@ampsec/platform-client 68.1.0 → 68.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/dto/enums/findingKind.d.ts +1 -0
- package/build/src/dto/enums/findingKind.js +12 -3
- package/build/src/dto/enums/findingKind.js.map +1 -1
- package/build/src/dto/saasComponents.dto.d.ts +2 -0
- package/build/src/dto/saasUsers.dto.d.ts +1 -0
- package/build/src/dto/saasUsers.dto.js +28 -1
- package/build/src/dto/saasUsers.dto.js.map +1 -1
- package/package.json +1 -1
- package/src/dto/enums/findingKind.ts +12 -3
- package/src/dto/saasComponents.dto.ts +2 -0
- package/src/dto/saasUsers.dto.ts +26 -0
|
@@ -5,6 +5,7 @@ import { SaasComponentKind } from './saasComponentKind';
|
|
|
5
5
|
export declare enum FindingKind {
|
|
6
6
|
NO_ACCOUNT = "NO_ACCOUNT",
|
|
7
7
|
MFA_NOT_ENABLED = "MFA_NOT_ENABLED",
|
|
8
|
+
MFA_NOT_SECURE = "MFA_NOT_SECURE",
|
|
8
9
|
IS_EXECUTIVE = "IS_EXECUTIVE",
|
|
9
10
|
HAS_PRODUCTION_ACCESS = "HAS_PRODUCTION_ACCESS",
|
|
10
11
|
HAS_PRIVILEGED_ACCESS = "HAS_PRIVILEGED_ACCESS",
|
|
@@ -11,6 +11,7 @@ var FindingKind;
|
|
|
11
11
|
FindingKind["NO_ACCOUNT"] = "NO_ACCOUNT";
|
|
12
12
|
// IDENTITY
|
|
13
13
|
FindingKind["MFA_NOT_ENABLED"] = "MFA_NOT_ENABLED";
|
|
14
|
+
FindingKind["MFA_NOT_SECURE"] = "MFA_NOT_SECURE";
|
|
14
15
|
FindingKind["IS_EXECUTIVE"] = "IS_EXECUTIVE";
|
|
15
16
|
FindingKind["HAS_PRODUCTION_ACCESS"] = "HAS_PRODUCTION_ACCESS";
|
|
16
17
|
FindingKind["HAS_PRIVILEGED_ACCESS"] = "HAS_PRIVILEGED_ACCESS";
|
|
@@ -30,6 +31,7 @@ const lookupFindingOutcomeByKind = (kind) => {
|
|
|
30
31
|
switch (kind) {
|
|
31
32
|
case FindingKind.NO_ACCOUNT:
|
|
32
33
|
case FindingKind.MFA_NOT_ENABLED:
|
|
34
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
33
35
|
case FindingKind.TRAINING_OVERDUE:
|
|
34
36
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
35
37
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -56,7 +58,7 @@ exports.lookupFindingOutcomeByKind = lookupFindingOutcomeByKind;
|
|
|
56
58
|
const lookupFindingKindByCategory = (category) => {
|
|
57
59
|
switch (category) {
|
|
58
60
|
case category_1.Category.IDENTITY: {
|
|
59
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
61
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
60
62
|
}
|
|
61
63
|
case category_1.Category.TRAINING: {
|
|
62
64
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -91,6 +93,7 @@ const lookupFindingSeverityByKind = (kind) => {
|
|
|
91
93
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
92
94
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
93
95
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
96
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
94
97
|
return finding_severity_1.FindingSeverity.HIGH;
|
|
95
98
|
case FindingKind.MFA_NOT_ENABLED:
|
|
96
99
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -140,6 +143,8 @@ const lookupFindingScoreByCategoryKindAndSeverity = (category, kind) => {
|
|
|
140
143
|
switch (kind) {
|
|
141
144
|
case FindingKind.MFA_NOT_ENABLED:
|
|
142
145
|
return 12;
|
|
146
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
147
|
+
return 5;
|
|
143
148
|
case FindingKind.NO_ACCOUNT:
|
|
144
149
|
return 12;
|
|
145
150
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -201,8 +206,8 @@ const generateInsights = (category, kind) => {
|
|
|
201
206
|
rule: {
|
|
202
207
|
category: category,
|
|
203
208
|
kind: '',
|
|
204
|
-
aid:
|
|
205
|
-
uid:
|
|
209
|
+
aid: undefined,
|
|
210
|
+
uid: undefined,
|
|
206
211
|
severity: undefined,
|
|
207
212
|
findingCondition: {},
|
|
208
213
|
remediatedCondition: {},
|
|
@@ -259,6 +264,10 @@ const generateInsights = (category, kind) => {
|
|
|
259
264
|
setCondition('meta._findings.enabled', false);
|
|
260
265
