[aws] update docs runbook rules (#197)

panther-labs · Feb 18, 2021 · 5682402 · 5682402
1 parent f796d6a
commit 5682402
Show file tree

Hide file tree

Showing 86 changed files with 87 additions and 88 deletions.
diff --git a/aws_account_policies/aws_password_policy_complexity_guidelines.yml b/aws_account_policies/aws_password_policy_complexity_guidelines.yml
@@ -19,10 +19,9 @@ Reports:
  - 8.2.3
 Severity: High
 Description: >
- This policy validates that the account password policy enforces the recommended
- password complexity requirements.
+ This policy validates that the account password policy enforces the recommended password complexity requirements.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-enforces-complexity-guidelines
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-enforces-complexity-guidelines
 Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
 Tests:
  -

diff --git a/aws_account_policies/aws_password_policy_password_age_limit.yml b/aws_account_policies/aws_password_policy_password_age_limit.yml
@@ -18,7 +18,7 @@ Description: >
  This policy validates that the account password policy enforces a maximum password age of 90
  days or less.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-enforces-password-age-limit-of-90-days-or-less
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-enforces-password-age-limit-of-90-days-or-less
 Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
 Tests:
  -

diff --git a/aws_account_policies/aws_password_policy_password_reuse.yml b/aws_account_policies/aws_password_policy_password_reuse.yml
@@ -18,7 +18,7 @@ Description: >
  This policy validates that the account password policy prevents users from re-using previous
  passwords, and prevents password reuse for 24 or more prior passwords.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-account-password-policy-prevents-password-reuse
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-account-password-policy-prevents-password-reuse
 Reference: >
  https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
 Tests:

diff --git a/aws_account_policies/aws_resource_minimum_tags.yml b/aws_account_policies/aws_resource_minimum_tags.yml
@@ -16,7 +16,7 @@ Severity: Low
 Description: >
  This policy ensures that applicable resources have a minimum number of tags set.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-resource-has-minimum-number-of-tags
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-resource-has-minimum-number-of-tags
 Reference: https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
 Tests:
  -

diff --git a/aws_account_policies/aws_resource_required_tags.yml b/aws_account_policies/aws_resource_required_tags.yml
@@ -16,7 +16,7 @@ Severity: Low
 Description: >
  This policy ensures that AWS resources have specific tags, dependent on their resource type.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-resource-has-required-tags
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-resource-has-required-tags
 Reference: https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
 Tests:
  -

diff --git a/aws_acm_policies/aws_acm_certificate_expiration.yml b/aws_acm_policies/aws_acm_certificate_expiration.yml
@@ -12,7 +12,7 @@ Severity: Medium
 Description: >
  When a certificate is 60 days away from expiration, ACM automatically attempts to renew it every hour.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-acm-certificate-is-not-expired
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-acm-certificate-is-not-expired
 Reference: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-renewal.html
 Tests:
  -

diff --git a/aws_cloudtrail_policies/aws_cloudtrail_cloudwatch_logs.yml b/aws_cloudtrail_policies/aws_cloudtrail_cloudwatch_logs.yml
@@ -16,7 +16,7 @@ Description: >
  CloudTrail supports sending data and management events to CloudWatch Logs. This setup can be
  used for real-time processing of all CloudTrail data events.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-trails-integrated-with-cloudwatch-logs
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-trails-integrated-with-cloudwatch-logs
 Reference: >
  https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
 Tests:

diff --git a/aws_cloudtrail_policies/aws_cloudtrail_enabled.yml b/aws_cloudtrail_policies/aws_cloudtrail_enabled.yml
@@ -18,7 +18,7 @@ Description: >
  This policy ensures that CloudTrail is enabled in all regions and at least one of them has
  management (control plane) operations logged.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-enabled-in-all-regions
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-enabled-in-all-regions
 Reference: >
  https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
 Tests:

diff --git a/aws_cloudtrail_policies/aws_cloudtrail_log_encryption.yml b/aws_cloudtrail_policies/aws_cloudtrail_log_encryption.yml
@@ -15,7 +15,7 @@ Severity: Medium
 Description: >
  This policy validates that CloudTrail Logs are encrypted at rest with customer managed KMS key.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-logs-encrypted-using-kms-cmk
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-logs-encrypted-using-kms-cmk
 Reference: >
  https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
 Tests:

