This repository was archived by the owner on Jan 12, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
Signatures
Johnathan Ludwig edited this page Jan 27, 2015
·
1 revision
List a pageable response of 25 records per page.
api.signatures.list
> [
{
"id" => 35,
"name" => "Global Telnet",
"description" => "Globally Accessible Administrative Port -- Telnet (tcp/23)",
"provider" => "AWS",
"scope" => "Service",
"resolution" => "This alert triggers when global permission to access tcp port 23 ...",
"risk_level" => "High",
"identifier" => "AWS:EC2-003",
"created_at" => "2014-06-23T18:53:25.988Z",
"updated_at" => "2014-07-21T16:36:29.427Z",
"service_id" => 5,
"service" => {
"name" => "EC2"
}
},
]Show a specific signature
| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the signature. |
api.signatures.show(id: 35)
> {
"id" => 35,
"name" => "Global Telnet",
"description" => "Globally Accessible Administrative Port -- Telnet (tcp/23)",
"provider" => "AWS",
"scope" => "Service",
"resolution" => "This alert triggers when global permission to access tcp port 23 ...",
"risk_level" => "High",
"identifier" => "AWS:EC2-003",
"created_at" => "2014-06-23T18:53:25.988Z",
"updated_at" => "2014-07-21T16:36:29.427Z",
"service_id" => 5,
"service" => {
"name" => "EC2"
}
}List the names of signatures that can be run through the api
api.signatures.names
> {
"names" => [
"validate_cloud_formation_template",
"cloud_trails_enabled",
"frequent_snapshots",
"security_group_check",
"detect_unattached_ebs_volumes",
"unused_security_groups",
"ebs_encryption_enabled",
"security_group_instance_map",
"strong_ssl_ciphers",
"heartbleed",
"unused_security_groups_elb",
"check_user_count",
"api_keys_on_root",
"one_user_with_api_keys",
"user_console_access_strong_password",
"mfa_on_root",
"mfa_on_devices",
"check_assigned_role",
"third_party_account",
"key_expiry_check",
"count_privileged_users",
"check_privileged_spofs",
"restrict_s3_delete",
"evident_role_permissions",
"route53_in_use",
"rds_backup_policy_too_short",
"latest_restorable_time",
"sss_object_versioning_enabled",
"cloud_trails_bucket_iam_delete",
"sss_global_edit_bucket_permissions",
"sss_global_upload_bucket_permissions",
"sss_global_list_bucket_permissions",
"sss_global_view_bucket_permissions",
"sss_global_any_bucket_permissions",
"vpc_nacls",
"nacls_on_subnets",
"non_default_vpc_nacl"
]
}Run an Evident Signature
| Name | Type | Description |
|---|---|---|
| id | integer | Required. The ID of the custom signature. |
| external_account_id | integer | Required. The ID of the external account to run this signature against. |
| regions | array | Required. Array of strings representing the regions to run the signature in. |
api.signatures.run(signature_name: 'validate_cloud_formation_template', regions: [:us_east_1], external_account_id: 1)
> {
"alerts" => [
{
"info" => {
"message" => "No CloudFormation template contains globally permissive traffic",
"deep_inspection" => nil
},
"status" => "pass",
"config" => {
"module" => "validate_cloud_formation_template",
"description" => "Validate security parameters in CloudFormation templates",
"valid_regions" => [
"us_east_1"
],
"identifier" => "AWS:CFM-001",
"usage" => "metascrape.signatures.validate_cloud_formation_template.perform metascrape.customers.evident.aws.us_east_1",
"tags" => [
"cfm",
"signature"
],
"tests" => [
"test_validate_cloud_formation_template"
],
"validation_context" => nil,
"errors" => {}
},
"region" => "us_east_1",
"unique_identifier" => nil
}
]
}