prelude-cli-beta 1399__py3-none-any.whl → 1404__py3-none-any.whl

prelude_sdk_beta/models/codes.py

@@ -0,0 +1,446 @@
+import logging
+
+from enum import Enum, EnumMeta
+
+
+class MissingItem(EnumMeta):
+    def __getitem__(cls, name):
+        try:
+            return super().__getitem__(name.upper())
+        except (AttributeError, KeyError):
+            try:
+                return cls(int(name))
+            except ValueError:
+                return cls(name)
+
+
+class RunCode(Enum, metaclass=MissingItem):
+    INVALID = -1
+    DAILY = 1
+    WEEKLY = 2
+    MONTHLY = 3
+    SMART = 4
+    DEBUG = 5
+    RUN_ONCE = 6
+    MONDAY = 10
+    TUESDAY = 11
+    WEDNESDAY = 12
+    THURSDAY = 13
+    FRIDAY = 14
+    SATURDAY = 15
+    SUNDAY = 16
+    MONTH_1 = 20
+
+    @classmethod
+    def _missing_(cls, value):
+        return RunCode.DAILY
+
+
+class Mode(Enum, metaclass=MissingItem):
+    MANUAL = 0
+    FROZEN = 1
+    AUTOPILOT = 2
+
+    @classmethod
+    def _missing_(cls, value):
+        return Mode.MANUAL
+
+
+class Permission(Enum, metaclass=MissingItem):
+    INVALID = -1
+    ADMIN = 0
+    EXECUTIVE = 1
+    BUILD = 2
+    SERVICE = 3
+    SUPPORT = 5
+
+    @classmethod
+    def _missing_(cls, value):
+        return Permission.INVALID
+
+
+class ExitCode(Enum):
+    MISSING = -1
+    UNKNOWN_ERROR = 1
+    MALFORMED_TEST = 2
+    UNREPORTED = 3
+    PROCESS_BLOCKED = 9
+    PROCESS_BLOCKED_GRACEFULLY = 15
+    PROTECTED = 100
+    UNPROTECTED = 101
+    TIMED_OUT = 102
+    FAILED_CLEANUP = 103
+    TEST_NOT_RELEVANT = 104
+    DYNAMIC_QUARANTINE = 105
+    BLOCKED_AT_PERIMETER = 106
+    EXPLOIT_PREVENTED = 107
+    ENDPOINT_NOT_RELEVANT = 108
+    INSUFFICIENT_PRIVILEGES = 109
+    INCORRECTLY_BLOCKED = 110
+    PREVENTED_EXECUTION = 126
+    STATIC_QUARANTINE = 127
+    BLOCKED = 137
+    UNEXPECTED_ERROR = 256
+
+    @classmethod
+    def _missing_(cls, value):
+        if value and not isinstance(value, int):
+            return cls(int(value))
+        logging.warning("Unknown ExitCode: %s", str(value))
+        return ExitCode.MISSING
+
+    @property
+    def state(self):
+        for k, v in State.mapping().items():
+            if self in v:
+                return k
+        return State.NONE
+
+
+class State(Enum):
+    NONE = 0
+    PROTECTED = 1
+    UNPROTECTED = 2
+    ERROR = 3
+    NOT_RELEVANT = 4
+
+    @classmethod
+    def mapping(cls):
+        return {
+            State.ERROR: [
+                ExitCode.FAILED_CLEANUP,
+                ExitCode.INCORRECTLY_BLOCKED,
+                ExitCode.MALFORMED_TEST,
+                ExitCode.TIMED_OUT,
+                ExitCode.UNEXPECTED_ERROR,
+                ExitCode.UNKNOWN_ERROR,
+                ExitCode.UNREPORTED,
+            ],
+            State.NONE: [ExitCode.MISSING],
+            State.NOT_RELEVANT: [
+                ExitCode.ENDPOINT_NOT_RELEVANT,
+                ExitCode.INSUFFICIENT_PRIVILEGES,
+                ExitCode.TEST_NOT_RELEVANT,
+            ],
+            State.PROTECTED: [
+                ExitCode.BLOCKED,
+                ExitCode.BLOCKED_AT_PERIMETER,
+                ExitCode.DYNAMIC_QUARANTINE,
+                ExitCode.EXPLOIT_PREVENTED,
+                ExitCode.PREVENTED_EXECUTION,
+                ExitCode.PROCESS_BLOCKED,
+                ExitCode.PROCESS_BLOCKED_GRACEFULLY,
+                ExitCode.PROTECTED,
+                ExitCode.STATIC_QUARANTINE,
+            ],
+            State.UNPROTECTED: [
+                ExitCode.UNPROTECTED,
+            ],
+        }
+
+
+class DOS(Enum):
+    none = "none"
+    arm64 = "arm64"
+    x86_64 = "x86_64"
+    aarch64 = "arm64"
+    amd64 = "x86_64"
+    x86 = "x86_64"
+
+    @classmethod
+    def normalize(cls, dos: str):
+        try:
+            arch = dos.split("-", 1)[-1]
+            return dos[: -len(arch)].lower() + cls[arch.lower()].value
+        except (KeyError, IndexError, AttributeError):
+            return cls.none.value
+
