@grc-claw/integration-marketplace 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/IntegrationMarketplace.d.ts +32 -0
- package/dist/IntegrationMarketplace.js +319 -0
- package/dist/connectors/ADPConnector.d.ts +12 -0
- package/dist/connectors/ADPConnector.js +97 -0
- package/dist/connectors/AWSCloudTrailConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudTrailConnector.js +77 -0
- package/dist/connectors/AWSCloudWatchConnector.d.ts +12 -0
- package/dist/connectors/AWSCloudWatchConnector.js +70 -0
- package/dist/connectors/AWSGuardDutyConnector.d.ts +12 -0
- package/dist/connectors/AWSGuardDutyConnector.js +139 -0
- package/dist/connectors/AWSIAMConnector.d.ts +12 -0
- package/dist/connectors/AWSIAMConnector.js +90 -0
- package/dist/connectors/AWSKMSConnector.d.ts +12 -0
- package/dist/connectors/AWSKMSConnector.js +70 -0
- package/dist/connectors/AWSLambdaConnector.d.ts +12 -0
- package/dist/connectors/AWSLambdaConnector.js +84 -0
- package/dist/connectors/AWSRDSConnector.d.ts +12 -0
- package/dist/connectors/AWSRDSConnector.js +84 -0
- package/dist/connectors/AWSS3Connector.d.ts +12 -0
- package/dist/connectors/AWSS3Connector.js +112 -0
- package/dist/connectors/AkamaiConnector.d.ts +12 -0
- package/dist/connectors/AkamaiConnector.js +98 -0
- package/dist/connectors/ArgoCDConnector.d.ts +12 -0
- package/dist/connectors/ArgoCDConnector.js +93 -0
- package/dist/connectors/ArtifactoryConnector.d.ts +12 -0
- package/dist/connectors/ArtifactoryConnector.js +94 -0
- package/dist/connectors/AtlassianJiraConnector.d.ts +12 -0
- package/dist/connectors/AtlassianJiraConnector.js +134 -0
- package/dist/connectors/Auth0Connector.d.ts +12 -0
- package/dist/connectors/Auth0Connector.js +150 -0
- package/dist/connectors/AzureADConnector.d.ts +12 -0
- package/dist/connectors/AzureADConnector.js +115 -0
- package/dist/connectors/AzureDevOpsConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsConnector.js +130 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzureDevOpsPipelinesConnector.js +72 -0
- package/dist/connectors/AzurePipelinesConnector.d.ts +12 -0
- package/dist/connectors/AzurePipelinesConnector.js +72 -0
- package/dist/connectors/AzurePolicyConnector.d.ts +12 -0
- package/dist/connectors/AzurePolicyConnector.js +141 -0
- package/dist/connectors/AzureReposConnector.d.ts +12 -0
- package/dist/connectors/AzureReposConnector.js +96 -0
- package/dist/connectors/AzureSentinelConnector.d.ts +12 -0
- package/dist/connectors/AzureSentinelConnector.js +88 -0
- package/dist/connectors/BambooCICDConnector.d.ts +12 -0
- package/dist/connectors/BambooCICDConnector.js +72 -0
- package/dist/connectors/BambooHRConnector.d.ts +12 -0
- package/dist/connectors/BambooHRConnector.js +84 -0
- package/dist/connectors/BeyondTrustConnector.d.ts +12 -0
- package/dist/connectors/BeyondTrustConnector.js +94 -0
- package/dist/connectors/BitbucketConnector.d.ts +12 -0
- package/dist/connectors/BitbucketConnector.js +100 -0
- package/dist/connectors/BitbucketPipelinesConnector.d.ts +12 -0
- package/dist/connectors/BitbucketPipelinesConnector.js +72 -0
- package/dist/connectors/BoxConnector.d.ts +12 -0
- package/dist/connectors/BoxConnector.js +122 -0
- package/dist/connectors/BuildkiteConnector.d.ts +12 -0
- package/dist/connectors/BuildkiteConnector.js +95 -0
- package/dist/connectors/CarbonBlackConnector.d.ts +12 -0
- package/dist/connectors/CarbonBlackConnector.js +89 -0
- package/dist/connectors/CassandraConnector.d.ts +12 -0
- package/dist/connectors/CassandraConnector.js +69 -0
- package/dist/connectors/CheckPointConnector.d.ts +12 -0
- package/dist/connectors/CheckPointConnector.js +98 -0
- package/dist/connectors/CircleCIConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnector.js +129 -0
- package/dist/connectors/CircleCIConnectorsConnector.d.ts +12 -0
- package/dist/connectors/CircleCIConnectorsConnector.js +69 -0
- package/dist/connectors/CiscoUmbrellaConnector.d.ts +12 -0
- package/dist/connectors/CiscoUmbrellaConnector.js +96 -0
- package/dist/connectors/CloudBeesJenkinsConnector.d.ts +12 -0
- package/dist/connectors/CloudBeesJenkinsConnector.js +70 -0
- package/dist/connectors/CloudflareDNSConnector.d.ts +12 -0
- package/dist/connectors/CloudflareDNSConnector.js +71 -0
- package/dist/connectors/CloudflareWAFConnector.d.ts +12 -0
- package/dist/connectors/CloudflareWAFConnector.js +98 -0
- package/dist/connectors/ConfluenceConnector.d.ts +12 -0
- package/dist/connectors/ConfluenceConnector.js +101 -0
- package/dist/connectors/ConstantContactConnector.d.ts +12 -0
- package/dist/connectors/ConstantContactConnector.js +70 -0
- package/dist/connectors/CouchDBConnector.d.ts +12 -0
- package/dist/connectors/CouchDBConnector.js +69 -0
- package/dist/connectors/CrowdStrikeConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeConnector.js +86 -0
- package/dist/connectors/CrowdStrikeFalconConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeFalconConnector.js +92 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.d.ts +12 -0
