@ampsec/platform-client 68.2.0 → 68.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/src/dto/eng/coverage.dto.d.ts +263 -0
- package/build/src/dto/eng/coverage.dto.js +50 -0
- package/build/src/dto/eng/coverage.dto.js.map +1 -0
- package/build/src/dto/eng/index.d.ts +1 -0
- package/build/src/dto/eng/index.js +18 -0
- package/build/src/dto/eng/index.js.map +1 -0
- package/build/src/dto/enums/category.d.ts +2 -0
- package/build/src/dto/enums/category.js +2 -0
- package/build/src/dto/enums/category.js.map +1 -1
- package/build/src/dto/enums/findingKind.d.ts +1 -0
- package/build/src/dto/enums/findingKind.js +10 -1
- package/build/src/dto/enums/findingKind.js.map +1 -1
- package/build/src/dto/index.d.ts +1 -0
- package/build/src/dto/index.js +1 -0
- package/build/src/dto/index.js.map +1 -1
- package/build/src/dto/saasComponents.dto.d.ts +2 -0
- package/build/src/dto/saasUsers.dto.d.ts +1 -0
- package/build/src/dto/saasUsers.dto.js +28 -1
- package/build/src/dto/saasUsers.dto.js.map +1 -1
- package/package.json +1 -1
- package/src/dto/eng/coverage.dto.ts +50 -0
- package/src/dto/eng/index.ts +1 -0
- package/src/dto/enums/category.ts +2 -0
- package/src/dto/enums/findingKind.ts +10 -1
- package/src/dto/index.ts +1 -0
- package/src/dto/saasComponents.dto.ts +2 -0
- package/src/dto/saasUsers.dto.ts +26 -0
|
@@ -0,0 +1,263 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
export declare enum AssetDomainStatus {
|
|
3
|
+
SECURE = "SECURE",
|
|
4
|
+
INSECURE = "INSECURE",
|
|
5
|
+
MISSING = "MISSING"
|
|
6
|
+
}
|
|
7
|
+
export declare const _EndUserDeviceReportDto: z.ZodObject<{
|
|
8
|
+
aid: z.ZodString;
|
|
9
|
+
displayValue: z.ZodString;
|
|
10
|
+
hostname: z.ZodOptional<z.ZodString>;
|
|
11
|
+
os: z.ZodOptional<z.ZodString>;
|
|
12
|
+
sn: z.ZodOptional<z.ZodString>;
|
|
13
|
+
hasEndpointManagement: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
14
|
+
hasEndpointSecurity: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
15
|
+
hasVulnManagement: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
16
|
+
}, "strip", z.ZodTypeAny, {
|
|
17
|
+
aid: string;
|
|
18
|
+
displayValue: string;
|
|
19
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
20
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
21
|
+
hasVulnManagement: AssetDomainStatus;
|
|
22
|
+
hostname?: string | undefined;
|
|
23
|
+
os?: string | undefined;
|
|
24
|
+
sn?: string | undefined;
|
|
25
|
+
}, {
|
|
26
|
+
aid: string;
|
|
27
|
+
displayValue: string;
|
|
28
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
29
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
30
|
+
hasVulnManagement: AssetDomainStatus;
|
|
31
|
+
hostname?: string | undefined;
|
|
32
|
+
os?: string | undefined;
|
|
33
|
+
sn?: string | undefined;
|
|
34
|
+
}>;
|
|
35
|
+
export type EndUserDeviceReportDto = z.infer<typeof _EndUserDeviceReportDto>;
|
|
36
|
+
export declare const _EndUserCoverageReportDto: z.ZodObject<{
|
|
37
|
+
uid: z.ZodString;
|
|
38
|
+
score: z.ZodNumber;
|
|
39
|
+
mfa: z.ZodObject<{
|
|
40
|
+
allowEmptyFactors: z.ZodBoolean;
|
|
41
|
+
enabled: z.ZodBoolean;
|
|
42
|
+
rating: z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>;
|
|
43
|
+
factors: z.ZodArray<z.ZodObject<{
|
|
44
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
45
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
46
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
47
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
48
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
49
|
+
}, "strip", z.ZodString, z.objectOutputType<{
|
|
50
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
51
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
52
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
53
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
54
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
55
|
+
}, z.ZodString, "strip">, z.objectInputType<{
|
|
56
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
57
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
58
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
59
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
60
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
61
|
+
}, z.ZodString, "strip">>, "many">;
|
|
62
|
+
}, "strip", z.ZodTypeAny, {
|
|
63
|
+
factors: z.objectOutputType<{
|
|
64
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
65
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
66
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
67
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
68
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
69
|
+
}, z.ZodString, "strip">[];
|
|
70
|
+
allowEmptyFactors: boolean;
|
|
71
|
+
enabled: boolean;
|
|
72
|
+
rating: "UNKNOWN" | "SECURE" | "INSECURE" | "MISSING";
|
|
73
|
+
}, {
|
|
74
|
+
factors: z.objectInputType<{
|
|
75
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
76
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
77
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
78
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
79