+
+class Control(Enum, metaclass=MissingItem):
+    INVALID = -1
+    NONE = 0
+    CROWDSTRIKE = 1
+    DEFENDER = 2
+    SPLUNK = 3
+    SENTINELONE = 4
+    VECTR = 5
+    S3 = 6
+    INTUNE = 7
+    SERVICENOW = 8
+    OKTA = 9
+    M365 = 10
+    ENTRA = 11
+    JAMF = 12
+    CROWDSTRIKE_IDENTITY = 13
+    GMAIL = 14
+    GOOGLE_IDENTITY = 15
+    DEFENDER_DISCOVERY = 16
+    TENABLE = 17
+    EC2 = 18
+    AWS_SSM = 19
+    AZURE_VM = 20
+    GITHUB = 21
+    TENABLE_DISCOVERY = 22
+    QUALYS = 23
+    QUALYS_DISCOVERY = 24
+
+    @classmethod
+    def _missing_(cls, value):
+        return Control.INVALID
+
+    @property
+    def control_category(self):
+        for k, v in ControlCategory.mapping().items():
+            if self in v:
+                return k
+        return ControlCategory.NONE
+
+    @property
+    def scm_category(self):
+        for k, v in SCMCategory.control_mapping().items():
+            if self in v:
+                return k
+        return SCMCategory.NONE
+
+
+class ControlCategory(Enum, metaclass=MissingItem):
+    INVALID = -1
+    NONE = 0
+    CLOUD = 1
+    EMAIL = 2
+    IDENTITY = 3
+    NETWORK = 4
+    XDR = 5
+    ASSET_MANAGER = 6
+    DISCOVERED_DEVICES = 7
+    VULN_MANAGER = 8
+    SIEM = 9
+    PRIVATE_REPO = 10
+
+    @classmethod
+    def _missing_(cls, value):
+        return ControlCategory.INVALID
+
+    @classmethod
+    def mapping(cls):
+        return {
+            ControlCategory.ASSET_MANAGER: [
+                Control.AWS_SSM,
+                Control.INTUNE,
+                Control.JAMF,
+            ],
+            ControlCategory.CLOUD: [],
+            ControlCategory.DISCOVERED_DEVICES: [
+                Control.AZURE_VM,
+                Control.DEFENDER_DISCOVERY,
+                Control.EC2,
+                Control.QUALYS_DISCOVERY,
+                Control.SERVICENOW,
+                Control.TENABLE_DISCOVERY,
+            ],
+            ControlCategory.EMAIL: [
+                Control.GMAIL,
+                Control.M365,
+            ],
+            ControlCategory.IDENTITY: [
+                Control.CROWDSTRIKE_IDENTITY,
+                Control.ENTRA,
+                Control.GOOGLE_IDENTITY,
+                Control.OKTA,
+            ],
+            ControlCategory.NETWORK: [],
+            ControlCategory.PRIVATE_REPO: [
+                Control.GITHUB,
+            ],
+            ControlCategory.SIEM: [
+                Control.S3,
+                Control.SPLUNK,
+                Control.VECTR,
+            ],
+            ControlCategory.VULN_MANAGER: [Control.QUALYS, Control.TENABLE],
+            ControlCategory.XDR: [
+                Control.CROWDSTRIKE,
+                Control.DEFENDER,
+                Control.SENTINELONE,
+            ],
+        }
+
+
+class SCMCategory(Enum, metaclass=MissingItem):
+    INVALID = -1
+    NONE = 0
+    ENDPOINT = 1
+    INBOX = 2
+    USER = 3
+
+    @classmethod
+    def _missing_(cls, value):
+        return SCMCategory.INVALID
+
+    @classmethod
+    def control_mapping(cls):
+        return {
+            SCMCategory.ENDPOINT: [
+                Control.AWS_SSM,
+                Control.AZURE_VM,
+                Control.CROWDSTRIKE,
+                Control.DEFENDER,
+                Control.DEFENDER_DISCOVERY,
+                Control.EC2,
+                Control.INTUNE,
+                Control.JAMF,
+                Control.QUALYS,
+                Control.QUALYS_DISCOVERY,
+                Control.SENTINELONE,
+                Control.SERVICENOW,
+                Control.TENABLE,
+                Control.TENABLE_DISCOVERY,
+            ],
+            SCMCategory.USER: [
+                Control.CROWDSTRIKE_IDENTITY,
+                Control.ENTRA,
+                Control.GOOGLE_IDENTITY,
+                Control.OKTA,
+            ],
+            SCMCategory.INBOX: [
+                Control.GMAIL,
+                Control.M365,
+            ],
+        }
+
+    @classmethod