- package/dist/connectors/CrowdStrikeSpotlightConnector.js +139 -0
- package/dist/connectors/CyberArkConnector.d.ts +12 -0
- package/dist/connectors/CyberArkConnector.js +95 -0
- package/dist/connectors/DatabricksConnector.d.ts +12 -0
- package/dist/connectors/DatabricksConnector.js +95 -0
- package/dist/connectors/DatadogConnector.d.ts +12 -0
- package/dist/connectors/DatadogConnector.js +110 -0
- package/dist/connectors/DigitalOceanConnector.d.ts +12 -0
- package/dist/connectors/DigitalOceanConnector.js +85 -0
- package/dist/connectors/DiscordConnector.d.ts +12 -0
- package/dist/connectors/DiscordConnector.js +98 -0
- package/dist/connectors/DockerHubConnector.d.ts +12 -0
- package/dist/connectors/DockerHubConnector.js +80 -0
- package/dist/connectors/DocuSignConnector.d.ts +12 -0
- package/dist/connectors/DocuSignConnector.js +96 -0
- package/dist/connectors/DriftConnector.d.ts +12 -0
- package/dist/connectors/DriftConnector.js +69 -0
- package/dist/connectors/DropboxConnector.d.ts +12 -0
- package/dist/connectors/DropboxConnector.js +127 -0
- package/dist/connectors/ESETConnector.d.ts +12 -0
- package/dist/connectors/ESETConnector.js +70 -0
- package/dist/connectors/ElasticsearchCloudConnector.d.ts +12 -0
- package/dist/connectors/ElasticsearchCloudConnector.js +70 -0
- package/dist/connectors/FSecureConnector.d.ts +12 -0
- package/dist/connectors/FSecureConnector.js +70 -0
- package/dist/connectors/FeatureFlagConnector.d.ts +12 -0
- package/dist/connectors/FeatureFlagConnector.js +70 -0
- package/dist/connectors/FluxCDConnector.d.ts +12 -0
- package/dist/connectors/FluxCDConnector.js +94 -0
- package/dist/connectors/ForgeRockConnector.d.ts +12 -0
- package/dist/connectors/ForgeRockConnector.js +95 -0
- package/dist/connectors/FortinetConnector.d.ts +12 -0
- package/dist/connectors/FortinetConnector.js +98 -0
- package/dist/connectors/FreshdeskConnector.d.ts +12 -0
- package/dist/connectors/FreshdeskConnector.js +71 -0
- package/dist/connectors/GCPBigQueryConnector.d.ts +12 -0
- package/dist/connectors/GCPBigQueryConnector.js +71 -0
- package/dist/connectors/GCPComputeConnector.d.ts +12 -0
- package/dist/connectors/GCPComputeConnector.js +87 -0
- package/dist/connectors/GCPConfigConnector.d.ts +12 -0
- package/dist/connectors/GCPConfigConnector.js +149 -0
- package/dist/connectors/GCPFirestoreConnector.d.ts +12 -0
- package/dist/connectors/GCPFirestoreConnector.js +71 -0
- package/dist/connectors/GCPIAMConnector.d.ts +12 -0
- package/dist/connectors/GCPIAMConnector.js +98 -0
- package/dist/connectors/GCPSCCConnector.d.ts +12 -0
- package/dist/connectors/GCPSCCConnector.js +94 -0
- package/dist/connectors/GitHubActionsConnector.d.ts +12 -0
- package/dist/connectors/GitHubActionsConnector.js +104 -0
- package/dist/connectors/GitHubConnector.d.ts +12 -0
- package/dist/connectors/GitHubConnector.js +135 -0
- package/dist/connectors/GitHubCopilotConnector.d.ts +12 -0
- package/dist/connectors/GitHubCopilotConnector.js +72 -0
- package/dist/connectors/GitLabCIConnector.d.ts +12 -0
- package/dist/connectors/GitLabCIConnector.js +71 -0
- package/dist/connectors/GitLabConnector.d.ts +12 -0
- package/dist/connectors/GitLabConnector.js +101 -0
- package/dist/connectors/GitLabSASTConnector.d.ts +12 -0
- package/dist/connectors/GitLabSASTConnector.js +130 -0
- package/dist/connectors/GoogleWorkspaceConnector.d.ts +12 -0
- package/dist/connectors/GoogleWorkspaceConnector.js +136 -0
- package/dist/connectors/HelmConnector.d.ts +12 -0
- package/dist/connectors/HelmConnector.js +94 -0
- package/dist/connectors/HubSpotConnector.d.ts +12 -0
- package/dist/connectors/HubSpotConnector.js +77 -0
- package/dist/connectors/IFTTTConnector.d.ts +12 -0
- package/dist/connectors/IFTTTConnector.js +70 -0
- package/dist/connectors/ImpervaConnector.d.ts +12 -0
- package/dist/connectors/ImpervaConnector.js +94 -0
- package/dist/connectors/InfluxDBConnector.d.ts +12 -0
- package/dist/connectors/InfluxDBConnector.js +70 -0
- package/dist/connectors/IntercomConnector.d.ts +12 -0
- package/dist/connectors/IntercomConnector.js +69 -0
- package/dist/connectors/JenkinsConnector.d.ts +12 -0
- package/dist/connectors/JenkinsConnector.js +96 -0
- package/dist/connectors/JiraConnector.d.ts +12 -0
- package/dist/connectors/JiraConnector.js +103 -0
- package/dist/connectors/KafkaConnector.d.ts +12 -0
- package/dist/connectors/KafkaConnector.js +70 -0
- package/dist/connectors/KasperskyConnector.d.ts +12 -0
- package/dist/connectors/KasperskyConnector.js +70 -0
- package/dist/connectors/KubernetesConnector.d.ts +12 -0
- package/dist/connectors/KubernetesConnector.js +109 -0
- package/dist/connectors/LaceworkConnector.d.ts +13 -0
- package/dist/connectors/LaceworkConnector.js +143 -0
- package/dist/connectors/LaunchDarklyConnector.d.ts +12 -0
- package/dist/connectors/LaunchDarklyConnector.js +86 -0
- package/dist/connectors/LinodeConnector.d.ts +12 -0
- package/dist/connectors/LinodeConnector.js +70 -0
- package/dist/connectors/LookerConnector.d.ts +12 -0
