Skip to content

Commit

Permalink
format Sublime YAML files
Browse files Browse the repository at this point in the history
  • Loading branch information
le4ker committed Oct 2, 2024
1 parent 7a2bec6 commit 8845508
Show file tree
Hide file tree
Showing 4 changed files with 231 additions and 212 deletions.
114 changes: 60 additions & 54 deletions rules/sublime_rules/sublime_mailboxes_deactivated.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,64 +21,70 @@ Tests:
Log:
{
"created_at": "2024-09-09 19:33:34.237078000",
"created_by": {
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000"
"created_by":
{
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000",
},
"data": {
"request": {
"authentication_method": "user_session",
"body": "{\"mailbox_ids\":[\"493c6e21-7787-419b-bada-7c4f50cbb932\"]}",
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": { },
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate"
}
"data":
{
"request":
{
"authentication_method": "user_session",
"body": '{"mailbox_ids":["493c6e21-7787-419b-bada-7c4f50cbb932"]}',
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": {},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36",
},
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate",
}
- ExpectedResult: true
Name: Mailbox Deactivated
Log:
{
"created_at": "2024-09-09 19:33:34.237078000",
"created_by": {
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000"
"created_by":
{
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000",
},
"data":
{
"request":
{
"authentication_method": "user_session",
"body": '{"mailbox_ids":["493c6e21-7787-419b-bada-7c4f50cbb932"]}',
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": {},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36",
},
},
"data": {
"request": {
"authentication_method": "user_session",
"body": "{\"mailbox_ids\":[\"493c6e21-7787-419b-bada-7c4f50cbb932\"]}",
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": { },
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate_mailboxes"
}
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate_mailboxes",
}
101 changes: 51 additions & 50 deletions rules/sublime_rules/sublime_message_flagged.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,54 +16,55 @@ Tests:
Name: Message Flagged
Log:
{
"p_source_file": {
"aws_s3_bucket": "audit.log.export",
"aws_s3_key": "sublime_platform_message_events/2024/09/24/164544Z-FPXIFG.json"
},
"p_any_sha256_hashes": [
"fb8b46e3317ac7d5036c6b21517d363634293c6d4f6bf1b1e67548c80948a1c6"
],
"p_event_time": "2024-09-24 16:45:43.302769000",
"p_log_type": "Sublime.MessageEvent",
"p_parse_time": "2024-09-24 16:51:47.687095351",
"p_row_id": "a23385494d57dfbbbdcbe4fa218101",
"p_schema_version": 0,
"p_source_id": "7e2a59aa-687e-430e-ae4a-81d3c0163f52",
"p_source_label": "Sublime Real Logs",
"p_udm": {},
"created_at": "2024-09-24 16:45:43.302769000",
"data": {
"flagged_rules": [
{
"id": "b0ab266f-8a12-4020-b165-e97bb1aacc42",
"name": "Credential phishing: Engaging language and other indicators (untrusted sender)"
},
{
"id": "a014f82e-f2d7-4058-adb1-36fc086de0b8",
"name": "Attachment: HTML smuggling with unescape"
},
{
"id": "e4866908-60fe-46f0-866e-84d412627006",
"name": "Headers: Zimbra mailer from a non-supported OS version"
},
{
"id": "5a9dc2cd-39f5-4814-95df-aa7614cc8bdd",
"name": "Impersonation: Human Resources with link or attachment and engaging language"
},
{
"id": "7988f1f5-5c95-42c2-9140-ead5a975918e",
"name": "Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment"
}
],
"message": {
"canonical_id": "fb8b46e3317ac7d5036c6b21517d363634293c6d4f6bf1b1e67548c80948a1c6",
"external_id": "b86b1e58-e9f8-4b55-8b54-1402f9f95e69",
"id": "019224ec-aba6-763d-bb2e-cd4cbd40a29f",
"mailbox": {
"id": "624c8394-4fe2-4ba0-bd2b-86d2e503c614"
},
"message_source_id": "91956379-c2f3-4c50-a410-3ba89fb8bc74"
}
},
"type": "message.flagged"
"p_source_file":
{
"aws_s3_bucket": "audit.log.export",
"aws_s3_key": "sublime_platform_message_events/2024/09/24/164544Z-FPXIFG.json",
},
"p_any_sha256_hashes":
["fb8b46e3317ac7d5036c6b21517d363634293c6d4f6bf1b1e67548c80948a1c6"],
"p_event_time": "2024-09-24 16:45:43.302769000",
"p_log_type": "Sublime.MessageEvent",
"p_parse_time": "2024-09-24 16:51:47.687095351",
"p_row_id": "a23385494d57dfbbbdcbe4fa218101",
"p_schema_version": 0,
"p_source_id": "7e2a59aa-687e-430e-ae4a-81d3c0163f52",
"p_source_label": "Sublime Real Logs",
"p_udm": {},
"created_at": "2024-09-24 16:45:43.302769000",
"data":
{
"flagged_rules":
[
{
"id": "b0ab266f-8a12-4020-b165-e97bb1aacc42",
"name": "Credential phishing: Engaging language and other indicators (untrusted sender)",
},
{
"id": "a014f82e-f2d7-4058-adb1-36fc086de0b8",
"name": "Attachment: HTML smuggling with unescape",
},
{
"id": "e4866908-60fe-46f0-866e-84d412627006",
"name": "Headers: Zimbra mailer from a non-supported OS version",
},
{
"id": "5a9dc2cd-39f5-4814-95df-aa7614cc8bdd",
"name": "Impersonation: Human Resources with link or attachment and engaging language",
},
{
"id": "7988f1f5-5c95-42c2-9140-ead5a975918e",
"name": "Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment",
},
],
"message":
{
"canonical_id": "fb8b46e3317ac7d5036c6b21517d363634293c6d4f6bf1b1e67548c80948a1c6",
"external_id": "b86b1e58-e9f8-4b55-8b54-1402f9f95e69",
"id": "019224ec-aba6-763d-bb2e-cd4cbd40a29f",
"mailbox": { "id": "624c8394-4fe2-4ba0-bd2b-86d2e503c614" },
"message_source_id": "91956379-c2f3-4c50-a410-3ba89fb8bc74",
},
},
"type": "message.flagged",
}
114 changes: 60 additions & 54 deletions rules/sublime_rules/sublime_message_source_deleted_or_deactivated.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,64 +21,70 @@ Tests:
Log:
{
"created_at": "2024-09-09 19:33:34.237078000",
"created_by": {
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000"
"created_by":
{
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000",
},
"data": {
"request": {
"authentication_method": "user_session",
"body": "{\"mailbox_ids\":[\"493c6e21-7787-419b-bada-7c4f50cbb932\"]}",
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": { },
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate"
}
"data":
{
"request":
{
"authentication_method": "user_session",
"body": '{"mailbox_ids":["493c6e21-7787-419b-bada-7c4f50cbb932"]}',
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": {},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36",
},
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "message_source.deactivate",
}
- ExpectedResult: false
Name: Other Events
Log:
{
"created_at": "2024-09-09 19:33:34.237078000",
"created_by": {
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000"
"created_by":
{
"active": true,
"created_at": "2024-08-28 22:05:15.715644000",
"email_address": "[email protected]",
"first_name": "John",
"google_oauth_user_id": "",
"id": "cd3aedfe-a61f-4e0e-ba30-14dcc7883316",
"is_enrolled": true,
"last_name": "Doe",
"microsoft_oauth_user_id": "",
"role": "admin",
"updated_at": "2024-08-28 22:05:15.715644000",
},
"data":
{
"request":
{
"authentication_method": "user_session",
"body": '{"mailbox_ids":["493c6e21-7787-419b-bada-7c4f50cbb932"]}',
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": {},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36",
},
},
"data": {
"request": {
"authentication_method": "user_session",
"body": "{\"mailbox_ids\":[\"493c6e21-7787-419b-bada-7c4f50cbb932\"]}",
"id": "73444211-31af-42d8-99b4-34a139cf7d4a",
"ip": "1.2.3.4",
"method": "POST",
"path": "/v1/message-sources/febb5bf4-2ead-47b1-b467-0ac729bf6871/deactivate",
"query": { },
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
},
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "rule.deactivate"
}
"id": "084732e5-7704-4bbe-ab5a-77f1aa65a737",
"type": "rule.deactivate",
}
Loading

0 comments on commit 8845508

Please sign in to comment.