+    def category_mapping(cls):
+        return {
+            SCMCategory.ENDPOINT: [
+                ControlCategory.ASSET_MANAGER,
+                ControlCategory.DISCOVERED_DEVICES,
+                ControlCategory.VULN_MANAGER,
+                ControlCategory.XDR,
+            ],
+            SCMCategory.USER: [ControlCategory.IDENTITY],
+            SCMCategory.INBOX: [ControlCategory.EMAIL],
+        }
+
+
+class BackgroundJobTypes(Enum, metaclass=MissingItem):
+    INVALID = -1
+    UPDATE_SCM = 1
+    DEPLOY_PROBE = 2
+    OBSERVED_DETECTED = 3
+    PRELUDE_ENDPOINT_SYNC = 4
+    EXPORT_SCM = 5
+    PARTNER_GROUPS = 6
+
+    @classmethod
+    def _missing_(cls, value):
+        return BackgroundJobTypes.INVALID
+
+
+class EDRResponse(Enum, metaclass=MissingItem):
+    INVALID = -1
+    OBSERVE = 1
+    DETECT = 2
+    PREVENT = 3
+
+    @classmethod
+    def _missing_(cls, value):
+        return EDRResponse.INVALID
+
+
+class PartnerEvents(Enum, metaclass=MissingItem):
+    INVALID = -1
+    REDUCED_FUNCTIONALITY_MODE = 1
+    NO_EDR = 2
+    MISSING_EDR_POLICY = 3
+    MISSING_AV_POLICY = 4
+    MISSING_MFA = 5
+    NO_ASSET_MANAGER = 6
+    MISCONFIGURED_POLICY_SETTING = 7
+    MISSING_SCAN = 8
+    OUT_OF_DATE_SCAN = 9
+    NO_VULN_MANAGER = 10
+    USER_MISSING_ASSET_MANAGER = 11
+    USER_MISSING_EDR = 12
+    USER_MISSING_VULN_MANAGER = 13
+
+    @classmethod
+    def _missing_(cls, value):
+        return PartnerEvents.INVALID
+
+    @classmethod
+    def control_category_mapping(cls):
+        return {
+            PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
+            PartnerEvents.NO_EDR: [
+                ControlCategory.XDR,
+            ],
+            PartnerEvents.MISSING_EDR_POLICY: [ControlCategory.XDR],
+            PartnerEvents.MISSING_AV_POLICY: [ControlCategory.XDR],
+            PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
+            PartnerEvents.NO_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
+            PartnerEvents.MISCONFIGURED_POLICY_SETTING: [
+                ControlCategory.XDR,
+                ControlCategory.EMAIL,
+                ControlCategory.IDENTITY,
+            ],
+            PartnerEvents.MISSING_SCAN: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.OUT_OF_DATE_SCAN: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.NO_VULN_MANAGER: [ControlCategory.VULN_MANAGER],
+            PartnerEvents.USER_MISSING_ASSET_MANAGER: [ControlCategory.IDENTITY],
+            PartnerEvents.USER_MISSING_EDR: [ControlCategory.IDENTITY],
+            PartnerEvents.USER_MISSING_VULN_MANAGER: [ControlCategory.IDENTITY],
+        }
+
+
+class AlertTypes(Enum, metaclass=MissingItem):
+    INVALID = -1
+    NEW_REDUCED_FUNCTIONALITY_MODE_ENDPOINTS = 1
+    NEW_NO_EDR_ENDPOINTS = 2
+    NEW_MISSING_EDR_POLICY_ENDPOINTS = 3
+    NEW_MISSING_AV_POLICY_ENDPOINTS = 4
+    NEW_MISSING_MFA_USERS = 5
+    NEW_NO_ASSET_MANAGER_ENDPOINTS = 6
+    NEW_POLICY_SETTING_FAILURE = 7
+    NEW_POLICY_SETTING_PASS = 8
+    NEW_MISSING_SCAN_ENDPOINTS = 9
+    NEW_NO_VULN_MANAGER_ENDPOINTS = 10
+    NEW_OUT_OF_DATE_SCAN_ENDPOINTS = 11
+    NEW_USER_MISSING_ASSET_MANAGER = 12
+    NEW_USER_MISSING_EDR = 13
+    NEW_USER_MISSING_VULN_MANAGER = 14
+
+    @classmethod
+    def _missing_(cls, value):
+        return AlertTypes.INVALID
+
+
+class PolicyType(Enum, metaclass=MissingItem):
+    INVALID = 0
+    EDR = 1
+    AV = 2
+    IDENTITY_PASSWORD = 3
+    EMAIL_ANTIPHISH = 4
+    EMAIL_OUTBOUND = 5
+    EMAIL_CONTENT = 6
+    EMAIL_MALWARE = 7
+    EMAIL_ATTACHMENT = 8
+    EMAIL_LINKS = 9
+    EMAIL_DKIM = 10
+    DEVICE_COMPLIANCE = 11
+    IDENTITY_MFA = 12
+
+    @classmethod
+    def _missing_(cls, value):
+        return PolicyType.INVALID
+
+
+class Platform(Enum, metaclass=MissingItem):
+    INVALID = 0
+    WINDOWS = 1
+    DARWIN = 2
+    LINUX = 3
+    ALL = 4
+
+    @classmethod
+    def _missing_(cls, value):
+        return Platform.INVALID