- package/dist/connectors/LookerConnector.js +94 -0
- package/dist/connectors/MailchimpConnector.d.ts +12 -0
- package/dist/connectors/MailchimpConnector.js +71 -0
- package/dist/connectors/MalwarebytesConnector.d.ts +12 -0
- package/dist/connectors/MalwarebytesConnector.js +85 -0
- package/dist/connectors/McAfeeConnector.d.ts +12 -0
- package/dist/connectors/McAfeeConnector.js +85 -0
- package/dist/connectors/Microsoft365Connector.d.ts +12 -0
- package/dist/connectors/Microsoft365Connector.js +139 -0
- package/dist/connectors/MongoDBConnector.d.ts +12 -0
- package/dist/connectors/MongoDBConnector.js +86 -0
- package/dist/connectors/NamelyConnector.d.ts +12 -0
- package/dist/connectors/NamelyConnector.js +97 -0
- package/dist/connectors/Neo4jConnector.d.ts +12 -0
- package/dist/connectors/Neo4jConnector.js +70 -0
- package/dist/connectors/NetSuiteConnector.d.ts +12 -0
- package/dist/connectors/NetSuiteConnector.js +94 -0
- package/dist/connectors/NetskopeConnector.d.ts +12 -0
- package/dist/connectors/NetskopeConnector.js +98 -0
- package/dist/connectors/NexusConnector.d.ts +12 -0
- package/dist/connectors/NexusConnector.js +93 -0
- package/dist/connectors/NotionConnector.d.ts +12 -0
- package/dist/connectors/NotionConnector.js +109 -0
- package/dist/connectors/OktaConnector.d.ts +12 -0
- package/dist/connectors/OktaConnector.js +123 -0
- package/dist/connectors/OktaSystemLogConnector.d.ts +12 -0
- package/dist/connectors/OktaSystemLogConnector.js +129 -0
- package/dist/connectors/OpsgenieConnector.d.ts +12 -0
- package/dist/connectors/OpsgenieConnector.js +70 -0
- package/dist/connectors/PagerDutyConnector.d.ts +12 -0
- package/dist/connectors/PagerDutyConnector.js +106 -0
- package/dist/connectors/PalantirConnector.d.ts +12 -0
- package/dist/connectors/PalantirConnector.js +95 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PaloAltoPrismaCloudConnector.js +110 -0
- package/dist/connectors/PingFederateConnector.d.ts +12 -0
- package/dist/connectors/PingFederateConnector.js +97 -0
- package/dist/connectors/PostgreSQLCloudConnector.d.ts +12 -0
- package/dist/connectors/PostgreSQLCloudConnector.js +70 -0
- package/dist/connectors/PowerBIConnector.d.ts +12 -0
- package/dist/connectors/PowerBIConnector.js +95 -0
- package/dist/connectors/PrismaCloudConnector.d.ts +12 -0
- package/dist/connectors/PrismaCloudConnector.js +147 -0
- package/dist/connectors/QualysConnector.d.ts +12 -0
- package/dist/connectors/QualysConnector.js +96 -0
- package/dist/connectors/QualysScannerConnector.d.ts +12 -0
- package/dist/connectors/QualysScannerConnector.js +131 -0
- package/dist/connectors/QuickBooksConnector.d.ts +12 -0
- package/dist/connectors/QuickBooksConnector.js +97 -0
- package/dist/connectors/RabbitMQConnector.d.ts +12 -0
- package/dist/connectors/RabbitMQConnector.js +69 -0
- package/dist/connectors/RadwareConnector.d.ts +12 -0
- package/dist/connectors/RadwareConnector.js +94 -0
- package/dist/connectors/RedisCloudConnector.d.ts +12 -0
- package/dist/connectors/RedisCloudConnector.js +70 -0
- package/dist/connectors/RingCentralConnector.d.ts +12 -0
- package/dist/connectors/RingCentralConnector.js +94 -0
- package/dist/connectors/SAPSuccessFactorsConnector.d.ts +12 -0
- package/dist/connectors/SAPSuccessFactorsConnector.js +103 -0
- package/dist/connectors/SailPointConnector.d.ts +12 -0
- package/dist/connectors/SailPointConnector.js +97 -0
- package/dist/connectors/SalesforceConnector.d.ts +12 -0
- package/dist/connectors/SalesforceConnector.js +91 -0
- package/dist/connectors/SendGridConnector.d.ts +12 -0
- package/dist/connectors/SendGridConnector.js +69 -0
- package/dist/connectors/SentinelOneConnector.d.ts +12 -0
- package/dist/connectors/SentinelOneConnector.js +89 -0
- package/dist/connectors/ServiceNowConnector.d.ts +12 -0
- package/dist/connectors/ServiceNowConnector.js +123 -0
- package/dist/connectors/SlackConnector.d.ts +12 -0
- package/dist/connectors/SlackConnector.js +109 -0
- package/dist/connectors/SnowflakeConnector.d.ts +12 -0
- package/dist/connectors/SnowflakeConnector.js +105 -0
- package/dist/connectors/SnykConnector.d.ts +12 -0
- package/dist/connectors/SnykConnector.js +84 -0
- package/dist/connectors/SnykMonitorConnector.d.ts +12 -0
- package/dist/connectors/SnykMonitorConnector.js +131 -0
- package/dist/connectors/SophosConnector.d.ts +12 -0
- package/dist/connectors/SophosConnector.js +87 -0
- package/dist/connectors/SpinnakerConnector.d.ts +12 -0
- package/dist/connectors/SpinnakerConnector.js +70 -0
- package/dist/connectors/SplunkConnector.d.ts +12 -0
- package/dist/connectors/SplunkConnector.js +126 -0
- package/dist/connectors/StripeConnector.d.ts +12 -0
- package/dist/connectors/StripeConnector.js +97 -0
- package/dist/connectors/TableauConnector.d.ts +12 -0
- package/dist/connectors/TableauConnector.js +101 -0
- package/dist/connectors/TaniumConnector.d.ts +12 -0
- package/dist/connectors/TaniumConnector.js +97 -0
- package/dist/connectors/TeamCityConnector.d.ts +12 -0
- package/dist/connectors/TeamCityConnector.js +71 -0