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
261
266
|
break;
|
|
267
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
268
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
269
|
+
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
270
|
+
break;
|
|
262
271
|
case FindingKind.IS_EXECUTIVE:
|
|
263
272
|
setCondition('meta._findings.isExecutive', true);
|
|
264
273
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.GROUP_MEMBERSHIP;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,
|
|
1
|
+
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,WAwBX;AAxBD,WAAY,WAAW;IACrB,MAAM;IACN,wCAAyB,CAAA;IAEzB,WAAW;IACX,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;IACjC,4CAA6B,CAAA;IAC7B,8DAA+C,CAAA;IAC/C,8DAA+C,CAAA;IAE/C,WAAW;IACX,kDAAmC,CAAA;IACnC,oDAAqC,CAAA;IAErC,MAAM;IACN,wDAAyC,CAAA;IACzC,sFAAuE,CAAA;IACvE,8EAA+D,CAAA;IAC/D,kFAAmE,CAAA;IACnE,4EAA6D,CAAA;IAE7D,cAAc;IACd,gEAAiD,CAAA;AACnD,CAAC,EAxBW,WAAW,2BAAX,WAAW,QAwBtB;AAEM,MAAM,0BAA0B,GAAG,CAAC,IAAiB,EAAkB,EAAE;IAC9E,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,UAAU,CAAC;QAC5B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,cAAc,CAAC;QAChC,KAAK,WAAW,CAAC,gBAAgB,CAAC;QAClC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,iCAAiC,CAAC;QACnD,KAAK,WAAW,CAAC,6BAA6B,CAAC;QAC/C,KAAK,WAAW,CAAC,+BAA+B,CAAC;QACjD,KAAK,WAAW,CAAC,4BAA4B,CAAC;QAC9C,KAAK,WAAW,CAAC,sBAAsB,CAAC,CAAC,CAAC;YACxC,OAAO,gCAAc,CAAC,WAAW,CAAC;QACpC,CAAC;QACD,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACvC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,KAAK,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC;YACjC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA1BW,QAAA,0BAA0B,8BA0BrC;AAEK,MAAM,2BAA2B,GAAG,CAAC,QAAgB,EAAiB,EAAE;IAC7E,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,cAAc,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,qBAAqB,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACnK,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrE,CAAC;QACD,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,OAAO;gBACL,WAAW,CAAC,iCAAiC;gBAC7C,WAAW,CAAC,6BAA6B;gBACzC,WAAW,CAAC,+BAA+B;gBAC3C,WAAW,CAAC,4BAA4B;aACzC,CAAC;QACJ,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA7BW,QAAA,2BAA2B,+BA6BtC;AAEK,MAAM,2BAA2B,GAAG,CAAC,IAAY,EAA+B,EAAE;IACvF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,sBAAsB,CAAC;QACxC,KAAK,WAAW,CAAC,cAAc;YAC7B,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,iCAAiC;YAChD,OAAO,kCAAe,CAAC,QAAQ,CAAC;QAClC,KAAK,WAAW,CAAC,6BAA6B;YAC5C,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,+BAA+B;YAC9C,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC,KAAK,WAAW,CAAC,4BAA4B;YAC3C,OAAO,kCAAe,CAAC,GAAG,CAAC;QAC7B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,2BAA2B,+BAwBtC;AAEF,iGAAiG;AAC1F,MAAM,2CAA2C,GAAG,CAAC,QAAkB,EAAE,IAAY,EAAU,EAAE;IACtG,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,iCAAiC;oBAChD,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,6BAA6B;oBAC5C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,+BAA+B;oBAC9C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,4BAA4B;oBAC3C,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,cAAc;oBAC7B,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,YAAY,CAAC;gBAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,gBAAgB;oBAC/B,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,sBAAsB;oBACrC,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AApEW,QAAA,2CAA2C,+CAoEtD;AAEK,MAAM,+BAA+B,GAAG,CAAC,IAAY,EAAU,EAAE;IACtE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,eAAe;YAC9B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,2BAA2B,CAAC;QACrC;YACE,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,+BAA+B,mCAW1C;AAEK,