@ampsec/platform-client 68.2.0 → 68.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/dto/enums/findingKind.d.ts +1 -0
- package/build/src/dto/enums/findingKind.js +10 -1
- package/build/src/dto/enums/findingKind.js.map +1 -1
- package/build/src/dto/saasComponents.dto.d.ts +2 -0
- package/build/src/dto/saasUsers.dto.d.ts +1 -0
- package/build/src/dto/saasUsers.dto.js +28 -1
- package/build/src/dto/saasUsers.dto.js.map +1 -1
- package/package.json +1 -1
- package/src/dto/enums/findingKind.ts +10 -1
- package/src/dto/saasComponents.dto.ts +2 -0
- package/src/dto/saasUsers.dto.ts +26 -0
|
@@ -5,6 +5,7 @@ import { SaasComponentKind } from './saasComponentKind';
|
|
|
5
5
|
export declare enum FindingKind {
|
|
6
6
|
NO_ACCOUNT = "NO_ACCOUNT",
|
|
7
7
|
MFA_NOT_ENABLED = "MFA_NOT_ENABLED",
|
|
8
|
+
MFA_NOT_SECURE = "MFA_NOT_SECURE",
|
|
8
9
|
IS_EXECUTIVE = "IS_EXECUTIVE",
|
|
9
10
|
HAS_PRODUCTION_ACCESS = "HAS_PRODUCTION_ACCESS",
|
|
10
11
|
HAS_PRIVILEGED_ACCESS = "HAS_PRIVILEGED_ACCESS",
|
|
@@ -11,6 +11,7 @@ var FindingKind;
|
|
|
11
11
|
FindingKind["NO_ACCOUNT"] = "NO_ACCOUNT";
|
|
12
12
|
// IDENTITY
|
|
13
13
|
FindingKind["MFA_NOT_ENABLED"] = "MFA_NOT_ENABLED";
|
|
14
|
+
FindingKind["MFA_NOT_SECURE"] = "MFA_NOT_SECURE";
|
|
14
15
|
FindingKind["IS_EXECUTIVE"] = "IS_EXECUTIVE";
|
|
15
16
|
FindingKind["HAS_PRODUCTION_ACCESS"] = "HAS_PRODUCTION_ACCESS";
|
|
16
17
|
FindingKind["HAS_PRIVILEGED_ACCESS"] = "HAS_PRIVILEGED_ACCESS";
|
|
@@ -30,6 +31,7 @@ const lookupFindingOutcomeByKind = (kind) => {
|
|
|
30
31
|
switch (kind) {
|
|
31
32
|
case FindingKind.NO_ACCOUNT:
|
|
32
33
|
case FindingKind.MFA_NOT_ENABLED:
|
|
34
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
33
35
|
case FindingKind.TRAINING_OVERDUE:
|
|
34
36
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
35
37
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -56,7 +58,7 @@ exports.lookupFindingOutcomeByKind = lookupFindingOutcomeByKind;
|
|
|
56
58
|
const lookupFindingKindByCategory = (category) => {
|
|
57
59
|
switch (category) {
|
|
58
60
|
case category_1.Category.IDENTITY: {
|
|
59
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
61
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
60
62
|
}
|
|
61
63
|
case category_1.Category.TRAINING: {
|
|
62
64
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -91,6 +93,7 @@ const lookupFindingSeverityByKind = (kind) => {
|
|
|
91
93
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
92
94
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
93
95
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
96
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
94
97
|
return finding_severity_1.FindingSeverity.HIGH;
|
|
95
98
|
case FindingKind.MFA_NOT_ENABLED:
|
|
96
99
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -140,6 +143,8 @@ const lookupFindingScoreByCategoryKindAndSeverity = (category, kind) => {
|
|
|
140
143
|
switch (kind) {
|
|
141
144
|
case FindingKind.MFA_NOT_ENABLED:
|
|
142
145
|
return 12;
|
|
146
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
147
|
+
return 5;
|
|
143
148
|
case FindingKind.NO_ACCOUNT:
|
|
144
149
|
return 12;
|
|
145
150
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -259,6 +264,10 @@ const generateInsights = (category, kind) => {
|
|
|
259
264
|
setCondition('meta._findings.enabled', false);
|
|
260
265
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
261
266
|
break;
|
|
267
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
268
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
