Fix EXO deprecated alert policies in MS.EXO.16.1 #29
Comments
schrolla
added
the
baseline-document
|
Baseline policy updates will happen as part of larger baseline updates, but this issue is related specifically to fixing the Rego to ensure it is fixed post baseline update. |
|
Related #235 |
schrolla
changed the title
schrolla
changed the title
|
This should be addressed as part of Defender and EXO policy updates noting that the associated Defender baseline policy item is now MS.DEFENDER.5.1v1. |
buidav
added a commit
that referenced
this issue
Jul 13, 2023
5 tasks
buidav
added a commit
that referenced
this issue
Jul 17, 2023
buidav
added a commit
that referenced
this issue
Jul 19, 2023
buidav
added a commit
that referenced
this issue
Jul 25, 2023
buidav
added a commit
that referenced
this issue
Jul 25, 2023
nanda-katikaneni
pushed a commit
that referenced
this issue
Jul 26, 2023
…436) * adjudicate exo comments and refactor implementation * address #29 in the baseline document * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Get-OrganizationConfig Spacing Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Defender apostrophe typo fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * first pass at addressing comments * address all current feedback * clean up Defender duplicated policy linking * clean up missing clarification * address 2nd round of feedback * clean up the defender links round 2 * fix the brain fart * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spacing the rationale --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com>
schrolla
removed
the
baseline-document
schrolla
changed the title
schrolla
changed the title
|
Latest EXO policy has now been merged to Emerald, so the referenced alerts are no longer indicated in the baselines. Code updates are pending to realign rego assessments with updated policy language. Removed baseline-document label since this is purely a Rego code update issue now. Issue is resolved when MS.EXO.16.1 assessment check updates its list of alerts to match the updated policy. |
crutchfield
pushed a commit
that referenced
this issue
Aug 23, 2023
…436) * adjudicate exo comments and refactor implementation * address #29 in the baseline document * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Get-OrganizationConfig Spacing Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Defender apostrophe typo fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * first pass at addressing comments * address all current feedback * clean up Defender duplicated policy linking * clean up missing clarification * address 2nd round of feedback * clean up the defender links round 2 * fix the brain fart * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spacing the rationale --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com>
11 tasks
schrolla
added a commit
that referenced
this issue
Sep 1, 2023
…436) * adjudicate exo comments and refactor implementation * address #29 in the baseline document * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Get-OrganizationConfig Spacing Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Defender apostrophe typo fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * first pass at addressing comments * address all current feedback * clean up Defender duplicated policy linking * clean up missing clarification * address 2nd round of feedback * clean up the defender links round 2 * fix the brain fart * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spacing the rationale --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com>
|
Code updates were made in #527 |
schrolla
added a commit
that referenced
this issue
Nov 2, 2023
…436) * adjudicate exo comments and refactor implementation * address #29 in the baseline document * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Get-OrganizationConfig Spacing Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Defender apostrophe typo fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * first pass at addressing comments * address all current feedback * clean up Defender duplicated policy linking * clean up missing clarification * address 2nd round of feedback * clean up the defender links round 2 * fix the brain fart * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spacing the rationale --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com>
schrolla
added a commit
that referenced
this issue
Nov 2, 2023
…436) * adjudicate exo comments and refactor implementation * address #29 in the baseline document * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Get-OrganizationConfig Spacing Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Defender apostrophe typo fix Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * first pass at addressing comments * address all current feedback * clean up Defender duplicated policy linking * clean up missing clarification * address 2nd round of feedback * clean up the defender links round 2 * fix the brain fart * Update baselines/exo.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * spacing the rationale --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Defender 2.9 was showing as a fail in the report and highlighted 2 policies.
Both of these prebuilt alert policies have disappeared from the Alert Policy list and thus from current Provider exports.
I looked back at an older Provider JSON and found that policies were still there a little over month ago.
The names of these policies are listed in EXO 2.16, so this will require both a baseline policy update and a Rego code change.
The text was updated successfully, but these errors were encountered: