From ace1370fb6991e3b3224b7445d296c2318a48bf4 Mon Sep 17 00:00:00 2001 From: khulnasoft-bot <43526132+khulnasoft-bot@users.noreply.github.com> Date: Tue, 10 Dec 2024 08:26:49 +0600 Subject: [PATCH] Feature: CloudEploit 2.0.1 --- docs/writing-plugins.md | 16 ++++++++-------- plugins/aws/cloudwatchlogs/monitoringMetrics.js | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/writing-plugins.md b/docs/writing-plugins.md index b6487a8a..6e318ee3 100644 --- a/docs/writing-plugins.md +++ b/docs/writing-plugins.md @@ -22,7 +22,7 @@ CloudFront: { }, ``` -The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `CloudFront distributions`, and then loop through each one and run a more detailed call, you would add the `CloudFront:listDistributions` call in the [`calls`](https://github.com/cloudexploit/scans/blob/master/collectors/aws/collector.js#L58-L64) section and then the more detailed call in [`postcalls`](https://github.com/cloudexploit/scans/blob/master/collectors/aws/collector.js#L467-L473), setting it to rely on the output of `listDistributions` call. +The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `CloudFront distributions`, and then loop through each one and run a more detailed call, you would add the `CloudFront:listDistributions` call in the [`calls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/aws/collector.js#L58-L64) section and then the more detailed call in [`postcalls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/aws/collector.js#L467-L473), setting it to rely on the output of `listDistributions` call. An example: @@ -37,7 +37,7 @@ getGroup: { This section tells CloudExploit to wait until the `IAM:listGroups` call has been made, and then loop through the data that is returned. The `filterKey` tells CloudExploit the name of the key from the original response, while `filterValue` tells it which property to set in the `getGroup` call filter. For example: `iam.getGroup({GroupName:abc})` where `abc` is the `GroupName` from the returned list. CloudExploit will loop through each response, re-invoking `getGroup` for each element. -You can find the [AWS Collector here.](https://github.com/cloudexploit/scans/blob/master/collectors/aws/collector.js) +You can find the [AWS Collector here.](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/aws/collector.js) #### Azure Collection @@ -52,7 +52,7 @@ virtualMachines: { }, ``` -The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `Virtual Machine instances`, and then loop through each one and run a more detailed call, you would add the `virtualMachines:listAll` call in the [`calls`](https://github.com/cloudexploit/scans/blob/master/collectors/azure/collector.js#L50-L55) section and then the more detailed call in [`postcalls`](https://github.com/cloudexploit/scans/blob/master/collectors/azure/collector.js#L293-L302), setting it to rely on the output of `listDistributions` call. +The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `Virtual Machine instances`, and then loop through each one and run a more detailed call, you would add the `virtualMachines:listAll` call in the [`calls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/azure/collector.js#L50-L55) section and then the more detailed call in [`postcalls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/azure/collector.js#L293-L302), setting it to rely on the output of `listDistributions` call. ``` virtualMachineExtensions: { @@ -67,7 +67,7 @@ virtualMachineExtensions: { }, ``` -You can find the [Azure Collector here.](https://github.com/cloudexploit/scans/blob/master/collectors/azure/collector.js) +You can find the [Azure Collector here.](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/azure/collector.js) #### GCP Collection @@ -83,7 +83,7 @@ buckets: { }, ``` -The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `Storage Buckets`, and then loop through each one and run a more detailed call, you would add the `buckets:list` call in the [`calls`](https://github.com/cloudexploit/scans/blob/master/collectors/google/collector.js#L103-L109) section and then the more detailed call in [`postcalls`](https://github.com/cloudexploit/scans/blob/master/collectors/google/collector.js#L213-L223), setting it to rely on the output of `getIamPolicy` call. +The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `Storage Buckets`, and then loop through each one and run a more detailed call, you would add the `buckets:list` call in the [`calls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/google/collector.js#L103-L109) section and then the more detailed call in [`postcalls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/google/collector.js#L213-L223), setting it to rely on the output of `getIamPolicy` call. ``` buckets: { @@ -99,7 +99,7 @@ buckets: { }, ``` -You can find the [GCP Collector here.](https://github.com/cloudexploit/scans/blob/master/collectors/google/collector.js) +You can find the [GCP Collector here.](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/google/collector.js) #### Oracle Collection @@ -115,7 +115,7 @@ vcn: { }, ``` -The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `VCNs`, and then loop through each one and run a more detailed call, you would add the `vcn:list` call in the [`calls`](https://github.com/cloudexploit/scans/blob/master/collectors/oracle/collector.js#L41-L47) section and then the more detailed call in [`postcalls`](https://github.com/cloudexploit/scans/blob/master/collectors/oracle/collector.js#L243-L251), setting it to rely on the output of `get` call. +The second section in `collect.js` is `postcalls`, which is an array of objects defining API calls that rely on other calls first returned. For example, if you need to query for all `VCNs`, and then loop through each one and run a more detailed call, you would add the `vcn:list` call in the [`calls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/oracle/collector.js#L41-L47) section and then the more detailed call in [`postcalls`](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/oracle/collector.js#L243-L251), setting it to rely on the output of `get` call. ``` vcn: { @@ -129,7 +129,7 @@ vcn: { }, ``` -You can find the [Oracle Collector here.](https://github.com/cloudexploit/scans/blob/master/collectors/oracle/collector.js) +You can find the [Oracle Collector here.](https://github.com/khulnasoft/cloudexploit/blob/master/collectors/oracle/collector.js) ## Scanning Phase diff --git a/plugins/aws/cloudwatchlogs/monitoringMetrics.js b/plugins/aws/cloudwatchlogs/monitoringMetrics.js index 4e98dae0..732c952b 100644 --- a/plugins/aws/cloudwatchlogs/monitoringMetrics.js +++ b/plugins/aws/cloudwatchlogs/monitoringMetrics.js @@ -70,7 +70,7 @@ module.exports = { domain: 'Compliance', severity: 'Medium', description: 'Ensures metric filters are setup for CloudWatch logs to detect security risks from CloudTrail.', - more_info: 'Sending CloudTrail logs to CloudWatch is only useful if metrics are setup to detect risky activity from those logs. There are numerous metrics that should be used. For the exact filter patterns, please see this plugin on GitHub: https://github.com/cloudexploit/scans/blob/master/plugins/aws/cloudwatchlogs/monitoringMetrics.js', + more_info: 'Sending CloudTrail logs to CloudWatch is only useful if metrics are setup to detect risky activity from those logs. There are numerous metrics that should be used. For the exact filter patterns, please see this plugin on GitHub: https://github.com/khulnasoft/cloudexploit/blob/master/plugins/aws/cloudwatchlogs/monitoringMetrics.js', recommended_action: 'Enable metric filters to detect malicious activity in CloudTrail logs sent to CloudWatch.', link: 'http://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html', apis: ['CloudTrail:describeTrails', 'CloudWatchLogs:describeMetricFilters'],