Add references to rules (auth0_rules) (#995)

panther-labs · Dec 7, 2023 · a5380ca · a5380ca
1 parent fe1a3f8
commit a5380ca
Show file tree

Hide file tree

Showing 10 changed files with 10 additions and 0 deletions.
diff --git a/rules/auth0_rules/auth0_custom_role_created.yml b/rules/auth0_rules/auth0_custom_role_created.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 Custom Role Created"
 Enabled: true
 Filename: auth0_custom_role_created.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant if a user created a role without proper authorization.
+Reference: https://auth0.com/docs/manage-users/access-control/configure-core-rbac/roles/create-roles
 Severity: High
 Tests:
   - ExpectedResult: false

diff --git a/rules/auth0_rules/auth0_integration_installed.yml b/rules/auth0_rules/auth0_integration_installed.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 Integration Installed"
 Enabled: true
 Filename: auth0_integration_installed.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture.
+Reference: https://auth0.com/blog/actions-integrations-are-now-ga/
 Severity: Info
 Tests:
   - ExpectedResult: true

diff --git a/rules/auth0_rules/auth0_mfa_factor_setting_enabled.yml b/rules/auth0_rules/auth0_mfa_factor_setting_enabled.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 mfa factor enabled"
 Enabled: true
 Filename: auth0_mfa_factor_setting_enabled.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture.
+Reference: https://auth0.com/docs/secure/multi-factor-authentication/multi-factor-authentication-factors
 Severity: Info
 Tests:
   - ExpectedResult: true

diff --git a/rules/auth0_rules/auth0_mfa_policy_disabled.yml b/rules/auth0_rules/auth0_mfa_policy_disabled.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 MFA Policy Disabled"
 Enabled: true
 Filename: auth0_mfa_policy_disabled.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture.
+Reference: https://auth0.com/docs/secure/multi-factor-authentication/enable-mfa#:~:text=prompted%20for%20MFA.-,Never,-%3A%20MFA%20is%20not
 Severity: High
 Tests:
     - ExpectedResult: false

diff --git a/rules/auth0_rules/auth0_mfa_policy_enabled.yml b/rules/auth0_rules/auth0_mfa_policy_enabled.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 MFA Policy Enabled"
 Enabled: true
 Filename: auth0_mfa_policy_enabled.py
 Runbook: Assess if this was done by the user for a valid business reason and was expected. This alert indicates a setting change that aligns with best security practices, follow-up may be unnecessary.
+Reference: https://auth0.com/docs/secure/multi-factor-authentication/enable-mfa#:~:text=In%20the-,Define%20policies,-section%2C%20select%20a
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/auth0_rules/auth0_mfa_risk_assessment_disabled.yml b/rules/auth0_rules/auth0_mfa_risk_assessment_disabled.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 MFA Risk Assessment Disabled"
 Enabled: true
 Filename: auth0_mfa_risk_assessment_disabled.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant to re-enable this setting as it's in the best security interest for your organization's security posture.
+Reference: https://auth0.com/docs/secure/multi-factor-authentication/enable-mfa#:~:text=Always%20policy%2C%20the-,MFA%20Risk%20Assessors,-section%20appears.%20By
 Severity: High
 Tests:
     - ExpectedResult: false

diff --git a/rules/auth0_rules/auth0_mfa_risk_assessment_enabled.yml b/rules/auth0_rules/auth0_mfa_risk_assessment_enabled.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 MFA Risk Assessment Enabled"
 Enabled: true
 Filename: auth0_mfa_risk_assessment_enabled.py
 Runbook: Assess if this was done by the user for a valid business reason. Be vigilant when enabling this setting as it's in the best security interest for your organization's security posture.
+Reference: https://auth0.com/docs/secure/multi-factor-authentication/enable-mfa#:~:text=Always%20policy%2C%20the-,MFA%20Risk%20Assessors,-section%20appears.%20By
 Severity: Info
 Tests:
     - ExpectedResult: false

diff --git a/rules/auth0_rules/auth0_post_login_action_flow.yml b/rules/auth0_rules/auth0_post_login_action_flow.yml
@@ -4,6 +4,7 @@ DisplayName: "Auth0 Post Login Action Flow Updated"
 Enabled: true
 Filename: auth0_post_login_action_flow.py
 Runbook: Assess if this was done by the user for a valid business reason. Be sure to replace any steps that were removed without authorization. 
+Reference: https://auth0.com/docs/customize/actions/flows-and-triggers/login-flow/api-object
 Severity: Medium
 Tests:
     - ExpectedResult: false

diff --git a/rules/auth0_rules/auth0_user_invitation_created.yml b/rules/auth0_rules/auth0_user_invitation_created.yml
@@ -2,6 +2,7 @@ AnalysisType: rule
 DisplayName: "Auth0 User Invitation Created"
 Enabled: true
 Filename: auth0_user_invitation_created.py
+Reference: https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members
 Severity: Info
 Tests:
     - ExpectedResult: true

diff --git a/rules/auth0_rules/auth0_user_joined_tenant.yml b/rules/auth0_rules/auth0_user_joined_tenant.yml
@@ -4,6 +4,7 @@ Description: User accepted invitation from Auth0 member to join an Auth0 tenant.
 Enabled: true
 Filename: auth0_user_joined_tenant.py
 RuleID: Auth0.User.Joined.Tenant
+Reference: https://auth0.com/docs/manage-users/organizations/configure-organizations/invite-members#send-membership-invitations:~:text=.-,Send%20membership%20invitations,-You%20can
 Severity: Info
 LogTypes:
     - Auth0.Events