- package/dist/connectors/TeamsConnector.d.ts +12 -0
- package/dist/connectors/TeamsConnector.js +96 -0
- package/dist/connectors/TenableIOConnector.d.ts +12 -0
- package/dist/connectors/TenableIOConnector.js +130 -0
- package/dist/connectors/TerraformCloudConnector.d.ts +12 -0
- package/dist/connectors/TerraformCloudConnector.js +106 -0
- package/dist/connectors/TravisCIConnector.d.ts +12 -0
- package/dist/connectors/TravisCIConnector.js +95 -0
- package/dist/connectors/TrendMicroConnector.d.ts +12 -0
- package/dist/connectors/TrendMicroConnector.js +85 -0
- package/dist/connectors/TwilioConnector.d.ts +12 -0
- package/dist/connectors/TwilioConnector.js +70 -0
- package/dist/connectors/VercelConnector.d.ts +12 -0
- package/dist/connectors/VercelConnector.js +70 -0
- package/dist/connectors/VultrConnector.d.ts +12 -0
- package/dist/connectors/VultrConnector.js +70 -0
- package/dist/connectors/WebexConnector.d.ts +12 -0
- package/dist/connectors/WebexConnector.js +94 -0
- package/dist/connectors/WizConnector.d.ts +12 -0
- package/dist/connectors/WizConnector.js +172 -0
- package/dist/connectors/WorkdayConnector.d.ts +12 -0
- package/dist/connectors/WorkdayConnector.js +100 -0
- package/dist/connectors/XeroConnector.d.ts +12 -0
- package/dist/connectors/XeroConnector.js +96 -0
- package/dist/connectors/ZapierConnector.d.ts +12 -0
- package/dist/connectors/ZapierConnector.js +70 -0
- package/dist/connectors/ZendeskConnector.d.ts +12 -0
- package/dist/connectors/ZendeskConnector.js +71 -0
- package/dist/connectors/ZenefitsConnector.d.ts +12 -0
- package/dist/connectors/ZenefitsConnector.js +93 -0
- package/dist/connectors/ZoomConnector.d.ts +12 -0
- package/dist/connectors/ZoomConnector.js +97 -0
- package/dist/connectors/ZscalerConnector.d.ts +12 -0
- package/dist/connectors/ZscalerConnector.js +97 -0
- package/dist/connectors/index.d.ts +150 -0
- package/dist/connectors/index.js +157 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.js +16 -0
- package/dist/index.test.d.ts +1 -0
- package/dist/index.test.js +139 -0
- package/dist/types.d.ts +57 -0
- package/dist/types.js +8 -0
- package/package.json +33 -0
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "netskope-casb",
|
|
5
|
+
name: "Cloud Access Security",
|
|
6
|
+
description: "Fetch CASB policies and shadow IT discoveries",
|
|
7
|
+
evidenceCategories: ["access_control", "data_protection"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "netskope-sase",
|
|
11
|
+
name: "SASE Security",
|
|
12
|
+
description: "Fetch SASE policies and zero trust network access rules",
|
|
13
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "netskope-dlp",
|
|
17
|
+
name: "Cloud DLP",
|
|
18
|
+
description: "Fetch DLP policies and incident details",
|
|
19
|
+
evidenceCategories: ["data_protection", "monitoring"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "netskope-swg",
|
|
23
|
+
name: "Secure Web Gateway",
|
|
24
|
+
description: "Fetch SWG URL filtering and threat protection",
|
|
25
|
+
evidenceCategories: ["vulnerability_management", "access_control"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class NetskopeConnector {
|
|
29
|
+
id = "netskope";
|
|
30
|
+
name = "Netskope";
|
|
31
|
+
category = "cloud_provider";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"HIPAA",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || "https://tenant.netskope.com";
|
|
42
|
+
const resp = await fetch(`${base}/api/v1${endpoint}`, {
|
|
43
|
+
headers: {
|
|
44
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
45
|
+
"Content-Type": "application/json",
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
if (!resp.ok)
|
|
49
|
+
throw new Error(`Netskope API ${resp.status}: ${resp.statusText}`);
|
|
50
|
+
return (await resp.json());
|
|
51
|
+
}
|
|
52
|
+
async testConnection(config) {
|
|
53
|
+
try {
|
|
54
|
+
await this.fetchApi(config, "/security/policies");
|
|
55
|
+
return true;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async collectEvidence(config) {
|
|
62
|
+
const artifacts = [];
|
|
63
|
+
const now = new Date().toISOString();
|
|
64
|
+
const policies = await this.fetchApi(config, "/security/policies").catch(() => ({
|
|
65
|
+
policies: [],
|
|
66
|
+
}));
|
|
67
|
+
artifacts.push({
|
|
68
|
+
id: generateEvidenceId(),
|
|
69
|
+
connectorId: this.id,
|
|
70
|
+
capabilityId: "netskope-casb",
|
|
71
|
+
timestamp: now,
|
|
72
|
+
hash: hashEvidence(policies),
|
|
73
|
+
framework: "SOC2",
|
|
74
|
+
controlId: "CC6.1",
|
|
75
|
+
source: "netskope/security-policies",
|
|
76
|
+
status: policies.policies?.length > 0 ? "compliant" : "unknown",
|
|
77
|
+
data: { securityPolicies: policies.policies?.length || 0 },
|
|
78
|
+
metadata: {},
|
|
79
|
+
});
|
|
80
|
+
const incidents = await this.fetchApi(config, "/security/incidents?limit=10").catch(() => ({
|
|
81
|
+
incidents: [],
|
|
82
|
+
}));
|
|
83
|
+
artifacts.push({
|
|
84
|
+
id: generateEvidenceId(),
|
|
85
|
+
connectorId: this.id,
|
|
86
|
+
capabilityId: "netskope-dlp",
