From d67956f6f49ec970769f2e1f04af7128c93376fa Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Wed, 24 Jan 2024 21:24:21 +0200 Subject: [PATCH 1/3] Create low-severity-token.bcheck --- other/tokens/low-severity-token.bcheck | 5098 ++++++++++++++++++++++++ 1 file changed, 5098 insertions(+) create mode 100644 other/tokens/low-severity-token.bcheck diff --git a/other/tokens/low-severity-token.bcheck b/other/tokens/low-severity-token.bcheck new file mode 100644 index 0000000..6956a03 --- /dev/null +++ b/other/tokens/low-severity-token.bcheck @@ -0,0 +1,5098 @@ +metadata: + language: v1-beta + name: "Information Disclosure" + description: "Detects secret patterns in responses." + author: "bugswagger" + tags: "secret, bugswagger" + +given response then + if {latest.response} matches "bugswagger" then + report issue: + severity: low + confidence: firm + detail: "bugswagger secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + + else if {latest.response} matches "ec2-[0-9a-z._-]+.compute(-1)?.amazonaws.com" then + report issue: + severity: low + confidence: firm + detail: "AWS EC2 External secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9a-z._-]+.compute(-1)?.internal" then + report issue: + severity: low + confidence: firm + detail: "AWS EC2 Internal secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9a-z._-]+.elb.amazonaws.com" then + report issue: + severity: low + confidence: firm + detail: "AWS ELB secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9a-z._-]+.cache.amazonaws.com" then + report issue: + severity: low + confidence: firm + detail: "AWS ElasticCache secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then + report issue: + severity: low + confidence: firm + detail: "AWS MWS ID secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then + report issue: + severity: low + confidence: firm + detail: "AWS client ID secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:algolia).{0,40}\b([A-Z0-9]{10})\b" then + report issue: + severity: low + confidence: firm + detail: "Algoliaadminkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:algolia).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Algoliaadminkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+" then + report issue: + severity: low + confidence: firm + detail: "Amazon SNS Topic secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}" then + report issue: + severity: low + confidence: firm + detail: "Artifactory API Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:\s|=|:|\"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}" then + report issue: + severity: low + confidence: firm + detail: "Artifactory Password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:auth0).{0,40}\b([a-zA-Z0-9_-]{32,60})\b" then + report issue: + severity: low + confidence: firm + detail: "Auth0oauth - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(bearer).+" then + report issue: + severity: low + confidence: firm + detail: "Bearer token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:blogger).{0,40}\b([0-9A-Za-z-]{39})\b" then + report issue: + severity: low + confidence: firm + detail: "Blogger secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:circle).{0,40}([a-fA-F0-9]{40})" then + report issue: + severity: low + confidence: firm + detail: "Circleci secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudflare).{0,40}\b([A-Za-z0-9_-]{40})\b" then + report issue: + severity: low + confidence: firm + detail: "Cloudflareapitoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:customer).{0,40}\b([a-z0-9A-Z]{20})\b" then + report issue: + severity: low + confidence: firm + detail: "Customerio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Datadogtoken - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{40})\b" then + report issue: + severity: low + confidence: firm + detail: "Datadogtoken - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:debounce).{0,40}\b([a-zA-Z0-9]{13})\b" then + report issue: + severity: low + confidence: firm + detail: "Debounce secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9_]{18,30})\b" then + report issue: + severity: low + confidence: firm + detail: "Eightxeight - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:etsy).{0,40}\b([a-zA-Z-0-9]{24})\b" then + report issue: + severity: low + confidence: firm + detail: "Etsyapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" then + report issue: + severity: low + confidence: firm + detail: "FCM Server Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140})" then + report issue: + severity: low + confidence: firm + detail: "FCM_server_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]" then + report issue: + severity: low + confidence: firm + detail: "Facebook OAuth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:facebook).{0,40}\b([A-Za-z0-9]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Facebookoauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-z0-9.-]+\.firebaseio\.com" then + report issue: + severity: low + confidence: firm + detail: "Firebase Database Detect - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-z0-9.-]+\.firebaseapp\.com" then + report issue: + severity: low + confidence: firm + detail: "Firebase Database Detect - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:float).{0,40}\b([a-zA-Z0-9-._+=]{59,60})\b" then + report issue: + severity: low + confidence: firm + detail: "Float secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "TOKEN[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1688 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "API[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1689 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "SECRET[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1691 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1692 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "PASSWORD[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1693 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[0-9A-Za-z\-_]+(\''|\")?" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1695 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-z0-9.-]+\.s3-[a-z0-9-]\.amazonaws\.com" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1707 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn)" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1708 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "branchio_secret" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1715 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google_cm" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1731 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google_maps_key" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1732 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailjet" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1737 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapbox_access_token" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1738 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "slack_webhook" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1749 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "square_secret" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1750 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio_sid_token" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1753 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zapier_webhook" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1762 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3-[a-z0-9-]+\.amazonaws\.com/[a-z0-9._-]+" then + report issue: + severity: low + confidence: firm + detail: "Generic - 1765 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]" then + report issue: + severity: low + confidence: firm + detail: "Generic Secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(webhook).+(secret|token|key).+" then + report issue: + severity: low + confidence: firm + detail: "Generic webhook secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]" then + report issue: + severity: low + confidence: firm + detail: "GitHub secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:github).{0,40}\b([0-9]{6})\b" then + report issue: + severity: low + confidence: firm + detail: "Githubapp - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gitlab).{0,40}\b([a-zA-Z0-9\-=_]{20,22})\b" then + report issue: + severity: low + confidence: firm + detail: "Gitlab secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:harvest).{0,40}\b([0-9]{4,9})\b" then + report issue: + severity: low + confidence: firm + detail: "Harvest - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hive).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Hive - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:host).{0,40}\b([a-z0-9]{14})\b" then + report issue: + severity: low + confidence: firm + detail: "Host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hunter).{0,40}\b([a-z0-9_-]{40})\b" then + report issue: + severity: low + confidence: firm + detail: "Hunter secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:intercom).{0,40}\b([a-zA-Z0-9\W\S]{59}\=)" then + report issue: + severity: low + confidence: firm + detail: "Intercom secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\.[a-zA-Z-0-9]{3,16}\.[a-zA-Z-0-9]{3,16})\b" then + report issue: + severity: low + confidence: firm + detail: "Jiratoken - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:less).{0,40}\b([a-zA-Z0-9-]{57})\b" then + report issue: + severity: low + confidence: firm + detail: "Lessannoyingcrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:m3o).{0,40}\b([0-9A-Za-z]{48})\b" then + report issue: + severity: low + confidence: firm + detail: "M3o secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(mailgun|mg)[0-9a-z]{32}" then + report issue: + severity: low + confidence: firm + detail: "Mailgun API key - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:manifest).{0,40}\b([a-zA-z0-9]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Manifest secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+" then + report issue: + severity: low + confidence: firm + detail: "Microsoft Teams Webhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:freshworks).{0,40}\b([a-z0-9A-Z-]{22})\b" then + report issue: + severity: low + confidence: firm + detail: "Myfreshworks - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nytimes).{0,40}\b([a-z0-9A-Z-]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Nytimes secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([A-Za-z0-9_\.]{7}-[A-Za-z0-9_\.]{72})\b" then + report issue: + severity: low + confidence: firm + detail: "Paypaloauth - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([A-Za-z0-9_\.]{69}-[A-Za-z0-9_\.]{10})\b" then + report issue: + severity: low + confidence: firm + detail: "Paypaloauth - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:key).{0,40}\b([a-z0-9]{20})\b" then + report issue: + severity: low + confidence: firm + detail: "Pusherchannelkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(REDIS_URL).+" then + report issue: + severity: low + confidence: firm + detail: "REDIS_URL secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\-]{27}[ \r\n]{1})" then + report issue: + severity: low + confidence: firm + detail: "Rev - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + report issue: + severity: low + confidence: firm + detail: "Revampcrm - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ronin).{0,40}\b([0-9Aa-zA-Z]{3,32})\b" then + report issue: + severity: low + confidence: firm + detail: "Roninapp - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "data-shoppable-auth-token.+" then + report issue: + severity: low + confidence: firm + detail: "Shoppable Service Auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Shutterstock - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{16})\b" then + report issue: + severity: low + confidence: firm + detail: "Shutterstock - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "xoxp-[0-9A-Za-z\-]{72}" then + report issue: + severity: low + confidence: firm + detail: "Slack User token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sq0(atp|csp)-[0-9a-z-_]{22,43}" then + report issue: + severity: low + confidence: firm + detail: "Square API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z-]{36})\b" then + report issue: + severity: low + confidence: firm + detail: "Surveyanyplace - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: low + confidence: firm + detail: "Surveyanyplace - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{6,24})\b" then + report issue: + severity: low + confidence: firm + detail: "Swell - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" then + report issue: + severity: low + confidence: firm + detail: "Twitter Access Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]" then + report issue: + severity: low + confidence: firm + detail: "Twitter OAuth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b[a-zA-Z]{1,10}:?\/\/[-.%\w{}]{1,50}:([-.%\S]{3,50})@[-.%\w\/:]+\b" then + report issue: + severity: low + confidence: firm + detail: "Uri secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:youtube).{0,40}\b([a-zA-Z-0-9_]{39})\b" then + report issue: + severity: low + confidence: firm + detail: "Youtubeapikey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/" then + report issue: + severity: low + confidence: firm + detail: "Zapier Webhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+" then + report issue: + severity: low + confidence: firm + detail: "Zoho Webhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "access[_-]?key[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "access_key_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "access[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "access_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "account[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "account_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "admin[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "admin_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "adzerk[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "adzerk_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?1(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_admin_key_1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?2(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_admin_key_2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?mcm(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_admin_key_mcm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?mcm(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_api_key_mcm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?search(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_api_key_search secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?search[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_search_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?search[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_search_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia[_-]?search[_-]?key[_-]?1(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "algolia_search_key_1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "alias[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "alias_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "alicloud[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "alicloud_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "alicloud[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "alicloud_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "amazon[_-]?bucket[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "amazon_bucket_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "anaconda[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "anaconda_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "android[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "android_docs_deploy_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aos[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aos_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aos[_-]?sec(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aos_sec secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "api[_-]?key[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "api_key_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "api[_-]?key[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "api_key_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "api[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "api_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "apiary[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "apiary_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "apigw[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "apigw_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "apikey[:](?:['\"]?[a-zA-Z0-9-_|]+['\"]?)" then + report issue: + severity: low + confidence: firm + detail: "apikey_patterns secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "app[_-]?bucket[_-]?perm(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "app_bucket_perm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "app[_-]?report[_-]?token[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "app_report_token_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "app[_-]?secrete(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "app_secrete secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "app[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "app_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "appclientsecret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "appclientsecret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "apple[_-]?id[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "apple_id_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "argos[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "argos_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(artifactory.{0,50}(\"|')?[a-zA-Z0-9=]{112}(\"|')?)" then + report issue: + severity: low + confidence: firm + detail: "artifactory secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifactory[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifactory_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifacts[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifacts_aws_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifacts_aws_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifacts[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifacts_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifacts[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifacts_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "artifacts[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "artifacts_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "assistant[_-]?iam[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "assistant_iam_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "auth0[_-]?api[_-]?clientsecret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "auth0_api_clientsecret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "auth0[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "auth0_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "author[_-]?email[_-]?addr(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "author_email_addr secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "author[_-]?npm[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "author_npm_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?access(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_access secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_access_key_id - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?config[_-]?accesskeyid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_config_accesskeyid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?config[_-]?secretaccesskey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_config_secretaccesskey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:accesskeyid|secretaccesskey|aws_access_key_id|aws_secret_access_key)" then + report issue: + severity: low + confidence: firm + detail: "aws_patterns secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?secrets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_secrets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?ses[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_ses_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "aws[_-]?ses[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "aws_ses_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "awsaccesskeyid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "awsaccesskeyid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "awscn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "awscn_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "awscn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "awscn_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "awssecretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "awssecretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "b2[_-]?app[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "b2_app_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "b2[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "b2_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintray[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintray_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintray[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintray_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintray[_-]?gpg[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintray_gpg_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintray[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintray_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintray[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintray_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bintraykey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bintraykey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?auth(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?pass[_-]?prod(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_pass_prod secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?pwd(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_pwd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bluemix[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bluemix_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "brackets[_-]?repo[_-]?oauth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "brackets_repo_oauth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "browser[_-]?stack[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "browser_stack_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "browserstack[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "browserstack_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bucketeer_aws_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bucketeer_aws_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "built[_-]?branch[_-]?deploy[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "built_branch_deploy_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bundlesize[_-]?github[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bundlesize_github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bx[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bx_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bx[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "bx_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cache[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cache_s3_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cargo[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cargo_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cattle[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cattle_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cattle[_-]?agent[_-]?instance[_-]?auth(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cattle_agent_instance_auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cattle[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cattle_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "censys[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "censys_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "certificate[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "certificate_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cf[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cf_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cheverny[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cheverny_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ci[_-]?user[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ci_user_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "claimr[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "claimr_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "claimr[_-]?db(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "claimr_db secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "claimr[_-]?superuser(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "claimr_superuser secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "claimr[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "claimr_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cli[_-]?e2e[_-]?cma[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cli_e2e_cma_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "clojars[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "clojars_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?archived[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_archived_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?audited[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_audited_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?instance(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_instance secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?order[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_order_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?parsed[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_parsed_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?processed[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_processed_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudant[_-]?service[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudant_service_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudflare[_-]?auth[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudflare_auth_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudflare[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudflare_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudinary[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudinary_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudinary[_-]?url[_-]?staging(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cloudinary_url_staging secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "clu[_-]?repo[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "clu_repo_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "clu[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "clu_ssh_private_key_base64 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cn_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cn_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cocoapods[_-]?trunk[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cocoapods_trunk_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cocoapods[_-]?trunk[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cocoapods_trunk_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "codacy[_-]?project[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "codacy_project_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(codeclima.