Add references to rules (tines_rules)

rules/tines_rules/tines_actions_disabled_changes.yml

@@ -7,6 +7,7 @@ LogTypes:
   - Tines.Audit
 Tags:
   - Tines
+Reference: https://www.tines.com/university/tines-basics/architecture-of-an-action
 Severity: Medium
 Description: >
   Detections when Tines Actions are set to Disabled Change

rules/tines_rules/tines_custom_ca.yml

@@ -8,6 +8,7 @@ LogTypes:
 Tags:
   - Tines
   - IAM - Credential Security
+Reference: https://www.tines.com/docs/admin/custom-certificate-authority
 Severity: High
 Description: >
   Detects when Tines Custom CertificateAuthority settings are changed

rules/tines_rules/tines_enqueued_retrying_job_deletion.yml

@@ -10,6 +10,7 @@ Tags:
 Severity: Low
 Description: "Currently enqueued or retrying jobs were cleared"
 Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons."
+Reference: https://www.tines.com/docs/self-hosting/job-management
 DedupPeriodMinutes: 60
 Threshold: 1
 Tests:

rules/tines_rules/tines_global_resource_destruction.yml

@@ -15,6 +15,7 @@ Tags:
 Severity: Low
 Description: "A Tines user has destroyed a global resource."
 Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons."
+Reference: https://www.tines.com/docs/resources
 DedupPeriodMinutes: 60
 Threshold: 1
 Tests:

rules/tines_rules/tines_sso_settings.yml

@@ -11,6 +11,7 @@ Tags:
 Severity: High
 Description: >
   Detects when Tines SSO settings are changed
+Reference: https://www.tines.com/docs/admin/single-sign-on
 DedupPeriodMinutes: 60
 Threshold:  1
 SummaryAttributes:

rules/tines_rules/tines_story_items_destruction.yml

@@ -10,6 +10,7 @@ Tags:
 Severity: Info
 Description: "A user has destroyed a story item"
 Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons."
+Reference: https://www.tines.com/docs/stories
 DedupPeriodMinutes: 60
 Threshold: 1
 Tests:

rules/tines_rules/tines_story_jobs_clearance.yml

@@ -10,6 +10,7 @@ Tags:
 Severity: Low
 Description: "A Tines User has cleared story jobs."
 Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons."
+Reference: https://www.tines.com/docs/stories
 DedupPeriodMinutes: 60
 Threshold: 1
 Tests:

rules/tines_rules/tines_team_destruction.yml

@@ -10,6 +10,7 @@ Tags:
 Severity: Low
 Description: "A user has destroyed a team"
 Runbook: "Possible data destruction. Please reach out to the user and confirm this was done for valid business reasons."
+Reference: https://www.tines.com/docs/admin/teams
 DedupPeriodMinutes: 60
 Threshold: 1
 Tests:

rules/tines_rules/tines_tenant_authtoken.yml

@@ -11,6 +11,7 @@ Tags:
 Severity: Medium
 Description: >
   Detects when Tines Tenant API Keys are added
+Reference: https://www.tines.com/api/authentication
 DedupPeriodMinutes: 60
 Threshold:  1
 SummaryAttributes: