Add references to rules (dropbox_rules) (#1005)

panther-labs · Dec 11, 2023 · 02ce284 · 02ce284
1 parent c250cd5
commit 02ce284
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 2 deletions.
diff --git a/rules/dropbox_rules/dropbox_admin_sign_in_as_session.yml b/rules/dropbox_rules/dropbox_admin_sign_in_as_session.yml
@@ -3,6 +3,7 @@ Description: 'Alerts when an admin starts a sign-in-as session.'
 DisplayName: "Dropbox Admin sign-in-as Session"
 Enabled: true
 Filename: dropbox_admin_sign_in_as_session.py
+Reference: https://help.dropbox.com/security/sign-in-as-user
 Severity: Medium
 Tests:
     - ExpectedResult: false

diff --git a/rules/dropbox_rules/dropbox_external_share.yml b/rules/dropbox_rules/dropbox_external_share.yml
@@ -3,6 +3,7 @@ Description: Dropbox item shared externally
 DisplayName: "Dropbox External Share"
 Enabled: true
 Filename: dropbox_external_share.py
+Reference: https://help.dropbox.com/share/share-outside-dropbox
 Severity: Medium
 Tests:
     - ExpectedResult: false

diff --git a/rules/dropbox_rules/dropbox_linked_team_application_added.yml b/rules/dropbox_rules/dropbox_linked_team_application_added.yml
@@ -3,9 +3,9 @@ Description: An application was linked to your Dropbox Account
 DisplayName: "Dropbox Linked Team Application Added"
 Enabled: true
 Filename: dropbox_linked_team_application_added.py
-Reference: Ensure that the application is valid and not malicious
+Reference: https://help.dropbox.com/integrations/app-integrations
 Runbook: >
-  Verify that this is expected. If not, determine other actions taken by this user recently and reach out to the user.
+  Ensure that the application is valid and not malicious. Verify that this is expected. If not, determine other actions taken by this user recently and reach out to the user.
   If the event involved a non-team member, consider disabling the user's access while investigating.
 Severity: Low
 Tags:

diff --git a/rules/dropbox_rules/dropbox_many_deletes.yml b/rules/dropbox_rules/dropbox_many_deletes.yml
@@ -3,6 +3,7 @@ Description: Detects when a dropbox user deletes many documents.
 DisplayName: "Dropbox Many Deletes"
 Enabled: false
 Filename: dropbox_many_deletes.py
+Reference: https://help.dropbox.com/delete-restore/delete-files
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/dropbox_rules/dropbox_many_downloads.yml b/rules/dropbox_rules/dropbox_many_downloads.yml
@@ -3,6 +3,7 @@ Description: Detects when a dropbox user downloads many documents.
 DisplayName: "Dropbox Many Downloads"
 Enabled: false
 Filename: dropbox_many_downloads.py
+Reference: https://learn.dropbox.com/video-library/upload-and-download-files
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/dropbox_rules/dropbox_ownership_transfer.yml b/rules/dropbox_rules/dropbox_ownership_transfer.yml
@@ -3,6 +3,7 @@ Description: 'Dropbox ownership of a document or folder has been transferred.'
 DisplayName: "Dropbox Document/Folder Ownership Transfer"
 Enabled: true
 Filename: dropbox_ownership_transfer.py
+Reference: https://help.dropbox.com/share/owner
 Severity: High
 Tests:
     - ExpectedResult: true

diff --git a/rules/dropbox_rules/dropbox_user_disabled_2fa.yml b/rules/dropbox_rules/dropbox_user_disabled_2fa.yml
@@ -3,6 +3,7 @@ Description: Dropbox user has disabled 2fa login
 DisplayName: "Dropbox User Disabled 2FA"
 Enabled: true
 Filename: dropbox_user_disabled_2fa.py
+Reference: https://help.dropbox.com/account-access/enable-two-step-verification
 Severity: Low
 Tests:
     - ExpectedResult: true