|
|
87
|
+
timestamp: now,
|
|
88
|
+
hash: hashEvidence(incidents),
|
|
89
|
+
framework: "ISO27001",
|
|
90
|
+
controlId: "A.8.3.1",
|
|
91
|
+
source: "netskope/incidents",
|
|
92
|
+
status: incidents.incidents?.length === 0 ? "compliant" : "non_compliant",
|
|
93
|
+
data: { openIncidents: incidents.incidents?.length || 0 },
|
|
94
|
+
metadata: {},
|
|
95
|
+
});
|
|
96
|
+
return artifacts;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class NexusConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "nexus";
|
|
4
|
+
readonly name = "Sonatype Nexus";
|
|
5
|
+
readonly category: "ci_cd";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "nexus-repos",
|
|
5
|
+
name: "Repository Management",
|
|
6
|
+
description: "Fetch repository configurations and proxy settings",
|
|
7
|
+
evidenceCategories: ["access_control", "configuration"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "nexus-components",
|
|
11
|
+
name: "Component Security",
|
|
12
|
+
description: "Fetch component vulnerability and license data",
|
|
13
|
+
evidenceCategories: ["vulnerability_management", "data_protection"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "nexus-roles",
|
|
17
|
+
name: "Role-Based Access",
|
|
18
|
+
description: "Fetch roles, privileges, and user assignments",
|
|
19
|
+
evidenceCategories: ["access_control"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "nexus-audit",
|
|
23
|
+
name: "Task & Audit Logs",
|
|
24
|
+
description: "Fetch scheduled tasks and access audit logs",
|
|
25
|
+
evidenceCategories: ["monitoring", "access_control"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class NexusConnector {
|
|
29
|
+
id = "nexus";
|
|
30
|
+
name = "Sonatype Nexus";
|
|
31
|
+
category = "ci_cd";
|
|
32
|
+
authType = "api_key";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
];
|
|
39
|
+
async fetchApi(config, endpoint) {
|
|
40
|
+
const base = config.baseUrl || "https://nexus.example.com";
|
|
41
|
+
const resp = await fetch(`${base}/service/rest${endpoint}`, {
|
|
42
|
+
headers: {
|
|
43
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
44
|
+
"Content-Type": "application/json",
|
|
45
|
+
},
|
|
46
|
+
});
|
|
47
|
+
if (!resp.ok)
|
|
48
|
+
throw new Error(`Nexus API ${resp.status}: ${resp.statusText}`);
|
|
49
|
+
return (await resp.json());
|
|
50
|
+
}
|
|
51
|
+
async testConnection(config) {
|
|
52
|
+
try {
|
|
53
|
+
await this.fetchApi(config, "/v1/status");
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
catch {
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
async collectEvidence(config) {
|
|
61
|
+
const artifacts = [];
|
|
62
|
+
const now = new Date().toISOString();
|
|
63
|
+
const repos = await this.fetchApi(config, "/v1/repositories").catch(() => []);
|
|
64
|
+
artifacts.push({
|
|
65
|
+
id: generateEvidenceId(),
|
|
66
|
+
connectorId: this.id,
|
|
67
|
+
capabilityId: "nexus-repos",
|
|
68
|
+
timestamp: now,
|
|
69
|
+
hash: hashEvidence(Array.isArray(repos) ? { count: repos.length } : repos),
|
|
70
|
+
framework: "SOC2",
|
|
71
|
+
controlId: "CC6.1",
|
|
72
|
+
source: "nexus/repositories",
|
|
73
|
+
status: Array.isArray(repos) && repos.length > 0 ? "compliant" : "unknown",
|
|
74
|
+
data: { repositoryCount: Array.isArray(repos) ? repos.length : 0 },
|
|
75
|
+
metadata: {},
|
|
76
|
+
});
|
|
77
|
+
const roles = await this.fetchApi(config, "/v1/roles").catch(() => ({ items: [] }));
|
|
78
|
+
artifacts.push({
|
|
79
|
+
id: generateEvidenceId(),
|
|
80
|
+
connectorId: this.id,
|
|
81
|
+
capabilityId: "nexus-roles",
|
|
82
|
+
timestamp: now,
|
|
83
|
+
hash: hashEvidence(roles),
|
|
84
|
+
framework: "ISO27001",
|
|
85
|
+
controlId: "A.6.2.1",
|
|
86
|
+
source: "nexus/roles",
|
|
87
|
+
status: roles.items?.length > 0 ? "compliant" : "non_compliant",
|
|
88
|
+
data: { roleCount: roles.items?.length || 0 },
|
|
89
|
+
metadata: {},
|
|
90
|
+
});
|
|
91
|
+
return artifacts;
|
|
92
|
+
}
|
|
93
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class NotionConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "notion";
|
|
4
|
+
readonly name = "Notion";
|
|
5
|
+
readonly category: "workspace";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "notion-databases",
|
|
5
|
+
name: "Databases",
|
|
6
|
+
description: "Fetch Notion databases used for policy tracking and compliance documentation",
|
|
7
|
+
evidenceCategories: ["documentation", "policy_management"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "notion-pages",
|
|
11
|
+
name: "Pages",
|
|
12
|
+
description: "Fetch recently modified pages for documentation evidence",
|
|
13
|
+
evidenceCategories: ["documentation", "knowledge_management"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "notion-members",
|
|
17
|
+
name: "Workspace Members",
|
|
18
|
+
description: "Fetch workspace member list and role assignments",
|
|
19
|
+
evidenceCategories: ["access_control", "identity_management"],
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
export class NotionConnector {
