THREAT-411 ZIA AdminAuditRules - Password, Log, Backup

panther-labs · Nov 12, 2024 · 2b3990c · 2b3990c
1 parent 752ad86
commit 2b3990c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/packs/zscaler_zia.yml b/packs/zscaler_zia.yml
@@ -6,7 +6,11 @@ PackDefinition:
   IDs:
     - ZIA.Account.Access.Removed
     - ZIA.Additional.Cloud.Roles
+    - ZIA.Backup.Deleted
     - ZIA.Cloud.Account.Created
+    - ZIA.Golden.Restore.Point.Dropped
+    - ZIA.Insecure.Password.Settings
+    - ZIA.Logs.Downloaded
     - ZIA.Password.Expiration
     - ZIA.Trust.Modification
     - panther_zscaler_helpers

diff --git a/rules/zscaler_rules/zia/zia_golden_restore_point_dropped.py b/rules/zscaler_rules/zia/zia_golden_restore_point_dropped.py
@@ -21,8 +21,8 @@ def rule(event):
     if (
         action == "UPDATE"
         and category == "BACKUP_AND_RESTORE"
-        and golden_restore_point_pre == True
-        and golden_restore_point_post == False
+        and golden_restore_point_pre is True
+        and golden_restore_point_post is False
     ):
         return True
     return False

diff --git a/rules/zscaler_rules/zia/zia_insecure_password_settings.py b/rules/zscaler_rules/zia/zia_insecure_password_settings.py
@@ -1,5 +1,4 @@
 from panther_zscaler_helpers import zia_alert_context, zia_success
-from pygments.lexer import default
 
 
 def rule(event):