endpoints
+category: SE:06 Network controls
 resource: Azure Kubernetes Service
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AKS.HttpAppRouting/
 ---
@@ -21,11 +21,13 @@ This may be helpful in some limited scenarios, but should not be used in product
 When exposing application endpoints consider using an ingress controller that supports:
 
 - Security filtering behind web application firewall (WAF).
-- Encyption in transit over TLS.
+- Encryption in transit over TLS.
 - Multiple replicas.
 
 Azure provides a production ready ingress controller _Application Gateway Ingress Controller_ (AGIC).
 
+HTTP application routing add-on (preview) for Azure Kubernetes Service (AKS) will be retired on 03 March 2025.
+
 ## RECOMMENDATION
 
 Consider disabling the HTTP application routing add-on in your AKS cluster.
@@ -182,7 +184,7 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-07-01' = {
 
 ## LINKS
 
-- [Best practices for endpoint security on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
 - [HTTP application routing](https://learn.microsoft.com/azure/aks/http-application-routing)
 - [Enable Application Gateway Ingress Controller add-on for an existing AKS cluster](https://learn.microsoft.com/azure/application-gateway/tutorial-ingress-controller-add-on-existing)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters#ManagedClusterAutoUpgradeProfile)

docs/en/rules/Azure.AppGw.UseWAF.md

@@ -2,7 +2,7 @@
 reviewed: 2021-07-25
 severity: Critical
 pillar: Security
-category: Application endpoints
+category: SE:06 Network controls
 resource: Application Gateway
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AppGw.UseWAF/
 ---
@@ -101,7 +101,7 @@ $AppGw = Set-AzApplicationGatewaySku -ApplicationGateway $AppGw -Name 'WAF_v2' -
 
 ## LINKS
 
-- [Best practices for endpoint security on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
 - [Securing PaaS deployments](https://learn.microsoft.com/azure/security/fundamentals/paas-deployments#install-a-web-application-firewall)
 - [What is Azure Web Application Firewall on Azure Application Gateway?](https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/applicationgateways)

docs/en/rules/Azure.AppGw.WAFEnabled.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Network security and containment
+category: SE:06 Network controls
 resource: Application Gateway
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AppGw.WAFEnabled/
 ---
@@ -102,7 +102,7 @@ Set-AzApplicationGatewayWebApplicationFirewallConfiguration -ApplicationGateway
 
 ## LINKS
 
-- [Best practices for endpoint security on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
 - [Securing PaaS deployments](https://learn.microsoft.com/azure/security/fundamentals/paas-deployments#install-a-web-application-firewall)
 - [What is Azure Web Application Firewall on Azure Application Gateway?](https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/applicationgateways)

docs/en/rules/Azure.Cosmos.DisableLocalAuth.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: SE:05 Identity and access
+category: SE:05 Identity and access management
 resource: Cosmos DB
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Cosmos.DisableLocalAuth/
 ---

docs/en/rules/Azure.FrontDoor.WAF.Enabled.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Application endpoints
+category: SE:06 Network controls
 resource: Front Door
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.FrontDoor.WAF.Enabled/
 ---
@@ -25,7 +25,7 @@ Consider enabling WAF policy.
 
 ## LINKS
 
-- [Best practices for endpoint security on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
 - [Securing PaaS deployments](https://learn.microsoft.com/azure/security/fundamentals/paas-deployments#install-a-web-application-firewall)
 - [Policy settings for Web Application Firewall on Azure Front Door](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings#waf-state)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/frontdoorwebapplicationfirewallpolicies)

docs/en/rules/Azure.Storage.Firewall.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 pillar: Security
-category: Application endpoints
+category: SE:06 Network controls
 resource: Storage Account
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Storage.Firewall/
 ---
@@ -101,7 +101,7 @@ Azure storage firewall is not supported for Cloud Shell storage accounts.
 
 ## LINKS
 
-- [Public endpoints](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints#public-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
 - [Configure Azure Storage firewalls and virtual networks](https://learn.microsoft.com/azure/storage/common/storage-network-security)
 - [Use private endpoints for Azure Storage](https://learn.microsoft.com/azure/storage/common/storage-private-endpoints)
 - [Persist files in Azure Cloud Shell](https://learn.microsoft.com/azure/cloud-shell/persisting-shell-storage)

docs/en/rules/Azure.VM.ScriptExtensions.md

@@ -2,7 +2,7 @@
 reviewed: 2022-11-16
 severity: Important
 pillar: Security
-category: Secrets
+category: SE:02 Secured development lifecycle
 resource: Virtual Machine
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.VM.ScriptExtensions/
 ---
@@ -75,7 +75,7 @@ resource script 'Microsoft.Compute/virtualMachines/extensions@2015-06-15' = {
 
 ## LINKS
 
-- [Secure application configuration and dependencies](https://learn.microsoft.com/azure/architecture/framework/security/design-app-dependencies)
-- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachines?pivots=deployment-language-bicep)
+- [SE:02 Secured development lifecycle](https://learn.microsoft.com/azure/well-architected/security/secure-development-lifecycle)
 - [Windows Custom Script Extensions](https://learn.microsoft.com/azure/virtual-machines/extensions/custom-script-windows)
 - [Linux Custom Script Extensions](https://learn.microsoft.com/azure/virtual-machines/extensions/custom-script-linux)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachines/extensions)

docs/en/rules/Azure.VMSS.ScriptExtensions.md

@@ -2,7 +2,7 @@
 reviewed: 2022-11-16
 severity: Important
 pillar: Security
-category: Secrets
+category: SE:02 Secured development lifecycle
 resource: Virtual Machine Scale Sets
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.VMSS.ScriptExtensions/
 ---
@@ -80,6 +80,6 @@ extensionProfile: {
 
 ## LINKS
 
-- [Secure application configuration and dependencies](https://learn.microsoft.com/azure/architecture/framework/security/design-app-dependencies)
-- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachinescalesets/extensions)
+- [SE:02 Secured development lifecycle](https://learn.microsoft.com/azure/well-architected/security/secure-development-lifecycle)
 - [Azure VMSS Extensions Overview](https://learn.microsoft.com/azure/virtual-machines/extensions/overview)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachinescalesets/extensions)