Add references to rules (duo_rules)

panther-labs · Dec 12, 2023 · dd7854a · dd7854a
1 parent 2f53632
commit dd7854a
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 0 deletions.
diff --git a/rules/duo_rules/duo_admin_bypass_code_created.yml b/rules/duo_rules/duo_admin_bypass_code_created.yml
@@ -4,6 +4,7 @@ DisplayName: "Duo Admin Bypass Code Created"
 Enabled: true
 Filename: duo_admin_bypass_code_created.py
 Runbook: Confirm this was authorized and necessary behavior.
+Reference: https://duo.com/docs/administration-users#generating-a-bypass-code
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_create_admin.yml b/rules/duo_rules/duo_admin_create_admin.yml
@@ -3,6 +3,7 @@ Description: 'A new Duo Administrator was created. '
 DisplayName: "Duo Admin Create Admin"
 Enabled: true
 Filename: duo_admin_create_admin.py
+Reference: https://duo.com/docs/administration-admins#add-an-administrator
 Severity: High
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml b/rules/duo_rules/duo_admin_mfa_restrictions_updated.yml
@@ -3,6 +3,7 @@ Description: Detects changes to allowed MFA factors administrators can use to lo
 DisplayName: "Duo Admin MFA Restrictions Updated"
 Enabled: true
 Filename: duo_admin_mfa_restrictions_updated.py
+Reference: https://duo.com/docs/essentials-overview
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml b/rules/duo_rules/duo_admin_new_admin_api_app_integration.yml
@@ -3,6 +3,7 @@ Description: Identifies creation of new Admin API integrations for Duo.
 DisplayName: "Duo Admin New Admin API App Integration"
 Enabled: true
 Filename: duo_admin_new_admin_api_app_integration.py
+Reference: https://duo.com/docs/adminapi#overview
 Severity: High
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_policy_updated.yml b/rules/duo_rules/duo_admin_policy_updated.yml
@@ -3,6 +3,7 @@ Description: A Duo Administrator updated a Policy, which governs how users authe
 DisplayName: "Duo Admin Policy Updated"
 Enabled: true
 Filename: duo_admin_policy_updated.py
+Reference: https://duo.com/docs/policy#authenticators-policy-settings
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml b/rules/duo_rules/duo_admin_sso_saml_requirement_disabled.yml
@@ -3,6 +3,7 @@ Description: Detects when SAML Authentication for Administrators is marked as Di
 DisplayName: "Duo Admin SSO SAML Requirement Disabled"
 Enabled: true
 Filename: duo_admin_sso_saml_requirement_disabled.py
+Reference: https://duo.com/docs/sso#saml:~:text=Modify%20Authentication%20Sources
 Severity: Medium
 Tests:
     - ExpectedResult: true

diff --git a/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml b/rules/duo_rules/duo_admin_user_mfa_bypass_enabled.yml
@@ -3,6 +3,7 @@ Description: An Administrator enabled a user to authenticate without MFA.
 DisplayName: "Duo Admin User MFA Bypass Enabled"
 Enabled: true
 Filename: duo_admin_user_mfa_bypass_enabled.py
+Reference: https://duo.com/docs/policy#authentication-policy
 Severity: Medium
 Tests:
     - ExpectedResult: false