{0,50}(\"|')?[0-9a-f]{64}(\"|')?)" then + report issue: + severity: low + confidence: firm + detail: "codeclimate secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "codeclimate[_-]?repo[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "codeclimate_repo_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "codecov[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "codecov_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "coding[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "coding_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "conekta[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "conekta_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "consumerkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "consumerkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?cma[_-]?test[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_cma_test_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?integration[_-]?management[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_integration_management_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?php[_-]?management[_-]?test[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_php_management_test_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?test[_-]?org[_-]?cma[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_test_org_cma_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "contentful[_-]?v2[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "contentful_v2_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "conversation[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "conversation_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "conversation[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "conversation_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cos[_-]?secrets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cos_secrets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "coveralls[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "coveralls_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "coveralls[_-]?repo[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "coveralls_repo_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "coveralls[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "coveralls_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "coverity[_-]?scan[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "coverity_scan_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cypress[_-]?record[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "cypress_record_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "danger[_-]?github[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "danger_github_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "database_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "database_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "database_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?port(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "database_port secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "database_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "datadog[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "datadog_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "datadog[_-]?app[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "datadog_app_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?connection(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "db_connection secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "db_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "db_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "db_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "db_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ddg[_-]?test[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ddg_test_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ddg[_-]?test[_-]?email[_-]?pw(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ddg_test_email_pw secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ddgc[_-]?github[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ddgc_github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deploy[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "deploy_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deploy[_-]?secure(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "deploy_secure secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deploy[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "deploy_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deploy[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "deploy_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dgpg[_-]?passphrase(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "dgpg_passphrase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "digitalocean[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "digitalocean_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?body(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "digitalocean_ssh_key_body secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?ids(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "digitalocean_ssh_key_ids secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "docker_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "docker_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?postgres[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "docker_postgres_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dockerhubpassword(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "dockerhubpassword secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dsonar[_-]?login(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "dsonar_login secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dsonar[_-]?projectkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "dsonar_projectkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "elastic[_-]?cloud[_-]?auth(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "elastic_cloud_auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "elasticsearch[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "elasticsearch_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "encryption[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "encryption_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "end[_-]?user[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "end_user_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "env_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "env_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "env_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?sonatype[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "env_sonatype_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "eureka[_-]?awssecretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "eureka_awssecretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "exp[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "exp_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" then + report issue: + severity: low + confidence: firm + detail: "facebook_oauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "file[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "file_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase[_-]?project[_-]?develop(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "firebase_project_develop secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "flask[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "flask_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "flickr[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "flickr_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "flickr[_-]?api[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "flickr_api_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "fossa[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "fossa_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ftp_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?login(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ftp_login secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ftp_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ftp_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ftp_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gcloud[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gcloud_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gcloud[_-]?project(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gcloud_project secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gcloud[_-]?service[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gcloud_service_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gcr[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gcr_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gcs[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gcs_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?next[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_next_oauth_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_next_unstable_oauth_client_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_next_unstable_oauth_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_oauth_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?oauth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_oauth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?repo[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_repo_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gh_unstable_oauth_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ghb[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ghb_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ghost[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ghost_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?author[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_author_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?author[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_author_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?committer[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_committer_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?committer[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_committer_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "git[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "git_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_access_token - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-zA-Z0-9_-]*:[a-zA-Z0-9_-]+@github.com*" then + report issue: + severity: low + confidence: firm + detail: "github_access_token - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?auth(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_deploy_hb_doc_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?deployment[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_deployment_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?hunter[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_hunter_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?hunter[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_hunter_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?oauth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_oauth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?pwd(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_pwd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?release[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_release_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?repo(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "github_repo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gitlab[_-]?user[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gitlab_user_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gogs[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gogs_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?account[_-]?type(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "google_account_type secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?client[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "google_client_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:google_client_id|google_client_secret|google_client_token)" then + report issue: + severity: low + confidence: firm + detail: "google_patterns secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?private[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "google_private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "([0-9]{12}-[a-z0-9]{32}.apps.googleusercontent.com)" then + report issue: + severity: low + confidence: firm + detail: "google_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?key[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_key_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?keyname(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_keyname secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?ownertrust(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_ownertrust secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?passphrase(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_passphrase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?private[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gpg[_-]?secret[_-]?keys(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gpg_secret_keys secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gradle[_-]?publish[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gradle_publish_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gradle[_-]?publish[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gradle_publish_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gradle[_-]?signing[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gradle_signing_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gradle[_-]?signing[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gradle_signing_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gren[_-]?github[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "gren_github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "grgit[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "grgit_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hab[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hab_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hab[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hab_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hb[_-]?codesign[_-]?gpg[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hb_codesign_gpg_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hb[_-]?codesign[_-]?key[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hb_codesign_key_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "heroku[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "heroku_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "([h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})" then + report issue: + severity: low + confidence: firm + detail: "heroku_api_key_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "heroku[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "heroku_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "heroku[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "heroku_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hockey.{0,50}(\"|')?[0-9a-f]{32}(\"|')?" then + report issue: + severity: low + confidence: firm + detail: "hockeyapp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hockeyapp[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hockeyapp_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "homebrew[_-]?github[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "homebrew_github_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "hub[_-]?dxia2[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "hub_dxia2_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ij[_-]?repo[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ij_repo_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ij[_-]?repo[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ij_repo_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "index[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "index_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "integration[_-]?test[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "integration_test_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "integration[_-]?test[_-]?appid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "integration_test_appid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "internal[_-]?secrets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "internal_secrets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ios[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ios_docs_deploy_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "itest[_-]?gh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "itest_gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql: jdbc:mysql(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "jdbc secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "jdbc[_-]?databaseurl(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "jdbc_databaseurl secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "jdbc[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "jdbc_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "jwt[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "jwt_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kafka[_-]?admin[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kafka_admin_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kafka[_-]?instance[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kafka_instance_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kafka[_-]?rest[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kafka_rest_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "keystore[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "keystore_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kovan[_-]?private[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kovan_private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kubecfg[_-]?s3[_-]?path(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kubecfg_s3_path secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kubeconfig(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kubeconfig secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "kxoltsn3vogdop92m(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "kxoltsn3vogdop92m secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "leanplum[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "leanplum_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lektor[_-]?deploy[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lektor_deploy_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lektor[_-]?deploy[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lektor_deploy_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lighthouse[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lighthouse_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "linux[_-]?signing[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "linux_signing_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ll[_-]?publish[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ll_publish_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ll[_-]?shared[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ll_shared_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "looker[_-]?test[_-]?runner[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "looker_test_runner_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lottie[_-]?happo[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lottie_happo_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lottie[_-]?happo[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lottie_happo_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lottie[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lottie_s3_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lottie_upload_cert_key_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "lottie_upload_cert_key_store_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "magento[_-]?auth[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "magento_auth_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "magento[_-]?auth[_-]?username (=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "magento_auth_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "magento[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "magento_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mail[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mail_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailchimp[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailchimp_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailchimp[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailchimp_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailer[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailer_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(key-[0-9a-f]{32})" then + report issue: + severity: low + confidence: firm + detail: "mailgun secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailgun_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailgun_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailgun_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?pub[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailgun_pub_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?pub[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mailgun_pub_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "manage[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "manage_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "manage[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "manage_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "management[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "management_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "managementapiaccesstoken(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "managementapiaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mandrill[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mandrill_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "manifest[_-]?app[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "manifest_app_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "manifest[_-]?app[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "manifest_app_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapbox[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mapbox_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapbox[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mapbox_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mapbox_aws_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mapbox_aws_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mapboxaccesstoken(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mapboxaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mg[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mg_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mh[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mh_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mh[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mh_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mile[_-]?zero[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mile_zero_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "minio[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "minio_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "minio[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "minio_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "multi[_-]?bob[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "multi_bob_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "multi[_-]?connect[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "multi_connect_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "multi[_-]?disconnect[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "multi_disconnect_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "multi[_-]?workflow[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "multi_workflow_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "multi[_-]?workspace[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "multi_workspace_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "my[_-]?secret[_-]?env(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "my_secret_env secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysql_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?hostname(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysql_hostname secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysql_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysql_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysql_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysqlmasteruser(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysqlmasteruser secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysqlsecret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "mysqlsecret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "nativeevents(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "nativeevents secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "new[_-]?relic[_-]?beta[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "new_relic_beta_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "nexus[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "nexus_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "nexuspassword(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "nexuspassword secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ngrok[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ngrok_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ngrok[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ngrok_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "node[_-]?env(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "node_env secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?accesskeyid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "node_pre_gyp_accesskeyid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?github[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "node_pre_gyp_github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?secretaccesskey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "node_pre_gyp_secretaccesskey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "non[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "non_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "now[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "now_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "npm[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "npm_token - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(oy2[a-z0-9]{43})" then + report issue: + severity: low + confidence: firm + detail: "nuget_api_key - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "nuget[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "nuget_api_key - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "numbers[_-]?service[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "numbers_service_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "oauth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "oauth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "object[_-]?storage[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "object_storage_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "object[_-]?storage[_-]?region[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "object_storage_region_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "object[_-]?store[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "object_store_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "object[_-]?store[_-]?creds(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "object_store_creds secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "oc[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "oc_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "octest[_-]?app[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "octest_app_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "octest[_-]?app[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "octest_app_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "octest[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "octest_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ofta[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ofta_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ofta[_-]?region(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ofta_region secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ofta[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ofta_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "okta[_-]?client[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "okta_client_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "okta[_-]?oauth2[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "okta_oauth2_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "okta[_-]?oauth2[_-]?clientsecret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "okta_oauth2_clientsecret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "omise[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "omise_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "omise[_-]?pkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "omise_pkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "omise[_-]?pubkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "omise_pubkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "omise[_-]?skey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "omise_skey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "onesignal[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "onesignal_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "onesignal[_-]?user[_-]?auth[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "onesignal_user_auth_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "open[_-]?whisk[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "open_whisk_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "openwhisk[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "openwhisk_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "os[_-]?auth[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "os_auth_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "os[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "os_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ossrh[_-]?jira[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ossrh_jira_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ossrh[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ossrh_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ossrh[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ossrh_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ossrh[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ossrh_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ossrh[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ossrh_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(https://outlook.office.com/webhook/[0-9a-f-]{36}@)" then + report issue: + severity: low + confidence: firm + detail: "outlook_team secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "packagecloud[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "packagecloud_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pagerduty[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pagerduty_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "parse[_-]?js[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "parse_js_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "passwordtravis(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "passwordtravis secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(access_token$production$[0-9a-z]{16}$[0-9a-f]{32})" then + report issue: + severity: low + confidence: firm + detail: "paypal_braintree_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "paypal[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "paypal_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "percy[_-]?project(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "percy_project secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "percy[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "percy_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "personal[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "personal_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "personal[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "personal_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pg[_-]?database(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pg_database secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pg[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pg_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "places[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "places_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "places[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "places_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "plotly[_-]?apikey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "plotly_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "plugin[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "plugin_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?db(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "postgres_env_postgres_db secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "postgres_env_postgres_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "postgresql[_-]?db(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "postgresql_db secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "postgresql[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "postgresql_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "prebuild[_-]?auth(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "prebuild_auth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "preferred[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "preferred_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pring[_-]?mail[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pring_mail_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----(?:(?:BEGIN|END) )(?:(?:EC|PGP|DSA|RSA|OPENSSH).)?PRIVATE.KEY(.BLOCK)?-----" then + report issue: + severity: low + confidence: firm + detail: "private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "private[_-]?signing[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "private_signing_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "prod[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "prod_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "prod[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "prod_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "prod[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "prod_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "project[_-]?config(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "project_config secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "publish[_-]?access(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "publish_access secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "publish[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "publish_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "publish[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "publish_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pushover[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pushover_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pypi[_-]?passowrd(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "pypi_passowrd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "qiita[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "qiita_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "quip[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "quip_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "randrmusicapiaccesstoken(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "randrmusicapiaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "redis[_-]?stunnel[_-]?urls(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "redis_stunnel_urls secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "refresh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "refresh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "registry[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "registry_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "registry[_-]?secure(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "registry_secure secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "release[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "release_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "reporting[_-]?webdav[_-]?pwd(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "reporting_webdav_pwd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "reporting[_-]?webdav[_-]?url(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "reporting_webdav_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "repotoken(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "repotoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rest[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "rest_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rinkeby[_-]?private[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "rinkeby_private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ropsten[_-]?private[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ropsten_private_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "route53[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "route53_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rtd[_-]?key[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "rtd_key_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rtd[_-]?store[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "rtd_store_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?app[_-]?logs(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_bucket_name_app_logs secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?assets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_bucket_name_assets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_external_3_amazonaws_com secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?key[_-]?app[_-]?logs(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_key_app_logs secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?key[_-]?assets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_key_assets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?secret[_-]?app[_-]?logs(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_secret_app_logs secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?secret[_-]?assets(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_secret_assets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3[_-]?user[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "s3_user_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sacloud[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sacloud_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sacloud[_-]?access[_-]?token[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sacloud_access_token_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sacloud[_-]?api(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sacloud_api secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "salesforce_bulk_test_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "salesforce_bulk_test_security_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sandbox[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sandbox_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sandbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sandbox_aws_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sandbox_aws_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sauce[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sauce_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sauce.{0,50}(\"|')?[0-9a-f-]{36}(\"|')?)" then + report issue: + severity: low + confidence: firm + detail: "sauce_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "scrutinizer[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "scrutinizer_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sdr[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sdr_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?0(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_0 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?1(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?10(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_10 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?11(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_11 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?2(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?3(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?4(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_4 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?5(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_5 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?6(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_6 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?7(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_7 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?8(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_8 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?9(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_9 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[_-]?key[_-]?base(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secret_key_base secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secretaccesskey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secretaccesskey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "secretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "segment[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "segment_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "selion[_-]?log[_-]?level[_-]?dev(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "selion_log_level_dev secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "selion[_-]?selenium[_-]?host(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "selion_selenium_host secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid_api_key - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid[_-]?username(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendgrid_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendwithus[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sendwithus_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sentry[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sentry_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sentry[_-]?default[_-]?org(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sentry_default_org secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sentry[_-]?endpoint(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sentry_endpoint secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sentry[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sentry_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "service[_-]?account[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "service_account_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ses[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ses_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ses[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ses_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "setdstaccesskey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "setdstaccesskey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "setdstsecretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "setdstsecretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "setsecretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "setsecretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "signing[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "signing_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "signing[_-]?key[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "signing_key_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "signing[_-]?key[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "signing_key_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "signing[_-]?key[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "signing_key_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(hooks.slack.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[a-zA-Z0-9]{1,})" then + report issue: + severity: low + confidence: firm + detail: "slack_webhook_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "slash[_-]?developer[_-]?space(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "slash_developer_space secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "slash[_-]?developer[_-]?space[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "slash_developer_space_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "slate[_-]?user[_-]?email(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "slate_user_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "snoowrap[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "snoowrap_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "snoowrap[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "snoowrap_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "snoowrap[_-]?refresh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "snoowrap_refresh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "snyk[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "snyk_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "snyk[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "snyk_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "socrata[_-]?app[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "socrata_app_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "socrata[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "socrata_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonar[_-]?organization[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonar_organization_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonar[_-]?project[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonar_project_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonar[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonar_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sonar.{0,50}(\"|')?[0-9a-f]{40}(\"|')?)" then + report issue: + severity: low + confidence: firm + detail: "sonarqube_docs_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?gpg[_-]?key[_-]?name(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_gpg_key_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?gpg[_-]?passphrase(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_gpg_passphrase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?nexus[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_nexus_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?token[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_token_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatype[_-]?token[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatype_token_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonatypepassword(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sonatypepassword secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "soundcloud[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "soundcloud_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "soundcloud[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "soundcloud_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spaces[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "spaces_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spaces[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "spaces_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spotify[_-]?api[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "spotify_api_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spotify[_-]?api[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "spotify_api_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spring[_-]?mail[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "spring_mail_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sqsaccesskey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sqsaccesskey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sqssecretkey(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sqssecretkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sq0[a-z]{3}-[0-9A-Za-z-_]{20,50})" then + report issue: + severity: low + confidence: firm + detail: "square_app_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "square[_-]?reader[_-]?sdk[_-]?repository[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "square_reader_sdk_repository_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "srcclr[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "srcclr_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sshpass -p.