269
|
+
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
270
|
+
break;
|
|
262
271
|
case FindingKind.IS_EXECUTIVE:
|
|
263
272
|
setCondition('meta._findings.isExecutive', true);
|
|
264
273
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.GROUP_MEMBERSHIP;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,
|
|
1
|
+
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,WAwBX;AAxBD,WAAY,WAAW;IACrB,MAAM;IACN,wCAAyB,CAAA;IAEzB,WAAW;IACX,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;IACjC,4CAA6B,CAAA;IAC7B,8DAA+C,CAAA;IAC/C,8DAA+C,CAAA;IAE/C,WAAW;IACX,kDAAmC,CAAA;IACnC,oDAAqC,CAAA;IAErC,MAAM;IACN,wDAAyC,CAAA;IACzC,sFAAuE,CAAA;IACvE,8EAA+D,CAAA;IAC/D,kFAAmE,CAAA;IACnE,4EAA6D,CAAA;IAE7D,cAAc;IACd,gEAAiD,CAAA;AACnD,CAAC,EAxBW,WAAW,2BAAX,WAAW,QAwBtB;AAEM,MAAM,0BAA0B,GAAG,CAAC,IAAiB,EAAkB,EAAE;IAC9E,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,UAAU,CAAC;QAC5B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,cAAc,CAAC;QAChC,KAAK,WAAW,CAAC,gBAAgB,CAAC;QAClC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,iCAAiC,CAAC;QACnD,KAAK,WAAW,CAAC,6BAA6B,CAAC;QAC/C,KAAK,WAAW,CAAC,+BAA+B,CAAC;QACjD,KAAK,WAAW,CAAC,4BAA4B,CAAC;QAC9C,KAAK,WAAW,CAAC,sBAAsB,CAAC,CAAC,CAAC;YACxC,OAAO,gCAAc,CAAC,WAAW,CAAC;QACpC,CAAC;QACD,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACvC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,KAAK,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC;YACjC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA1BW,QAAA,0BAA0B,8BA0BrC;AAEK,MAAM,2BAA2B,GAAG,CAAC,QAAgB,EAAiB,EAAE;IAC7E,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,cAAc,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,qBAAqB,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACnK,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrE,CAAC;QACD,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,OAAO;gBACL,WAAW,CAAC,iCAAiC;gBAC7C,WAAW,CAAC,6BAA6B;gBACzC,WAAW,CAAC,+BAA+B;gBAC3C,WAAW,CAAC,4BAA4B;aACzC,CAAC;QACJ,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA7BW,QAAA,2BAA2B,+BA6BtC;AAEK,MAAM,2BAA2B,GAAG,CAAC,IAAY,EAA+B,EAAE;IACvF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,sBAAsB,CAAC;QACxC,KAAK,WAAW,CAAC,cAAc;YAC7B,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,iCAAiC;YAChD,OAAO,kCAAe,CAAC,QAAQ,CAAC;QAClC,KAAK,WAAW,CAAC,6BAA6B;YAC5C,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,+BAA+B;YAC9C,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC,KAAK,WAAW,CAAC,4BAA4B;YAC3C,OAAO,kCAAe,CAAC,GAAG,CAAC;QAC7B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,2BAA2B,+BAwBtC;AAEF,iGAAiG;AAC1F,MAAM,2CAA2C,GAAG,CAAC,QAAkB,EAAE,IAAY,EAAU,EAAE;IACtG,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,iCAAiC;oBAChD,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,6BAA6B;oBAC5C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,+BAA+B;oBAC9C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,4BAA4B;oBAC3C,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,cAAc;oBAC7B,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,YAAY,CAAC;gBAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,gBAAgB;oBAC/B,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,sBAAsB;oBACrC,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AApEW,QAAA,2CAA2C,+CAoEtD;AAEK,MAAM,+BAA+B,GAAG,CAAC,IAAY,EAAU,EAAE;IACtE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,eAAe;YAC9B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,2BAA2B,CAAC;QACrC;YACE,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,+BAA+B,mCAW1C;AAEK,