From 61c5b26a6a33d750b33676056433fe8ea0afd110 Mon Sep 17 00:00:00 2001 From: akozlovets098 Date: Tue, 12 Dec 2023 15:46:40 +0200 Subject: [PATCH] Add references to rules (tines_rules) --- rules/tines_rules/tines_actions_disabled_changes.yml | 1 + rules/tines_rules/tines_custom_ca.yml | 1 + rules/tines_rules/tines_enqueued_retrying_job_deletion.yml | 1 + rules/tines_rules/tines_global_resource_destruction.yml | 1 + rules/tines_rules/tines_sso_settings.yml | 1 + rules/tines_rules/tines_story_items_destruction.yml | 1 + rules/tines_rules/tines_story_jobs_clearance.yml | 1 + rules/tines_rules/tines_team_destruction.yml | 1 + rules/tines_rules/tines_tenant_authtoken.yml | 1 + 9 files changed, 9 insertions(+) diff --git a/rules/tines_rules/tines_actions_disabled_changes.yml b/rules/tines_rules/tines_actions_disabled_changes.yml index 0b311afc2..f5e0fbc6d 100644 --- a/rules/tines_rules/tines_actions_disabled_changes.yml +++ b/rules/tines_rules/tines_actions_disabled_changes.yml @@ -7,6 +7,7 @@ LogTypes: - Tines.Audit Tags: - Tines +Reference: https://www.tines.com/university/tines-basics/architecture-of-an-action Severity: Medium Description: > Detections when Tines Actions are set to Disabled Change diff --git a/rules/tines_rules/tines_custom_ca.yml b/rules/tines_rules/tines_custom_ca.yml index b61097e4f..645d2b85f 100644 --- a/rules/tines_rules/tines_custom_ca.yml +++ b/rules/tines_rules/tines_custom_ca.yml @@ -8,6 +8,7 @@ LogTypes: Tags: - Tines - IAM - Credential Security +Reference: https://www.tines.com/docs/admin/custom-certificate-authority Severity: High Description: > Detects when Tines Custom CertificateAuthority settings are changed diff --git a/rules/tines_rules/tines_enqueued_retrying_job_deletion.yml b/rules/tines_rules/tines_enqueued_retrying_job_deletion.yml index 1b1282def..4c5cbd566 100644 --- a/rules/tines_rules/tines_enqueued_retrying_job_deletion.yml +++ b/rules/tines_rules/tines_enqueued_retrying_job_deletion.yml @@ -10,6 +10,7 @@ Tags: Severity: Low Description: "Currently enqueued or retrying jobs were cleared" Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons." +Reference: https://www.tines.com/docs/self-hosting/job-management DedupPeriodMinutes: 60 Threshold: 1 Tests: diff --git a/rules/tines_rules/tines_global_resource_destruction.yml b/rules/tines_rules/tines_global_resource_destruction.yml index 6e50d9be7..4b16a7a22 100644 --- a/rules/tines_rules/tines_global_resource_destruction.yml +++ b/rules/tines_rules/tines_global_resource_destruction.yml @@ -15,6 +15,7 @@ Tags: Severity: Low Description: "A Tines user has destroyed a global resource." Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons." +Reference: https://www.tines.com/docs/resources DedupPeriodMinutes: 60 Threshold: 1 Tests: diff --git a/rules/tines_rules/tines_sso_settings.yml b/rules/tines_rules/tines_sso_settings.yml index af54cc371..841ef9c6a 100644 --- a/rules/tines_rules/tines_sso_settings.yml +++ b/rules/tines_rules/tines_sso_settings.yml @@ -11,6 +11,7 @@ Tags: Severity: High Description: > Detects when Tines SSO settings are changed +Reference: https://www.tines.com/docs/admin/single-sign-on DedupPeriodMinutes: 60 Threshold: 1 SummaryAttributes: diff --git a/rules/tines_rules/tines_story_items_destruction.yml b/rules/tines_rules/tines_story_items_destruction.yml index d4021b6b2..df94d9a30 100644 --- a/rules/tines_rules/tines_story_items_destruction.yml +++ b/rules/tines_rules/tines_story_items_destruction.yml @@ -10,6 +10,7 @@ Tags: Severity: Info Description: "A user has destroyed a story item" Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons." +Reference: https://www.tines.com/docs/stories DedupPeriodMinutes: 60 Threshold: 1 Tests: diff --git a/rules/tines_rules/tines_story_jobs_clearance.yml b/rules/tines_rules/tines_story_jobs_clearance.yml index b812abe4b..8310aca46 100644 --- a/rules/tines_rules/tines_story_jobs_clearance.yml +++ b/rules/tines_rules/tines_story_jobs_clearance.yml @@ -10,6 +10,7 @@ Tags: Severity: Low Description: "A Tines User has cleared story jobs." Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons." +Reference: https://www.tines.com/docs/stories DedupPeriodMinutes: 60 Threshold: 1 Tests: diff --git a/rules/tines_rules/tines_team_destruction.yml b/rules/tines_rules/tines_team_destruction.yml index 85375c64f..329da0272 100644 --- a/rules/tines_rules/tines_team_destruction.yml +++ b/rules/tines_rules/tines_team_destruction.yml @@ -10,6 +10,7 @@ Tags: Severity: Low Description: "A user has destroyed a team" Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons." +Reference: https://www.tines.com/docs/admin/teams DedupPeriodMinutes: 60 Threshold: 1 Tests: diff --git a/rules/tines_rules/tines_tenant_authtoken.yml b/rules/tines_rules/tines_tenant_authtoken.yml index ff366f3d2..33bb4fd94 100644 --- a/rules/tines_rules/tines_tenant_authtoken.yml +++ b/rules/tines_rules/tines_tenant_authtoken.yml @@ -11,6 +11,7 @@ Tags: Severity: Medium Description: > Detects when Tines Tenant API Keys are added +Reference: https://www.tines.com/api/authentication DedupPeriodMinutes: 60 Threshold: 1 SummaryAttributes: