From 193d5968e3c948f4804be6363556310aa36399d2 Mon Sep 17 00:00:00 2001
From: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>
Date: Tue, 12 Dec 2023 12:23:20 +0200
Subject: [PATCH] Add references to rules (duo_rules) (#1007)

---
 rules/duo_rules/duo_admin_bypass_code_created.yml           | 1 +
 rules/duo_rules/duo_admin_create_admin.yml                  | 1 +
 rules/duo_rules/duo_admin_mfa_restrictions_updated.yml      | 1 +
 rules/duo_rules/duo_admin_new_admin_api_app_integration.yml | 1 +
 rules/duo_rules/duo_admin_policy_updated.yml                | 1 +
 rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml | 1 +
 rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml       | 1 +
 7 files changed, 7 insertions(+)

diff --git a/rules/duo_rules/duo_admin_bypass_code_created.yml b/rules/duo_rules/duo_admin_bypass_code_created.yml
index 9f7b8e625..ccdad3c59 100644
--- a/rules/duo_rules/duo_admin_bypass_code_created.yml
+++ b/rules/duo_rules/duo_admin_bypass_code_created.yml
@@ -4,6 +4,7 @@ DisplayName: "Duo Admin Bypass Code Created"
 Enabled: true
 Filename: duo_admin_bypass_code_created.py
 Runbook: Confirm this was authorized and necessary behavior.
+Reference: https://duo.com/docs/administration-users#generating-a-bypass-code
 Severity: Medium
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_create_admin.yml b/rules/duo_rules/duo_admin_create_admin.yml
index 1a3d725c4..9eb6972b5 100644
--- a/rules/duo_rules/duo_admin_create_admin.yml
+++ b/rules/duo_rules/duo_admin_create_admin.yml
@@ -3,6 +3,7 @@ Description: 'A new Duo Administrator was created. '
 DisplayName: "Duo Admin Create Admin"
 Enabled: true
 Filename: duo_admin_create_admin.py
+Reference: https://duo.com/docs/administration-admins#add-an-administrator
 Severity: High
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml b/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml
index 145a5cf0a..88392ef26 100644
--- a/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml
+++ b/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml
@@ -3,6 +3,7 @@ Description: Detects changes to allowed MFA factors administrators can use to lo
 DisplayName: "Duo Admin MFA Restrictions Updated"
 Enabled: true
 Filename: duo_admin_mfa_restrictions_updated.py
+Reference: https://duo.com/docs/essentials-overview
 Severity: Medium
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml b/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml
index ae51824a4..b685a7879 100644
--- a/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml
+++ b/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml
@@ -3,6 +3,7 @@ Description: Identifies creation of new Admin API integrations for Duo.
 DisplayName: "Duo Admin New Admin API App Integration"
 Enabled: true
 Filename: duo_admin_new_admin_api_app_integration.py
+Reference: https://duo.com/docs/adminapi#overview
 Severity: High
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_policy_updated.yml b/rules/duo_rules/duo_admin_policy_updated.yml
index eeb9f01dd..073245588 100644
--- a/rules/duo_rules/duo_admin_policy_updated.yml
+++ b/rules/duo_rules/duo_admin_policy_updated.yml
@@ -3,6 +3,7 @@ Description: A Duo Administrator updated a Policy, which governs how users authe
 DisplayName: "Duo Admin Policy Updated"
 Enabled: true
 Filename: duo_admin_policy_updated.py
+Reference: https://duo.com/docs/policy#authenticators-policy-settings
 Severity: Medium
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml b/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml
index 9711c1509..fc6fd5618 100644
--- a/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml
+++ b/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml
@@ -3,6 +3,7 @@ Description: Detects when SAML Authentication for Administrators is marked as Di
 DisplayName: "Duo Admin SSO SAML Requirement Disabled"
 Enabled: true
 Filename: duo_admin_sso_saml_requirement_disabled.py
+Reference: https://duo.com/docs/sso#saml:~:text=Modify%20Authentication%20Sources
 Severity: Medium
 Tests:
     - ExpectedResult: true
diff --git a/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml b/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml
index 55e36f3e2..690fba5b0 100644
--- a/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml
+++ b/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml
@@ -3,6 +3,7 @@ Description: An Administrator enabled a user to authenticate without MFA.
 DisplayName: "Duo Admin User MFA Bypass Enabled"
 Enabled: true
 Filename: duo_admin_user_mfa_bypass_enabled.py
+Reference: https://duo.com/docs/policy#authentication-policy
 Severity: Medium
 Tests:
     - ExpectedResult: false