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
80
|
+
}, z.ZodString, "strip">[];
|
|
81
|
+
allowEmptyFactors: boolean;
|
|
82
|
+
enabled: boolean;
|
|
83
|
+
rating: "UNKNOWN" | "SECURE" | "INSECURE" | "MISSING";
|
|
84
|
+
}>;
|
|
85
|
+
training: z.ZodObject<{
|
|
86
|
+
hasAccount: z.ZodBoolean;
|
|
87
|
+
overdue: z.ZodNumber;
|
|
88
|
+
}, "strip", z.ZodTypeAny, {
|
|
89
|
+
hasAccount: boolean;
|
|
90
|
+
overdue: number;
|
|
91
|
+
}, {
|
|
92
|
+
hasAccount: boolean;
|
|
93
|
+
overdue: number;
|
|
94
|
+
}>;
|
|
95
|
+
devices: z.ZodObject<{
|
|
96
|
+
rating: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
97
|
+
allMonitored: z.ZodBoolean;
|
|
98
|
+
hasInactive: z.ZodBoolean;
|
|
99
|
+
hasMissing: z.ZodBoolean;
|
|
100
|
+
assets: z.ZodArray<z.ZodObject<{
|
|
101
|
+
aid: z.ZodString;
|
|
102
|
+
displayValue: z.ZodString;
|
|
103
|
+
hostname: z.ZodOptional<z.ZodString>;
|
|
104
|
+
os: z.ZodOptional<z.ZodString>;
|
|
105
|
+
sn: z.ZodOptional<z.ZodString>;
|
|
106
|
+
hasEndpointManagement: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
107
|
+
hasEndpointSecurity: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
108
|
+
hasVulnManagement: z.ZodNativeEnum<typeof AssetDomainStatus>;
|
|
109
|
+
}, "strip", z.ZodTypeAny, {
|
|
110
|
+
aid: string;
|
|
111
|
+
displayValue: string;
|
|
112
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
113
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
114
|
+
hasVulnManagement: AssetDomainStatus;
|
|
115
|
+
hostname?: string | undefined;
|
|
116
|
+
os?: string | undefined;
|
|
117
|
+
sn?: string | undefined;
|
|
118
|
+
}, {
|
|
119
|
+
aid: string;
|
|
120
|
+
displayValue: string;
|
|
121
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
122
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
123
|
+
hasVulnManagement: AssetDomainStatus;
|
|
124
|
+
hostname?: string | undefined;
|
|
125
|
+
os?: string | undefined;
|
|
126
|
+
sn?: string | undefined;
|
|
127
|
+
}>, "many">;
|
|
128
|
+
}, "strip", z.ZodTypeAny, {
|
|
129
|
+
assets: {
|
|
130
|
+
aid: string;
|
|
131
|
+
displayValue: string;
|
|
132
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
133
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
134
|
+
hasVulnManagement: AssetDomainStatus;
|
|
135
|
+
hostname?: string | undefined;
|
|
136
|
+
os?: string | undefined;
|
|
137
|
+
sn?: string | undefined;
|
|
138
|
+
}[];
|
|
139
|
+
rating: AssetDomainStatus;
|
|
140
|
+
allMonitored: boolean;
|
|
141
|
+
hasInactive: boolean;
|
|
142
|
+
hasMissing: boolean;
|
|
143
|
+
}, {
|
|
144
|
+
assets: {
|
|
145
|
+
aid: string;
|
|
146
|
+
displayValue: string;
|
|
147
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
148
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
149
|
+
hasVulnManagement: AssetDomainStatus;
|
|
150
|
+
hostname?: string | undefined;
|
|
151
|
+
os?: string | undefined;
|
|
152
|
+
sn?: string | undefined;
|
|
153
|
+
}[];
|
|
154
|
+
rating: AssetDomainStatus;
|
|
155
|
+
allMonitored: boolean;
|
|
156
|
+
hasInactive: boolean;
|
|
157
|
+
hasMissing: boolean;
|
|
158
|
+
}>;
|
|
159
|
+
vulns: z.ZodObject<{
|
|
160
|
+
totalOpen: z.ZodNumber;
|
|
161
|
+
criticalOpen: z.ZodNumber;
|
|
162
|
+
highOpen: z.ZodNumber;
|
|
163
|
+
mediumOpen: z.ZodNumber;
|
|
164
|
+
lowOpen: z.ZodNumber;
|
|
165
|
+
}, "strip", z.ZodTypeAny, {
|
|
166
|
+
totalOpen: number;
|
|
167
|
+
criticalOpen: number;
|
|
168
|
+
highOpen: number;
|
|
169
|
+
mediumOpen: number;
|
|
170
|
+
lowOpen: number;
|
|
171
|
+
}, {
|
|
172
|
+
totalOpen: number;
|
|
173
|
+
criticalOpen: number;
|
|
174
|
+
highOpen: number;
|
|
175
|
+
mediumOpen: number;
|
|
176
|
+
lowOpen: number;
|
|
177
|
+
}>;
|
|
178
|
+
}, "strip", z.ZodTypeAny, {
|
|
179
|
+
uid: string;
|
|
180
|
+
score: number;
|
|
181
|
+
mfa: {
|
|
182
|
+
factors: z.objectOutputType<{
|
|
183
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
184
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
185
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
186
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
187
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
188
|
+
}, z.ZodString, "strip">[];
|
|
189
|
+
allowEmptyFactors: boolean;
|
|
190
|
+
enabled: boolean;
|
|
191
|
+
rating: "UNKNOWN" | "SECURE" | "INSECURE" | "MISSING";
|
|
192
|
+
};
|
|
193
|
+
training: {
|
|
194
|
+
hasAccount: boolean;
|
|
195
|
+
overdue: number;
|
|
196
|
+
};
|
|
197
|
+
devices: {
|
|
198
|
+
assets: {
|
|
199
|
+
aid: string;
|
|
200
|
+
displayValue: string;
|
|
201
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
202
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
203
|
+
hasVulnManagement: AssetDomainStatus;
|
|
204
|
+
hostname?: string | undefined;
|
|
205
|
+
os?: string | undefined;
|
|
206
|
+
sn?: string | undefined;
|
|
207
|
+
}[];
|
|
208
|
+
rating: AssetDomainStatus;
|
|
209
|
+
allMonitored: boolean;
|
|
210
|
+
hasInactive: boolean;
|
|
211
|
+
hasMissing: boolean;
|
|
212
|
+
};
|
|
213
|
+
vulns: {
|
|
214
|
+
totalOpen: number;
|
|
215
|
+
criticalOpen: number;
|
|