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAE,IAAY,EAAE,EAAE;IAEjE,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE;YACJ,IAAI,EAAE,IAAmB;YACzB,QAAQ,EAAE,IAAA,mCAA2B,EAAC,IAAI,CAAoB;YAC9D,YAAY,EAAE,IAAA,uCAA+B,EAAC,IAAI,CAAC;SACpD;QACD,IAAI,EAAE;YACJ,QAAQ,EAAE,QAAoB;YAC9B,IAAI,EAAE,EAAuB;YAC7B,GAAG,EAAE,SAAuC;YAC5C,GAAG,EAAE,SAAuC;YAC5C,QAAQ,EAAE,SAAuC;YACjD,gBAAgB,EAAE,EAAe;YACjC,mBAAmB,EAAE,EAAe;SACrC;KACF,CAAC;IACF,IAAI,QAAQ,KAAK,mBAAQ,CAAC,GAAG,IAAI,QAAQ,KAAK,mBAAQ,CAAC,aAAa,EAAE,CAAC;QACrE,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;IACD,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,EAAE;QACnD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC;IAClD,CAAC,CAAC;IAEF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,sBAAsB;YACrC,YAAY,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,iCAAiC;YAChD,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,QAAQ,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,6BAA6B;YAC5C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,IAAI,CAAC;YAC9C,MAAM;QACR,KAAK,WAAW,CAAC,+BAA+B;YAC9C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,MAAM,CAAC;YAChD,MAAM;QACR,KAAK,WAAW,CAAC,4BAA4B;YAC3C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,GAAG,CAAC;YAC7C,MAAM;QACR,KAAK,WAAW,CAAC,gBAAgB;YAC/B,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,eAAe,CAAC;YACvD,MAAM;QACR,KAAK,WAAW,CAAC,kBAAkB;YACjC,YAAY,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,cAAc;YAC7B,YAAY,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC;YACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,YAAY;YAC3B,YAAY,CAAC,4BAA4B,EAAE,IAAI,CAAC,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,8BAA8B,EAAE,IAAI,CAAC,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,oCAAoC,EAAE,IAAI,CAAC,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR;YACE,MAAM;IACV,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAzFW,QAAA,gBAAgB,oBAyF3B"}
|
|
@@ -63,6 +63,8 @@ export type RawFindingsContext = {
|
|
|
63
63
|
hasProdAccess?: boolean;
|
|
64
64
|
hasPrivilegedAccess?: boolean;
|
|
65
65
|
discoveredAt?: string;
|
|
66
|
+
hasInsecureFactors?: boolean;
|
|
67
|
+
inSecureFactors?: String[];
|
|
66
68
|
};
|
|
67
69
|
export type SaasComponentMeta = {
|
|
68
70
|
_findings: RawFindingsContext;
|
|
@@ -21,6 +21,7 @@ export declare const _MfaFactorDto: z.ZodObject<{
|
|
|
21
21
|
factorType: z.ZodOptional<z.ZodString>;
|
|
22
22
|
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
23
23
|
}, z.ZodString, "strip">>;
|
|
24
|
+
export declare const getMfaFactorSecurityLevel: (factor?: string, status?: string) => MfaRating;
|
|
24
25
|
export declare const _SaasUserMeta: z.ZodObject<{
|
|
25
26
|
_user: z.ZodObject<{
|
|
26
27
|
/** User ID from provider */
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
3
|
+
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports.getMfaFactorSecurityLevel = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const base_dto_1 = require("./base.dto");
|
|
6
6
|
const enums_1 = require("./enums");
|
|
@@ -15,6 +15,33 @@ exports._MfaFactorDto = zod_1.z
|
|
|
15
15
|
secure: exports._MfaRating.optional(),
|
|
16
16
|
})
|
|
17
17
|
.catchall(zod_1.z.string());
|
|
18
|
+
const getMfaFactorSecurityLevel = (factor, status) => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE')
|
|
20
|
+
return 'MISSING';
|
|
21
|
+
switch (factor.toLowerCase()) {
|
|
22
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
23
|
+
case 'push':
|
|
24
|
+
case 'signed_nonce':
|
|
25
|
+