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAE,IAAY,EAAE,EAAE;IAEjE,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE;YACJ,IAAI,EAAE,IAAmB;YACzB,QAAQ,EAAE,IAAA,mCAA2B,EAAC,IAAI,CAAoB;YAC9D,YAAY,EAAE,IAAA,uCAA+B,EAAC,IAAI,CAAC;SACpD;QACD,IAAI,EAAE;YACJ,QAAQ,EAAE,QAAoB;YAC9B,IAAI,EAAE,EAAuB;YAC7B,GAAG,EAAE,SAAuC;YAC5C,GAAG,EAAE,SAAuC;YAC5C,QAAQ,EAAE,SAAuC;YACjD,gBAAgB,EAAE,EAAe;YACjC,mBAAmB,EAAE,EAAe;SACrC;KACF,CAAC;IACF,IAAI,QAAQ,KAAK,mBAAQ,CAAC,GAAG,IAAI,QAAQ,KAAK,mBAAQ,CAAC,aAAa,EAAE,CAAC;QACrE,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;IACD,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,EAAE;QACnD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC;IAClD,CAAC,CAAC;IAEF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,sBAAsB;YACrC,YAAY,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,iCAAiC;YAChD,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,QAAQ,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,6BAA6B;YAC5C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,IAAI,CAAC;YAC9C,MAAM;QACR,KAAK,WAAW,CAAC,+BAA+B;YAC9C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,MAAM,CAAC;YAChD,MAAM;QACR,KAAK,WAAW,CAAC,4BAA4B;YAC3C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,GAAG,CAAC;YAC7C,MAAM;QACR,KAAK,WAAW,CAAC,gBAAgB;YAC/B,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,eAAe,CAAC;YACvD,MAAM;QACR,KAAK,WAAW,CAAC,kBAAkB;YACjC,YAAY,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,cAAc;YAC7B,YAAY,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC;YACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,YAAY;YAC3B,YAAY,CAAC,4BAA4B,EAAE,IAAI,CAAC,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,8BAA8B,EAAE,IAAI,CAAC,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,oCAAoC,EAAE,IAAI,CAAC,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR;YACE,MAAM;IACV,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAzFW,QAAA,gBAAgB,oBAyF3B"}
|
|
@@ -63,6 +63,8 @@ export type RawFindingsContext = {
|
|
|
63
63
|
hasProdAccess?: boolean;
|
|
64
64
|
hasPrivilegedAccess?: boolean;
|
|
65
65
|
discoveredAt?: string;
|
|
66
|
+
hasInsecureFactors?: boolean;
|
|
67
|
+
inSecureFactors?: String[];
|
|
66
68
|
};
|
|
67
69
|
export type SaasComponentMeta = {
|
|
68
70
|
_findings: RawFindingsContext;
|
|
@@ -21,6 +21,7 @@ export declare const _MfaFactorDto: z.ZodObject<{
|
|
|
21
21
|
factorType: z.ZodOptional<z.ZodString>;
|
|
22
22
|
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
23
23
|
}, z.ZodString, "strip">>;
|
|
24
|
+
export declare const getMfaFactorSecurityLevel: (factor?: string, status?: string) => MfaRating;
|
|
24
25
|
export declare const _SaasUserMeta: z.ZodObject<{
|
|
25
26
|
_user: z.ZodObject<{
|
|
26
27
|
/** User ID from provider */
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
3
|
+
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports.getMfaFactorSecurityLevel = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const base_dto_1 = require("./base.dto");
|
|
6
6
|
const enums_1 = require("./enums");
|
|
@@ -15,6 +15,33 @@ exports._MfaFactorDto = zod_1.z
|
|
|
15
15
|
secure: exports._MfaRating.optional(),
|
|
16
16
|
})
|
|
17
17
|
.catchall(zod_1.z.string());
|
|
18
|
+
const getMfaFactorSecurityLevel = (factor, status) => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE')
|
|
20
|
+
return 'MISSING';
|
|
21
|
+
switch (factor.toLowerCase()) {
|
|
22
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
23
|
+
case 'push':
|
|
24
|
+
case 'signed_nonce':
|
|
25
|
+
case 'token:hotp':
|
|
26
|
+
case 'token:software:totp':
|
|
27
|
+
case 'token':
|
|
28
|
+
case 'u2f':
|
|
29
|
+
case 'web':
|
|
30
|
+
case 'webauthn':
|
|
31
|
+
return 'SECURE';