prelude_cli/cli.py

@@ -1,47 +0,0 @@
-import click
-
-from prelude_cli.views.auth import auth
-from prelude_cli.views.build import build
-from prelude_cli.views.configure import configure
-from prelude_cli.views.detect import detect
-from prelude_cli.views.generate import generate
-from prelude_cli.views.iam import iam
-from prelude_cli.views.jobs import jobs
-from prelude_cli.views.partner import partner
-from prelude_cli.views.scm import scm
-from prelude_sdk.models.account import Account, Keychain
-
-
-def complete_profile(ctx, param, incomplete):
-    return [x for x in Keychain().read_keychain() if x.startswith(incomplete)]
-
-
-@click.group(invoke_without_command=True)
-@click.version_option()
-@click.pass_context
-@click.option(
-    "--profile",
-    default="default",
-    help="The prelude keychain profile to use",
-    show_default=True,
-    shell_complete=complete_profile,
-)
-def cli(ctx, profile):
-    ctx.obj = Account.from_keychain(profile=profile)
-    if ctx.invoked_subcommand is None:
-        click.echo(ctx.get_help())
-
-
-cli.add_command(auth)
-cli.add_command(build)
-cli.add_command(configure)
-cli.add_command(detect)
-cli.add_command(generate)
-cli.add_command(iam)
-cli.add_command(jobs)
-cli.add_command(partner)
-cli.add_command(scm)
-
-
-if __name__ == "__main__":
-    cli()