case 'token:hotp':
|
|
26
|
+
case 'token:software:totp':
|
|
27
|
+
case 'token':
|
|
28
|
+
case 'u2f':
|
|
29
|
+
case 'web':
|
|
30
|
+
case 'webauthn':
|
|
31
|
+
return 'SECURE';
|
|
32
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
33
|
+
case 'sms':
|
|
34
|
+
case 'call':
|
|
35
|
+
case 'email':
|
|
36
|
+
case 'question':
|
|
37
|
+
case 'token:hardware': {
|
|
38
|
+
return 'INSECURE';
|
|
39
|
+
}
|
|
40
|
+
default:
|
|
41
|
+
return 'UNKNOWN';
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
exports.getMfaFactorSecurityLevel = getMfaFactorSecurityLevel;
|
|
18
45
|
exports._SaasUserMeta = zod_1.z.object({
|
|
19
46
|
_user: zod_1.z.object({
|
|
20
47
|
/** User ID from provider */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAEjB,MAAM,yBAAyB,GAAG,CAAC,MAAe,EAAE,MAAe,EAAa,EAAE;IACvF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACrD,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7B,4EAA4E;QAC5E,KAAK,MAAM,CAAC;QACZ,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY,CAAC;QAClB,KAAK,qBAAqB,CAAC;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,KAAK,CAAC;QACX,KAAK,KAAK,CAAC;QACX,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,4EAA4E;QAC5E,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,UAAU,CAAC;QAChB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QACD;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,yBAAyB,6BAwBpC;AAEW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,4BAA4B;QAC5B,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,+BAA+B;QAC/B,MAAM,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,yBAAyB;QACzB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,gCAAgC;QAChC,gBAAgB,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACxC,qBAAqB;QACrB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC;QAC3C,mCAAmC;QACnC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC;YAChB,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;YACrB,uBAAuB;YACvB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;YACpB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAC7B,wBAAwB;YACxB,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,0BAA0B;YAC1B,YAAY,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACpC,iCAAiC;YACjC,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACjC,qBAAqB;YACrB,OAAO,EAAE,OAAC;iBACP,MAAM,CAAC;gBACN,0BAA0B;gBAC1B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC5B,4BAA4B;gBAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC3B,6BAA6B;gBAC7B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;aAC7B,CAAC;iBACD,QAAQ,EAAE;YACb,kBAAkB;YAClB,QAAQ,EAAE,OAAC,CAAC,UAAU,CAAC,sBAAc,CAAC;SACvC,CAAC;KACH,CAAC;IACF,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE;CAClB,CAAC,CAAC;AAIU,QAAA,kBAAkB,GAAG,gCAAqB,CAAC,KAAK,CAC3D,OAAC,CAAC,MAAM,CAAC;IACP,cAAc;IACd,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,mBAAmB;IACnB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,qBAAqB;IACrB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,kBAAkB;IAClB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,wDAAwD;IACxD,IAAI,EAAE,qBAAa;CACpB,CAAC,CACH,CAAC;AAIW,QAAA,YAAY,GAAG,0BAAkB,CAAC,KAAK,CAAC,0BAAe,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -9,6 +9,7 @@ export enum FindingKind {
|
|
|
9
9
|
|
|
10
10
|
// IDENTITY
|
|
11
11
|
MFA_NOT_ENABLED = 'MFA_NOT_ENABLED',
|
|
12
|
+
MFA_NOT_SECURE = 'MFA_NOT_SECURE',
|
|
12
13
|
IS_EXECUTIVE = 'IS_EXECUTIVE',
|
|
13
14
|
HAS_PRODUCTION_ACCESS = 'HAS_PRODUCTION_ACCESS',
|
|
14
15
|
HAS_PRIVILEGED_ACCESS = 'HAS_PRIVILEGED_ACCESS',
