From e2f7129e4cb0915b60fe8f69557d4177db042149 Mon Sep 17 00:00:00 2001 From: akozlovets098 Date: Tue, 12 Dec 2023 15:47:28 +0200 Subject: [PATCH 1/2] Add references to rules (zoom_rules) --- .../zoom_all_meetings_secured_with_one_option_disabled.yml | 1 + .../zoom_new_meeting_passcode_required_disabled.yml | 1 + rules/zoom_operation_rules/zoom_sign_in_method_modified.yml | 1 + rules/zoom_operation_rules/zoom_sign_in_requirements_changed.yml | 1 + .../zoom_two_factor_authentication_disabled.yml | 1 + .../zoom_user_promoted_to_privileged_role.yml | 1 + 6 files changed, 6 insertions(+) diff --git a/rules/zoom_operation_rules/zoom_all_meetings_secured_with_one_option_disabled.yml b/rules/zoom_operation_rules/zoom_all_meetings_secured_with_one_option_disabled.yml index 59aceef44..e6ad39e30 100644 --- a/rules/zoom_operation_rules/zoom_all_meetings_secured_with_one_option_disabled.yml +++ b/rules/zoom_operation_rules/zoom_all_meetings_secured_with_one_option_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Zoom All Meetings Secured With One Option Disabled" Enabled: true Filename: zoom_all_meetings_secured_with_one_option_disabled.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0059862 Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml b/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml index ad8c23032..fb889e023 100644 --- a/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml +++ b/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Zoom New Meeting Passcode Required Disabled" Enabled: true Filename: zoom_new_meeting_passcode_required_disabled.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0063160#:~:text=Since%20September%202022%2C%20Zoom%20requires,enforced%20for%20all%20free%20accounts. Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml b/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml index ffc9170c0..58b159503 100644 --- a/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml +++ b/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml @@ -4,6 +4,7 @@ DisplayName: "Zoom Sign In Method Modified" Enabled: true Filename: zoom_sign_in_method_modified.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0067602#:~:text=Go%20to%20the%20Zoom%20site,click%20Link%20and%20Sign%20In. Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_sign_in_requirements_changed.yml b/rules/zoom_operation_rules/zoom_sign_in_requirements_changed.yml index 360679621..7830d2686 100644 --- a/rules/zoom_operation_rules/zoom_sign_in_requirements_changed.yml +++ b/rules/zoom_operation_rules/zoom_sign_in_requirements_changed.yml @@ -4,6 +4,7 @@ DisplayName: "Zoom Sign In Requirements Changed" Enabled: true Filename: zoom_sign_in_requirements_changed.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0061263 Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_two_factor_authentication_disabled.yml b/rules/zoom_operation_rules/zoom_two_factor_authentication_disabled.yml index c6dc6f62a..a54cca9d2 100644 --- a/rules/zoom_operation_rules/zoom_two_factor_authentication_disabled.yml +++ b/rules/zoom_operation_rules/zoom_two_factor_authentication_disabled.yml @@ -4,6 +4,7 @@ DisplayName: "Zoom Two Factor Authentication Disabled" Enabled: true Filename: zoom_two_factor_authentication_disabled.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0066054 Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml index 991e2813e..d57ba3068 100644 --- a/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml +++ b/rules/zoom_operation_rules/zoom_user_promoted_to_privileged_role.yml @@ -3,6 +3,7 @@ Description: A Zoom user was promoted to a privileged role. DisplayName: "Zoom User Promoted to Privileged Role" Enabled: true Filename: zoom_user_promoted_to_privileged_role.py +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0064983 Severity: Medium Tests: - ExpectedResult: true From 34ba5d85f2c47fbc74d96fdf4e6dbd07a9d371c1 Mon Sep 17 00:00:00 2001 From: akozlovets098 Date: Tue, 12 Dec 2023 16:31:27 +0200 Subject: [PATCH 2/2] Add references to rules (zoom_rules) --- .../zoom_new_meeting_passcode_required_disabled.yml | 2 +- rules/zoom_operation_rules/zoom_sign_in_method_modified.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml b/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml index fb889e023..6624c596e 100644 --- a/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml +++ b/rules/zoom_operation_rules/zoom_new_meeting_passcode_required_disabled.yml @@ -4,7 +4,7 @@ DisplayName: "Zoom New Meeting Passcode Required Disabled" Enabled: true Filename: zoom_new_meeting_passcode_required_disabled.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. -Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0063160#:~:text=Since%20September%202022%2C%20Zoom%20requires,enforced%20for%20all%20free%20accounts. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0063160#:~:text=Since%20September%202022%2C%20Zoom%20requires,enforced%20for%20all%20free%20accounts Severity: Medium Tests: - ExpectedResult: true diff --git a/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml b/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml index 58b159503..100ef51ff 100644 --- a/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml +++ b/rules/zoom_operation_rules/zoom_sign_in_method_modified.yml @@ -4,7 +4,7 @@ DisplayName: "Zoom Sign In Method Modified" Enabled: true Filename: zoom_sign_in_method_modified.py Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. -Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0067602#:~:text=Go%20to%20the%20Zoom%20site,click%20Link%20and%20Sign%20In. +Reference: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0067602#:~:text=Go%20to%20the%20Zoom%20site,click%20Link%20and%20Sign%20In Severity: Medium Tests: - ExpectedResult: true