Merge pull request #1303 from splunk/app_inspect_CI

greater than 0
splunk · Mar 29, 2021 · 95b81cc · 95b81cc
2 parents dd2393e + 4bff661
commit 95b81cc
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/bin/appinspect.sh b/bin/appinspect.sh
@@ -43,7 +43,7 @@ do
         curl -s --location --request GET https://appinspect.splunk.com/v1/app/report/$REQUEST_ID --header "Authorization: bearer $APPINSPECT_TOKEN" --header 'Content-Type: text/html' -o report/appinspect_report.html
         FAILS=$(curl -s --location --request GET https://appinspect.splunk.com/v1/app/report/$REQUEST_ID --header "Authorization: bearer $APPINSPECT_TOKEN" --header 'Content-Type: application/json' | jq -r '.summary | .failure')
         ERRORS=$(curl -s --location --request GET https://appinspect.splunk.com/v1/app/report/$REQUEST_ID --header "Authorization: bearer $APPINSPECT_TOKEN" --header 'Content-Type: application/json' | jq -r '.summary | .error')
-        if [ $FAILS -gt 1 -o $ERRORS -gt 1 ]
+        if [ $FAILS -gt 0 -o $ERRORS -gt 0 ]
         then
     		echo "ERROR appinspect had $FAILS failures and or $ERRORS errors, see summary report under job artifacts for details"
     		exit 1

diff --git a/stories/aws_iam_privilege_escalation.yml b/stories/aws_iam_privilege_escalation.yml
@@ -5,9 +5,9 @@ date: '2021-03-08'
 author: Bhavin Patel, Splunk
 type: batch
 description: This analytic story contains detections that query your AWS Cloudtrail for activities related to privilege escalation. 
-narrative: 'Amazon Web Services provides a neat feature called Identity and Access Management (IAM) that enables organizations to manage various AWS services and resources in a secure way. All IAM users have roles, groups and policies associated with them which governs and sets permissions to allow a user to access specific restrictions. \
-  However, if these IAM policies are misconfigured and have specific combinations of weak permissions; it can allow attackers to escalate their privileges and further compromise the organization. Rhino Security Labs have published comprehensive blogs detailing various AWS Escalation methods. By using this as an inspiration, Splunk’s research team wants to highlight how these attack vectors look in AWS Cloudtrail logs and provide you with detection queries to uncover these potentially malicious events via this Analytic Story. \
-'
+narrative: 'Amazon Web Services provides a neat feature called Identity and Access Management (IAM) that enables organizations to manage various AWS services and resources in a secure way. All IAM users have roles, groups and policies associated with them which governs and sets permissions to allow a user to access specific restrictions.\
+
+  However, if these IAM policies are misconfigured and have specific combinations of weak permissions; it can allow attackers to escalate their privileges and further compromise the organization. Rhino Security Labs have published comprehensive blogs detailing various AWS Escalation methods. By using this as an inspiration, Splunk’s research team wants to highlight how these attack vectors look in AWS Cloudtrail logs and provide you with detection queries to uncover these potentially malicious events via this Analytic Story. \'
 references:
 - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
 - https://www.cyberark.com/resources/threat-research-blog/the-cloud-shadow-admin-threat-10-permissions-to-protect