Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update aws-privilege-escalation.json #122

Merged
merged 4 commits into from
Jul 10, 2024
Merged

Update aws-privilege-escalation.json #122

merged 4 commits into from
Jul 10, 2024

Conversation

SeaBlooms
Copy link
Contributor

Added additional single service rules from Hacking the Cloud.

QA Checklist

Alerts Rule Packs

  • IF THIS CONTENT NEEDS TO BE RELEASED - is the package version in the package.json bumped?
  • Does a related alert already exist, and should it be tweaked or added to instead?
  • Test each query to make sure it works
  • Look for hardcoded variables/parameter values in the query
  • Consider Severity for Alerts
  • Spellcheck
  • Use all caps for J1QL keywords and relationship classes
  • Upload the alerts rule pack JSON into JupiterOne to validate

@erincrawford
Update aws-privilege-escalation.json
0bdd82b 
Added additional single service rules from Hacking the Cloud.
@SeaBlooms SeaBlooms requested a review from a team as a code owner July 8, 2024 21:59
@erincrawford
Update package.json
364e05e 
Version updated to 0.31.0
mikiodehartj1
mikiodehartj1 reviewed Jul 9, 2024
View reviewed changes
Copy link
Contributor

@mikiodehartj1 mikiodehartj1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add in the description why* each may be an issue.

L. 256 is a great example: "Users with the lambda:UpdateFunctionConfiguration permission can modify an existing Lambda function's configuration to add a new Lambda layer, allowing the user to override an existing library and allow them to execute malicious code under the privilege of the role associated with the Lambda function."

This explains the importance of each rule.

Otherwise looks good.

mikiodehartj1
mikiodehartj1 previously approved these changes Jul 9, 2024
View reviewed changes
@SeaBlooms SeaBlooms requested review from erincrawford and a team July 10, 2024 17:15
@mikiodehartj1 mikiodehartj1 merged commit 4235805 into main Jul 10, 2024
10 checks passed
@mikiodehartj1 mikiodehartj1 deleted the KNO-406 branch July 10, 2024 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikiodehartj1 mikiodehartj1 mikiodehartj1 approved these changes

@erincrawford erincrawford Awaiting requested review from erincrawford

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SeaBlooms @mikiodehartj1 @erincrawford