|
|
23
|
+
id = "notion";
|
|
24
|
+
name = "Notion";
|
|
25
|
+
category = "workspace";
|
|
26
|
+
authType = "bearer_token";
|
|
27
|
+
capabilities = capabilities;
|
|
28
|
+
frameworks = ["SOC2", "ISO27001"];
|
|
29
|
+
async fetchApi(config, endpoint, body) {
|
|
30
|
+
const base = config.baseUrl || "https://api.notion.com/v1";
|
|
31
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
32
|
+
method: body ? "POST" : "GET",
|
|
33
|
+
headers: {
|
|
34
|
+
Authorization: `Bearer ${config.apiToken}`,
|
|
35
|
+
"Notion-Version": "2022-06-28",
|
|
36
|
+
"Content-Type": "application/json",
|
|
37
|
+
},
|
|
38
|
+
body: body ? JSON.stringify(body) : undefined,
|
|
39
|
+
});
|
|
40
|
+
if (!resp.ok)
|
|
41
|
+
throw new Error(`Notion API ${resp.status}: ${resp.statusText}`);
|
|
42
|
+
return (await resp.json());
|
|
43
|
+
}
|
|
44
|
+
async testConnection(config) {
|
|
45
|
+
try {
|
|
46
|
+
await this.fetchApi(config, "/search", { page_size: 1 });
|
|
47
|
+
return true;
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
return false;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
async collectEvidence(config) {
|
|
54
|
+
const artifacts = [];
|
|
55
|
+
const now = new Date().toISOString();
|
|
56
|
+
const databases = await this.fetchApi(config, "/search", {
|
|
57
|
+
filter: { property: "object", value: "database" },
|
|
58
|
+
page_size: 50,
|
|
59
|
+
}).catch(() => ({ results: [] }));
|
|
60
|
+
const dbList = (databases.results || []);
|
|
61
|
+
artifacts.push({
|
|
62
|
+
id: generateEvidenceId(),
|
|
63
|
+
connectorId: this.id,
|
|
64
|
+
capabilityId: "notion-databases",
|
|
65
|
+
timestamp: now,
|
|
66
|
+
hash: hashEvidence({ databaseCount: dbList.length }),
|
|
67
|
+
framework: "SOC2",
|
|
68
|
+
controlId: "CC7.1",
|
|
69
|
+
source: "notion/databases",
|
|
70
|
+
status: dbList.length > 0 ? "compliant" : "non_compliant",
|
|
71
|
+
data: { databaseCount: dbList.length },
|
|
72
|
+
metadata: {},
|
|
73
|
+
});
|
|
74
|
+
const pages = await this.fetchApi(config, "/search", {
|
|
75
|
+
filter: { property: "object", value: "page" },
|
|
76
|
+
page_size: 50,
|
|
77
|
+
}).catch(() => ({ results: [] }));
|
|
78
|
+
const pageList = (pages.results || []);
|
|
79
|
+
artifacts.push({
|
|
80
|
+
id: generateEvidenceId(),
|
|
81
|
+
connectorId: this.id,
|
|
82
|
+
capabilityId: "notion-pages",
|
|
83
|
+
timestamp: now,
|
|
84
|
+
hash: hashEvidence({ pageCount: pageList.length }),
|
|
85
|
+
framework: "ISO27001",
|
|
86
|
+
controlId: "A.7.2.2",
|
|
87
|
+
source: "notion/pages",
|
|
88
|
+
status: "unknown",
|
|
89
|
+
data: { pageCount: pageList.length },
|
|
90
|
+
metadata: {},
|
|
91
|
+
});
|
|
92
|
+
const users = await this.fetchApi(config, "/users").catch(() => ({ results: [] }));
|
|
93
|
+
const userList = (users.results || []);
|
|
94
|
+
artifacts.push({
|
|
95
|
+
id: generateEvidenceId(),
|
|
96
|
+
connectorId: this.id,
|
|
97
|
+
capabilityId: "notion-members",
|
|
98
|
+
timestamp: now,
|
|
99
|
+
hash: hashEvidence({ memberCount: userList.length }),
|
|
100
|
+
framework: "SOC2",
|
|
101
|
+
controlId: "CC6.1",
|
|
102
|
+
source: "notion/users",
|
|
103
|
+
status: "unknown",
|
|
104
|
+
data: { memberCount: userList.length },
|
|
105
|
+
metadata: {},
|
|
106
|
+
});
|
|
107
|
+
return artifacts;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class OktaConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "okta";
|
|
4
|
+
readonly name = "Okta";
|
|
5
|
+
readonly category: "identity";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "okta-users",
|
|
5
|
+
name: "User Accounts",
|
|
6
|
+
description: "Fetch Okta user accounts and status",
|
|
7
|
+
evidenceCategories: ["identity_management"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "okta-mfa-factors",
|
|
11
|
+
name: "MFA Factors",
|
|
12
|
+
description: "Fetch enrolled MFA factors across users",
|
|
13
|
+
evidenceCategories: ["authentication"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "okta-app-assignments",
|
|
17
|
+
name: "App Assignments",
|
|
18
|
+
description: "Fetch application assignments and SSO configurations",
|
|
19
|
+
evidenceCategories: ["access_control"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "okta-group-memberships",
|
|
23
|
+
name: "Group Memberships",
|
|
24
|
+
description: "Fetch group memberships and role assignments",
|
|
25
|
+
evidenceCategories: ["access_control", "authorization"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class OktaConnector {
|
|
29
|
+
id = "okta";
|
|
30
|
+
name = "Okta";
|
|
31
|
+
category = "identity";
|
|
32
|
+
authType = "bearer_token";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"HIPAA",
|
|
39
|
+
];
|
|
40
|
+
async fetchApi(config, endpoint) {
|
|
41
|
+
const base = config.baseUrl || `https://${config.extra?.domain || "example"}.okta.com/api/v1`;
|
|
42
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
43
|
+
headers: { Authorization: `SSWS ${config.apiToken}` },
|
|
44
|
+
});
|
|
45
|
+