216
|
+
highOpen: number;
|
|
217
|
+
mediumOpen: number;
|
|
218
|
+
lowOpen: number;
|
|
219
|
+
};
|
|
220
|
+
}, {
|
|
221
|
+
uid: string;
|
|
222
|
+
score: number;
|
|
223
|
+
mfa: {
|
|
224
|
+
factors: z.objectInputType<{
|
|
225
|
+
cid: z.ZodOptional<z.ZodString>;
|
|
226
|
+
status: z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"ACTIVE">, z.ZodString]>>;
|
|
227
|
+
vendorName: z.ZodOptional<z.ZodString>;
|
|
228
|
+
factorType: z.ZodOptional<z.ZodString>;
|
|
229
|
+
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
230
|
+
}, z.ZodString, "strip">[];
|
|
231
|
+
allowEmptyFactors: boolean;
|
|
232
|
+
enabled: boolean;
|
|
233
|
+
rating: "UNKNOWN" | "SECURE" | "INSECURE" | "MISSING";
|
|
234
|
+
};
|
|
235
|
+
training: {
|
|
236
|
+
hasAccount: boolean;
|
|
237
|
+
overdue: number;
|
|
238
|
+
};
|
|
239
|
+
devices: {
|
|
240
|
+
assets: {
|
|
241
|
+
aid: string;
|
|
242
|
+
displayValue: string;
|
|
243
|
+
hasEndpointManagement: AssetDomainStatus;
|
|
244
|
+
hasEndpointSecurity: AssetDomainStatus;
|
|
245
|
+
hasVulnManagement: AssetDomainStatus;
|
|
246
|
+
hostname?: string | undefined;
|
|
247
|
+
os?: string | undefined;
|
|
248
|
+
sn?: string | undefined;
|
|
249
|
+
}[];
|
|
250
|
+
rating: AssetDomainStatus;
|
|
251
|
+
allMonitored: boolean;
|
|
252
|
+
hasInactive: boolean;
|
|
253
|
+
hasMissing: boolean;
|
|
254
|
+
};
|
|
255
|
+
vulns: {
|
|
256
|
+
totalOpen: number;
|
|
257
|
+
criticalOpen: number;
|
|
258
|
+
highOpen: number;
|
|
259
|
+
mediumOpen: number;
|
|
260
|
+
lowOpen: number;
|
|
261
|
+
};
|
|
262
|
+
}>;
|
|
263
|
+
export type EndUserCoverageReportDto = z.infer<typeof _EndUserCoverageReportDto>;
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports._EndUserCoverageReportDto = exports._EndUserDeviceReportDto = exports.AssetDomainStatus = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
const saasUsers_dto_1 = require("../saasUsers.dto");
|
|
6
|
+
var AssetDomainStatus;
|
|
7
|
+
(function (AssetDomainStatus) {
|
|
8
|
+
AssetDomainStatus["SECURE"] = "SECURE";
|
|
9
|
+
AssetDomainStatus["INSECURE"] = "INSECURE";
|
|
10
|
+
AssetDomainStatus["MISSING"] = "MISSING";
|
|
11
|
+
})(AssetDomainStatus || (exports.AssetDomainStatus = AssetDomainStatus = {}));
|
|
12
|
+
exports._EndUserDeviceReportDto = zod_1.z.object({
|
|
13
|
+
aid: zod_1.z.string(),
|
|
14
|
+
displayValue: zod_1.z.string(),
|
|
15
|
+
hostname: zod_1.z.string().optional(),
|
|
16
|
+
os: zod_1.z.string().optional(),
|
|
17
|
+
sn: zod_1.z.string().optional(),
|
|
18
|
+
hasEndpointManagement: zod_1.z.nativeEnum(AssetDomainStatus),
|
|
19
|
+
hasEndpointSecurity: zod_1.z.nativeEnum(AssetDomainStatus),
|
|
20
|
+
hasVulnManagement: zod_1.z.nativeEnum(AssetDomainStatus),
|
|
21
|
+
});
|
|
22
|
+
exports._EndUserCoverageReportDto = zod_1.z.object({
|
|
23
|
+
uid: zod_1.z.string(),
|
|
24
|
+
score: zod_1.z.number(),
|
|
25
|
+
mfa: zod_1.z.object({
|
|
26
|
+
allowEmptyFactors: zod_1.z.boolean(),
|
|
27
|
+
enabled: zod_1.z.boolean(),
|
|
28
|
+
rating: saasUsers_dto_1._MfaRating,
|
|
29
|
+
factors: saasUsers_dto_1._MfaFactorDto.array(),
|
|
30
|
+
}),
|
|
31
|
+
training: zod_1.z.object({
|
|
32
|
+
hasAccount: zod_1.z.boolean(),
|
|
33
|
+
overdue: zod_1.z.number(),
|
|
34
|
+
}),
|
|
35
|
+
devices: zod_1.z.object({
|
|
36
|
+
rating: zod_1.z.nativeEnum(AssetDomainStatus),
|
|
37
|
+
allMonitored: zod_1.z.boolean(),
|
|
38
|
+
hasInactive: zod_1.z.boolean(),
|
|
39
|
+
hasMissing: zod_1.z.boolean(),
|
|
40
|
+
assets: exports._EndUserDeviceReportDto.array(),
|
|
41
|
+
}),
|
|
42
|
+
vulns: zod_1.z.object({
|
|
43
|
+
totalOpen: zod_1.z.number(),
|
|
44
|
+
criticalOpen: zod_1.z.number(),
|
|
45
|
+
highOpen: zod_1.z.number(),
|
|
46
|
+
mediumOpen: zod_1.z.number(),
|
|
47
|
+
lowOpen: zod_1.z.number(),
|
|
48
|
+
}),
|
|
49
|
+
});
|
|
50
|
+
//# sourceMappingURL=coverage.dto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"coverage.dto.js","sourceRoot":"","sources":["../../../../src/dto/eng/coverage.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,oDAA2D;AAE3D,IAAY,iBAIX;AAJD,WAAY,iBAAiB;IAC3B,sCAAiB,CAAA;IACjB,0CAAqB,CAAA;IACrB,wCAAmB,CAAA;AACrB,CAAC,EAJW,iBAAiB,iCAAjB,iBAAiB,QAI5B;AAEY,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,qBAAqB,EAAE,OAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;IACtD,mBAAmB,EAAE,OAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;IACpD,iBAAiB,EAAE,OAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;CACnD,CAAC,CAAC;AAGU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,GAAG,EAAE,OAAC,CAAC,MAAM,CAAC;QACZ,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE;QAC9B,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;QACpB,MAAM,EAAE,0BAAU;QAClB,OAAO,EAAE,6BAAa,CAAC,KAAK,EAAE;KAC/B,CAAC;IACF,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC;QACjB,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;QACvB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;IACF,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC;QAChB,MAAM,EAAE,OAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;QACvC,YAAY,EAAE,OAAC,CAAC,OAAO,EAAE;QACzB,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;QACxB,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;QACvB,MAAM,EAAE,+BAAuB,CAAC,KAAK,EAAE;KACxC,CAAC;IACF,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;QACrB,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;QACxB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;QACpB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;QACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB,CAAC;CACH,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './coverage.dto';