|
|
32
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
33
|
+
case 'sms':
|
|
34
|
+
case 'call':
|
|
35
|
+
case 'email':
|
|
36
|
+
case 'question':
|
|
37
|
+
case 'token:hardware': {
|
|
38
|
+
return 'INSECURE';
|
|
39
|
+
}
|
|
40
|
+
default:
|
|
41
|
+
return 'UNKNOWN';
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
exports.getMfaFactorSecurityLevel = getMfaFactorSecurityLevel;
|
|
18
45
|
exports._SaasUserMeta = zod_1.z.object({
|
|
19
46
|
_user: zod_1.z.object({
|
|
20
47
|
/** User ID from provider */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAEjB,MAAM,yBAAyB,GAAG,CAAC,MAAe,EAAE,MAAe,EAAa,EAAE;IACvF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACrD,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7B,4EAA4E;QAC5E,KAAK,MAAM,CAAC;QACZ,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY,CAAC;QAClB,KAAK,qBAAqB,CAAC;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,KAAK,CAAC;QACX,KAAK,KAAK,CAAC;QACX,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,4EAA4E;QAC5E,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,UAAU,CAAC;QAChB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QACD;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,yBAAyB,6BAwBpC;AAEW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,4BAA4B;QAC5B,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,+BAA+B;QAC/B,MAAM,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,yBAAyB;QACzB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,gCAAgC;QAChC,gBAAgB,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACxC,qBAAqB;QACrB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC;QAC3C,mCAAmC;QACnC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC;YAChB,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;YACrB,uBAAuB;YACvB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;YACpB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAC7B,wBAAwB;YACxB,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,0BAA0B;YAC1B,YAAY,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACpC,iCAAiC;YACjC,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACjC,qBAAqB;YACrB,OAAO,EAAE,OAAC;iBACP,MAAM,CAAC;gBACN,0BAA0B;gBAC1B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC5B,4BAA4B;gBAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC3B,6BAA6B;gBAC7B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;aAC7B,CAAC;iBACD,QAAQ,EAAE;YACb,kBAAkB;YAClB,QAAQ,EAAE,OAAC,CAAC,UAAU,CAAC,sBAAc,CAAC;SACvC,CAAC;KACH,CAAC;IACF,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE;CAClB,CAAC,CAAC;AAIU,QAAA,kBAAkB,GAAG,gCAAqB,CAAC,KAAK,CAC3D,OAAC,CAAC,MAAM,CAAC;IACP,cAAc;IACd,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,mBAAmB;IACnB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,qBAAqB;IACrB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,kBAAkB;IAClB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,wDAAwD;IACxD,IAAI,EAAE,qBAAa;CACpB,CAAC,CACH,CAAC;AAIW,QAAA,YAAY,GAAG,0BAAkB,CAAC,KAAK,CAAC,0BAAe,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -9,6 +9,7 @@ export enum FindingKind {
|
|
|
9
9
|
|
|
10
10
|
// IDENTITY
|
|
11
11
|
MFA_NOT_ENABLED = 'MFA_NOT_ENABLED',
|
|
12
|
+
MFA_NOT_SECURE = 'MFA_NOT_SECURE',
|
|
12
13
|
IS_EXECUTIVE = 'IS_EXECUTIVE',
|
|
13
14
|
HAS_PRODUCTION_ACCESS = 'HAS_PRODUCTION_ACCESS',
|
|
14
15
|
HAS_PRIVILEGED_ACCESS = 'HAS_PRIVILEGED_ACCESS',
|
|
@@ -32,6 +33,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
32
33
|
switch (kind) {
|
|
33
34
|
case FindingKind.NO_ACCOUNT:
|
|
34
35
|
case FindingKind.MFA_NOT_ENABLED:
|
|
36
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
35
37
|
case FindingKind.TRAINING_OVERDUE:
|
|
36
38
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