if (!resp.ok)
|
|
46
|
+
throw new Error(`Okta API ${resp.status}: ${resp.statusText}`);
|
|
47
|
+
return (await resp.json());
|
|
48
|
+
}
|
|
49
|
+
async testConnection(config) {
|
|
50
|
+
try {
|
|
51
|
+
await this.fetchApi(config, "/users/me");
|
|
52
|
+
return true;
|
|
53
|
+
}
|
|
54
|
+
catch {
|
|
55
|
+
return false;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
async collectEvidence(config) {
|
|
59
|
+
const artifacts = [];
|
|
60
|
+
const now = new Date().toISOString();
|
|
61
|
+
const users = await this.fetchApi(config, "/users?filter=status%20eq%20%22ACTIVE%22&limit=200");
|
|
62
|
+
const userList = Array.isArray(users) ? users : [];
|
|
63
|
+
artifacts.push({
|
|
64
|
+
id: generateEvidenceId(),
|
|
65
|
+
connectorId: this.id,
|
|
66
|
+
capabilityId: "okta-users",
|
|
67
|
+
timestamp: now,
|
|
68
|
+
hash: hashEvidence({ users: userList.map((u) => ({ id: u.id, status: u.status })) }),
|
|
69
|
+
framework: "SOC2",
|
|
70
|
+
controlId: "CC6.1",
|
|
71
|
+
source: "okta/users",
|
|
72
|
+
status: "compliant",
|
|
73
|
+
data: { activeUserCount: userList.length },
|
|
74
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
75
|
+
});
|
|
76
|
+
const factors = await this.fetchApi(config, "/users/me/factors").catch(() => []);
|
|
77
|
+
const factorList = Array.isArray(factors) ? factors : [];
|
|
78
|
+
artifacts.push({
|
|
79
|
+
id: generateEvidenceId(),
|
|
80
|
+
connectorId: this.id,
|
|
81
|
+
capabilityId: "okta-mfa-factors",
|
|
82
|
+
timestamp: now,
|
|
83
|
+
hash: hashEvidence({ factors: factorList }),
|
|
84
|
+
framework: "SOC2",
|
|
85
|
+
controlId: "CC6.1",
|
|
86
|
+
source: "okta/factors",
|
|
87
|
+
status: factorList.length > 0 ? "compliant" : "non_compliant",
|
|
88
|
+
data: { factorTypes: factorList.map((f) => f.factorType) },
|
|
89
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
90
|
+
});
|
|
91
|
+
const apps = await this.fetchApi(config, "/apps?limit=100").catch(() => []);
|
|
92
|
+
const appList = Array.isArray(apps) ? apps : [];
|
|
93
|
+
artifacts.push({
|
|
94
|
+
id: generateEvidenceId(),
|
|
95
|
+
connectorId: this.id,
|
|
96
|
+
capabilityId: "okta-app-assignments",
|
|
97
|
+
timestamp: now,
|
|
98
|
+
hash: hashEvidence({ apps: appList.map((a) => ({ id: a.id, name: a.name })) }),
|
|
99
|
+
framework: "ISO27001",
|
|
100
|
+
controlId: "A.9.2.5",
|
|
101
|
+
source: "okta/apps",
|
|
102
|
+
status: "unknown",
|
|
103
|
+
data: { appCount: appList.length },
|
|
104
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
105
|
+
});
|
|
106
|
+
const groups = await this.fetchApi(config, "/groups?limit=100").catch(() => []);
|
|
107
|
+
const groupList = Array.isArray(groups) ? groups : [];
|
|
108
|
+
artifacts.push({
|
|
109
|
+
id: generateEvidenceId(),
|
|
110
|
+
connectorId: this.id,
|
|
111
|
+
capabilityId: "okta-group-memberships",
|
|
112
|
+
timestamp: now,
|
|
113
|
+
hash: hashEvidence({ groups: groupList.map((g) => ({ id: g.id, name: (g.profile || {}).name })) }),
|
|
114
|
+
framework: "SOC2",
|
|
115
|
+
controlId: "CC6.3",
|
|
116
|
+
source: "okta/groups",
|
|
117
|
+
status: groupList.length > 0 ? "compliant" : "non_compliant",
|
|
118
|
+
data: { groupCount: groupList.length },
|
|
119
|
+
metadata: { domain: config.extra?.domain || "" },
|
|
120
|
+
});
|
|
121
|
+
return artifacts;
|
|
122
|
+
}
|
|
123
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class OktaSystemLogConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "okta_system_log";
|
|
4
|
+
readonly name = "Okta System Log";
|
|
5
|
+
readonly category: "identity";
|
|
6
|
+
readonly authType: "bearer_token";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
import { hashEvidence, generateEvidenceId } from "../types.js";
|
|
2
|
+
const capabilities = [
|
|
3
|
+
{
|
|
4
|
+
id: "okta-system-log",
|
|
5
|
+
name: "System Log Events",
|
|
6
|
+
description: "Fetch Okta system log events for authentication and access patterns",
|
|
7
|
+
evidenceCategories: ["audit", "access_control"],
|
|
8
|
+
},
|
|
9
|
+
{
|
|
10
|
+
id: "okta-failed-logins",
|
|
11
|
+
name: "Failed Login Events",
|
|
12
|
+
description: "Fetch failed authentication attempts and lockout events",
|
|
13
|
+
evidenceCategories: ["access_control", "threat_detection"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "okta-user-lifecycle",
|
|
17
|
+
name: "User Lifecycle Events",
|
|
18
|
+
description: "Fetch user creation, deactivation, and role change events",
|
|
19
|
+
evidenceCategories: ["access_control", "change_management"],
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
id: "okta-mfa-events",
|
|
23
|
+
name: "MFA Enrollment Events",
|
|
24
|
+
description: "Fetch MFA factor enrollment and verification events",
|
|
25
|
+
evidenceCategories: ["access_control", "identity_verification"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
export class OktaSystemLogConnector {
|
|
29
|
+
id = "okta_system_log";
|
|
30
|
+
name = "Okta System Log";
|
|
31
|
+
category = "identity";
|
|
