Minor cnspec bundle fmt fixes

community/email-security-spf.mql.yaml

@@ -1,14 +1,14 @@
 policies:
   - uid: email-security-policy-spf
     name: Email Security Policy (SPF)
-    version: "0.0.2"
+    version: 0.0.2
     license: MPL-2.0
+    tags:
+      mondoo.com/category: security,email
+      mondoo.com/platform: dns
     authors:
       - name: Ben Rockwood
         email: [email protected]
-    tags:
-      mondoo.com/platform: dns
-      mondoo.com/category: security,email
     docs:
       desc: |
         ## Overview
@@ -26,7 +26,7 @@ policies:
         $ cnspec scan --inventory-domainlist --inventory-file domains.txt --policy-bundle ./email-security.mql.yaml --incognito
         ```
     groups:
-      - title: "Email Security"
+      - title: Email Security
         filters: mondoo.resources.contains("dns")
         checks:
           - uid: dns-00
@@ -37,7 +37,6 @@ policies:
           - uid: spf-04
           - uid: spf-05
           - uid: spf-06
-
 queries:
   - uid: dns-00
     title: Domain Apex should have a TXT record
@@ -49,8 +48,8 @@ queries:
       remediation: |
         Add a TXT record to your DNS zone file.
     refs:
-      - title: TXT Record
-        url: https://en.wikipedia.org/wiki/TXT_record
+      - url: https://en.wikipedia.org/wiki/TXT_record
+        title: TXT Record
   - uid: dns-01
     title: Domain Apex should have an anchor (A) record
     mql: dns.records.where( type == "A" ).length > 0
@@ -61,8 +60,8 @@ queries:
       remediation: |
         Add an A record to your DNS zone file, consider using a redirect to your corporate website.
     refs:
-      - title: A Record
-        url: https://www.easyredir.com/blog/what-is-an-apex-domain/
+      - url: https://www.easyredir.com/blog/what-is-an-apex-domain/
+        title: A Record
   - uid: spf-01
     title: Ensure SPF record is set
     mql: dns.params['TXT']['rData'].contains( /v=spf1/ )
@@ -76,8 +75,8 @@ queries:
         <domain> IN TXT "v=spf1 include:_spf.google.com ~all"
         ```
     refs:
-      - title: SPF Record
-        url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+      - url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+        title: SPF Record
   - uid: spf-02
     title: Ensure there are not multiple SPF record
     mql: dns.params['TXT']['rData'].where( /v=spf1/ ).length <= 1
@@ -87,8 +86,8 @@ queries:
       remediation: |
         Remove all but one SPF record from your DNS zone file.
     refs:
-      - title: SPF Record
-        url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+      - url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+        title: SPF Record
   - uid: spf-03
     title: Ensure SPF record is not too long
     mql: dns.params['TXT']['rData'].where( /v=spf1/ ).length <= 255
@@ -98,8 +97,8 @@ queries:
       remediation: |
         Remove some of the entries from your SPF record.
     refs:
-      - title: SPF Record
-        url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+      - url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+        title: SPF Record
   - uid: spf-04
     title: Ensure SPF record does not contain any excess whitespace
     mql: dns.params['TXT']['rData'].where( /v=spf1/ ).where( /\s{2,}/).length == 0
@@ -109,8 +108,8 @@ queries:
       remediation: |
         Remove all excess whitespace from your SPF record.
     refs:
-      - title: SPF Record
-        url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+      - url: https://en.wikipedia.org/wiki/Sender_Policy_Framework
+        title: SPF Record
   - uid: spf-05
     title: SPF should be set to fail or soft fail all
     mql: |
@@ -121,8 +120,8 @@ queries:
       remediation: |
         The SPF record should end with ~all.
     refs:
-      - title: M3AAWG Email Authentication Recommended Best Practices (2020)
-        url: https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf
+      - url: https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf
+        title: M3AAWG Email Authentication Recommended Best Practices (2020)
   - uid: spf-06
     title: Do not use deprecated SPF DNS Record Type
     mql: dns.records.where(type == "SPF").length == 0
@@ -132,5 +131,5 @@ queries:
       remediation: |
         Remove the deprecated SPF DNS Record Type from your SPF record.
     refs:
-      - title: DNS SPF Records
-        url: https://en.wikipedia.org/wiki/Sender_Policy_Framework#DNS_SPF_Records
+      - url: https://en.wikipedia.org/wiki/Sender_Policy_Framework#DNS_SPF_Records
+        title: DNS SPF Records

core/mondoo-azure-security.mql.yaml

@@ -1849,7 +1849,7 @@ queries:
       azure.monitor.diagnosticSettings.all( properties["logs"].where( _["enabled"] == "true" ).any( _["category"] == "Security" ) )
       azure.monitor.diagnosticSettings.all( properties["logs"].where( _["enabled"] == "true" ).any( _["category"] == "Alert" )  )
     docs:
-      desc: |2
+      desc: |
         Diagnostic setting controls how the diagnostic logs are exported and what type of data need to be collected and be exported to the defined destination.
         By default no log categories are selected when the Diagnostic Setting is created. Capturing the appropriate log categories for the activities performed within your subscriptions provides proper insight into the environment and will help the SOC team in analyzing.
 
@@ -1944,7 +1944,7 @@ queries:
         }
       }
     docs:
-      desc: |2
+      desc: |
         The main security issue with exposing UDP services over the Internet is the broad attack surface that allows attackers to use Reflection Amplification Attack against Virtual Machines.
 
         A reflection attack involves an attacker spoofing a target's IP address and sending a request for information, mainly using UDP. The server then responds by sending an answer. This is called "reflection" (using the same protocol in both directions) attack.