|
|
@@ -32,6 +33,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
32
33
|
switch (kind) {
|
|
33
34
|
case FindingKind.NO_ACCOUNT:
|
|
34
35
|
case FindingKind.MFA_NOT_ENABLED:
|
|
36
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
35
37
|
case FindingKind.TRAINING_OVERDUE:
|
|
36
38
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
37
39
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -58,7 +60,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
58
60
|
export const lookupFindingKindByCategory = (category: string): FindingKind[] => {
|
|
59
61
|
switch (category) {
|
|
60
62
|
case Category.IDENTITY: {
|
|
61
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
63
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
62
64
|
}
|
|
63
65
|
case Category.TRAINING: {
|
|
64
66
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -93,6 +95,7 @@ export const lookupFindingSeverityByKind = (kind: string): FindingSeverity | und
|
|
|
93
95
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
94
96
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
95
97
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
98
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
96
99
|
return FindingSeverity.HIGH;
|
|
97
100
|
case FindingKind.MFA_NOT_ENABLED:
|
|
98
101
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -142,6 +145,8 @@ export const lookupFindingScoreByCategoryKindAndSeverity = (category: Category,
|
|
|
142
145
|
switch (kind) {
|
|
143
146
|
case FindingKind.MFA_NOT_ENABLED:
|
|
144
147
|
return 12;
|
|
148
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
149
|
+
return 5;
|
|
145
150
|
case FindingKind.NO_ACCOUNT:
|
|
146
151
|
return 12;
|
|
147
152
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -262,6 +267,10 @@ export const generateInsights = (category: string, kind: string) => {
|
|
|
262
267
|
setCondition('meta._findings.enabled', false);
|
|
263
268
|
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
264
269
|
break;
|
|
270
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
271
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
272
|
+
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
273
|
+
break;
|
|
265
274
|
case FindingKind.IS_EXECUTIVE:
|
|
266
275
|
setCondition('meta._findings.isExecutive', true);
|
|
267
276
|
insights.rule.kind = SaasComponentKind.GROUP_MEMBERSHIP;
|
package/src/dto/saasUsers.dto.ts
CHANGED
|
@@ -15,6 +15,32 @@ export const _MfaFactorDto = z
|
|
|
15
15
|
})
|
|
16
16
|
.catchall(z.string());
|
|
17
17
|
|
|
18
|
+
export const getMfaFactorSecurityLevel = (factor?: string, status?: string): MfaRating => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE') return 'MISSING';
|
|
20
|
+
switch (factor.toLowerCase()) {
|
|
21
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
22
|
+
case 'push':
|
|
23
|
+
case 'signed_nonce':
|
|
24
|
+
case 'token:hotp':
|
|
25
|
+
case 'token:software:totp':
|
|
26
|
+
case 'token':
|
|
27
|
+
case 'u2f':
|
|
28
|
+
case 'web':
|
|
29
|
+
case 'webauthn':
|
|
30
|
+
return 'SECURE';
|
|
31
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
32
|
+
case 'sms':
|
|
33
|
+
case 'call':
|
|
34
|
+
case 'email':
|
|
35
|
+
case 'question':
|
|
36
|
+
case 'token:hardware': {
|
|
37
|
+
return 'INSECURE';
|
|
38
|
+
}
|
|
39
|
+
default:
|
|
40
|
+
return 'UNKNOWN';
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
|
|
18
44
|
export const _SaasUserMeta = z.object({
|
|
19
45
|
_user: z.object({
|
|
20
46
|
/** User ID from provider */
|