32
|
+
authType = "bearer_token";
|
|
33
|
+
capabilities = capabilities;
|
|
34
|
+
frameworks = [
|
|
35
|
+
"SOC2",
|
|
36
|
+
"ISO27001",
|
|
37
|
+
"NIST_CSF",
|
|
38
|
+
"HIPAA",
|
|
39
|
+
"PCI_DSS",
|
|
40
|
+
];
|
|
41
|
+
async fetchApi(config, endpoint) {
|
|
42
|
+
const base = config.baseUrl || `https://${config.extra?.domain || "example"}.okta.com`;
|
|
43
|
+
const resp = await fetch(`${base}${endpoint}`, {
|
|
44
|
+
headers: {
|
|
45
|
+
Authorization: `SSWS ${config.apiToken}`,
|
|
46
|
+
Accept: "application/json",
|
|
47
|
+
},
|
|
48
|
+
});
|
|
49
|
+
if (!resp.ok)
|
|
50
|
+
throw new Error(`Okta API ${resp.status}: ${resp.statusText}`);
|
|
51
|
+
return (await resp.json());
|
|
52
|
+
}
|
|
53
|
+
async testConnection(config) {
|
|
54
|
+
try {
|
|
55
|
+
await this.fetchApi(config, "/api/v1/users/me");
|
|
56
|
+
return true;
|
|
57
|
+
}
|
|
58
|
+
catch {
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
async collectEvidence(config) {
|
|
63
|
+
const artifacts = [];
|
|
64
|
+
const now = new Date().toISOString();
|
|
65
|
+
const domain = config.extra?.domain || "example";
|
|
66
|
+
const since = new Date(Date.now() - 86400000).toISOString();
|
|
67
|
+
const systemLog = await this.fetchApi(config, `/api/v1/logs?since=${since}&limit=100&filter=event-type%20eq%20"user.session.start"`).catch(() => []);
|
|
68
|
+
const logEntries = Array.isArray(systemLog) ? systemLog : [];
|
|
69
|
+
artifacts.push({
|
|
70
|
+
id: generateEvidenceId(),
|
|
71
|
+
connectorId: this.id,
|
|
72
|
+
capabilityId: "okta-system-log",
|
|
73
|
+
timestamp: now,
|
|
74
|
+
hash: hashEvidence({ entries: logEntries.slice(0, 10) }),
|
|
75
|
+
framework: "SOC2",
|
|
76
|
+
controlId: "CC6.1",
|
|
77
|
+
source: `okta/${domain}/system-log`,
|
|
78
|
+
status: logEntries.length > 0 ? "compliant" : "partial",
|
|
79
|
+
data: { loginEvents: logEntries.length },
|
|
80
|
+
metadata: { domain },
|
|
81
|
+
});
|
|
82
|
+
const failedLogins = await this.fetchApi(config, `/api/v1/logs?since=${since}&limit=100&filter=event-type%20eq%20"user.session.destroy"&filter=outcome.result%20eq%20"FAILURE"`).catch(() => []);
|
|
83
|
+
const failedEntries = Array.isArray(failedLogins) ? failedLogins : [];
|
|
84
|
+
artifacts.push({
|
|
85
|
+
id: generateEvidenceId(),
|
|
86
|
+
connectorId: this.id,
|
|
87
|
+
capabilityId: "okta-failed-logins",
|
|
88
|
+
timestamp: now,
|
|
89
|
+
hash: hashEvidence({ entries: failedEntries.slice(0, 10) }),
|
|
90
|
+
framework: "ISO27001",
|
|
91
|
+
controlId: "A.9.4.2",
|
|
92
|
+
source: `okta/${domain}/failed-logins`,
|
|
93
|
+
status: failedEntries.length < 10 ? "compliant" : "non_compliant",
|
|
94
|
+
data: { failedLoginCount: failedEntries.length },
|
|
95
|
+
metadata: { domain },
|
|
96
|
+
});
|
|
97
|
+
const lifecycle = await this.fetchApi(config, `/api/v1/logs?since=${since}&limit=50&filter=event-type%20sw%20"user.lifecycle"`).catch(() => []);
|
|
98
|
+
const lifecycleEntries = Array.isArray(lifecycle) ? lifecycle : [];
|
|
99
|
+
artifacts.push({
|
|
100
|
+
id: generateEvidenceId(),
|
|
101
|
+
connectorId: this.id,
|
|
102
|
+
capabilityId: "okta-user-lifecycle",
|
|
103
|
+
timestamp: now,
|
|
104
|
+
hash: hashEvidence({ entries: lifecycleEntries.slice(0, 10) }),
|
|
105
|
+
framework: "NIST_CSF",
|
|
106
|
+
controlId: "PR.AC",
|
|
107
|
+
source: `okta/${domain}/lifecycle`,
|
|
108
|
+
status: "compliant",
|
|
109
|
+
data: { lifecycleEvents: lifecycleEntries.length },
|
|
110
|
+
metadata: { domain },
|
|
111
|
+
});
|
|
112
|
+
const mfaEvents = await this.fetchApi(config, `/api/v1/logs?since=${since}&limit=50&filter=event-type%20sw%20"factor.enroll"`).catch(() => []);
|
|
113
|
+
const mfaEntries = Array.isArray(mfaEvents) ? mfaEvents : [];
|
|
114
|
+
artifacts.push({
|
|
115
|
+
id: generateEvidenceId(),
|
|
116
|
+
connectorId: this.id,
|
|
117
|
+
capabilityId: "okta-mfa-events",
|
|
118
|
+
timestamp: now,
|
|
119
|
+
hash: hashEvidence({ entries: mfaEntries.slice(0, 10) }),
|
|
120
|
+
framework: "PCI_DSS",
|
|
121
|
+
controlId: "8.3",
|
|
122
|
+
source: `okta/${domain}/mfa-enrollment`,
|
|
123
|
+
status: "compliant",
|
|
124
|
+
data: { mfaEnrollments: mfaEntries.length },
|
|
125
|
+
metadata: { domain },
|
|
126
|
+
});
|
|
127
|
+
return artifacts;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { IntegrationConnector, ConnectorConfig, EvidenceArtifact, IntegrationCapability, ComplianceFramework } from "../types.js";
|
|
2
|
+
export declare class OpsgenieConnector implements IntegrationConnector {
|
|
3
|
+
readonly id = "opsgenie";
|
|
4
|
+
readonly name = "Opsgenie";
|
|
5
|
+
readonly category: "incident_management";
|
|
6
|
+
readonly authType: "api_key";
|
|
7
|
+
readonly capabilities: IntegrationCapability[];
|
|
8
|
+
readonly frameworks: ComplianceFramework[];
|
|
9
|
+
private fetchApi;
|
|
10
|
+
testConnection(config: ConnectorConfig): Promise<boolean>;
|
|
11
|
+
collectEvidence(config: ConnectorConfig): Promise<EvidenceArtifact[]>;
|
|
12
|
+
}
|