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./coverage.dto"), exports);
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/dto/eng/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B"}
|
|
@@ -4,6 +4,8 @@ exports.Category = void 0;
|
|
|
4
4
|
var Category;
|
|
5
5
|
(function (Category) {
|
|
6
6
|
Category["EDR"] = "EDR";
|
|
7
|
+
Category["ENDPOINT_MANAGEMENT"] = "ENDPOINT_MANAGEMENT";
|
|
8
|
+
Category["ENDPOINT_SECURITY"] = "ENDPOINT_SECURITY";
|
|
7
9
|
Category["VULNERABILITY"] = "VULNERABILITY";
|
|
8
10
|
/**
|
|
9
11
|
* @deprecated Use IDENTITY instead
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"category.js","sourceRoot":"","sources":["../../../../src/dto/enums/category.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"category.js","sourceRoot":"","sources":["../../../../src/dto/enums/category.ts"],"names":[],"mappings":";;;AAAA,IAAY,QAcX;AAdD,WAAY,QAAQ;IAClB,uBAAW,CAAA;IACX,uDAA2C,CAAA;IAC3C,mDAAuC,CAAA;IACvC,2CAA+B,CAAA;IAC/B;;OAEG;IACH,uBAAW,CAAA;IACX,iCAAqB,CAAA;IACrB,yCAA6B,CAAA;IAC7B,iCAAqB,CAAA;IACrB,uCAA2B,CAAA;IAC3B,6BAAiB,CAAA;AACnB,CAAC,EAdW,QAAQ,wBAAR,QAAQ,QAcnB"}
|
|
@@ -5,6 +5,7 @@ import { SaasComponentKind } from './saasComponentKind';
|
|
|
5
5
|
export declare enum FindingKind {
|
|
6
6
|
NO_ACCOUNT = "NO_ACCOUNT",
|
|
7
7
|
MFA_NOT_ENABLED = "MFA_NOT_ENABLED",
|
|
8
|
+
MFA_NOT_SECURE = "MFA_NOT_SECURE",
|
|
8
9
|
IS_EXECUTIVE = "IS_EXECUTIVE",
|
|
9
10
|
HAS_PRODUCTION_ACCESS = "HAS_PRODUCTION_ACCESS",
|
|
10
11
|
HAS_PRIVILEGED_ACCESS = "HAS_PRIVILEGED_ACCESS",
|
|
@@ -11,6 +11,7 @@ var FindingKind;
|
|
|
11
11
|
FindingKind["NO_ACCOUNT"] = "NO_ACCOUNT";
|
|
12
12
|
// IDENTITY
|
|
13
13
|
FindingKind["MFA_NOT_ENABLED"] = "MFA_NOT_ENABLED";
|
|
14
|
+
FindingKind["MFA_NOT_SECURE"] = "MFA_NOT_SECURE";
|
|
14
15
|
FindingKind["IS_EXECUTIVE"] = "IS_EXECUTIVE";
|
|
15
16
|
FindingKind["HAS_PRODUCTION_ACCESS"] = "HAS_PRODUCTION_ACCESS";
|
|
16
17
|
FindingKind["HAS_PRIVILEGED_ACCESS"] = "HAS_PRIVILEGED_ACCESS";
|
|
@@ -30,6 +31,7 @@ const lookupFindingOutcomeByKind = (kind) => {
|
|
|
30
31
|
switch (kind) {
|
|
31
32
|
case FindingKind.NO_ACCOUNT:
|
|
32
33
|
case FindingKind.MFA_NOT_ENABLED:
|
|
34
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
33
35
|
case FindingKind.TRAINING_OVERDUE:
|
|
34
36
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
35
37
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -56,7 +58,7 @@ exports.lookupFindingOutcomeByKind = lookupFindingOutcomeByKind;
|
|
|
56
58
|
const lookupFindingKindByCategory = (category) => {
|
|
57
59
|
switch (category) {
|
|
58
60
|
case category_1.Category.IDENTITY: {
|
|
59
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
61
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
60
62
|
}
|
|
61
63
|
case category_1.Category.TRAINING: {
|
|
62
64
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -91,6 +93,7 @@ const lookupFindingSeverityByKind = (kind) => {
|
|
|
91
93
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
92
94
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
93
95
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
96
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
94
97
|
return finding_severity_1.FindingSeverity.HIGH;
|
|
95
98
|
case FindingKind.MFA_NOT_ENABLED:
|
|
96
99
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -140,6 +143,8 @@ const lookupFindingScoreByCategoryKindAndSeverity = (category, kind) => {
|
|
|
140
143
|
switch (kind) {
|
|
141
144
|
case FindingKind.MFA_NOT_ENABLED:
|
|
142
145
|
return 12;
|
|
146
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
147
|
+
return 5;
|
|
143
148
|
case FindingKind.NO_ACCOUNT:
|
|
144
149
|
return 12;
|
|
145
150
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -259,6 +264,10 @@ const generateInsights = (category, kind) => {
|
|
|
259
264
|
setCondition('meta._findings.enabled', false);
|
|
260
265
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
261
266
|
break;
|
|
267
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
268
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
269
|
+
insights.rule.kind = saasComponentKind_1.SaasComponentKind.MFA_CONFIG;
|
|
270
|
+
break;
|
|
262
271
|
case FindingKind.IS_EXECUTIVE:
|
|
263
272
|
setCondition('meta._findings.isExecutive', true);
|
|
264
273
|
insights.rule.kind = saasComponentKind_1.SaasComponentKind.GROUP_MEMBERSHIP;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,
|
|
1
|
+
