This repository was archived by the owner on Jan 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Custom Signatures
Johnathan Ludwig edited this page Jan 27, 2015
·
1 revision
List a pageable response of 25 records per page.
api.custom_signatures.list
> [
{
"id" => 4,
"organization_id" => 1,
"signature" => "<raw code would be here>",
"description" => "test",
"resolution" => "test",
"name" => "Testing",
"active" => true,
"created_at" => "2014-07-21T20:09:24.809Z",
"updated_at" => "2014-08-04T14:15:28.326Z",
"risk_level" => "High",
"identifier" => nil,
"service_id" => nil,
"deleted_at" => nil
}
]Show a specific custom signature
| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the custom signature. |
api.custom_signatures.show(id: 4)
> {
"id" => 4,
"organization_id" => 1,
"signature" => "<raw code would be here>",
"description" => "test",
"resolution" => "test",
"name" => "Testing",
"active" => true,
"created_at" => "2014-07-21T20:09:24.809Z",
"updated_at" => "2014-08-04T14:15:28.326Z",
"risk_level" => "High",
"identifier" => nil,
"service_id" => 11,
"deleted_at" => nil
}| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the custom signature. |
| name | string | Name of this signature. |
| signature | string | Raw code to run |
| risk_level | string | Severity level of this signature. Possible values are: High, Medium, Low |
| description | string | Describe the issue this signature checks for. |
| resolution | string | Steps to resolve this issue. |
| active | boolean | Flag used to determine if this signature should be run. |
api.custom_signatures.update(id: 4, active: false, name: 'Updated Name')
> {
"id" => 4,
"organization_id" => 1,
"signature" => "<raw code would be here>",
"description" => "test",
"resolution" => "test",
"name" => "Updated Name",
"active" => false,
"created_at" => "2014-07-21T20:09:24.809Z",
"updated_at" => "2014-09-24T20:48:21.822Z",
"risk_level" => "High",
"identifier" => nil,
"service_id" => 11,
"deleted_at" => nil
}| Name | Type | Description |
|---|---|---|
| name | string | Required. Name of this signature. |
| signature | string | Required. Raw code to run |
| risk_level | string | Required. Severity level of this signature. Possible values are: High, Medium, Low |
| description | string | Describe the issue this signature checks for. |
| resolution | string | Steps to resolve this issue. |
| active | boolean | Flag used to determine if this signature should be run. |
javascript = "<javascript code>"
api.custom_signatures.create(signature: javascript, name: 'Demo Signature', risk_level: 'High')
> {
"id" => 97,
"organization_id" => 1,
"signature" => "<raw code would be here>",
"description" => nil,
"resolution" => nil,
"name" => "Demo Signature",
"active" => nil,
"created_at" => "2014-09-24T20:51:08.901Z",
"updated_at" => "2014-09-24T20:51:08.901Z",
"risk_level" => "High",
"identifier" => nil,
"service_id" => 11,
"deleted_at" => nil
}Destroy a custom signature
| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the external account |
api.custom_signatures.destroy(id: 97)
> {
"success" => "Demo Signature has been destroyed"
}Run a custom signature directly.
| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the custom signature. |
| external_account_id | integer | Required. The ID of the external account to run this signature against. |
| regions | array | Required. Array of strings representing the regions to run the signature in. |
api.custom_signatures.run(id: 1, external_account_id: 1, regions: [:us_east_1])
> {
"alerts" => [
{
"info" => {
"user_count" => 1,
"condition" => "count >= 1",
"deep_inspection" => [
{
"users" => [
{
"path" => "/",
"user_name" => "demouser",
"user_id" => "AIDAHJFKDHGFHFGKHKGFH",
"arn" => "arn:aws:iam::00000000:user/demouser",
"create_date" => "2014-01-16T19:05:36.000Z"
}
]
}
]
},
"status" => "pass",
"config" => {
"module" => "check_user_count_javascript",
"description" => "Check IAM user count",
"valid_regions" => [
"us_east_1"
],
"identifier" => "AWS:GLO-001",
"deep_inspection" => [
"users"
],
"unique_identifier" => [
{
"user_name" => "user_id"
}
],
"display_as" => "global",
"validation_context" => nil,
"errors" => {}
},
"region" => "us_east_1",
"unique_identifier" => {
"demouser" => "AIDAHJFKDHGFHFGKHKGFH",
}
}
]
}| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the custom signature. |
| external_account_id | integer | Required. The ID of the external account to run this signature against. |
| regions | array | Required. Array of strings representing the regions to run the signature in. |
javascript = "<javascript code>"
api.custom_signatures.run_raw(signature: javascript, regions: [:us_east_1], external_account_id: 1)
> {
"alerts" => [
{
"info" => {
"user_count" => 1,
"condition" => "count >= 1",
"deep_inspection" => [
{
"users" => [
{
"path" => "/",
"user_name" => "demouser",
"user_id" => "AIDAHJFKDHGFHFGKHKGFH",
"arn" => "arn:aws:iam::00000000:user/demouser",
"create_date" => "2014-01-16T19:05:36.000Z"
}
]
}
]
},
"status" => "pass",
"config" => {
"module" => "check_user_count_javascript",
"description" => "Check IAM user count",
"valid_regions" => [
"us_east_1"
],
"identifier" => "AWS:GLO-001",
"deep_inspection" => [
"users"
],
"unique_identifier" => [
{
"user_name" => "user_id"
}
],
"display_as" => "global",
"validation_context" => nil,
"errors" => {}
},
"region" => "us_east_1",
"unique_identifier" => {
"demouser" => "AIDAHJFKDHGFHFGKHKGFH",
}
}
]
}