Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MongoDB - alerting disabled (rule) #1180

Closed
wants to merge 25 commits into from
Closed

MongoDB - alerting disabled (rule) #1180

wants to merge 25 commits into from

Conversation

akozlovets098
Copy link
Contributor

Changes

  • Added MongoDB.Alerting.Disabled.Or.Deleted rule (Jira)

melenevskyi and others added 18 commits March 11, 2024 09:11
@melenevskyi
Fixed IndexOutOfRange error in get_zoom_usergroup_context (#1141)
320817c
Use correct key when retrieving string_set in Okta Stolen Session Rule (
3780501 
#1142)

* Fix key when retrieving string_set in Okta Stolen Session Rule

* fmt
@arielkr256
rolling back changes related to simple_rules dir (#1143)
342754e 
Co-authored-by: Evan Gibler <evan.gibler@panther.com>
@kjihso
typo fix: gcp_privilege_escalation_by_deploymants (#1140)
7183c89
@darwayne
Update PAT to 0.42.0 (#1145)
2b4c297 
Co-authored-by: Evan Gibler <evan.gibler@panther.com>
@arielkr256
converted is_private to not is_global (#1150)
8b90fd0 
Co-authored-by: Evan Gibler <evan.gibler@panther.com>
@arielkr256
Rework base64 recognition to use python functions rather than regex (#…
615b638 
…1146)

* base64 rules use python funtions not regex

* better alertcontext for standard_dns_base64

* command line tools as global var

* regex and length checks for edge cases

* new global_helper for is_base64()
@le4ker
renames .yaml files to .yml (#1151)
2a722ec
@arielkr256
converted is_private to not is_global (#1150)
cf3a74d 
Co-authored-by: Evan Gibler <evan.gibler@panther.com>
@arielkr256
Rework base64 recognition to use python functions rather than regex (#…
bd4f24c 
…1146)

* base64 rules use python funtions not regex

* better alertcontext for standard_dns_base64

* command line tools as global var

* regex and length checks for edge cases

* new global_helper for is_base64()
@le4ker
renames .yaml files to .yml (#1151)
d8e0439
@akozlovets098
THREAT-240 GCP compute.instance.create AttributeError (#1152)
9ef48ed
@melenevskyi
Add GCP.IAM.serviceAccounts.getAccessToken.Privilege.Escalation rule (#…
9d61dd1 
…1149)

* Add GCP.IAM.serviceAccounts.getAccessToken.Privilege.Escalation  rule

* Add GCP.IAM.serviceAccounts.signBlob rule
@arielkr256
Lolbas tuning (#1147)
f4ecb76 
* lower severity and set disabled false

* lower severity and disable
@akozlovets098
Merge remote-tracking branch 'origin/release' into release
c9f9cd7
@le4ker
Add npm install in dockerfile (#1172)
e58aee5 
* add npm install in dockerfile

* Remove Python optimizations; add prettier to PATH

---------

Co-authored-by: egibs <keybase@egibs.xyz>
@JPhenglavong
Update github_advanced_security_change.py (#1173)
2568280 
* Update github_advanced_security_change.py

Set severity of business_secret_scanning_push_protection_custom_message.disable action to HIGH

Add repository_vulnerability_alerts.disable action as HIGH

* fmt

---------

Co-authored-by: egibs <keybase@egibs.xyz>
@akozlovets098
Merge remote-tracking branch 'origin/release' into release
9d5ffc9
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2024

😱
looks like somethings could be wrong with the packs

[INFO][root]: ignoring file package-lock.json [INFO][root]: ignoring file package.json [ERROR][root]: There are packs that are potentially missing detections: mongodb.yml: MongoDB.Alerting.Disabled.Or.Deleted
<!-- thollander/actions-comment-pull-request "check-packs" -->

@akozlovets098 akozlovets098 force-pushed the THREAT-253-MongoDB---alerting-disabled branch from 4bd302e to dc27082 Compare April 5, 2024 08:26
@akozlovets098 akozlovets098 deleted the THREAT-253-MongoDB---alerting-disabled branch April 5, 2024 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@akozlovets098 @melenevskyi @arielkr256 @kjihso @darwayne @le4ker @JPhenglavong