add OWASP LLM top 10 categories to AI rules

plugins/aws/bedrock/customModelEncryptionEnabled.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Custom Model Encryption Enabled',
     category: 'AI & ML',
+    owasp: ['LLM10'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensure that an Amazon Bedrock custom models are encrypted with desired encryption level.',

plugins/aws/bedrock/customModelInVpc.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Custom Model In VPC',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Low',
     description: 'Ensure that an Amazon Bedrock custom model is configured with a VPC.',

plugins/aws/bedrock/privateCustomModel.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Private Custom Model',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensure that an Amazon Bedrock custom model is configured within a private VPC.',

plugins/aws/comprehend/flywheelInVpc.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Amazon Comprehend Flywheel In VPC',
     category: 'AI & ML',
+    owasp: ['LLM07', 'LLM04', 'LLM02'],
     domain: 'Compute',
     severity: 'Low',
     description: 'Ensure that an Amazon Comprehend Flywheel is configured with a VPC.',

plugins/aws/comprehend/outputResultEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Amazon Comprehend Output Result Encryption',
     category: 'AI & ML',
+    owasp: ['LLM07', 'LLM02'],
     domain: 'Compute',
     severity: 'High',
     description: 'Ensures the Comprehend service is using encryption for all result output.',

plugins/aws/comprehend/volumeEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Amazon Comprehend Volume Encryption',
     category: 'AI & ML',
+    owasp: ['LLM07', 'LLM02'],
     domain: 'Compute',
     severity: 'High',
     description: 'Ensures the Comprehend service is using encryption for all volumes storing data at rest.',

plugins/aws/forecast/datasetExportEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Forecast Dataset Export Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02'],
     domain: 'Content Delivery',
     severity: 'High',
     description: 'Ensure that AWS Forecast exports have encryption enabled before they are being saved on S3.',

plugins/aws/forecast/forecastDatasetEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Forecast Dataset Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM04', 'LLM02'],
     domain: 'Content Delivery',
     severity: 'High',
     description: 'Ensure that AWS Forecast datasets are using desired KMS key for data encryption.',

plugins/aws/frauddetector/fraudDetectorDataEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Fraud Detector Data Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM04', 'LLM02'],
     domain: 'Application Integration',
     severity: 'High',
     description: 'Ensure that Amazon Fraud Detector has encryption enabled for data at rest with desired KMS encryption level.',

plugins/aws/healthlake/dataStoreEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'HealthLake Data Store Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM04', 'LLM02'],
     domain: 'Content Delivery',
     severity: 'High',
     description: 'Ensure that AWS HealthLake Data Store is using desired encryption level.',

plugins/aws/kendra/kendraIndexEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Kendra Index Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02'],
     domain: 'Databases',
     severity: 'High',
     description: 'Ensure that the Kendra index is encrypted using desired encryption level.',

plugins/aws/lex/lexAudioLogsEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Audio Logs Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02'],
     domain: 'Content Delivery',
     severity: 'High',
     description: 'Ensure that Amazon Lex audio logs are encrypted using desired KMS encryption level',

plugins/aws/lookout/modelDataEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Model Data Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM10', 'LLM04', 'LLM02'],
     domain: 'Management and Governance',
     severity: 'High',
     description: 'Ensure that Lookout for Vision model data is encrypted using desired KMS encryption level',

plugins/aws/sagemaker/notebookDataEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Notebook Data Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM07', 'LLM02', 'LLM10'],
     domain: 'Compute',
     severity: 'High',
     description: 'Ensure Notebook data is encrypted',

plugins/aws/sagemaker/notebookDirectInternetAccess.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Notebook Direct Internet Access',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Compute',
     severity: 'Medium',
     description: 'Ensure Notebook Instance is not publicly available.',

plugins/aws/sagemaker/notebookInstanceInVpc.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Notebook instance in VPC',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Compute',
     severity: 'Medium',
     description: 'Ensure that Amazon SageMaker Notebook instances are launched within a VPC.',

