This project contains default rule packs that can be provisioned to your JupiterOne account via the included CLI utility.
When making a pull request for this repo, please update the version property in the package.json.
If it is not updated, then the code will not get released.
Patch version - x.x.1 - A patch version is used to make a quick fix, patch a security vulnerability, or do clean up. Minor version - x.1.x - A minor version is used to add/remove content Major version - 1.x.x - A major version is used to introduce breaking changes
-
rule-packs/aws-config.jsonAlert rules for AWS configuration audit
-
rule-packs/aws-threat.jsonAlert rules for AWS privilege escalation
-
rule-packs/aws-privilege-escalation.jsonAlert rules for AWS threat monitoring
-
rule-packs/gcp.jsonAlert rules for Google Cloud Platform
-
rule-packs/azure-config.jsonAlert rules for Azure configuration audit
-
rule-packs/azure.jsonCommonly used Azure alert rules
-
rule-packs/gcp.jsonCommonly used GCP alert rules
-
rule-packs/common-alerts.jsonAlert rules for GCP privelege escalation
-
rule-packs/gcp-privelege-escalation.jsonCommonly used alert rules
-
rule-packs/critical-assets.jsonAlert rules to monitor changes to and risks of critical assets
-
rule-packs/devops.jsonCommonly used DevOps alert rules
-
rule-packs/integration-monitoring.jsonAlert rules for monitoring integration status
All rules inherit the alert settings from index.js.
To add these alert rules to your account via the CLI, you will need to install the JupiterOne CLI from npm or download source from github:
Install J1 CLI
npm install @jupiterone/jupiterone-client-nodejs -gProvision Rule Pack
j1 -a <j1AccountId> -u <j1Username> -o provision-alert-rule-pack --alert -f aws-config