diff --git a/aws_cloudtrail_policies/aws_cloudtrail_log_validation.yml b/aws_cloudtrail_policies/aws_cloudtrail_log_validation.yml
@@ -17,7 +17,7 @@ Severity: Medium
 Description: >
  This policy ensures that CloudTrail logs have file integrity validation enabled.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-log-validation-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-log-validation-enabled
 Reference: >
  https://amzn.to/2MMgE6W
 Tests:

diff --git a/aws_cloudtrail_policies/aws_cloudtrail_s3_bucket_access_logging.yml b/aws_cloudtrail_policies/aws_cloudtrail_s3_bucket_access_logging.yml
@@ -16,7 +16,7 @@ Description: >
  This policy validates that the bucket receiving CloudTrail Logs is configured with
  S3 Access Logging. This audits all creation, modification, or deletion to CloudTrail audit logs.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-s3-bucket-has-access-logging-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-s3-bucket-has-access-logging-enabled
 Reference: >
  https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
 # Unit testing not supported for policies that might network calls
diff --git a/aws_cloudtrail_policies/aws_cloudtrail_s3_bucket_public.yml b/aws_cloudtrail_policies/aws_cloudtrail_s3_bucket_public.yml
@@ -15,7 +15,7 @@ Severity: High
 Description: >
  This policy validates that CloudTrail S3 buckets are not publicly accessible.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-cloudtrail-logs-s3-bucket-not-publicly-accessible
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-cloudtrail-logs-s3-bucket-not-publicly-accessible
 Reference: >
  https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html
 # Unit testing not supported for policies that might network calls
diff --git a/aws_cloudtrail_rules/aws_cloudtrail_created.yml b/aws_cloudtrail_rules/aws_cloudtrail_created.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
  A CloudTrail Trail was created, updated, or enabled.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-cloudtrail-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-cloudtrail-modified
 Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Operations.html
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_cloudtrail_stopped.yml b/aws_cloudtrail_rules/aws_cloudtrail_stopped.yml
@@ -15,7 +15,7 @@ Reports:
 Severity: Medium
 Description: >
  A CloudTrail Trail was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-cloudtrail-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-cloudtrail-modified
 Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Operations.html
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_console_login_failed.yml b/aws_cloudtrail_rules/aws_console_login_failed.yml
@@ -17,7 +17,7 @@ Reports:
 Severity: Low
 Description: >
  A console login failed.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-failed
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-failed
 Reference: https://amzn.to/3aMSmTd
 SummaryAttributes:
  - userAgent

diff --git a/aws_cloudtrail_rules/aws_console_login_without_mfa.yml b/aws_cloudtrail_rules/aws_console_login_without_mfa.yml
@@ -15,7 +15,7 @@ Reports:
  - 3.2
 Severity: High
 Description: An AWS console login was made without multi-factor authentication.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-without-mfa
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-without-mfa
 Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
 SummaryAttributes:
  - userAgent

diff --git a/aws_cloudtrail_rules/aws_console_root_login_failed.yml b/aws_cloudtrail_rules/aws_console_root_login_failed.yml
@@ -17,7 +17,7 @@ Reports:
  - 3.6
 Severity: High
 Description: A Root console login failed.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-console-login-failed
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-console-login-failed
 Reference: https://amzn.to/3aMSmTd
 SummaryAttributes:
  - userAgent

diff --git a/aws_cloudtrail_rules/aws_ec2_gateway_modified.yml b/aws_cloudtrail_rules/aws_ec2_gateway_modified.yml
@@ -13,7 +13,7 @@ Reports:
  - 3.12
 Severity: Info
 Description: An EC2 Network Gateway was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-gateway-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-gateway-modified
 Reference: reference.link
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_ec2_network_acl_modified.yml b/aws_cloudtrail_rules/aws_ec2_network_acl_modified.yml
@@ -13,7 +13,7 @@ Reports:
  - 3.11
 Severity: Info
 Description: An EC2 Network ACL was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-network-acl-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-network-acl-modified
 Reference: reference.link
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_ec2_route_table_modified.yml b/aws_cloudtrail_rules/aws_ec2_route_table_modified.yml
@@ -12,7 +12,7 @@ Reports:
  - 3.13
 Severity: Info
 Description: An EC2 Route Table was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-route-table-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-route-table-modified
 Reference: reference.link
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_ec2_security_group_modified.yml b/aws_cloudtrail_rules/aws_ec2_security_group_modified.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
  An EC2 Security Group was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-securitygroup-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-securitygroup-modified
 Reference: reference.link
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_ec2_vpc_modified.yml b/aws_cloudtrail_rules/aws_ec2_vpc_modified.yml
@@ -13,7 +13,7 @@ Reports:
  - 3.14
 Severity: Info
 Description: An EC2 VPC was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-ec2-vpc-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-ec2-vpc-modified
 Reference: reference.link
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_iam_policy_modified.yml b/aws_cloudtrail_rules/aws_iam_policy_modified.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
  An IAM Policy was changed.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-iam-policy-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-iam-policy-modified
 Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_kms_cmk_loss.yml b/aws_cloudtrail_rules/aws_kms_cmk_loss.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
  A KMS Customer Managed Key was disabled or scheduled for deletion. This could potentially lead to permanent loss of encrypted data.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-kms-cmk-loss
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-kms-cmk-loss
 Reference: https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_s3_bucket_policy_modified.yml b/aws_cloudtrail_rules/aws_s3_bucket_policy_modified.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
  An S3 Bucket was modified.
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-s3-bucket-policy-modified
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-s3-bucket-policy-modified
 Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
 SummaryAttributes:
  - eventName

diff --git a/aws_cloudtrail_rules/aws_unauthorized_api_call.yml b/aws_cloudtrail_rules/aws_unauthorized_api_call.yml
@@ -13,7 +13,7 @@ Reports:
  - 3.1
 Severity: Info
 Description: An unauthorized AWS API call was made
-Runbook: https://docs.runpanther.io/log-analysis/rules/built-in-rule-runbooks/aws-unauthorized-api-call
+Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-unauthorized-api-call
 Reference: https://amzn.to/3aOukaA
 SummaryAttributes:
  - eventName

diff --git a/aws_config_policies/aws_config_global_resources.yml b/aws_config_policies/aws_config_global_resources.yml
@@ -13,7 +13,7 @@ Description: >
  You can have AWS Config record supported types of global resources, such as
  IAM users, groups, roles, and customer managed policies.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-config-is-enabled-for-global-resources
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-config-is-enabled-for-global-resources
 Reference: https://amzn.to/2MO8xXM
 Tests:
  -

diff --git a/aws_dynamodb_policies/aws_dynamodb_autoscaling.yml b/aws_dynamodb_policies/aws_dynamodb_autoscaling.yml
@@ -14,7 +14,7 @@ Description: >
  traffic patterns. This enables a table to increase its provisioned read and write capacity
  to handle sudden increases in traffic
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-autoscaling-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-autoscaling-enabled
 Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html
 Tests:
  -

diff --git a/aws_dynamodb_policies/aws_dynamodb_autoscaling_configuration.yml b/aws_dynamodb_policies/aws_dynamodb_autoscaling_configuration.yml
@@ -15,7 +15,7 @@ Description: >
  traffic patterns. This enables a table to increase its provisioned read and write capacity
  to handle sudden increases in traffic
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-autoscaling-targets-configured
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-autoscaling-targets-configured
 Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AutoScaling.html
 Tests:
  -