plugins/aws/translate/translateJobOutputEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/aws');
 module.exports = {
     title: 'Translate Job Output Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02'],
     domain: 'Compute',
     severity: 'High',
     description: 'Ensure that your Amazon Translate jobs have CMK encryption enabled for output data residing on S3.',

plugins/azure/databricks/workspaceDbfsInfraEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Databricks Workspace DBFS Infrastructure Encryption',
     category: 'AI & ML',
+    owasp: ['LLM02', 'LLM04'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that DBFS root storage for Databricks premium workspace has infrastructure encryption enabled.',

plugins/azure/databricks/workspaceManagedDiskCmk.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Databricks Workspace Managed Disk CMK Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02', 'LLM04'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Databricks premium workspace managed disk is encrypted with CMK.',

plugins/azure/databricks/workspaceManagedServicesCmk.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Databricks Workspace Managed Services CMK Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02', 'LLM04'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Databricks premium workspace managed services are encrypted with CMK.',

plugins/azure/databricks/workspaceSecureCluster.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Databricks Workspace Secure Cluster',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Azure Databricks Workspace has secure cluster connectivity enabled.',

plugins/azure/machinelearning/mlRegistryPublicAccess.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Machine Learning Registry Public Access Disabled',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Azure Machine Learning registries are not publicly accessible.',

plugins/azure/machinelearning/mlWorkspaceHBI.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Machine Learning Workspace High Business Impact Enabled',
     category: 'AI & ML',
+    owasp: ['LLM02'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Machine Learning workspaces have High Business Impact (HBI) feature enabled.',

plugins/azure/machinelearning/workspacePublicAccessDisabled.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Machine Learning Workspace Public Access Disabled',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensures that Azure Machine Learning workspaces are not publicly accessible.',

plugins/azure/openai/accountCMKEncrypted.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'OpenAI Account CMK Encrypted',
     category: 'AI & ML',
+    owasp: ['LLM02', 'LLM04'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensures that Azure OpenAI accounts are encrypted using CMK.',

plugins/azure/openai/accountManagedIdentity.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'OpenAI Account Managed Identity Enabled',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures a system or user assigned managed identity is enabled to authenticate to Azure OpenAI accounts.',

plugins/azure/openai/accountPublicAccessDisabled.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'OpenAI Account Public Access Disabled',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensures that Azure OpenAI accounts are not publicly accessible.',

plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Synapse Workspace Private Endpoints',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensure that Azure Synapse workspace is accessible only through managed private endpoints.',

plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Synapse Workspace AD Auth Enabled',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensures that Azure Synapse workspace has Active Directory (AD) authentication enabled.',

plugins/azure/synapse/workspaceDoubleEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Synapse Workspace Double Encryption Enabled',
     category: 'AI & ML',
+    owasp: ['LLM10', 'LLM04', 'LLM02'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensures that Azure Synapse workspaces have double Encryption enabled.',

plugins/azure/synapse/workspaceManagedIdentity.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/azure');
 module.exports = {
     title: 'Synapse Workspace Managed Identity',
     category: 'AI & ML',
+    owasp: ['LLM07'],
     domain: 'Machine Learning',
     severity: 'Medium',
     description: 'Ensure that Azure Synapse workspace has managed identity enabled.',

plugins/google/vertexai/modelEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google');
 module.exports = {
     title: 'Vertex AI Model Encryption',
     category: 'AI & ML',
+    owasp: ['LLM010', 'LLM07'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensure that Vertex AI models are encrypted using desired encryption protection level.',

plugins/google/vertexai/vertexAIDatasetEncryption.js

@@ -4,6 +4,7 @@ var helpers = require('../../../helpers/google');
 module.exports = {
     title: 'Vertex AI Dataset Encryption',
     category: 'AI & ML',
+    owasp: ['LLM02', 'LLM04', 'LLM10'],
     domain: 'Machine Learning',
     severity: 'High',
     description: 'Ensure that Vertex AI datasets are encrypted using desired encryption protection level.',