Skip to content

Commit

Permalink
updating duo auth schema for new alias key (#1129)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryandeivert
ryandeivert committed Feb 14, 2020
1 parent 616c8ff commit 291c0aa
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 26 deletions.
1 change: 1 addition & 0 deletions conf/schemas/duo.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
"duo:authentication": {
"schema": {
"access_device": {},
"alias": "string",
"device": "string",
"factor": "string",
"integration": "string",
Expand Down
35 changes: 23 additions & 12 deletions streamalert/apps/_apps/duo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,19 +99,30 @@ def _get_duo_logs(self, hostname, full_url):
Returns:
[
{
'timestamp': <int:unix timestamp>,
'device': <str:device>,
'username': <str:username>,
'factor': <str:factor>,
'result': <str:result>,
'ip': <str:ip address>,
'new_enrollment': <bool:if event corresponds to enrollment>,
'integration': <str:integration>,
'access_device': {
'browser': 'Chrome',
'browser_version': '1.2.3',
'flash_version': 'uninstalled',
'java_version': 'uninstalled',
'os': 'Mac OS X',
'os_version': '10.15.3',
'trusted_endpoint_status': 'unknown'
},
'alias': '',
'device': '123-456-7890',
'factor': 'Duo Push',
'integration': 'web.site.com',
'ip': '1.1.1.1',
'location': {
'state': '<str:state>',
'city': '<str:city>',
'country': '<str:country>'
}
'city': 'Portland',
'country': 'US',
'state': 'Oregon'
},
'new_enrollment': False,
'reason': 'User approved',
'result': 'SUCCESS',
'timestamp': 1581705165,
'username': 'user.name@site.com'
}
]
"""
Expand Down
29 changes: 15 additions & 14 deletions tests/integration/rules/duo/duo_anonymous_ip_failure.json
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,30 @@
[
{
"data": {
"username": "user.name@email.com",
"access_device": {
"browser": "Chrome",
"browser_version": "60.0.0000.80",
"flash_version": "27.0.0.0",
"java_version": "uninstalled",
"os_version": "10.12.6",
"browser_version": "60.0.0000.80",
"trusted_endpoint_status": "not trusted",
"os": "Mac OS X",
"browser": "Chrome"
"os_version": "10.12.6",
"trusted_endpoint_status": "not trusted"
},
"timestamp": 1505316499,
"new_enrollment": false,
"ip": "12.123.123.12",
"alias": "",
"device": "555-123-4567",
"factor": "Duo Push",
"integration": "Test Integration",
"reason": "Anonymous IP",
"ip": "12.123.123.12",
"location": {
"city": "Place",
"state": "State",
"country": "US"
"country": "US",
"state": "State"
},
"factor": "Duo Push",
"device": "555-123-4567",
"result": "FAILURE"
"new_enrollment": false,
"reason": "Anonymous IP",
"result": "FAILURE",
"timestamp": 1505316499,
"username": "user.name@email.com"
},
"description": "Duo authentication log marked as failure as a result of 'Anonymous IP' that will create an alert",
"log": "duo:authentication",
Expand Down
2 changes: 2 additions & 0 deletions tests/integration/rules/duo/duo_fraud.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"os_version": "10.12.6",
"trusted_endpoint_status": "not trusted"
},
"alias": "",
"device": "555-123-4567",
"factor": "Duo Push",
"integration": "Test Integration",
Expand Down Expand Up @@ -44,6 +45,7 @@
"os_version": "10.12.6",
"trusted_endpoint_status": "not trusted"
},
"alias": "",
"device": "555-123-5678",
"factor": "Duo Push",
"integration": "Test Integration",
Expand Down
1 change: 1 addition & 0 deletions tests/unit/streamalert/apps/test_apps/test_duo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ def _get_sample_logs(count, base_time):
"""Helper function for returning sample duo (auth) logs"""
return [{
'access_device': {},
'alias': '',
'device': '+1 123 456 1234',
'factor': 'Duo Push',
'integration': 'Test Access',
Expand Down

0 comments on commit 291c0aa

Please sign in to comment.