{"version":3,"file":"findingKind.js","sourceRoot":"","sources":["../../../../src/dto/enums/findingKind.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,uDAAiD;AACjD,yDAAmD;AACnD,2DAAsD;AAEtD,IAAY,WAwBX;AAxBD,WAAY,WAAW;IACrB,MAAM;IACN,wCAAyB,CAAA;IAEzB,WAAW;IACX,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;IACjC,4CAA6B,CAAA;IAC7B,8DAA+C,CAAA;IAC/C,8DAA+C,CAAA;IAE/C,WAAW;IACX,kDAAmC,CAAA;IACnC,oDAAqC,CAAA;IAErC,MAAM;IACN,wDAAyC,CAAA;IACzC,sFAAuE,CAAA;IACvE,8EAA+D,CAAA;IAC/D,kFAAmE,CAAA;IACnE,4EAA6D,CAAA;IAE7D,cAAc;IACd,gEAAiD,CAAA;AACnD,CAAC,EAxBW,WAAW,2BAAX,WAAW,QAwBtB;AAEM,MAAM,0BAA0B,GAAG,CAAC,IAAiB,EAAkB,EAAE;IAC9E,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,UAAU,CAAC;QAC5B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,cAAc,CAAC;QAChC,KAAK,WAAW,CAAC,gBAAgB,CAAC;QAClC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,iCAAiC,CAAC;QACnD,KAAK,WAAW,CAAC,6BAA6B,CAAC;QAC/C,KAAK,WAAW,CAAC,+BAA+B,CAAC;QACjD,KAAK,WAAW,CAAC,4BAA4B,CAAC;QAC9C,KAAK,WAAW,CAAC,sBAAsB,CAAC,CAAC,CAAC;YACxC,OAAO,gCAAc,CAAC,WAAW,CAAC;QACpC,CAAC;QACD,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACvC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,KAAK,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC;YACjC,OAAO,gCAAc,CAAC,SAAS,CAAC;QAClC,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA1BW,QAAA,0BAA0B,8BA0BrC;AAEK,MAAM,2BAA2B,GAAG,CAAC,QAAgB,EAAiB,EAAE;IAC7E,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,cAAc,EAAE,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,qBAAqB,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAC;QACnK,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACrE,CAAC;QACD,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,OAAO,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,OAAO;gBACL,WAAW,CAAC,iCAAiC;gBAC7C,WAAW,CAAC,6BAA6B;gBACzC,WAAW,CAAC,+BAA+B;gBAC3C,WAAW,CAAC,4BAA4B;aACzC,CAAC;QACJ,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AA7BW,QAAA,2BAA2B,+BA6BtC;AAEK,MAAM,2BAA2B,GAAG,CAAC,IAAY,EAA+B,EAAE;IACvF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,YAAY,CAAC;QAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;QACvC,KAAK,WAAW,CAAC,kBAAkB,CAAC;QACpC,KAAK,WAAW,CAAC,sBAAsB,CAAC;QACxC,KAAK,WAAW,CAAC,cAAc;YAC7B,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,iCAAiC;YAChD,OAAO,kCAAe,CAAC,QAAQ,CAAC;QAClC,KAAK,WAAW,CAAC,6BAA6B;YAC5C,OAAO,kCAAe,CAAC,IAAI,CAAC;QAC9B,KAAK,WAAW,CAAC,+BAA+B;YAC9C,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC,KAAK,WAAW,CAAC,4BAA4B;YAC3C,OAAO,kCAAe,CAAC,GAAG,CAAC;QAC7B,KAAK,WAAW,CAAC,eAAe,CAAC;QACjC,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,kCAAe,CAAC,MAAM,CAAC;QAChC;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,2BAA2B,+BAwBtC;AAEF,iGAAiG;AAC1F,MAAM,2CAA2C,GAAG,CAAC,QAAkB,EAAE,IAAY,EAAU,EAAE;IACtG,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,mBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAClB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;YAC5B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,kBAAkB;oBACjC,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,iCAAiC;oBAChD,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,6BAA6B;oBAC5C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,+BAA+B;oBAC9C,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,4BAA4B;oBAC3C,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,cAAc;oBAC7B,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,YAAY,CAAC;gBAC9B,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACvC;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,eAAe;oBAC9B,OAAO,EAAE,CAAC;gBACZ,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,gBAAgB;oBAC/B,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAC1B,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW,CAAC,sBAAsB;oBACrC,OAAO,CAAC,CAAC;gBACX,KAAK,WAAW,CAAC,UAAU;oBACzB,OAAO,CAAC,CAAC;gBACX;oBACE,OAAO,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,mBAAQ,CAAC,YAAY,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC;YACR,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AApEW,QAAA,2CAA2C,+CAoEtD;AAEK,MAAM,+BAA+B,GAAG,CAAC,IAAY,EAAU,EAAE;IACtE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,eAAe;YAC9B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,gBAAgB;YAC/B,OAAO,iCAAiC,CAAC;QAC3C,KAAK,WAAW,CAAC,sBAAsB;YACrC,OAAO,2BAA2B,CAAC;QACrC;YACE,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,+BAA+B,mCAW1C;AAEK,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAE,IAAY,EAAE,EAAE;IAEjE,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE;YACJ,IAAI,EAAE,IAAmB;YACzB,QAAQ,EAAE,IAAA,mCAA2B,EAAC,IAAI,CAAoB;YAC9D,YAAY,EAAE,IAAA,uCAA+B,EAAC,IAAI,CAAC;SACpD;QACD,IAAI,EAAE;YACJ,QAAQ,EAAE,QAAoB;YAC9B,IAAI,EAAE,EAAuB;YAC7B,GAAG,EAAE,SAAuC;YAC5C,GAAG,EAAE,SAAuC;YAC5C,QAAQ,EAAE,SAAuC;YACjD,gBAAgB,EAAE,EAAe;YACjC,mBAAmB,EAAE,EAAe;SACrC;KACF,CAAC;IACF,IAAI,QAAQ,KAAK,mBAAQ,CAAC,GAAG,IAAI,QAAQ,KAAK,mBAAQ,CAAC,aAAa,EAAE,CAAC;QACrE,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,EAAC,IAAI,EAAE,IAAI,EAAC,CAAC;IACnC,CAAC;IACD,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,EAAE;QACnD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC;IAClD,CAAC,CAAC;IAEF