37
39
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -58,7 +60,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
58
60
|
export const lookupFindingKindByCategory = (category: string): FindingKind[] => {
|
|
59
61
|
switch (category) {
|
|
60
62
|
case Category.IDENTITY: {
|
|
61
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
63
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
62
64
|
}
|
|
63
65
|
case Category.TRAINING: {
|
|
64
66
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -93,6 +95,7 @@ export const lookupFindingSeverityByKind = (kind: string): FindingSeverity | und
|
|
|
93
95
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
94
96
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
95
97
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
98
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
96
99
|
return FindingSeverity.HIGH;
|
|
97
100
|
case FindingKind.MFA_NOT_ENABLED:
|
|
98
101
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -142,6 +145,8 @@ export const lookupFindingScoreByCategoryKindAndSeverity = (category: Category,
|
|
|
142
145
|
switch (kind) {
|
|
143
146
|
case FindingKind.MFA_NOT_ENABLED:
|
|
144
147
|
return 12;
|
|
148
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
149
|
+
return 5;
|
|
145
150
|
case FindingKind.NO_ACCOUNT:
|
|
146
151
|
return 12;
|
|
147
152
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -204,8 +209,8 @@ export const generateInsights = (category: string, kind: string) => {
|
|
|
204
209
|
rule: {
|
|
205
210
|
category: category as Category,
|
|
206
211
|
kind: '' as SaasComponentKind,
|
|
207
|
-
aid: {$has:
|
|
208
|
-
uid: {$has:
|
|
212
|
+
aid: undefined as unknown as {$has: boolean},
|
|
213
|
+
uid: undefined as unknown as {$has: boolean},
|
|
209
214
|
severity: undefined as unknown as FindingSeverity,
|
|
210
215
|
findingCondition: {} as Condition,
|
|
211
216
|
remediatedCondition: {} as Condition,
|
|
@@ -262,6 +267,10 @@ export const generateInsights = (category: string, kind: string) => {
|
|
|
262
267
|
setCondition('meta._findings.enabled', false);
|
|
263
268
|
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
264
269
|
break;
|
|
270
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
271
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
272
|
+
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
273
|
+
break;
|
|
265
274
|
case FindingKind.IS_EXECUTIVE:
|
|
266
275
|
setCondition('meta._findings.isExecutive', true);
|
|
267
276
|
insights.rule.kind = SaasComponentKind.GROUP_MEMBERSHIP;
|
package/src/dto/saasUsers.dto.ts
CHANGED
|
@@ -15,6 +15,32 @@ export const _MfaFactorDto = z
|
|
|
15
15
|
})
|
|
16
16
|
.catchall(z.string());
|
|
17
17
|
|
|
18
|
+
export const getMfaFactorSecurityLevel = (factor?: string, status?: string): MfaRating => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE') return 'MISSING';
|
|
20
|
+
switch (factor.toLowerCase()) {
|
|
21
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
22
|
+
case 'push':
|
|
23
|
+
case 'signed_nonce':
|
|
24
|
+
case 'token:hotp':
|
|
25
|
+
case 'token:software:totp':
|
|
26
|
+
case 'token':
|
|
27
|
+
case 'u2f':
|
|
28
|
+
case 'web':
|
|
29
|
+
case 'webauthn':
|
|
30
|
+
return 'SECURE';
|
|
31
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
32
|
+
case 'sms':
|
|
33
|
+
case 'call':
|
|
34
|
+
case 'email':
|
|
35
|
+
case 'question':
|
|
36
|
+
case 'token:hardware': {
|
|
37
|
+
return 'INSECURE';
|
|
38
|
+
}
|
|
39
|
+
default:
|
|
40
|
+
return 'UNKNOWN';
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
|
|
18
44
|
export const _SaasUserMeta = z.object({
|
|
19
45
|
_user: z.object({
|
|
20
46
|
/** User ID from provider */
|