prelude_cli/templates/README.md

@@ -1,28 +0,0 @@
-# $NAME
-
-This section should describe the test, provide some background information (such as historical in-the-wild usage by threat actors or APTs), and briefly illustrate the test's intention, objective, and techniques utilized to achieve them. This section should NOT be too technical or overly long; a small paragraph should be sufficient.
-
-## How
-
- > Safety: This section should contain an advisory statement that positively declares that the VST does not negatively affect the tested system in any way.
-
-Steps:
-
- 1. This section enumerates the individual, atomic steps by which ...
- 2. ... the probe attempts to achieve the intended effect of the test ...
- 3. ... and thereby perform evaluation of any resident security solutions.
-
- Example Output:
- ```bash
- [$ID] Starting test at: $TIME
- [$ID] Host is vulnerable, continuing with technique execution
- [$ID] Completed with code: 101
- [$ID] Ending test at: $TIME
- ```
-
-## Resolution
-
- If this test fails:
-
-* Bulleted list of recommendations that the testing organization SHOULD consider ...
-* ... based upon the nature of the test, as well as the point of failure.

prelude_cli/templates/template.go

@@ -1,24 +0,0 @@
-/*
-ID: $ID
-NAME: $NAME
-TECHNIQUE: $TECHNIQUE
-UNIT: $UNIT
-CREATED: $TIME
-*/
-package main
-
-import (
-	Endpoint "github.com/preludeorg/libraries/go/tests/endpoint"
-)
-
-func test() {
-	Endpoint.Stop(Endpoint.TestCompletedNormally)
-}
-
-func clean() {
-	Endpoint.Say("Cleaning up")
-}
-
-func main() {
-	Endpoint.Start(test, clean)
-}

prelude_cli/views/auth.py

@@ -1,56 +0,0 @@
-import click
-import webbrowser
-
-from prelude_cli.views.shared import Spinner, pretty_print
-
-
-@click.group()
-@click.pass_context
-def auth(ctx):
-    """Authentication"""
-    pass
-
-
-@auth.command("login")
-@click.option("-p", "--password", type=str, help="password for login")
-@click.option(
-    "-t",
-    "--temp_password",
-    type=str,
-    help="temporary password for login (if set, `password` will become your new password)",
-)
-@click.pass_obj
-@pretty_print
-def login(account, password, temp_password):
-    """Login using password or SSO"""
-    if not account.oidc:
-        password = password or click.prompt("Password", type=str, hide_input=True)
-        with Spinner(description="Logging in and saving tokens"):
-            new_password = password if temp_password else None
-            password = temp_password or password
-            return (
-                account.password_login(password, new_password),
-                "Login with password successful",
-            )
-
-    url = f"{account.hq.replace('api', 'platform')}/cli-auth?handle={account.handle}&provider={account.oidc}"
-    if account.oidc == "custom":
-        slug = account.slug or click.prompt("Please enter your account slug")
-        url += f"&slug={slug}"
-    webbrowser.open(url)
-    code = click.prompt(
-        f"Launching browser for authentication:\n\n{url}\n\nPlease enter your authorization code here"
-    )
-    verifier, authorization_code = code.split("/")
-    with Spinner(description="Logging in and saving tokens"):
-        tokens = account.exchange_authorization_code(authorization_code, verifier)
-    return tokens, "Login with SSO successful"
-
-
-@auth.command("refresh")
-@click.pass_obj
-@pretty_print
-def refresh(account):
-    """Refresh your tokens"""
-    with Spinner(description="Refreshing tokens"):
-        return account.refresh_tokens(), "New access tokens saved"