*['|\"])" then + report issue: + severity: low + confidence: firm + detail: "ssh_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sshpass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "sshpass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ssmtp[_-]?config(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "ssmtp_config secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "staging[_-]?base[_-]?url[_-]?runscope(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "staging_base_url_runscope secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "star_test_aws_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "star[_-]?test[_-]?bucket(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "star_test_bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "star[_-]?test[_-]?location(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "star_test_location secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "star[_-]?test[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "star_test_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "starship[_-]?account[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "starship_account_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "starship[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "starship_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "stormpath_api_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "stormpath_api_key_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "strip[_-]?publishable[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "strip_publishable_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "strip[_-]?secret[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "strip_secret_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stripe[_-]?private(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "stripe_private secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stripe[_-]?public(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "stripe_public secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(rk_live_[0-9a-zA-Z]{24,34})" then + report issue: + severity: low + confidence: firm + detail: "stripe_restricted_api secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sk_live_[0-9a-zA-Z]{24,34})" then + report issue: + severity: low + confidence: firm + detail: "stripe_standard_api secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "surge[_-]?login(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "surge_login secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "surge[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "surge_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "svn[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "svn_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "tesco[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "tesco_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "test[_-]?github[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "test_github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "test[_-]?test(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "test_test secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "tester[_-]?keys[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "tester_keys_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "thera[_-]?oss[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "thera_oss_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "token[_-]?core[_-]?java(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "token_core_java secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?access[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?branch(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_branch secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?com[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_com_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?e2e[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_e2e_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?gh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?pull[_-]?request(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "travis_pull_request secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "trex[_-]?client[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "trex_client_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "trex[_-]?okta[_-]?client[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "trex_okta_client_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?configuration[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "twilio_configuration_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?sid(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "twilio_sid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twine[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "twine_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "unity[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "unity_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "unity[_-]?serial(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "unity_serial secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "urban[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "urban_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "urban[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "urban_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "us_east_1_elb_amazonaws_com secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "user[_-]?assets[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "user_assets_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "usertravis(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "usertravis secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "v[_-]?sfdc[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "v_sfdc_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "v[_-]?sfdc[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "v_sfdc_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "vip_github_build_repo_deploy_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "vip_github_deploy_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key[_-]?pass(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "vip_github_deploy_key_pass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "visual[_-]?recognition[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "visual_recognition_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "vscetoken(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "vscetoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wakatime[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wakatime_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "watson[_-]?conversation[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "watson_conversation_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "watson[_-]?device[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "watson_device_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "watson[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "watson_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?basic[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_basic_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?2(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_basic_password_2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?3(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_basic_password_3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?4(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_basic_password_4 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?5(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_basic_password_5 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?fb[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_fb_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?2(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_fb_password_2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?3(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_fb_password_3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "widget[_-]?test[_-]?server(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "widget_test_server secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wincert[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wincert_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wordpress[_-]?db[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wordpress_db_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wordpress[_-]?db[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wordpress_db_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpjm_phpunit_google_geocode_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wporg[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wporg_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?db[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_db_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?db[_-]?user(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_db_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?prepare[_-]?dir(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_prepare_dir secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?report[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_report_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?ssh[_-]?connect(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_ssh_connect secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "wpt_ssh_private_key_base64 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "www[_-]?googleapis[_-]?com(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "www_googleapis_com secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yangshun[_-]?gh[_-]?password(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yangshun_gh_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yangshun[_-]?gh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yangshun_gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?account[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_account_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?account[_-]?refresh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_account_refresh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?partner[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_partner_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?partner[_-]?refresh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_partner_refresh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "yt[_-]?server[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "yt_server_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zendesk[_-]?travis[_-]?github(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "zendesk_travis_github secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zensonatypepassword(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "zensonatypepassword secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zhuliang[_-]?gh[_-]?token(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "zhuliang_gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zopim[_-]?account[_-]?key(=| =|:| :)" then + report issue: + severity: low + confidence: firm + detail: "zopim_account_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + end if From d260cd1747f1eaa0f058ca91358b899ee358b778 Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Wed, 24 Jan 2024 21:25:49 +0200 Subject: [PATCH 2/3] Create high-severity-token.bcheck --- other/tokens/high-severity-token.bcheck | 6182 +++++++++++++++++++++++ 1 file changed, 6182 insertions(+) create mode 100644 other/tokens/high-severity-token.bcheck diff --git a/other/tokens/high-severity-token.bcheck b/other/tokens/high-severity-token.bcheck new file mode 100644 index 0000000..074a558 --- /dev/null +++ b/other/tokens/high-severity-token.bcheck @@ -0,0 +1,6182 @@ +metadata: + language: v1-beta + name: "Information Disclosure" + description: "Detects secret patterns in responses." + author: "bugswagger, xelkomy, juba0x00" + tags: "secret, bugswagger" + +given response then + if {latest.response} matches "bugswagger" then + report issue: + severity: low + confidence: firm + detail: "bugswagger secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "arn:aws:[a-z0-9-]+:[a-z]{2}-[a-z]+-[0-9]+:[0-9]+:.+" then + report issue: + severity: high + confidence: firm + detail: "AWS ARN secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then + report issue: + severity: high + confidence: firm + detail: "AWS Access Key ID Value secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "da2-[a-z0-9]{26}" then + report issue: + severity: high + confidence: firm + detail: "AWS AppSync GraphQL Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then + report issue: + severity: high + confidence: firm + detail: "AWS MWS key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9a-z._-]+.rds.amazonaws.com" then + report issue: + severity: high + confidence: firm + detail: "AWS RDS secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "s3://[0-9a-z._/-]+" then + report issue: + severity: high + confidence: firm + detail: "AWS S3 Bucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(aws_access_key_id|aws_secret_access_key)" then + report issue: + severity: high + confidence: firm + detail: "AWS cred file info secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:abbysale).{0,40}\b([a-z0-9A-Z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Abbysale secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:abstract).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Abstract secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:abuseipdb).{0,40}\b([a-z0-9]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Abuseipdb secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:accuweather).{0,40}([a-z0-9A-Z\%]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Accuweather secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(aio\_[a-zA-Z0-9]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Adafruitio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:adobe).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Adobeio - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Adzuna - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Adzuna - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aeroworkflow).{0,40}\b([0-9]{1,})\b" then + report issue: + severity: high + confidence: firm + detail: "Aeroworkflow - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aeroworkflow).{0,40}\b([a-zA-Z0-9^!]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Aeroworkflow - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:agora).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Agora secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:airbrake).{0,40}\b([0-9]{6})\b" then + report issue: + severity: high + confidence: firm + detail: "Airbrakeprojectkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Airbrakeprojectkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Airbrakeuserkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:airship).{0,40}\b([0-9Aa-zA-Z]{91})\b" then + report issue: + severity: high + confidence: firm + detail: "Airship secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:airvisual).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Airvisual secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:alconost).{0,40}\b([0-9Aa-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Alconost secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:alegra).{0,40}\b([a-z0-9-]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Alegra - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:alegra).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + report issue: + severity: high + confidence: firm + detail: "Alegra - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aletheiaapi).{0,40}\b([A-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Aletheiaapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(LTAI[a-zA-Z0-9]{17,21})[\\"' ;\s]*" then + report issue: + severity: high + confidence: firm + detail: "Alibaba - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:alienvault).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Alienvault secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:allsports).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Allsports secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Amadeus - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Amadeus - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ambee).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Ambee secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:amplitude).{0,40}\b([a-f0-9]{32})" then + report issue: + severity: high + confidence: firm + detail: "Amplitudeapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apacta).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Apacta secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:api2cart).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Api2cart secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sk_live_[a-z0-9A-Z-]{93})\b" then + report issue: + severity: high + confidence: firm + detail: "Apideck - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apideck).{0,40}\b([a-z0-9A-Z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Apideck - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apiflash).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Apiflash - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apiflash).{0,40}\b([a-zA-Z0-9\S]{21,30})\b" then + report issue: + severity: high + confidence: firm + detail: "Apiflash - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apifonica).{0,40}\b([0-9a-z]{11}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Apifonica secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(apify\_api\_[a-zA-Z-0-9]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Apify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apimatic).{0,40}\b([a-z0-9-\S]{8,32})\b" then + report issue: + severity: high + confidence: firm + detail: "Apimatic - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apimatic).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Apimatic - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apiscience).{0,40}\b([a-bA-Z0-9\S]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Apiscience secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apollo).{0,40}\b([a-zA-Z0-9]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Apollo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:appcues).{0,40}\b([0-9]{5})\b" then + report issue: + severity: high + confidence: firm + detail: "Appcues - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Appcues - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{39})\b" then + report issue: + severity: high + confidence: firm + detail: "Appcues - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:appfollow).{0,40}\b([0-9A-Za-z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Appfollow secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:appsynergy).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Appsynergy secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apptivo).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Apptivo - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:apptivo).{0,40}\b([a-zA-Z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Apptivo - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])\.jfrog\.io)" then + report issue: + severity: high + confidence: firm + detail: "Artifactory - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Artsy - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Artsy - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:asana).{0,40}\b([a-z\/:0-9]{51})\b" then + report issue: + severity: high + confidence: firm + detail: "Asanaoauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:asana).{0,40}\b([0-9]{1,}\/[0-9]{16,}:[A-Za-z0-9]{32,})\b" then + report issue: + severity: high + confidence: firm + detail: "Asanapersonalaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:assemblyai).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Assemblyai secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" then + report issue: + severity: high + confidence: firm + detail: "Asymmetric Private Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:audd).{0,40}\b([a-z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Audd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:auth0).{0,40}\b(ey[a-zA-Z0-9._-]+)\b" then + report issue: + severity: high + confidence: firm + detail: "Auth0managementapitoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Autodesk - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Autodesk - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:autoklose).{0,40}\b([a-zA-Z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Autoklose secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:autopilot).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Autopilot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:avaza).{0,40}\b([0-9]+-[0-9a-f]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Avazapersonalaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aviationstack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Aviationstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Aws - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:axonaut).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Axonaut secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Aylien - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Aylien - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ayrshare).{0,40}\b([A-Z]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then + report issue: + severity: high + confidence: firm + detail: "Ayrshare secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bannerbear).{0,40}\b([0-9a-zA-Z]{22}tt)\b" then + report issue: + severity: high + confidence: firm + detail: "Bannerbear secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:baremetrics).{0,40}\b([a-zA-Z0-9_]{25})\b" then + report issue: + severity: high + confidence: firm + detail: "Baremetrics secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:baseapi|base-api).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Baseapiio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:beamer).{0,40}\b([a-zA-Z0-9_+/]{45}=)" then + report issue: + severity: high + confidence: firm + detail: "Beamer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:beebole).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Beebole secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:besttime).{0,40}\b([0-9A-Za-z_]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Besttime secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{1,})\b" then + report issue: + severity: high + confidence: firm + detail: "Billomat - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Billomat - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitbar).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Bitbar secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitcoinaverage).{0,40}\b([a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Bitcoinaverage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitfinex).{0,40}\b([A-Za-z0-9_-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Bitfinex secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "R_[0-9a-f]{32}" then + report issue: + severity: high + confidence: firm + detail: "Bitly Secret Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitly).{0,40}\b([a-zA-Z-0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Bitlyaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Bitmex - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Bitmex - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:blablabus).{0,40}\b([0-9A-Za-z]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Blablabus secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:blazemeter|runscope).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Blazemeter secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:blitapp).{0,40}\b([a-zA-Z0-9_-]{39})\b" then + report issue: + severity: high + confidence: firm + detail: "Blitapp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bombbomb).{0,40}\b([a-zA-Z0-9-._]{704})\b" then + report issue: + severity: high + confidence: firm + detail: "Bombbomb secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:boostnote).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Boostnote secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:borgbase).{0,40}\b([a-zA-Z0-9/_.-]{148,152})\b" then + report issue: + severity: high + confidence: firm + detail: "Borgbase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "access_token$production$[0-9a-z]{16}$[0-9a-f]{32}" then + report issue: + severity: high + confidence: firm + detail: "Braintree API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:brandfetch).{0,40}\b([0-9A-Za-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Brandfetch secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:browshot).{0,40}\b([a-zA-Z-0-9]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Browshot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:buddyns).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Buddyns secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bugherd).{0,40}\b([0-9a-z]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Bugherd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bugsnag).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Bugsnag secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:buildkite).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Buildkite secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:bulbul).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Bulbul secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:buttercms).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Buttercms secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:caflou).{0,40}\b([a-bA-Z0-9\S]{155})\b" then + report issue: + severity: high + confidence: firm + detail: "Caflou secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:calendarific).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Calendarific secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:calendly).{0,40}\b([a-zA-Z-0-9]{20}.[a-zA-Z-0-9]{171}.[a-zA-Z-0-9_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Calendlyapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:calorieninja).{0,40}\b([0-9A-Za-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Calorieninja secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:campayn).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Campayn secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:canny).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9]{4}-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Cannyio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:capsulecrm).{0,40}\b([a-zA-Z0-9-._+=]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Capsulecrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Captaindata - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Captaindata - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:carboninterface).{0,40}\b([a-zA-Z0-9]{21})\b" then + report issue: + severity: high + confidence: firm + detail: "Carboninterface secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cashboard).{0,40}\b([0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3})\b" then + report issue: + severity: high + confidence: firm + detail: "Cashboard - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cashboard).{0,40}\b([0-9a-z]{1,})\b" then + report issue: + severity: high + confidence: firm + detail: "Cashboard - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Caspio - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Caspio - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:censys).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Censys - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:censys).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Censys - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:centralstation).{0,40}\b([a-z0-9]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Centralstationcrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([a-z]{2}[0-9]{9})\b" then + report issue: + severity: high + confidence: firm + detail: "Cexio - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([0-9A-Za-z]{24,27})\b" then + report issue: + severity: high + confidence: firm + detail: "Cexio - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:chatbot).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Chatbot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:chatfuel).{0,40}\b([a-zA-Z0-9]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Chatfule secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checio).{0,40}\b(pk_[a-z0-9]{45})\b" then + report issue: + severity: high + confidence: firm + detail: "Checio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checklyhq).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Checklyhq secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checkout).{0,40}\b((sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Checkout - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checkout).{0,40}\b(cus_[0-9a-zA-Z]{26})\b" then + report issue: + severity: high + confidence: firm + detail: "Checkout - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checkvist).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Checkvist - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:checkvist).{0,40}\b([0-9a-zA-Z]{14})\b" then + report issue: + severity: high + confidence: firm + detail: "Checkvist - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cicero).