From d52db3e3aaacb31ab6d2e34c6189280555c5fc55 Mon Sep 17 00:00:00 2001 From: bgeesaman Date: Wed, 31 Jul 2024 13:13:27 +0000 Subject: [PATCH] Fetch all roles --- gcp_roles_cai.json | 2 +- roles/chronicle.soarServiceAgent | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index 24058a04..13a794e5 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -271,7 +271,7 @@ {"description":"Grants readonly access to Chronicle API resources without global data access scope.","etag":"AA==","includedPermissions":["chronicle.ais.createFeedback","chronicle.ais.translateUdmQuery","chronicle.ais.translateYlRule","chronicle.dashboardCharts.get","chronicle.dashboardCharts.list","chronicle.dashboardQueries.execute","chronicle.dashboardQueries.get","chronicle.dashboardQueries.list","chronicle.dataAccessScopes.list","chronicle.entities.find","chronicle.entities.findRelatedEntities","chronicle.entities.get","chronicle.entities.list","chronicle.entities.searchEntities","chronicle.entities.summarize","chronicle.entities.summarizeFromQuery","chronicle.events.batchGet","chronicle.events.findUdmFieldValues","chronicle.events.get","chronicle.events.queryProductSourceStats","chronicle.events.searchRawLogs","chronicle.events.udmSearch","chronicle.events.validateQuery","chronicle.findingsGraphs.exploreNode","chronicle.findingsGraphs.initializeGraph","chronicle.instances.generateCollectionAgentAuth","chronicle.instances.generateSoarAuthJwt","chronicle.instances.get","chronicle.instances.report","chronicle.legacies.legacyBatchGetCases","chronicle.legacies.legacyCalculateAlertStats","chronicle.legacies.legacyFetchAlertsView","chronicle.legacies.legacyFetchUdmSearchCsv","chronicle.legacies.legacyFetchUdmSearchView","chronicle.legacies.legacyFindAssetEvents","chronicle.legacies.legacyFindRawLogs","chronicle.legacies.legacyFindUdmEvents","chronicle.legacies.legacyGetAlert","chronicle.legacies.legacyGetFinding","chronicle.legacies.legacyGetRuleCounts","chronicle.legacies.legacyGetRulesTrends","chronicle.legacies.legacyRunTestRule","chronicle.legacies.legacySearchArtifactEvents","chronicle.legacies.legacySearchArtifactIoCDetails","chronicle.legacies.legacySearchAssetEvents","chronicle.legacies.legacySearchCustomerStats","chronicle.legacies.legacySearchDomainsRecentlyRegistered","chronicle.legacies.legacySearchDomainsTimingStats","chronicle.legacies.legacySearchFindings","chronicle.legacies.legacySearchIngestionStats","chronicle.legacies.legacySearchIoCInsights","chronicle.legacies.legacySearchRawLogs","chronicle.legacies.legacySearchRuleDetectionCountBuckets","chronicle.legacies.legacySearchRuleDetectionEvents","chronicle.legacies.legacySearchRuleResults","chronicle.legacies.legacySearchRulesAlerts","chronicle.legacies.legacySearchUserEvents","chronicle.logs.get","chronicle.logs.list","chronicle.multitenantDirectories.get","chronicle.nativeDashboards.get","chronicle.nativeDashboards.list","chronicle.operations.get","chronicle.operations.list","chronicle.operations.streamSearch","chronicle.operations.wait","chronicle.referenceLists.get","chronicle.referenceLists.list","chronicle.referenceLists.verifyReferenceList","chronicle.retrohunts.get","chronicle.retrohunts.list","chronicle.ruleDeployments.get","chronicle.ruleDeployments.list","chronicle.ruleExecutionErrors.list","chronicle.rules.get","chronicle.rules.list","chronicle.rules.listRevisions","chronicle.rules.verifyRuleText","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/chronicle.restrictedDataAccessViewer","stage":"BETA","title":"Chronicle API Restricted Data Access Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants Chronicle scoped access to customer project","etag":"AA==","includedPermissions":["bigquery.connections.create","bigquery.connections.delegate","bigquery.connections.delete","bigquery.connections.get","bigquery.connections.getIamPolicy","bigquery.connections.list","bigquery.connections.update","bigquery.connections.updateTag","bigquery.connections.use","bigquery.datasets.create","bigquery.jobs.create","bigquery.jobs.get","bigquery.tables.create","bigquery.tables.delete","bigquery.tables.get","bigquery.tables.update","bigquery.tables.updateData","chronicle.instances.get","monitoring.alertPolicies.create","monitoring.alertPolicies.delete","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.alertPolicies.update","serviceusage.quotas.get","serviceusage.services.enable","serviceusage.services.get","serviceusage.services.list","storage.buckets.create","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.setIamPolicy","storage.objects.create","storage.objects.delete","storage.objects.get"],"name":"roles/chronicle.serviceAgent","stage":"GA","title":"Chronicle Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants admin access to Chronicle SOAR.","etag":"AA==","includedPermissions":["chronicle.instances.soarAdmin","cloudasset.assets.exportResource","cloudasset.assets.queryAccessPolicy","cloudasset.assets.queryIamPolicy","cloudasset.assets.queryOSInventories","cloudasset.assets.queryResource","cloudasset.assets.searchAllIamPolicies","cloudasset.assets.searchAllResources","cloudasset.assets.searchEnrichmentResourceOwners","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.list","securitycenter.attackpaths.list","securitycenter.exposurepathexplan.get","securitycenter.findings.bulkMuteUpdate","securitycenter.findings.group","securitycenter.findings.list","securitycenter.findings.listFindingPropertyNames","securitycenter.findings.setMute","securitycenter.findings.setState","securitycenter.findings.update","securitycenter.findingsecuritymarks.update","securitycenter.simulations.get","securitycenter.userinterfacemetadata.get","securitycenter.valuedresources.list"],"name":"roles/chronicle.soarAdmin","stage":"BETA","title":"Chronicle SOAR Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources.","etag":"AA==","includedPermissions":["cloudasset.assets.analyzeIamPolicy","cloudasset.assets.searchAllIamPolicies","cloudasset.assets.searchAllResources","compute.firewalls.get","compute.firewalls.update","compute.instances.deleteAccessConfig","compute.instances.get","compute.instances.list","compute.instances.stop","compute.instances.updateNetworkInterface","compute.networks.updatePolicy","compute.zones.list","iam.serviceAccounts.disable","iam.serviceAccounts.list","recommender.iamPolicyRecommendations.get","recommender.iamPolicyRecommendations.list","recommender.iamPolicyRecommendations.update","resourcemanager.organizations.getIamPolicy","securitycenter.findingexternalsystems.update","securitycenter.findings.list","securitycenter.findings.setMute","securitycenter.findings.setState","securitycenter.findings.update","securitycenter.notificationconfig.create","securitycenter.notificationconfig.delete","securitycenter.notificationconfig.get","securitycenter.notificationconfig.update","securitycenter.sources.list","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.list","storage.buckets.update"],"name":"roles/chronicle.soarServiceAgent","stage":"GA","title":"Chronicle SOAR Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources.","etag":"AA==","includedPermissions":["cloudasset.assets.analyzeIamPolicy","cloudasset.assets.searchAllIamPolicies","cloudasset.assets.searchAllResources","compute.instances.get","compute.instances.list","compute.instances.stop","compute.zones.list","iam.serviceAccounts.disable","iam.serviceAccounts.list","recommender.iamPolicyRecommendations.get","recommender.iamPolicyRecommendations.list","recommender.iamPolicyRecommendations.update","resourcemanager.organizations.getIamPolicy","securitycenter.findingexternalsystems.update","securitycenter.findings.list","securitycenter.findings.setMute","securitycenter.findings.setState","securitycenter.findings.update","securitycenter.notificationconfig.create","securitycenter.notificationconfig.get","securitycenter.notificationconfig.update","securitycenter.sources.list"],"name":"roles/chronicle.soarServiceAgent","stage":"GA","title":"Chronicle SOAR Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants threat manager access to Chronicle SOAR.","etag":"AA==","includedPermissions":["chronicle.instances.soarThreatManager","cloudasset.assets.exportResource","cloudasset.assets.queryAccessPolicy","cloudasset.assets.queryIamPolicy","cloudasset.assets.queryOSInventories","cloudasset.assets.queryResource","cloudasset.assets.searchAllIamPolicies","cloudasset.assets.searchAllResources","cloudasset.assets.searchEnrichmentResourceOwners","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.list","securitycenter.attackpaths.list","securitycenter.exposurepathexplan.get","securitycenter.findings.bulkMuteUpdate","securitycenter.findings.group","securitycenter.findings.list","securitycenter.findings.listFindingPropertyNames","securitycenter.findings.setMute","securitycenter.findings.setState","securitycenter.findings.update","securitycenter.findingsecuritymarks.update","securitycenter.simulations.get","securitycenter.userinterfacemetadata.get","securitycenter.valuedresources.list"],"name":"roles/chronicle.soarThreatManager","stage":"BETA","title":"Chronicle