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC,sBAAsB;YACrC,YAAY,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,iCAAiC;YAChD,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,QAAQ,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,6BAA6B;YAC5C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,IAAI,CAAC;YAC9C,MAAM;QACR,KAAK,WAAW,CAAC,+BAA+B;YAC9C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,MAAM,CAAC;YAChD,MAAM;QACR,KAAK,WAAW,CAAC,4BAA4B;YAC3C,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,aAAa,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,kCAAe,CAAC,GAAG,CAAC;YAC7C,MAAM;QACR,KAAK,WAAW,CAAC,gBAAgB;YAC/B,YAAY,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,mBAAmB,CAAC;YAC3D,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,eAAe,CAAC;YACvD,MAAM;QACR,KAAK,WAAW,CAAC,kBAAkB;YACjC,YAAY,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,eAAe;YAC9B,YAAY,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,cAAc;YAC7B,YAAY,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC;YACxD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,UAAU,CAAC;YAClD,MAAM;QACR,KAAK,WAAW,CAAC,YAAY;YAC3B,YAAY,CAAC,4BAA4B,EAAE,IAAI,CAAC,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,8BAA8B,EAAE,IAAI,CAAC,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR,KAAK,WAAW,CAAC,qBAAqB;YACpC,YAAY,CAAC,oCAAoC,EAAE,IAAI,CAAC,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,IAAI,GAAG,qCAAiB,CAAC,gBAAgB,CAAC;YACxD,MAAM;QACR;YACE,MAAM;IACV,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAzFW,QAAA,gBAAgB,oBAyF3B"}
|
package/build/src/dto/index.d.ts
CHANGED
|
@@ -8,6 +8,7 @@ export * from './coverage.dto';
|
|
|
8
8
|
export * from './customActions.dto';
|
|
9
9
|
export * from './customScores.dto';
|
|
10
10
|
export * from './defaultConnector.dto';
|
|
11
|
+
export * from './eng';
|
|
11
12
|
export * from './entityIdSummaries.dto';
|
|
12
13
|
export * from './enum.dto';
|
|
13
14
|
export * from './enums';
|
package/build/src/dto/index.js
CHANGED
|
@@ -24,6 +24,7 @@ __exportStar(require("./coverage.dto"), exports);
|
|
|
24
24
|
__exportStar(require("./customActions.dto"), exports);
|
|
25
25
|
__exportStar(require("./customScores.dto"), exports);
|
|
26
26
|
__exportStar(require("./defaultConnector.dto"), exports);
|
|
27
|
+
__exportStar(require("./eng"), exports);
|
|
27
28
|
__exportStar(require("./entityIdSummaries.dto"), exports);
|
|
28
29
|
__exportStar(require("./enum.dto"), exports);
|
|
29
30
|
__exportStar(require("./enums"), exports);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,8CAA4B;AAC5B,6CAA2B;AAC3B,mDAAiC;AACjC,8CAA4B;AAC5B,iDAA+B;AAC/B,sDAAoC;AACpC,qDAAmC;AACnC,yDAAuC;AACvC,0DAAwC;AACxC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,yDAAuC;AACvC,8CAA4B;AAC5B,wCAAsB;AACtB,gDAA8B;AAC9B,qDAAmC;AACnC,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,mDAAiC;AACjC,gDAA8B;AAC9B,+CAA6B;AAC7B,8CAA4B;AAC5B,sDAAoC;AACpC,+CAA6B;AAC7B,wDAAsC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,8CAA4B;AAC5B,6CAA2B;AAC3B,mDAAiC;AACjC,8CAA4B;AAC5B,iDAA+B;AAC/B,sDAAoC;AACpC,qDAAmC;AACnC,yDAAuC;AACvC,wCAAsB;AACtB,0DAAwC;AACxC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,yDAAuC;AACvC,8CAA4B;AAC5B,wCAAsB;AACtB,gDAA8B;AAC9B,qDAAmC;AACnC,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,mDAAiC;AACjC,gDAA8B;AAC9B,+CAA6B;AAC7B,8CAA4B;AAC5B,sDAAoC;AACpC,+CAA6B;AAC7B,wDAAsC"}
|
|
@@ -63,6 +63,8 @@ export type RawFindingsContext = {
|
|
|
63
63
|
hasProdAccess?: boolean;
|
|
64
64
|
hasPrivilegedAccess?: boolean;
|
|
65
65
|
discoveredAt?: string;
|
|
66
|
+
hasInsecureFactors?: boolean;
|
|
67
|
+
inSecureFactors?: String[];
|
|
66
68
|
};
|
|
67
69
|
export type SaasComponentMeta = {
|
|
68
70
|
_findings: RawFindingsContext;
|
|
@@ -21,6 +21,7 @@ export declare const _MfaFactorDto: z.ZodObject<{
|
|
|
21
21
|
factorType: z.ZodOptional<z.ZodString>;
|
|
22
22
|
secure: z.ZodOptional<z.ZodEnum<["SECURE", "INSECURE", "UNKNOWN", "MISSING"]>>;
|
|
23
23
|
}, z.ZodString, "strip">>;
|
|
24
|
+
export declare const getMfaFactorSecurityLevel: (factor?: string, status?: string) => MfaRating;
|
|
24
25
|
export declare const _SaasUserMeta: z.ZodObject<{
|
|
25
26
|
_user: z.ZodObject<{
|
|
26
27
|
/** User ID from provider */
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
3
|
+
exports._SaasUserDto = exports._SaasUserUpsertDto = exports._SaasUserMeta = exports.getMfaFactorSecurityLevel = exports._MfaFactorDto = exports._MfaRating = void 0;
|
|
4
4
|
const zod_1 = require("zod");
|
|
5
5
|
const base_dto_1 = require("./base.dto");
|
|
6
6
|
const enums_1 = require("./enums");
|
|
@@ -15,6 +15,33 @@ exports._MfaFactorDto = zod_1.z
|
|
|
15
15
|
secure: exports._MfaRating.optional(),
|
|
16
16
|
})
|
|
17
17
|
.catchall(zod_1.z.string());
|
|
18
|
+
const getMfaFactorSecurityLevel = (factor, status) => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE')
|
|
20
|
+
return 'MISSING';
|
|
21
|
+
switch (factor.toLowerCase()) {
|
|
22
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
23
|
+
case 'push':
|
|
24
|
+
case 'signed_nonce':
|
|
25
|
+