diff --git a/aws_dynamodb_policies/aws_dynamodb_table_encryption.yml b/aws_dynamodb_policies/aws_dynamodb_table_encryption.yml
@@ -16,7 +16,7 @@ Description: >
  Table encryption provides an additional layer of data protection by securing from
  unauthorized access to the underlying storage
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-dynamodb-table-has-encryption-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-dynamodb-table-has-encryption-enabled
 Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_ami_approved_host.yml b/aws_ec2_policies/aws_ec2_ami_approved_host.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  Checks that AWS EC2 AMI's are only launched on approved dedicated hosts.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-on-approved-host
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-on-approved-host
 Reference: https://aws.amazon.com/ec2/dedicated-hosts/
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_ami_approved_instance_type.yml b/aws_ec2_policies/aws_ec2_ami_approved_instance_type.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures that the EC2 instance is running with an instance type approved for its AMI.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-on-approved-instance-type
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-on-approved-instance-type
 Reference: https://aws.amazon.com/ec2/instance-types/
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_ami_approved_tenancy.yml b/aws_ec2_policies/aws_ec2_ami_approved_tenancy.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures that the EC2 instance was launched with a tenancy approved for its AMI.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-ami-launched-with-approved-tenancy
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-ami-launched-with-approved-tenancy
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_approved_ami.yml b/aws_ec2_policies/aws_ec2_instance_approved_ami.yml
@@ -12,7 +12,7 @@ Severity: High
 Description: >
  This policy ensures the given EC2 instance is running an AMI from the approved list of AMI's.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-ami
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-ami
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_approved_host.yml b/aws_ec2_policies/aws_ec2_instance_approved_host.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures the given EC2 Instance is running on an approved dedicated host.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-host
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-host
 Reference: https://aws.amazon.com/ec2/dedicated-hosts/
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_approved_instance_type.yml b/aws_ec2_policies/aws_ec2_instance_approved_instance_type.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures that the EC2 instance is running on one of the approved instance types.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-on-approved-instance-type
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-on-approved-instance-type
 Reference: https://aws.amazon.com/ec2/instance-types/
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_approved_tenancy.yml b/aws_ec2_policies/aws_ec2_instance_approved_tenancy.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures the given EC2 Instance is running with an approved tenancy option. The possible tenancy options are dedicated, host, and default.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-with-approved-tenancy
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-with-approved-tenancy
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_approved_vpc.yml b/aws_ec2_policies/aws_ec2_instance_approved_vpc.yml
@@ -12,7 +12,7 @@ Severity: High
 Description: >
  This policy ensures that the given EC2 Instance is running in an approved VPC.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-running-in-approved-vpc
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-running-in-approved-vpc
 Reference: https://aws.amazon.com/vpc/
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_detailed_monitoring.yml b/aws_ec2_policies/aws_ec2_instance_detailed_monitoring.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures that the AWS Instance has Detailed Monitoring Enabled
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-has-detailed-monitoring-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-has-detailed-monitoring-enabled
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_instance_ebs_optimization.yml b/aws_ec2_policies/aws_ec2_instance_ebs_optimization.yml
@@ -12,7 +12,7 @@ Severity: Low
 Description: >
  This policy ensures EBS optimization is enabled for the given EC2 instance, if applicable.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-is-ebs-optimized
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-is-ebs-optimized
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_volume_encryption.yml b/aws_ec2_policies/aws_ec2_volume_encryption.yml
@@ -12,7 +12,7 @@ Severity: High
 Description: >
  You can encrypt both the boot and data volumes of an EC2 instance.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-instance-volumes-are-encrypted
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-instance-volumes-are-encrypted
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
 Tests:
  -

diff --git a/aws_ec2_policies/aws_ec2_volume_snapshot_encrypted.yml b/aws_ec2_policies/aws_ec2_volume_snapshot_encrypted.yml
@@ -12,7 +12,7 @@ Severity: High
 Description: >
  You can encrypt the snapshot of an EC2 volume to protect against accidental data loss
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-ec2-volume-is-encrypted
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-ec2-volume-is-encrypted
 Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
 Tests:
  -

diff --git a/aws_elb_policies/aws_application_load_balancer_web_acl.yml b/aws_elb_policies/aws_application_load_balancer_web_acl.yml
@@ -13,7 +13,7 @@ Severity: High
 Description: >
  This policy validates that all application load balancers have an associated Web ACl to enforce protections against various web attacks.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-application-load-balancer-has-web-acl
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-application-load-balancer-has-web-acl
 Reference: https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
 Tests:
  -

diff --git a/aws_guardduty_policies/aws_guardduty_enabled.yml b/aws_guardduty_policies/aws_guardduty_enabled.yml
@@ -12,7 +12,7 @@ Severity: High
 Description: >
  GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.
 Runbook: >
- https://docs.runpanther.io/cloud-security/built-in-policy-runbooks/aws-guardduty-is-enabled
+ https://docs.runpanther.io/alert-runbooks/built-in-policies/aws-guardduty-is-enabled
 Reference: https://aws.amazon.com/guardduty/
 Tests:
  -