SOAR Threat Manager","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants vulnerability manager access to Chronicle SOAR.","etag":"AA==","includedPermissions":["chronicle.instances.soarVulnerabilityManager","cloudasset.assets.exportResource","cloudasset.assets.queryAccessPolicy","cloudasset.assets.queryIamPolicy","cloudasset.assets.queryOSInventories","cloudasset.assets.queryResource","cloudasset.assets.searchAllIamPolicies","cloudasset.assets.searchAllResources","cloudasset.assets.searchEnrichmentResourceOwners","resourcemanager.organizations.get","resourcemanager.projects.get","resourcemanager.projects.list","securitycenter.attackpaths.list","securitycenter.exposurepathexplan.get","securitycenter.findings.bulkMuteUpdate","securitycenter.findings.group","securitycenter.findings.list","securitycenter.findings.listFindingPropertyNames","securitycenter.findings.setMute","securitycenter.findings.setState","securitycenter.findings.update","securitycenter.findingsecuritymarks.update","securitycenter.simulations.get","securitycenter.userinterfacemetadata.get","securitycenter.valuedresources.list"],"name":"roles/chronicle.soarVulnerabilityManager","stage":"BETA","title":"Chronicle SOAR Vulnerability Manager","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Readonly access to the Chronicle API resources.","etag":"AA==","includedPermissions":["chronicle.ais.createFeedback","chronicle.ais.translateUdmQuery","chronicle.ais.translateYlRule","chronicle.analyticValues.list","chronicle.analytics.list","chronicle.cases.countPriorities","chronicle.collectors.get","chronicle.collectors.list","chronicle.conversations.get","chronicle.conversations.list","chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections","chronicle.curatedRuleSetCategories.get","chronicle.curatedRuleSetCategories.list","chronicle.curatedRuleSetDeployments.get","chronicle.curatedRuleSetDeployments.list","chronicle.curatedRuleSets.countCuratedRuleSetDetections","chronicle.curatedRuleSets.get","chronicle.curatedRuleSets.list","chronicle.curatedRules.get","chronicle.curatedRules.list","chronicle.dashboardCharts.get","chronicle.dashboardCharts.list","chronicle.dashboardQueries.execute","chronicle.dashboardQueries.get","chronicle.dashboardQueries.list","chronicle.dashboards.get","chronicle.dashboards.list","chronicle.dashboards.schedule","chronicle.dataAccessScopes.list","chronicle.dataExports.fetchLogTypesAvailableForExport","chronicle.dataExports.get","chronicle.dataTableRows.get","chronicle.dataTableRows.list","chronicle.dataTables.get","chronicle.dataTables.list","chronicle.dataTaps.get","chronicle.dataTaps.list","chronicle.entities.find","chronicle.entities.findRelatedEntities","chronicle.entities.get","chronicle.entities.list","chronicle.entities.queryEntityRiskScoreModifications","chronicle.entities.searchEntities","chronicle.entities.summarize","chronicle.entities.summarizeFromQuery","chronicle.entityRiskScores.queryEntityRiskScores","chronicle.errorNotificationConfigs.get","chronicle.errorNotificationConfigs.list","chronicle.events.batchGet","chronicle.events.findUdmFieldValues","chronicle.events.get","chronicle.events.queryProductSourceStats","chronicle.events.searchRawLogs","chronicle.events.udmSearch","chronicle.events.validateQuery","chronicle.findingsGraphs.exploreNode","chronicle.findingsGraphs.initializeGraph","chronicle.findingsRefinementDeployments.get","chronicle.findingsRefinementDeployments.list","chronicle.findingsRefinements.computeActivity","chronicle.findingsRefinements.computeAllActivities","chronicle.findingsRefinements.get","chronicle.findingsRefinements.list","chronicle.findingsRefinements.test","chronicle.forwarders.generate","chronicle.forwarders.get","chronicle.forwarders.list","chronicle.globalDataAccessScopes.permit","chronicle.ingestionLogLabels.get","chronicle.ingestionLogLabels.list","chronicle.ingestionLogNamespaces.get","chronicle.ingestionLogNamespaces.list","chronicle.instances.generateCollectionAgentAuth","chronicle.instances.generateSoarAuthJwt","chronicle.instances.