case 'token:hotp':
|
|
26
|
+
case 'token:software:totp':
|
|
27
|
+
case 'token':
|
|
28
|
+
case 'u2f':
|
|
29
|
+
case 'web':
|
|
30
|
+
case 'webauthn':
|
|
31
|
+
return 'SECURE';
|
|
32
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
33
|
+
case 'sms':
|
|
34
|
+
case 'call':
|
|
35
|
+
case 'email':
|
|
36
|
+
case 'question':
|
|
37
|
+
case 'token:hardware': {
|
|
38
|
+
return 'INSECURE';
|
|
39
|
+
}
|
|
40
|
+
default:
|
|
41
|
+
return 'UNKNOWN';
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
exports.getMfaFactorSecurityLevel = getMfaFactorSecurityLevel;
|
|
18
45
|
exports._SaasUserMeta = zod_1.z.object({
|
|
19
46
|
_user: zod_1.z.object({
|
|
20
47
|
/** User ID from provider */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"saasUsers.dto.js","sourceRoot":"","sources":["../../../src/dto/saasUsers.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AACtB,yCAAkE;AAClE,mCAAuC;AAE1B,QAAA,UAAU,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAE/E,iEAAiE;AACpD,QAAA,aAAa,GAAG,OAAC;KAC3B,MAAM,CAAC;IACN,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,kBAAU,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAEjB,MAAM,yBAAyB,GAAG,CAAC,MAAe,EAAE,MAAe,EAAa,EAAE;IACvF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IACrD,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7B,4EAA4E;QAC5E,KAAK,MAAM,CAAC;QACZ,KAAK,cAAc,CAAC;QACpB,KAAK,YAAY,CAAC;QAClB,KAAK,qBAAqB,CAAC;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,KAAK,CAAC;QACX,KAAK,KAAK,CAAC;QACX,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,4EAA4E;QAC5E,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,UAAU,CAAC;QAChB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QACD;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC,CAAC;AAxBW,QAAA,yBAAyB,6BAwBpC;AAEW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;QACd,4BAA4B;QAC5B,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,+BAA+B;QAC/B,MAAM,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,yBAAyB;QACzB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QAC/B,gCAAgC;QAChC,gBAAgB,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;QACxC,qBAAqB;QACrB,OAAO,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC;QAC3C,mCAAmC;QACnC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC;YAChB,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;YACrB,uBAAuB;YACvB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;YACpB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,mBAAmB;YACnB,KAAK,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAC7B,wBAAwB;YACxB,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,0BAA0B;YAC1B,YAAY,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACpC,iCAAiC;YACjC,UAAU,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YAClC,wBAAwB;YACxB,SAAS,EAAE,OAAC,CAAC,QAAQ,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;YACjC,qBAAqB;YACrB,OAAO,EAAE,OAAC;iBACP,MAAM,CAAC;gBACN,0BAA0B;gBAC1B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC5B,4BAA4B;gBAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;gBAC3B,6BAA6B;gBAC7B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;aAC7B,CAAC;iBACD,QAAQ,EAAE;YACb,kBAAkB;YAClB,QAAQ,EAAE,OAAC,CAAC,UAAU,CAAC,sBAAc,CAAC;SACvC,CAAC;KACH,CAAC;IACF,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE;CAClB,CAAC,CAAC;AAIU,QAAA,kBAAkB,GAAG,gCAAqB,CAAC,KAAK,CAC3D,OAAC,CAAC,MAAM,CAAC;IACP,cAAc;IACd,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,mBAAmB;IACnB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,qBAAqB;IACrB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,kBAAkB;IAClB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,wDAAwD;IACxD,IAAI,EAAE,qBAAa;CACpB,CAAC,CACH,CAAC;AAIW,QAAA,YAAY,GAAG,0BAAkB,CAAC,KAAK,CAAC,0BAAe,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import {z} from 'zod';
|
|
2
|
+
import {_MfaFactorDto, _MfaRating} from '../saasUsers.dto';
|
|
3
|
+
|
|
4
|
+
export enum AssetDomainStatus {
|
|
5
|
+
SECURE = 'SECURE',
|
|
6
|
+
INSECURE = 'INSECURE',
|
|
7
|
+
MISSING = 'MISSING',
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
export const _EndUserDeviceReportDto = z.object({
|
|
11
|
+
aid: z.string(),
|
|
12
|
+
displayValue: z.string(),
|
|
13
|
+
hostname: z.string().optional(),
|
|
14
|
+
os: z.string().optional(),
|
|
15
|
+
sn: z.string().optional(),
|
|
16
|
+
hasEndpointManagement: z.nativeEnum(AssetDomainStatus),
|
|
17
|
+
hasEndpointSecurity: z.nativeEnum(AssetDomainStatus),
|
|
18
|
+
hasVulnManagement: z.nativeEnum(AssetDomainStatus),
|
|
19
|
+
});
|
|
20
|
+
export type EndUserDeviceReportDto = z.infer<typeof _EndUserDeviceReportDto>;
|
|
21
|
+
|
|
22
|
+
export const _EndUserCoverageReportDto = z.object({
|
|
23
|
+
uid: z.string(),
|
|
24
|
+
score: z.number(),
|
|
25
|
+
mfa: z.object({
|
|
26
|
+
allowEmptyFactors: z.boolean(),
|
|
27
|
+
enabled: z.boolean(),
|
|
28
|
+
rating: _MfaRating,
|
|
29
|
+
factors: _MfaFactorDto.array(),
|
|
30
|
+
}),
|
|
31
|
+
training: z.object({
|
|
32
|
+
hasAccount: z.boolean(),
|
|
33
|
+
overdue: z.number(),
|
|
34
|
+
}),
|
|
35
|
+
devices: z.object({