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Cicero secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clearbit).{0,40}\b([0-9a-z_]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Clearbit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9A-Za-z]{3,20}.try.clickhelp.co)\b" then + report issue: + severity: high + confidence: firm + detail: "Clickhelp - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clickhelp).{0,40}\b([0-9A-Za-z]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Clickhelp - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sms).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Clicksendsms - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clickup).{0,40}\b(pk_[0-9]{8}_[0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Clickuppersonaltoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cliengo).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Cliengo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clinchpad).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Clinchpad secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clockify).{0,40}\b([a-zA-Z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Clockify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9a-zA-Z]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Clockworksms - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9]{5})\b" then + report issue: + severity: high + confidence: firm + detail: "Clockworksms - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(api_[a-z0-9A-Z.]{45})\b" then + report issue: + severity: high + confidence: firm + detail: "Closecrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudelements).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudelements - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudelements).{0,40}\b([a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudelements - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudflare).{0,40}\b(v[A-Za-z0-9._-]{173,})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudflarecakey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudimage).{0,40}\b([a-z0-9_]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudimage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+" then + report issue: + severity: high + confidence: firm + detail: "Cloudinary Credentials secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudmersive).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudmersive secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloudplan).{0,40}\b([A-Z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloudplan secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloverly).{0,40}\b([a-z0-9:_]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloverly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloze).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloze - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cloze).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Cloze - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:clustdoc).{0,40}\b([0-9a-zA-Z]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Clustdoc secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:codacy).{0,40}\b([0-9A-Za-z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Codacy secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:coinapi).{0,40}\b([A-Z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Coinapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:coinbase).{0,40}\b([a-zA-Z-0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Coinbase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:coinlayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Coinlayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:coinlib).{0,40}\b([a-z0-9]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Coinlib secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:column).{0,40}\b((?:test|live)_[a-zA-Z0-9]{27})\b" then + report issue: + severity: high + confidence: firm + detail: "Column secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:commercejs).{0,40}\b([a-z0-9_]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Commercejs secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:commodities).{0,40}\b([a-zA-Z0-9]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Commodities secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:companyhub).{0,40}\b([0-9a-zA-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Companyhub - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:companyhub).{0,40}\b([a-zA-Z0-9$%^=-]{4,32})\b" then + report issue: + severity: high + confidence: firm + detail: "Companyhub - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Confluent - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Confluent - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:convertkit).{0,40}\b([a-z0-9A-Z_]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Convertkit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:convier).{0,40}\b([0-9]{2}\|[a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Convier secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:copper).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Copper - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:countrylayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Countrylayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:courier).{0,40}\b(pk\_[a-zA-Z0-9]{1,}\_[a-zA-Z0-9]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Courier secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:coveralls).{0,40}\b([a-zA-Z0-9-]{37})\b" then + report issue: + severity: high + confidence: firm + detail: "Coveralls secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:crowdin).{0,40}\b([0-9A-Za-z]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Crowdin secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:cryptocompare).{0,40}\b([a-z-0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Cryptocompare secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:currencycloud).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Currencycloud - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:currencyfreaks).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Currencyfreaks secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:currencylayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Currencylayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:currencyscoop).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Currencyscoop secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:currentsapi).{0,40}\b([a-zA-Z0-9\S]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Currentsapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Customerguru - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Customerguru - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:d7network).{0,40}\b([a-zA-Z0-9\W\S]{23}\=)" then + report issue: + severity: high + confidence: firm + detail: "D7network secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:daily).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Dailyco secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dandelion).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Dandelion secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dapi[a-f0-9]{32}\b" then + report issue: + severity: high + confidence: firm + detail: "Databricks secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:datafire).{0,40}\b([a-z0-9\S]{175,190})\b" then + report issue: + severity: high + confidence: firm + detail: "Datafire secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:data.gov).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Datagov secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:deepai).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Deepai secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:deepgram).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Deepgram secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:delighted).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Delighted secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z]{1,}.as.deputy.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Deputy - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:deputy).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Deputy - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:detectlanguage).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Detectlanguage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(web\_[0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Dfuse secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:diffbot).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Diffbot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:digitalocean).{0,40}\b([A-Za-z0-9_-]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Digitaloceantoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+" then + report issue: + severity: high + confidence: firm + detail: "Discord Webhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:discord).{0,40}\b([A-Za-z0-9_-]{24}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27})\b" then + report issue: + severity: high + confidence: firm + detail: "Discordbottoken - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:discord).{0,40}\b([0-9]{17})\b" then + report issue: + severity: high + confidence: firm + detail: "Discordbottoken - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(https:\/\/discord.com\/api\/webhooks\/[0-9]{18}\/[0-9a-zA-Z-]{68})" then + report issue: + severity: high + confidence: firm + detail: "Discordwebhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ditto).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\.[a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Ditto secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Dnscheck - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Dnscheck - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Documo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(dp\.pt\.[a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Doppler secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dotmailer).{0,40}\b(apiuser-[a-z0-9]{12}@apiconnector.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Dotmailer - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dotmailer).{0,40}\b([a-zA-Z0-9\S]{8,24})\b" then + report issue: + severity: high + confidence: firm + detail: "Dotmailer - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dovico).{0,40}\b([0-9a-z]{32}\.[0-9a-z]{1,}\b)" then + report issue: + severity: high + confidence: firm + detail: "Dovico secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dronahq).{0,40}\b([a-z0-9]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Dronahq secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:droneci).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Droneci secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sl\.[A-Za-z0-9\-\_]{130,140})\b" then + report issue: + severity: high + confidence: firm + detail: "Dropbox secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dwolla).{0,40}\b([a-zA-Z-0-9]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Dwolla secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dynalist).{0,40}\b([a-zA-Z0-9-_]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Dynalist secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}" then + report issue: + severity: high + confidence: firm + detail: "Dynatrace token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:dyspatch).{0,40}\b([A-Z0-9]{52})\b" then + report issue: + severity: high + confidence: firm + detail: "Dyspatch secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN EC PRIVATE KEY-----" then + report issue: + severity: high + confidence: firm + detail: "EC secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Eagleeyenetworks - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{15})\b" then + report issue: + severity: high + confidence: firm + detail: "Eagleeyenetworks - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Easyinsight - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([0-9Aa-zA-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Easyinsight - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Edamam - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Edamam - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:edenai).{0,40}\b([a-zA-Z0-9]{36}.[a-zA-Z0-9]{92}.[a-zA-Z0-9_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Edenai secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Eightxeight - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:elastic).{0,40}\b([A-Za-z0-9_-]{96})\b" then + report issue: + severity: high + confidence: firm + detail: "Elasticemail secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:enablex).{0,40}\b([a-zA-Z0-9]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Enablex - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:enablex).{0,40}\b([a-z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Enablex - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:enigma).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Enigma secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ethplorer).{0,40}\b([a-z0-9A-Z-]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Ethplorer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:everhour).{0,40}\b([0-9Aa-f]{4}-[0-9a-f]{4}-[0-9a-f]{6}-[0-9a-f]{6}-[0-9a-f]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Everhour secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:exchangerate).{0,40}\b([a-z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Exchangerateapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:exchangerates).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Exchangeratesapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "EAACEdEose0cBA[0-9A-Za-z]+" then + report issue: + severity: high + confidence: firm + detail: "Facebook Access Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:faceplusplus).{0,40}\b([0-9a-zA-Z_-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Faceplusplus secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fakejson).{0,40}\b([a-zA-Z0-9]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Fakejson secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fastforex).{0,40}\b([a-z0-9-]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Fastforex secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fastly).{0,40}\b([A-Za-z0-9_-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Fastlypersonaltoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:feedier).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Feedier secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fetchrss).{0,40}\b([0-9A-Za-z.]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Fetchrss secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:figma).{0,40}\b([0-9]{6}-[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Figmapersonalaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fileio).{0,40}\b([A-Z0-9.-]{39})\b" then + report issue: + severity: high + confidence: firm + detail: "Fileio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(API_KEY[0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Finage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:financialmodelingprep).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Financialmodelingprep secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:findl).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Findl secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:finnhub).{0,40}\b([0-9a-z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Finnhub secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fixer).{0,40}\b([A-Za-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Fixerio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flat).{0,40}\b([0-9a-z]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Flatio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(flb_live_[0-9a-zA-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Fleetbase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flickr).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Flickr secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flightapi).{0,40}\b([a-z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Flightapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Flightstats - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Flightstats - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:flowflu).{0,40}\b([a-zA-Z0-9]{51})\b" then + report issue: + severity: high + confidence: firm + detail: "Flowflu - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(FLWSECK-[0-9a-z]{32}-X)\b" then + report issue: + severity: high + confidence: firm + detail: "Flutterwave secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Fmfw - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9_-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Fmfw - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:formbucket).{0,40}\b([0-9A-Za-z]{1,}.[0-9A-Za-z]{1,}\.[0-9A-Z-a-z\-_]{1,})" then + report issue: + severity: high + confidence: firm + detail: "Formbucket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:formio).{0,40}\b(eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[0-9A-Za-z]{310}\.[0-9A-Z-a-z\-_]{43}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Formio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:foursquare).{0,40}\b([0-9A-Z]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Foursquare secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(fio-u-[0-9a-zA-Z_-]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Frameio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:freshbooks).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Freshbooks - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:freshbooks).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Freshbooks - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:freshdesk).{0,40}\b([0-9A-Za-z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Freshdesk - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z-]{1,}.freshdesk.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Freshdesk - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:front).{0,40}\b([0-9a-zA-Z]{36}.[0-9a-zA-Z\.\-\_]{188,244})\b" then + report issue: + severity: high + confidence: firm + detail: "Front secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fulcrum).{0,40}\b([a-z0-9]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Fulcrum secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fullstory).{0,40}\b([a-zA-Z-0-9/+]{88})\b" then + report issue: + severity: high + confidence: firm + detail: "Fullstory secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fusebill).{0,40}\b([a-zA-Z0-9]{88})\b" then + report issue: + severity: high + confidence: firm + detail: "Fusebill secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:fxmarket).{0,40}\b([0-9Aa-zA-Z-_=]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Fxmarket secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\{[^{]+auth_provider_x509_cert_url[^}]+\}" then + report issue: + severity: high + confidence: firm + detail: "Gcp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:geckoboard).{0,40}\b([a-zA-Z0-9]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Geckoboard secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "jdbc:mysql(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1376 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN OPENSSH PRIVATE KEY" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1700 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN PRIVATE KEY" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1701 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN RSA PRIVATE KEY" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1702 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN DSA PRIVATE KEY" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1703 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN EC PRIVATE KEY" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1704 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "BEGIN PGP PRIVATE KEY BLOCK" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1705 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "algolia_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1710 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "asana_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1711 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "azure_tenant" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1713 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "bitly_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1714 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "browserstack_access_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1716 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "buildkite_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1717 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "comcast_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1718 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "datadog_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1719 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deviantart_secret" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1720 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "deviantart_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1721 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dropbox_api_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1722 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "facebook_appsecret" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1723 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "facebook_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1724 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase_custom_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1725 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase_id_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1726 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github_client" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1727 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github_ssh_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1728 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gitlab_private_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1730 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "heroku_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1733 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "instagram_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1734 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailchimp_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1735 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1736 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pagerduty_api_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1739 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "paypal_key_sb" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1740 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "paypal_key_live" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1741 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "paypal_token_sb" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1742 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "paypal_token_live" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1743 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pendo_integration_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1744 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "salesforce_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1745 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "saucelabs_ukey" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1746 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sendgrid_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1747 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "slack_api_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1748 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "square_auth_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1751 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travisci_api_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1752 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter_api_secret" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1754 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter_bearer_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1755 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "spotify_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1756 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stripe_key_live" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1757 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wakatime_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1758 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wompi_auth_bearer_sb" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1759 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wompi_auth_bearer_live" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1760 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "wpengine_api_key" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1761 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "zendesk_access_token" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1763 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ssh-rsa" then + report issue: + severity: high + confidence: firm + detail: "Generic - 1764 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gengo).{0,40}([ ]{0,1}[0-9a-zA-Z\[\]\-\(\)\{\}|_^@$=~]{64}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Gengo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:geoapify).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Geoapify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:geocode).{0,40}\b([a-z0-9]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Geocode secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:geocodify).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Geocodify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:geocod).{0,40}\b([a-z0-9]{39})\b" then + report issue: + severity: high + confidence: firm + detail: "Geocodio - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipifi).{0,40}\b([a-z0-9A-Z_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Geoipifi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getemail).