get","chronicle.instances.logTypeClassifier","chronicle.instances.report","chronicle.iocMatches.get","chronicle.iocMatches.list","chronicle.iocState.get","chronicle.iocs.batchGet","chronicle.iocs.findFirstAndLastSeen","chronicle.iocs.get","chronicle.iocs.searchCuratedDetectionsForIoc","chronicle.legacies.legacyBatchGetCases","chronicle.legacies.legacyCalculateAlertStats","chronicle.legacies.legacyFetchAlertsView","chronicle.legacies.legacyFetchUdmSearchCsv","chronicle.legacies.legacyFetchUdmSearchView","chronicle.legacies.legacyFindAssetEvents","chronicle.legacies.legacyFindRawLogs","chronicle.legacies.legacyFindUdmEvents","chronicle.legacies.legacyGetAlert","chronicle.legacies.legacyGetCuratedRulesTrends","chronicle.legacies.legacyGetDetection","chronicle.legacies.legacyGetEventForDetection","chronicle.legacies.legacyGetFinding","chronicle.legacies.legacyGetRuleCounts","chronicle.legacies.legacyGetRulesTrends","chronicle.legacies.legacyRunTestRule","chronicle.legacies.legacySearchAlerts","chronicle.legacies.legacySearchArtifactEvents","chronicle.legacies.legacySearchArtifactIoCDetails","chronicle.legacies.legacySearchAssetEvents","chronicle.legacies.legacySearchCuratedDetections","chronicle.legacies.legacySearchCustomerStats","chronicle.legacies.legacySearchDetections","chronicle.legacies.legacySearchDomainsRecentlyRegistered","chronicle.legacies.legacySearchDomainsTimingStats","chronicle.legacies.legacySearchEnterpriseWideAlerts","chronicle.legacies.legacySearchEnterpriseWideIoCs","chronicle.legacies.legacySearchFindings","chronicle.legacies.legacySearchIngestionStats","chronicle.legacies.legacySearchIoCInsights","chronicle.legacies.legacySearchRawLogs","chronicle.legacies.legacySearchRuleDetectionCountBuckets","chronicle.legacies.legacySearchRuleDetectionEvents","chronicle.legacies.legacySearchRuleResults","chronicle.legacies.legacySearchRulesAlerts","chronicle.legacies.legacySearchUserEvents","chronicle.legacies.legacyStreamDetectionAlerts","chronicle.legacies.legacyTestRuleStreaming","chronicle.logTypeSchemas.list","chronicle.logs.export","chronicle.logs.get","chronicle.logs.list","chronicle.messages.get","chronicle.messages.list","chronicle.multitenantDirectories.get","chronicle.nativeDashboards.get","chronicle.nativeDashboards.list","chronicle.operations.get","chronicle.operations.list","chronicle.operations.streamSearch","chronicle.operations.wait","chronicle.preferenceSets.get","chronicle.preferenceSets.update","chronicle.referenceLists.get","chronicle.referenceLists.list","chronicle.referenceLists.verifyReferenceList","chronicle.retrohunts.get","chronicle.retrohunts.list","chronicle.riskConfigs.get","chronicle.ruleDeployments.get","chronicle.ruleDeployments.list","chronicle.ruleExecutionErrors.list","chronicle.rules.get","chronicle.rules.list","chronicle.rules.listRevisions","chronicle.rules.verifyRuleText","chronicle.searchQueries.create","chronicle.searchQueries.delete","chronicle.searchQueries.get","chronicle.searchQueries.list","chronicle.searchQueries.update","chronicle.watchlists.get","chronicle.watchlists.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/chronicle.viewer","stage":"GA","title":"Chronicle API Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/chronicle.soarServiceAgent b/roles/chronicle.soarServiceAgent index 66e1def3..62872de4 100644 --- a/roles/chronicle.soarServiceAgent +++ b/roles/chronicle.soarServiceAgent @@ -5,14 +5,9 @@ "cloudasset.assets.analyzeIamPolicy", "cloudasset.assets.searchAllIamPolicies", "cloudasset.assets.searchAllResources", - "compute.firewalls.get", - "compute.firewalls.update", - "compute.instances.deleteAccessConfig", "compute.instances.get", "compute.instances.list", "compute.instances.stop", - "compute.instances.updateNetworkInterface", - "compute.networks.updatePolicy", "compute.zones.list", "iam.serviceAccounts.disable", "iam.serviceAccounts.list", @@ -26,14 +21,9 @@ "securitycenter.findings.setState", "securitycenter.findings.update", "securitycenter.notificationconfig.create", - "securitycenter.notificationconfig.delete", "securitycenter.notificationconfig.get", "securitycenter.notificationconfig.update", - "securitycenter.sources.list", - "storage.buckets.get", - "storage.buckets.getIamPolicy", - "storage.buckets.list", - "storage.buckets.update" + "securitycenter.sources.list" ], "name": "roles/chronicle.soarServiceAgent", "stage": "GA",