|
|
36
|
+
rating: z.nativeEnum(AssetDomainStatus),
|
|
37
|
+
allMonitored: z.boolean(),
|
|
38
|
+
hasInactive: z.boolean(),
|
|
39
|
+
hasMissing: z.boolean(),
|
|
40
|
+
assets: _EndUserDeviceReportDto.array(),
|
|
41
|
+
}),
|
|
42
|
+
vulns: z.object({
|
|
43
|
+
totalOpen: z.number(),
|
|
44
|
+
criticalOpen: z.number(),
|
|
45
|
+
highOpen: z.number(),
|
|
46
|
+
mediumOpen: z.number(),
|
|
47
|
+
lowOpen: z.number(),
|
|
48
|
+
}),
|
|
49
|
+
});
|
|
50
|
+
export type EndUserCoverageReportDto = z.infer<typeof _EndUserCoverageReportDto>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './coverage.dto';
|
|
@@ -9,6 +9,7 @@ export enum FindingKind {
|
|
|
9
9
|
|
|
10
10
|
// IDENTITY
|
|
11
11
|
MFA_NOT_ENABLED = 'MFA_NOT_ENABLED',
|
|
12
|
+
MFA_NOT_SECURE = 'MFA_NOT_SECURE',
|
|
12
13
|
IS_EXECUTIVE = 'IS_EXECUTIVE',
|
|
13
14
|
HAS_PRODUCTION_ACCESS = 'HAS_PRODUCTION_ACCESS',
|
|
14
15
|
HAS_PRIVILEGED_ACCESS = 'HAS_PRIVILEGED_ACCESS',
|
|
@@ -32,6 +33,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
32
33
|
switch (kind) {
|
|
33
34
|
case FindingKind.NO_ACCOUNT:
|
|
34
35
|
case FindingKind.MFA_NOT_ENABLED:
|
|
36
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
35
37
|
case FindingKind.TRAINING_OVERDUE:
|
|
36
38
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
37
39
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -58,7 +60,7 @@ export const lookupFindingOutcomeByKind = (kind: FindingKind): FindingOutcome =>
|
|
|
58
60
|
export const lookupFindingKindByCategory = (category: string): FindingKind[] => {
|
|
59
61
|
switch (category) {
|
|
60
62
|
case Category.IDENTITY: {
|
|
61
|
-
return [FindingKind.MFA_NOT_ENABLED, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
63
|
+
return [FindingKind.MFA_NOT_ENABLED, FindingKind.MFA_NOT_SECURE, FindingKind.IS_EXECUTIVE, FindingKind.HAS_PRODUCTION_ACCESS, FindingKind.HAS_PRIVILEGED_ACCESS];
|
|
62
64
|
}
|
|
63
65
|
case Category.TRAINING: {
|
|
64
66
|
return [FindingKind.FAILED_PHISHING, FindingKind.TRAINING_OVERDUE];
|
|
@@ -93,6 +95,7 @@ export const lookupFindingSeverityByKind = (kind: string): FindingSeverity | und
|
|
|
93
95
|
case FindingKind.HAS_PRIVILEGED_ACCESS:
|
|
94
96
|
case FindingKind.DEVICE_NOT_MANAGED:
|
|
95
97
|
case FindingKind.WEB_GATEWAY_NOT_ACTIVE:
|
|
98
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
96
99
|
return FindingSeverity.HIGH;
|
|
97
100
|
case FindingKind.MFA_NOT_ENABLED:
|
|
98
101
|
case FindingKind.CRITICAL_VULNERABILITY_OUT_OF_SLA:
|
|
@@ -142,6 +145,8 @@ export const lookupFindingScoreByCategoryKindAndSeverity = (category: Category,
|
|
|
142
145
|
switch (kind) {
|
|
143
146
|
case FindingKind.MFA_NOT_ENABLED:
|
|
144
147
|
return 12;
|
|
148
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
149
|
+
return 5;
|
|
145
150
|
case FindingKind.NO_ACCOUNT:
|
|
146
151
|
return 12;
|
|
147
152
|
case FindingKind.IS_EXECUTIVE:
|
|
@@ -262,6 +267,10 @@ export const generateInsights = (category: string, kind: string) => {
|
|
|
262
267
|
setCondition('meta._findings.enabled', false);
|
|
263
268
|
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
264
269
|
break;
|
|
270
|
+
case FindingKind.MFA_NOT_SECURE:
|
|
271
|
+
setCondition('meta._findings.hasInsecureFactors', true);
|
|
272
|
+
insights.rule.kind = SaasComponentKind.MFA_CONFIG;
|
|
273
|
+
break;
|
|
265
274
|
case FindingKind.IS_EXECUTIVE:
|
|
266
275
|
setCondition('meta._findings.isExecutive', true);
|
|
267
276
|
insights.rule.kind = SaasComponentKind.GROUP_MEMBERSHIP;
|
package/src/dto/index.ts
CHANGED
|
@@ -8,6 +8,7 @@ export * from './coverage.dto';
|
|
|
8
8
|
export * from './customActions.dto';
|
|
9
9
|
export * from './customScores.dto';
|
|
10
10
|
export * from './defaultConnector.dto';
|
|
11
|
+
export * from './eng';
|
|
11
12
|
export * from './entityIdSummaries.dto';
|
|
12
13
|
export * from './enum.dto';
|
|
13
14
|
export * from './enums';
|
package/src/dto/saasUsers.dto.ts
CHANGED
|
@@ -15,6 +15,32 @@ export const _MfaFactorDto = z
|
|
|
15
15
|
})
|
|
16
16
|
.catchall(z.string());
|
|
17
17
|
|
|
18
|
+
export const getMfaFactorSecurityLevel = (factor?: string, status?: string): MfaRating => {
|
|
19
|
+
if (!factor || status !== 'ACTIVE') return 'MISSING';
|
|
20
|
+
switch (factor.toLowerCase()) {
|
|
21
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
22
|
+
case 'push':
|
|
23
|
+
case 'signed_nonce':
|
|
24
|
+
case 'token:hotp':
|
|
25
|
+
case 'token:software:totp':
|
|
26
|
+
case 'token':
|
|
27
|
+
case 'u2f':
|
|
28
|
+
case 'web':
|
|
29
|
+
case 'webauthn':
|
|
30
|
+
return 'SECURE';
|
|
31
|
+
// OKTA - https://developer.okta.com/docs/reference/api/factors/#factor-type
|
|
32
|
+
case 'sms':
|
|
33
|
+
case 'call':
|
|
34
|
+
case 'email':
|
|
35
|
+
case 'question':
|
|
36
|
+
case 'token:hardware': {
|
|
37
|
+
return 'INSECURE';
|
|
38
|
+
}
|
|
39
|
+
default:
|
|
40
|
+
return 'UNKNOWN';
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
|
|
18
44
|
export const _SaasUserMeta = z.object({
|
|
19
45
|
_user: z.object({
|
|
20
46
|
/** User ID from provider */
|