{0,40}\b([a-zA-Z0-9-]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Getemail secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{26})\b" then + report issue: + severity: high + confidence: firm + detail: "Getemails - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{18})\b" then + report issue: + severity: high + confidence: firm + detail: "Getemails - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getgeoapi).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Getgeoapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getgist).{0,40}\b([a-z0-9A-Z+=]{68})" then + report issue: + severity: high + confidence: firm + detail: "Getgist secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Getsandbox - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{15,30})\b" then + report issue: + severity: high + confidence: firm + detail: "Getsandbox - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)" then + report issue: + severity: high + confidence: firm + detail: "Github - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(ghu|ghs)_[0-9a-zA-Z]{36}" then + report issue: + severity: high + confidence: firm + detail: "Github App Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gho_[0-9a-zA-Z]{36}" then + report issue: + severity: high + confidence: firm + detail: "Github OAuth Access Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ghp_[0-9a-zA-Z]{36}" then + report issue: + severity: high + confidence: firm + detail: "Github Personal Access Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ghr_[0-9a-zA-Z]{76}" then + report issue: + severity: high + confidence: firm + detail: "Github Refresh Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:github)[^\.].{0,40}[ =:'\"]+([a-f0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Github_old secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:github).{0,40}(-----BEGIN RSA PRIVATE KEY-----\s[A-Za-z0-9+\/\s]*\s-----END RSA PRIVATE KEY-----)" then + report issue: + severity: high + confidence: firm + detail: "Githubapp - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(glpat-[a-zA-Z0-9\-=_]{20,22})\b" then + report issue: + severity: high + confidence: firm + detail: "Gitlabv2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gitter).{0,40}\b([a-z0-9-]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Gitter secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:glassnode).{0,40}\b([0-9A-Za-z]{27})\b" then + report issue: + severity: high + confidence: firm + detail: "Glassnode secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gocanvas).{0,40}\b([0-9A-Za-z/+]{43}=[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Gocanvas - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gocanvas).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Gocanvas - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(live_[0-9A-Za-z\_\-]{40}[ \"'\r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Gocardless secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:goodday).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Goodday secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\"type\": \"service_account\"" then + report issue: + severity: high + confidence: firm + detail: "Google (GCP) Service Account secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "AIza[0-9a-z-_]{35}" then + report issue: + severity: high + confidence: firm + detail: "Google API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+" then + report issue: + severity: high + confidence: firm + detail: "Google Calendar URI secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ya29\.[0-9A-Za-z\-_]+" then + report issue: + severity: high + confidence: firm + detail: "Google OAuth Access Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:graph).{0,40}\b([a-z0-9]{25})\b" then + report issue: + severity: high + confidence: firm + detail: "Graphcms - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\b" then + report issue: + severity: high + confidence: firm + detail: "Graphcms - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:graphhopper).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Graphhopper secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:groove).{0,40}\b([a-z0-9A-Z]{64})" then + report issue: + severity: high + confidence: firm + detail: "Groovehq secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:guru).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Guru - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Guru - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:gyazo).{0,40}\b([0-9A-Za-z-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Gyazo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:happi).{0,40}\b([a-zA-Z0-9]{56})" then + report issue: + severity: high + confidence: firm + detail: "Happi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:happyscribe).{0,40}\b([0-9a-zA-Z]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Happyscribe secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:harvest).{0,40}\b([a-z0-9A-Z._]{97})\b" then + report issue: + severity: high + confidence: firm + detail: "Harvest - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hellosign).{0,40}\b([a-zA-Z-0-9/+]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Hellosign secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:helpcrunch).{0,40}\b([a-zA-Z-0-9+/=]{328})" then + report issue: + severity: high + confidence: firm + detail: "Helpcrunch secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:helpscout).{0,40}\b([A-Za-z0-9]{56})\b" then + report issue: + severity: high + confidence: firm + detail: "Helpscout secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hereapi).{0,40}\b([a-zA-Z0-9\S]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Hereapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:heroku).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Heroku secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hive).{0,40}\b([0-9A-Za-z]{17})\b" then + report issue: + severity: high + confidence: firm + detail: "Hive - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hiveage).{0,40}\b([0-9A-Za-z\_\-]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Hiveage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:holidayapi).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Holidayapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:html2pdf).{0,40}\b([a-zA-Z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Html2pdf secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hubspot).{0,40}\b([A-Za-z0-9]{8}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Hubspotapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:humanity).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Humanity secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{54})\b" then + report issue: + severity: high + confidence: firm + detail: "Hypertrack - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{27})\b" then + report issue: + severity: high + confidence: firm + detail: "Hypertrack - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ibm).{0,40}\b([A-Za-z0-9_-]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Ibmclouduserkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:iconfinder).{0,40}\b([a-zA-Z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Iconfinder secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:iexcloud).{0,40}\b([a-z0-9_]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Iexcloud secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:imagekit).{0,40}\b([a-zA-Z0-9_=]{36})" then + report issue: + severity: high + confidence: firm + detail: "Imagekit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:imagga).{0,40}\b([a-z0-9A-Z=]{72})" then + report issue: + severity: high + confidence: firm + detail: "Imagga secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:impala).{0,40}\b([0-9A-Za-z_]{46})\b" then + report issue: + severity: high + confidence: firm + detail: "Impala secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:insightly).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Insightly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:integromat).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Integromat secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:intrinio).{0,40}\b([a-zA-Z0-9]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Intrinio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:invoiceocean).{0,40}\b([0-9A-Za-z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Invoiceocean - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z]{1,}.invoiceocean.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Invoiceocean - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipapi).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipgeolocation).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipgeolocation secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipify).{0,40}\b([a-zA-Z0-9_-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipinfodb).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipinfodb secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipquality).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipquality secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ipstack).{0,40}\b([a-fA-f0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ipstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+" then + report issue: + severity: high + confidence: firm + detail: "JDBC Connection String secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Jiratoken - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\@[a-zA-Z-0-9]{3,16}\.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Jiratoken - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:jotform).{0,40}\b([0-9Aa-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Jotform secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:jumpcloud).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Jumpcloud secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:juro).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Juro secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kanban).{0,40}\b([0-9A-Z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Kanban - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z]{1,}.kanbantool.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Kanban - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:karma).{0,40}\b([a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Karmacrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:keen).{0,40}\b([0-9a-z]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Keenio - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:keen).{0,40}\b([0-9A-Z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Keenio - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kickbox).{0,40}\b([a-zA-Z0-9_]+[a-zA-Z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Kickbox secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:klipfolio).{0,40}\b([0-9a-f]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Klipfolio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kontent).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Kontent secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{56}[ \"'\r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Kraken - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{86,88}[ \"'\r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Kraken - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kucoin).{0,40}([ \r\n]{1}[!-~]{7,32}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Kucoin - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Kucoin - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Kucoin - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:kylas).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Kylas secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:languagelayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Languagelayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:lastfm).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Lastfm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:launchdarkly).{0,40}\b([a-z0-9-]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Launchdarkly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:leadfeeder).{0,40}\b([a-zA-Z0-9-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Leadfeeder secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:lendflow).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{235}\.[a-zA-Z0-9]{32}\-[a-zA-Z0-9]{47}\-[a-zA-Z0-9_]{162}\-[a-zA-Z0-9]{42}\-[a-zA-Z0-9_]{40}\-[a-zA-Z0-9_]{66}\-[a-zA-Z0-9_]{59}\-[a-zA-Z0-9]{7}\-[a-zA-Z0-9_]{220})\b" then + report issue: + severity: high + confidence: firm + detail: "Lendflow secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:lexigram).{0,40}\b([a-zA-Z0-9\S]{301})\b" then + report issue: + severity: high + confidence: firm + detail: "Lexigram secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(lin_api_[0-9A-Za-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Linearapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:line).{0,40}\b([A-Za-z0-9+/]{171,172})\b" then + report issue: + severity: high + confidence: firm + detail: "Linemessaging secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:linenotify).{0,40}\b([0-9A-Za-z]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Linenotify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:linkpreview).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Linkpreview secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:liveagent).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Liveagent secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:livestorm).{0,40}\b(eyJhbGciOiJIUzI1NiJ9\.eyJhdWQiOiJhcGkubGl2ZXN0b3JtLmNvIiwianRpIjoi[0-9A-Z-a-z]{134}\.[0-9A-Za-z\-\_]{43}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Livestorm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(pk\.[a-zA-Z-0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Locationiq secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:loginradius).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Loginradius secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:lokalise).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Lokalisetoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:loyverse).{0,40}\b([0-9-a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Loyverse secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:luno).{0,40}\b([a-z0-9]{13})\b" then + report issue: + severity: high + confidence: firm + detail: "Luno - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:luno).{0,40}\b([a-zA-Z0-9_-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Luno - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:macaddress).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Macaddress secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:madkudu).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Madkudu secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:magnetic).{0,40}\b([0-9Aa-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Magnetic secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9a-f]{32}-us[0-9]{1,2}" then + report issue: + severity: high + confidence: firm + detail: "MailChimp API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailboxlayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailboxlayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailerlite).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailerlite secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailgun).{0,40}\b([a-zA-Z-0-9]{72})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailgun - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "key-[0-9a-zA-Z]{32}" then + report issue: + severity: high + confidence: firm + detail: "Mailgun API Key - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{87}\=)" then + report issue: + severity: high + confidence: firm + detail: "Mailjetbasicauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailjetsms secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailmodo).{0,40}\b([A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailmodo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mailsac).{0,40}\b(k_[0-9A-Za-z]{36,})\b" then + report issue: + severity: high + confidence: firm + detail: "Mailsac secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mandrill).{0,40}\b([A-Za-z0-9_-]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Mandrill secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sk\.[a-zA-Z-0-9\.]{80,240})\b" then + report issue: + severity: high + confidence: firm + detail: "Mapbox - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mapquest).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mapquest secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:marketstack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Marketstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mattermost).{0,40}\b([A-Za-z0-9-_]{1,}.cloud.mattermost.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Mattermostpersonaltoken - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mattermost).{0,40}\b([a-z0-9]{26})\b" then + report issue: + severity: high + confidence: firm + detail: "Mattermostpersonaltoken - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mavenlink).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Mavenlink secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9A-Za-z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Maxmindlicense - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9]{2,7})\b" then + report issue: + severity: high + confidence: firm + detail: "Maxmindlicense - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:meaningcloud).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Meaningcloud secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mediastack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mediastack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:meistertask).{0,40}\b([a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Meistertask secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mesibo).{0,40}\b([0-9A-Za-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Mesibo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:messagebird).{0,40}\b([A-Za-z0-9_-]{25})\b" then + report issue: + severity: high + confidence: firm + detail: "Messagebird secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Metaapi - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Metaapi - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:metrilo).{0,40}\b([a-z0-9]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Metrilo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(https:\/\/[a-zA-Z-0-9]+\.webhook\.office\.com\/webhookb2\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\/IncomingWebhook\/[a-zA-Z-0-9]{32}\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})" then + report issue: + severity: high + confidence: firm + detail: "Microsoftteamswebhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "midi-662b69edd2[a-zA-Z0-9]{54}" then + report issue: + severity: high + confidence: firm + detail: "Midise secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mindmeister).{0,40}\b([a-zA-Z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Mindmeister secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mite).{0,40}\b([0-9a-z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Mite - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z-]{1,}.mite.yo.lk)\b" then + report issue: + severity: high + confidence: firm + detail: "Mite - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mixmax).{0,40}\b([a-zA-Z0-9_-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Mixmax secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9.-]{30,40})\b" then + report issue: + severity: high + confidence: firm + detail: "Mixpanel - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Mixpanel - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:moderation).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Moderation secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:monday).{0,40}\b(ey[a-zA-Z0-9_.]{210,225})\b" then + report issue: + severity: high + confidence: firm + detail: "Monday secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:moonclerck).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Moonclerck secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:moonclerk).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Moonclerk secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:moosend).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Moosend secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:mrticktock).{0,40}\b([a-zA-Z0-9!=@#$%()_^]{1,50})" then + report issue: + severity: high + confidence: firm + detail: "Mrticktock - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:myintervals).{0,40}\b([0-9a-z]{11})\b" then + report issue: + severity: high + confidence: firm + detail: "Myintervals secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nasdaq).{0,40}\b([a-zA-Z0-9_-]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Nasdaqdatalink secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nethunt).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + report issue: + severity: high + confidence: firm + detail: "Nethunt - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nethunt).{0,40}\b([a-z0-9-\S]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Nethunt - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:netlify).{0,40}\b([A-Za-z0-9_-]{43,45})\b" then + report issue: + severity: high + confidence: firm + detail: "Netlify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Neutrinoapi - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{6,24})\b" then + report issue: + severity: high + confidence: firm + detail: "Neutrinoapi - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "NRAA-[a-f0-9]{27}" then + report issue: + severity: high + confidence: firm + detail: "Newrelic Admin API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "NRI(?:I|Q)-[A-Za-z0-9\-_]{32}" then + report issue: + severity: high + confidence: firm + detail: "Newrelic Insights API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "NRRA-[a-f0-9]{42}" then + report issue: + severity: high + confidence: firm + detail: "Newrelic REST API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}" then + report issue: + severity: high + confidence: firm + detail: "Newrelic Synthetics Location Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:newrelic).{0,40}\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b" then + report issue: + severity: high + confidence: firm + detail: "Newrelicpersonalapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:newsapi).{0,40}\b([a-z0-9]{32})" then + report issue: + severity: high + confidence: firm + detail: "Newsapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:newscatcher).{0,40}\b([0-9A-Za-z_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Newscatcher secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Nexmoapikey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Nexmoapikey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nftport).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Nftport secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nicereply).{0,40}\b([0-9a-f]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Nicereply secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nimble).{0,40}\b([a-zA-Z0-9]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Nimble secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nitro).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Nitro secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:noticeable).{0,40}\b([0-9a-zA-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Noticeable secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(secret_[A-Za-z0-9]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Notion secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nozbe|nozbeteams).{0,40}\b([0-9A-Za-z]{16}_[0-9A-Za-z\-_]{64}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Nozbeteams secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:numverify).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Numverify secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Nutritionix - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Nutritionix - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:nylas).{0,40}\b([0-9A-Za-z]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Nylas secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:oanda).{0,40}\b([a-zA-Z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Oanda secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:omnisend).{0,40}\b([a-z0-9A-Z-]{75})\b" then + report issue: + severity: high + confidence: firm + detail: "Omnisend secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:onedesk).{0,40}\b([a-zA-Z0-9!=@#$%^]{8,64})" then + report issue: + severity: high + confidence: firm + detail: "Onedesk - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})" then + report issue: + severity: high + confidence: firm + detail: "Onelogin - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-zA-Z0-9=]{44})" then + report issue: + severity: high + confidence: firm + detail: "Onepagecrm - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Onepagecrm - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:onwater).{0,40}\b([a-zA-Z0-9_-]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Onwaterio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:oopspam).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Oopspam secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:opencagedata).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Opencagedata secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:opengraphr).{0,40}\b([0-9Aa-zA-Z]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Opengraphr secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:openuv).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Openuv secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:openweather).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Openweather secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:optimizely).{0,40}\b([0-9A-Za-z-:]{54})\b" then + report issue: + severity: high + confidence: firm + detail: "Optimizely secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:owlbot).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Owlbot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN PGP PRIVATE KEY BLOCK-----" then + report issue: + severity: high + confidence: firm + detail: "PGP private key block secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pagerduty).{0,40}\b([a-z]{1}\+[a-zA-Z]{9}\-[a-z]{2}\-[a-z0-9]{5})\b" then + report issue: + severity: high + confidence: firm + detail: "Pagerdutyapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pandadoc).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Pandadoc secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pandascore).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-\_]{51}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Pandascore secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:paralleldots).{0,40}\b([0-9A-Za-z]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Paralleldots secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:partnerstack).{0,40}\b([0-9A-Za-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Partnerstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:passbase).{0,40}\b([a-zA-Z0-9]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Passbase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}[\"'\s]" then + report issue: + severity: high + confidence: firm + detail: "Password in URL secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pastebin).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Pastebin secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}" then + report issue: + severity: high + confidence: firm + detail: "PayPal Braintree access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:paymoapp).{0,40}\b([a-zA-Z0-9]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Paymoapp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:paymongo).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Paymongo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sk\_[a-z]{1,}\_[A-Za-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Paystack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pdflayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Pdflayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pdfshift).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Pdfshift secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:peopledatalabs).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Peopledatalabs secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pepipost|netcore).{0,40}\b([a-zA-Z-0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Pepipost secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sk_live_[0-9a-z]{32}" then + report issue: + severity: high + confidence: firm + detail: "Picatic API key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pipedream).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Pipedream secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pipedrive).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Pipedrive secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pivotal).{0,40}([a-z0-9]{32})" then + report issue: + severity: high + confidence: firm + detail: "Pivotaltracker secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pixabay).{0,40}\b([a-z0-9-]{34})\b" then + report issue: + severity: high + confidence: firm + detail: "Pixabay secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Plaidkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Plaidkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:planviewleankit|planview).{0,40}\b([0-9a-f]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Planviewleankit - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:planviewleankit|planview).{0,40}(?:subdomain).\b([a-zA-Z][a-zA-Z0-9.-]{1,23}[a-zA-Z0-9])\b" then + report issue: + severity: high + confidence: firm + detail: "Planviewleankit - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:planyo).{0,40}\b([0-9a-z]{62})\b" then + report issue: + severity: high + confidence: firm + detail: "Planyo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:plivo).{0,40}\b([A-Za-z0-9_-]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Plivo - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:plivo).{0,40}\b([A-Z]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Plivo - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:poloniex).{0,40}\b([0-9a-f]{128})\b" then + report issue: + severity: high + confidence: firm + detail: "Poloniex - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:poloniex).{0,40}\b([0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8})\b" then + report issue: + severity: high + confidence: firm + detail: "Poloniex - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:polygon).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Polygon secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:positionstack).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Positionstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:postageapp).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Postageapp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(phc_[a-zA-Z0-9_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Posthog secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(PMAK-[a-zA-Z-0-9]{59})\b" then + report issue: + severity: high + confidence: firm + detail: "Postman secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:postmark).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Postmark secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:powrbot).{0,40}\b([a-z0-9A-Z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Powrbot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----" then + report issue: + severity: high + confidence: firm + detail: "Privatekey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Prospectcrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9A-Z-]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Prospectio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:protocols).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Protocolsio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:proxycrawl).{0,40}\b([a-zA-Z0-9_]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Proxycrawl secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Pubnubpublishkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Pubnubpublishkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:purestake).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Purestake secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pushbullet).{0,40}\b([A-Za-z0-9_\.]{34})\b" then + report issue: + severity: high + confidence: firm + detail: "Pushbulletapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pusher).{0,40}\b([a-z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Pusherchannelkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:pusher).{0,40}\b([0-9]{7})\b" then + report issue: + severity: high + confidence: firm + detail: "Pusherchannelkey - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" then + report issue: + severity: high + confidence: firm + detail: "PyPI upload token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:qualaroo).{0,40}\b([a-z0-9A-Z=]{64})" then + report issue: + severity: high + confidence: firm + detail: "Qualaroo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:qubole).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Qubole secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:quickmetrics).{0,40}\b([a-zA-Z0-9_-]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Quickmetrics secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN PRIVATE KEY-----" then + report issue: + severity: high + confidence: firm + detail: "RKCS8 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN RSA PRIVATE KEY-----" then + report issue: + severity: high + confidence: firm + detail: "RSA private key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rapidapi).{0,40}\b([A-Za-z0-9_-]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Rapidapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:raven).{0,40}\b([A-Z0-9-]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Raven secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rawg).{0,40}\b([0-9Aa-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Rawg secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\brzp_\w{2,6}_\w{10,20}\b" then + report issue: + severity: high + confidence: firm + detail: "Razorpay - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:readme).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Readme secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\b" then + report issue: + severity: high + confidence: firm + detail: "Reallysimplesystems secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rebrandly).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Rebrandly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:refiner).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Refiner secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9_.!+$#^*]{3,32})\b" then + report issue: + severity: high + confidence: firm + detail: "Repairshopr - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9-]{51})\b" then + report issue: + severity: high + confidence: firm + detail: "Repairshopr - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:restpack).{0,40}\b([a-zA-Z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Restpack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:restpack).{0,40}\b([0-9A-Za-z]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Restpackhtmltopdfapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\/\+]{27}\=[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Rev - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9]{40}\b)" then + report issue: + severity: high + confidence: firm + detail: "Revampcrm - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ringcentral).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Ringcentral - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ringcentral).{0,40}\b([0-9A-Za-z_-]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Ringcentral - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ritekit).{0,40}\b([0-9a-f]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Ritekit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:roaring).{0,40}\b([0-9A-Za-z_-]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Roaring secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rocketreach).{0,40}\b([a-z0-9-]{39})\b" then + report issue: + severity: high + confidence: firm + detail: "Rocketreach secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ronin).{0,40}\b([0-9a-zA-Z]{26})\b" then + report issue: + severity: high + confidence: firm + detail: "Roninapp - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:route4me).{0,40}\b([0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Route4me secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Rownd - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Rownd - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:rownd).{0,40}\b([0-9]{18})\b" then + report issue: + severity: high + confidence: firm + detail: "Rownd - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(rubygems_[a-zA0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Rubygems secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:runrunit).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Runrunit - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:runrunit).{0,40}\b([0-9A-Za-z]{18,20})\b" then + report issue: + severity: high + confidence: firm + detail: "Runrunit - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN OPENSSH PRIVATE KEY-----" then + report issue: + severity: high + confidence: firm + detail: "SSH secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "-----BEGIN DSA PRIVATE KEY-----" then + report issue: + severity: high + confidence: firm + detail: "SSH (DSA) private key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:salesblink).{0,40}\b([a-zA-Z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Salesblink secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:salescookie).{0,40}\b([a-zA-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Salescookie secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:salesflare).{0,40}\b([a-zA-Z0-9_]{45})\b" then + report issue: + severity: high + confidence: firm + detail: "Salesflare secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{4,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,12})\b" then + report issue: + severity: high + confidence: firm + detail: "Satismeterprojectkey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Satismeterprojectkey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9!=@#$%^]{6,32})" then + report issue: + severity: high + confidence: firm + detail: "Satismeterprojectkey - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:satismeter).{0,40}\b([a-z0-9A-Z]{16})\b" then + report issue: + severity: high + confidence: firm + detail: "Satismeterwritekey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(oauth\-[a-z0-9]{8,}\-[a-z0-9]{5})\b" then + report issue: + severity: high + confidence: firm + detail: "Saucelabs - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:saucelabs).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Saucelabs - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scaleway).{0,40}\b([0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Scalewaykey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapeowl).{0,40}\b([0-9a-z]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapeowl secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scraperapi).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Scraperapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scraperbox).{0,40}\b([A-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Scraperbox secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapersite).{0,40}\b([a-zA-Z0-9]{45})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapersite secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapestack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapestack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapfly).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapfly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapingant).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapingant secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:scrapingbee).{0,40}\b([A-Z0-9]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Scrapingbee secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:screenshotapi).{0,40}\b([0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7})\b" then + report issue: + severity: high + confidence: firm + detail: "Screenshotapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:screenshotlayer).{0,40}\b([a-zA-Z0-9_]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Screenshotlayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:securitytrails).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Securitytrails secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:segment).{0,40}\b([A-Za-z0-9_\-a-zA-Z]{43}\.[A-Za-z0-9_\-a-zA-Z]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Segmentapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:selectpdf).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Selectpdf secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:semaphore).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Semaphore secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "SG\.[\w_]{16,32}\.[\w_]{16,64}" then + report issue: + severity: high + confidence: firm + detail: "SendGrid API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Sendbird - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Sendbird - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Sendbirdorganizationapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sendgrid).{0,40}(SG\.[\w\-_]{20,24}\.[\w\-_]{39,50})\b" then + report issue: + severity: high + confidence: firm + detail: "Sendgrid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(xkeysib\-[A-Za-z0-9_-]{81})\b" then + report issue: + severity: high + confidence: firm + detail: "Sendinbluev2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sentiment).{0,40}\b([0-9]{17})\b" then + report issue: + severity: high + confidence: firm + detail: "Sentiment - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sentiment).{0,40}\b([a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Sentiment - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sentry).{0,40}\b([a-f0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Sentrytoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:serphouse).{0,40}\b([0-9A-Za-z]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Serphouse secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:serpstack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Serpstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Sheety - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Sheety - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sherpadesk).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Sherpadesk secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shipday).{0,40}\b([a-zA-Z0-9.]{11}[a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Shipday secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shodan).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Shodankey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "shpat_[a-fA-F0-9]{32}" then + report issue: + severity: high + confidence: firm + detail: "Shopify access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "shpca_[a-fA-F0-9]{32}" then + report issue: + severity: high + confidence: firm + detail: "Shopify custom app access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "shppa_[a-fA-F0-9]{32}" then + report issue: + severity: high + confidence: firm + detail: "Shopify private app access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "shpss_[a-fA-F0-9]{32}" then + report issue: + severity: high + confidence: firm + detail: "Shopify shared secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shortcut).{0,40}\b([0-9a-f-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Shortcut secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shotstack).{0,40}\b([a-zA-Z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Shotstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:shutterstock).{0,40}\b(v2/[0-9A-Za-z]{388})\b" then + report issue: + severity: high + confidence: firm + detail: "Shutterstockoauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([0-9a-z-]{3,64}.signalwire.com)\b" then + report issue: + severity: high + confidence: firm + detail: "Signalwire - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:signalwire).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Signalwire - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:signalwire).{0,40}\b([0-9A-Za-z]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Signalwire - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:signaturit).{0,40}\b([0-9A-Za-z]{86})\b" then + report issue: + severity: high + confidence: firm + detail: "Signaturit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:signupgenius).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Signupgenius secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sigopt).{0,40}\b([A-Z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Sigopt secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:simplesat).{0,40}\b([a-z0-9]{40})" then + report issue: + severity: high + confidence: firm + detail: "Simplesat secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:simplynoted).{0,40}\b([a-zA-Z0-9\S]{340,360})\b" then + report issue: + severity: high + confidence: firm + detail: "Simplynoted secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:simvoly).{0,40}\b([a-z0-9]{33})\b" then + report issue: + severity: high + confidence: firm + detail: "Simvoly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sinch).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Sinchmessage secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9\S]{88})" then + report issue: + severity: high + confidence: firm + detail: "Sirv - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9]{26})\b" then + report issue: + severity: high + confidence: firm + detail: "Sirv - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:siteleaf).{0,40}\b([0-9Aa-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Siteleaf secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:skrapp).{0,40}\b([a-z0-9A-Z]{42})\b" then + report issue: + severity: high + confidence: firm + detail: "Skrappio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:skybiometry).{0,40}\b([0-9a-z]{25,26})\b" then + report issue: + severity: high + confidence: firm + detail: "Skybiometry secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "xox[baprs]-[0-9a-zA-Z]{10,48}" then + report issue: + severity: high + confidence: firm + detail: "Slack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" then + report issue: + severity: high + confidence: firm + detail: "Slack Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{23,24}" then + report issue: + severity: high + confidence: firm + detail: "Slack Webhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "xoxb-[0-9A-Za-z\-]{51}" then + report issue: + severity: high + confidence: firm + detail: "Slack access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46})" then + report issue: + severity: high + confidence: firm + detail: "Slackwebhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:smartsheets).{0,40}\b([a-zA-Z0-9]{37})\b" then + report issue: + severity: high + confidence: firm + detail: "Smartsheets secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:smartystreets).{0,40}\b([a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Smartystreets - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:smartystreets).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Smartystreets - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:smooch).{0,40}\b(act_[0-9a-z]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Smooch - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:smooch).{0,40}\b([0-9a-zA-Z_-]{86})\b" then + report issue: + severity: high + confidence: firm + detail: "Smooch - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:snipcart).{0,40}\b([0-9A-Za-z_]{75})\b" then + report issue: + severity: high + confidence: firm + detail: "Snipcart secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:snyk).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Snykkey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" then + report issue: + severity: high + confidence: firm + detail: "SonarQube Token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:splunk).{0,40}\b([a-z0-9A-Z]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Splunkobservabilitytoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:spoonacular).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Spoonacular secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sportsmonk).{0,40}\b([0-9a-zA-Z]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Sportsmonk secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:square).{0,40}(EAAA[a-zA-Z0-9\-\+\=]{60})" then + report issue: + severity: high + confidence: firm + detail: "Square secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sq0csp-[0-9A-Za-z\-_]{43}" then + report issue: + severity: high + confidence: firm + detail: "Square OAuth Secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sq0atp-[0-9A-Za-z\-_]{22}" then + report issue: + severity: high + confidence: firm + detail: "Square access token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[\w\-]*sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}" then + report issue: + severity: high + confidence: firm + detail: "Squareapp - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[\w\-]*sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}" then + report issue: + severity: high + confidence: firm + detail: "Squareapp - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:squarespace).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Squarespace secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(sq0idp-[0-9A-Za-z]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Squareup secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sslmate).{0,40}\b([a-zA-Z0-9]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Sslmate secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:stitchdata).{0,40}\b([0-9a-z_]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Stitchdata secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:stockdata).{0,40}\b([0-9A-Za-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Stockdata secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:storecove).{0,40}\b([a-zA-Z0-9_-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Storecove secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:stormglass).{0,40}\b([0-9Aa-z-]{73})\b" then + report issue: + severity: high + confidence: firm + detail: "Stormglass secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:storyblok).{0,40}\b([0-9A-Za-z]{22}t{2})\b" then + report issue: + severity: high + confidence: firm + detail: "Storyblok secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:storychief).{0,40}\b([a-zA-Z0-9_\-.]{940,1000})" then + report issue: + severity: high + confidence: firm + detail: "Storychief secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:strava).{0,40}\b([0-9]{5})\b" then + report issue: + severity: high + confidence: firm + detail: "Strava - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:strava).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Strava - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:streak).{0,40}\b([0-9Aa-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Streak secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[rs]k_live_[a-zA-Z0-9]{20,30}" then + report issue: + severity: high + confidence: firm + detail: "Stripe secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sk_live_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe API Key - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stripe[sr]k_live_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe API key - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "stripe[sk|rk]_live_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe API key - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pk_live_[0-9a-z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Public Live Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "pk_test_[0-9a-z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Public Test Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rk_(?:live|test)_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Restriced Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rk_live_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Restricted API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "sk_(?:live|test)_[0-9a-zA-Z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Secret Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sk|rk)_live_[0-9a-z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Secret Live Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(sk|rk)_test_[0-9a-z]{24}" then + report issue: + severity: high + confidence: firm + detail: "Stripe Secret Test Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:stytch).{0,40}\b([a-zA-Z0-9-_]{47}=)" then + report issue: + severity: high + confidence: firm + detail: "Stytch - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:stytch).{0,40}\b([a-z0-9-]{49})\b" then + report issue: + severity: high + confidence: firm + detail: "Stytch - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9_.!+$#^*%]{3,32})\b" then + report issue: + severity: high + confidence: firm + detail: "Sugester - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Sugester - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{14})\b" then + report issue: + severity: high + confidence: firm + detail: "Sumologickey - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Sumologickey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:supernotes).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-_]{43}[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Supernotesapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:surveybot).{0,40}\b([A-Za-z0-9-]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Surveybot secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:surveysparrow).{0,40}\b([a-zA-Z0-9-_]{88})\b" then + report issue: + severity: high + confidence: firm + detail: "Surveysparrow secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:survicate).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Survicate secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Swell - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:swiftype).{0,40}\b([a-zA-z-0-9]{6}\_[a-zA-z-0-9]{6}\-[a-zA-z-0-9]{6})\b" then + report issue: + severity: high + confidence: firm + detail: "Swiftype secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tallyfy).{0,40}\b([0-9A-Za-z]{36}\.[0-9A-Za-z]{264}\.[0-9A-Za-z\-\_]{683})\b" then + report issue: + severity: high + confidence: firm + detail: "Tallyfy secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tatum).{0,40}\b([0-9a-z-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Tatumio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:taxjar).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Taxjar secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:teamgate).{0,40}\b([a-z0-9]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Teamgate - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:teamgate).{0,40}\b([a-zA-Z0-9]{80})\b" then + report issue: + severity: high + confidence: firm + detail: "Teamgate - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:teamwork|teamworkcrm).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Teamworkcrm secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:teamwork|teamworkdesk).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Teamworkdesk secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:teamwork|teamworkspaces).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + report issue: + severity: high + confidence: firm + detail: "Teamworkspaces secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:technicalanalysisapi).{0,40}\b([A-Z0-9]{48})\b" then + report issue: + severity: high + confidence: firm + detail: "Technicalanalysisapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "[0-9]+:AA[0-9A-Za-z\-_]{33}" then + report issue: + severity: high + confidence: firm + detail: "Telegram Bot API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "d{5,}:A[0-9a-z_-]{34,34}" then + report issue: + severity: high + confidence: firm + detail: "Telegram Secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:telegram).{0,40}\b([0-9]{8,10}:[a-zA-Z0-9_-]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Telegrambottoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:telnyx).{0,40}\b(KEY[0-9A-Za-z_-]{55})\b" then + report issue: + severity: high + confidence: firm + detail: "Telnyx secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\b" then + report issue: + severity: high + confidence: firm + detail: "Terraformcloudpersonaltoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:text2data).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Text2data secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Textmagic - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{1,25})\b" then + report issue: + severity: high + confidence: firm + detail: "Textmagic - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:theoddsapi|the-odds-api).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Theoddsapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:thinkific).{0,40}\b([0-9a-f]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Thinkific - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:thinkific).{0,40}\b([0-9A-Za-z]{4,40})\b" then + report issue: + severity: high + confidence: firm + detail: "Thinkific - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Thousandeyes - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + report issue: + severity: high + confidence: firm + detail: "Thousandeyes - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:ticketmaster).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Ticketmaster secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tiingo).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Tiingo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:timezoneapi).{0,40}\b([a-zA-Z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Timezoneapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tly).{0,40}\b([0-9A-Za-z]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Tly secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tmetric).{0,40}\b([0-9A-Z]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Tmetric secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:todoist).{0,40}\b([0-9a-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Todoist secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:toggl).{0,40}\b([0-9Aa-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Toggltrack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tomorrow).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Tomorrowio secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tomtom).{0,40}\b([0-9Aa-zA-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Tomtom secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tradier).{0,40}\b([a-zA-Z0-9]{28})\b" then + report issue: + severity: high + confidence: firm + detail: "Tradier secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:travelpayouts).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Travelpayouts secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:travis).{0,40}\b([a-zA-Z0-9A-Z_]{22})\b" then + report issue: + severity: high + confidence: firm + detail: "Travisci secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "https://trello.com/b/[0-9a-z]/[0-9a-z_-]+" then + report issue: + severity: high + confidence: firm + detail: "Trello URL secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:trello).{0,40}\b([a-zA-Z-0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Trelloapikey - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:twelvedata).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Twelvedata secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\bAC[0-9a-f]{32}\b" then + report issue: + severity: high + confidence: firm + detail: "Twilio - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "SK[0-9a-fA-F]{32}" then + report issue: + severity: high + confidence: firm + detail: "Twilio API Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter[0-9a-z]{18,25}" then + report issue: + severity: high + confidence: firm + detail: "Twitter Client ID secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter[0-9a-z]{35,44}" then + report issue: + severity: high + confidence: firm + detail: "Twitter Secret Key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:tyntec).{0,40}\b([a-zA-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Tyntec secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:typeform).{0,40}\b([0-9A-Za-z]{44})\b" then + report issue: + severity: high + confidence: firm + detail: "Typeform secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "\b(BBFF-[0-9a-zA-Z]{30})\b" then + report issue: + severity: high + confidence: firm + detail: "Ubidots secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:unify).{0,40}\b([0-9A-Za-z_=-]{44})" then + report issue: + severity: high + confidence: firm + detail: "Unifyid secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:unplu).{0,40}\b([a-z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Unplugg secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:unsplash).{0,40}\b([0-9A-Za-z_]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Unsplash secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:upcdatabase).{0,40}\b([A-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Upcdatabase secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:uplead).{0,40}\b([a-z0-9-]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Uplead secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:uploadcare).{0,40}\b([a-z0-9]{20})\b" then + report issue: + severity: high + confidence: firm + detail: "Uploadcare secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:upwave).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Upwave secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:urlscan).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Urlscan secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:userstack).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Userstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vatlayer).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Vatlayer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vercel).{0,40}\b([a-zA-Z0-9]{24})\b" then + report issue: + severity: high + confidence: firm + detail: "Vercel secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:verifier).{0,40}\b([a-zA-Z-0-9-]{5,16}\@[a-zA-Z-0-9]{4,16}\.[a-zA-Z-0-9]{3,6})\b" then + report issue: + severity: high + confidence: firm + detail: "Verifier - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:verifier).{0,40}\b([a-z0-9]{96})\b" then + report issue: + severity: high + confidence: firm + detail: "Verifier - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:verimail).{0,40}\b([A-Z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Verimail secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:veriphone).{0,40}\b([0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Veriphone secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:versioneye).{0,40}\b([a-zA-Z0-9-]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Versioneye secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:viewneo).{0,40}\b([a-z0-9A-Z]{120,300}.[a-z0-9A-Z]{150,300}.[a-z0-9A-Z-_]{600,800})" then + report issue: + severity: high + confidence: firm + detail: "Viewneo secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:virustotal).{0,40}\b([a-f0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Virustotal secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:visualcrossing).{0,40}\b([0-9A-Z]{25})\b" then + report issue: + severity: high + confidence: firm + detail: "Visualcrossing secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:voicegain).{0,40}\b(ey[0-9a-zA-Z_-]{34}.ey[0-9a-zA-Z_-]{108}.[0-9a-zA-Z_-]{43})\b" then + report issue: + severity: high + confidence: firm + detail: "Voicegain secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vouchery).{0,40}\b([a-z0-9-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Vouchery - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vouchery).{0,40}\b([a-zA-Z0-9-\S]{2,20})\b" then + report issue: + severity: high + confidence: firm + detail: "Vouchery - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vpnapi).{0,40}\b([a-z0-9A-Z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Vpnapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vultr).{0,40} \b([A-Z0-9]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Vultrapikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:vyte).{0,40}\b([0-9a-z]{50})\b" then + report issue: + severity: high + confidence: firm + detail: "Vyte secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:walkscore).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Walkscore secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:weatherbit).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Weatherbit secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:weatherstack).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Weatherstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:error).{0,40}(redirect_uri_mismatch)" then + report issue: + severity: high + confidence: firm + detail: "Webex - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{65})\b" then + report issue: + severity: high + confidence: firm + detail: "Webex - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Webex - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:webflow).{0,40}\b([a-zA0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Webflow secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:webscraper).{0,40}\b([a-zA-Z0-9]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Webscraper secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:webscraping).{0,40}\b([0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Webscraping secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:wepay).{0,40}\b([a-zA-Z0-9_?]{62})\b" then + report issue: + severity: high + confidence: firm + detail: "Wepay - 2 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:whoxy).{0,40}\b([0-9a-z]{33})\b" then + report issue: + severity: high + confidence: firm + detail: "Whoxy secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:worksnaps).{0,40}\b([0-9A-Za-z]{40})\b" then + report issue: + severity: high + confidence: firm + detail: "Worksnaps secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:workstack).{0,40}\b([0-9Aa-zA-Z]{60})\b" then + report issue: + severity: high + confidence: firm + detail: "Workstack secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:worldcoinindex).{0,40}\b([a-zA-Z0-9]{35})\b" then + report issue: + severity: high + confidence: firm + detail: "Worldcoinindex secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:worldweather).{0,40}\b([0-9a-z]{31})\b" then + report issue: + severity: high + confidence: firm + detail: "Worldweather secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:wrike).{0,40}\b(ey[a-zA-Z0-9-._]{333})\b" then + report issue: + severity: high + confidence: firm + detail: "Wrike secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:yandex).{0,40}\b([a-z0-9A-Z.]{83})\b" then + report issue: + severity: high + confidence: firm + detail: "Yandex secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:youneedabudget).{0,40}\b([0-9a-f]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Youneedabudget secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:yousign).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Yousign secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(https:\/\/hooks.zapier.com\/hooks\/catch\/[A-Za-z0-9\/]{16})" then + report issue: + severity: high + confidence: firm + detail: "Zapierwebhook secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zendesk).{0,40}([A-Za-z0-9_-]{40})" then + report issue: + severity: high + confidence: firm + detail: "Zendeskapi - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zenkit).{0,40}\b([0-9a-z]{8}\-[0-9A-Za-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Zenkitapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zenscrape).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + report issue: + severity: high + confidence: firm + detail: "Zenscrape secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zenserp).{0,40}\b([0-9a-z-]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Zenserp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zeplin).{0,40}\b([a-zA-Z0-9-.]{350,400})\b" then + report issue: + severity: high + confidence: firm + detail: "Zeplin secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zerobounce).{0,40}\b([a-z0-9]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Zerobounce secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zipapi).{0,40}\b([a-zA-Z0-9!=@#$%^]{7,})" then + report issue: + severity: high + confidence: firm + detail: "Zipapi - 1 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zipapi).{0,40}\b([0-9a-z]{32})\b" then + report issue: + severity: high + confidence: firm + detail: "Zipapi - 3 secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zipcodeapi).{0,40}\b([a-zA-Z0-9]{64})\b" then + report issue: + severity: high + confidence: firm + detail: "Zipcodeapi secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(?:zonka).{0,40}\b([A-Za-z0-9]{36})\b" then + report issue: + severity: high + confidence: firm + detail: "Zonkafeedback secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "amazon[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "amazon_secret_access_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ansible[_-]?vault[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ansible_vault_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "chrome[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "chrome_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "chrome[_-]?refresh[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "chrome_refresh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ci[_-]?deploy[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ci_deploy_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ci[_-]?project[_-]?url(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ci_project_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ci[_-]?registry[_-]?user(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ci_registry_user secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ci[_-]?server[_-]?name(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ci_server_name secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloud[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "cloud_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudflare[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "cloudflare_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "cloudflare[_-]?auth[_-]?email(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "cloudflare_auth_email secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "consumer[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "consumer_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "database[_-]?username(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "database_username secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "db_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "db[_-]?pw(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "db_pw secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?hub[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "docker_hub_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?passwd(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "docker_passwd secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "docker_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "docker[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "docker_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dockerhub[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "dockerhub_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "doordash[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "doordash_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "dropbox[_-]?oauth[_-]?bearer(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "dropbox_oauth_bearer secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "droplet[_-]?travis[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "droplet_travis_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?github[_-]?oauth[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "env_github_oauth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "env[_-]?heroku[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "env_heroku_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(EAACEdEose0cBA[0-9A-Za-z]+)" then + report issue: + severity: high + confidence: firm + detail: "facebook_access_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase[_-]?api[_-]?json(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "firebase_api_json secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase[_-]?api[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "firebase_api_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "firebase_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firebase[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "firebase_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "firefox[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "firefox_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "ftp[_-]?pw(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "ftp_pw secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "gh[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "gh_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "github_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?oauth(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "github_oauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "github_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "github[_-]?tokens(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "github_tokens secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?client[_-]?id(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "google_client_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?client[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "google_client_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "google[_-]?maps[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "google_maps_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(ya29.[0-9A-Za-z-_]+)" then + report issue: + severity: high + confidence: firm + detail: "google_oauth secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(W(?:[a-f0-9]{32}(-us[0-9]{1,2}))a-zA-Z0-9)" then + report issue: + severity: high + confidence: firm + detail: "mailchimp secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?priv[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "mailgun_priv_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mailgun[_-]?secret[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "mailgun_secret_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "(master_password).+" then + report issue: + severity: high + confidence: firm + detail: "master_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mg[_-]?public[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "mg_public_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "mysql[_-]?root[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "mysql_root_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "netlify[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "netlify_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rabbitmq[_-]?password(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "rabbitmq_password secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rediscloud[_-]?url(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "rediscloud_url secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "release[_-]?gh[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "release_gh_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "rubygems[_-]?auth[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "rubygems_auth_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?secure[_-]?env[_-]?vars(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "travis_secure_env_vars secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "travis[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "travis_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?api[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twilio_api_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?api[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twilio_api_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?chat[_-]?account[_-]?api[_-]?service(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twilio_chat_account_api_service secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twilio[_-]?token(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twilio_token secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter[_-]?consumer[_-]?key(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twitter_consumer_key secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitter[_-]?consumer[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twitter_consumer_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitteroauthaccesssecret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twitteroauthaccesssecret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "twitteroauthaccesstoken(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "twitteroauthaccesstoken secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "urban[_-]?master[_-]?secret(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "urban_master_secret secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "use[_-]?ssh(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "use_ssh secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "user[_-]?assets[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "user_assets_access_key_id secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + + else if {latest.response} matches "virustotal[_-]?apikey(=| =|:| :)" then + report issue: + severity: high + confidence: firm + detail: "virustotal_apikey secret pattern detected in the response." + remediation: "Review and remove unnecessary exposure of secrets." + end if From 452e938087068fd8095ad6e291b03d696c7c9390 Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Wed, 24 Jan 2024 21:26:07 +0200 Subject: [PATCH 3/3] Update low-severity-token.bcheck --- other/tokens/low-severity-token.bcheck | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/other/tokens/low-severity-token.bcheck b/other/tokens/low-severity-token.bcheck index 6956a03..45c0898 100644 --- a/other/tokens/low-severity-token.bcheck +++ b/other/tokens/low-severity-token.bcheck @@ -2,7 +2,7 @@ metadata: language: v1-beta name: "Information Disclosure" description: "Detects secret patterns in responses." - author: "bugswagger" + author: "bugswagger, xelkomy, juba0x00" tags: "secret, bugswagger" given response then