Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credentials Rotation Implement #32000

Merged
merged 46 commits into from
Jan 30, 2024
Merged

Credentials Rotation Implement #32000

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
d8fb2f3
new PR
melamedbn Jan 7, 2024
6402c39
new PR
melamedbn Jan 7, 2024
694174d
update RN
melamedbn Jan 7, 2024
3468309
update PNGs
melamedbn Jan 7, 2024
cd8b0b9
Merged master into current branch.
Jan 7, 2024
ef77752
Bump pack from version AWS-Enrichment-Remediation to 1.1.12.
Jan 7, 2024
2f9443d
fix path of PNGs
melamedbn Jan 7, 2024
c3b783b
Merge remote-tracking branch 'origin/ClonedCredentialsRotationImpleme…
melamedbn Jan 7, 2024
ea3a7dd
fix validations
melamedbn Jan 7, 2024
65006b2
fix validations
melamedbn Jan 8, 2024
055e499
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 8, 2024
c602f40
fix validations
melamedbn Jan 8, 2024
601520a
Fix
melamedbn Jan 8, 2024
eb530dd
fix validations
melamedbn Jan 8, 2024
228c992
fix validations
melamedbn Jan 8, 2024
dc8c303
fix validations
melamedbn Jan 8, 2024
6402984
Added latest changes
melamedbn Jan 8, 2024
8938b10
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 9, 2024
64e6835
update RN
melamedbn Jan 9, 2024
fe2f22b
Merged master into current branch.
Jan 10, 2024
32bc2b2
Bump pack from version AWS-Enrichment-Remediation to 1.1.13.
Jan 10, 2024
5b472a2
Merged master into current branch.
Jan 11, 2024
17dbdd7
Bump pack from version AWS-Enrichment-Remediation to 1.1.14.
Jan 11, 2024
f0f1f2f
Merged master into current branch.
Jan 11, 2024
fd6805b
Bump pack from version AWS-Enrichment-Remediation to 1.1.15.
Jan 11, 2024
783d9be
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 17, 2024
a299035
Merge remote-tracking branch 'origin/ClonedCredentialsRotationImpleme…
melamedbn Jan 17, 2024
67c3b46
credentials rotation implementation
melamedbn Jan 17, 2024
b78ab73
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 18, 2024
538fcc4
credentials rotation implementation
melamedbn Jan 18, 2024
2c9c13c
credentials rotation implementation
melamedbn Jan 18, 2024
94ccc56
credentials rotation implementation
melamedbn Jan 18, 2024
815911e
credentials rotation implementation
melamedbn Jan 18, 2024
d82b56a
credentials rotation implementation
melamedbn Jan 18, 2024
3883e70
update RN
melamedbn Jan 18, 2024
2fcf7f0
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 18, 2024
e47952d
added skipifunavailable to avoid versions mismatch
melamedbn Jan 18, 2024
cf5b3bb
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 21, 2024
7ae22b5
fixes script name
melamedbn Jan 21, 2024
6e5b943
added default value to the credentialsRemediationType
melamedbn Jan 24, 2024
b057a9a
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 24, 2024
98a5c7c
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 25, 2024
1284264
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 28, 2024
4690868
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 28, 2024
7d53592
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 29, 2024
0f3167e
Merge remote-tracking branch 'origin/master' into ClonedCredentialsRo…
melamedbn Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
32 changes: 9 additions & 23 deletions Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -619,25 +619,17 @@ tasks:
policyDocument:
simple: |-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"*"
],
"Resource": [
"*"
],
"Condition": {
"DateLessThan": {
"aws:TokenIssueTime": "[policy creation time]"
}
}
]
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "*",
"Resource": "*"
}
]
}
policyName:
simple: XSIAM-DenyPolicy-Alert ${alert.id}
simple: XSIAM-DenyPolicy-Alert-${alert.id}
roleName:
complex:
root: AWS.IAM.InstanceProfiles.Roles
Expand Down Expand Up @@ -1311,12 +1303,6 @@ tasks:
complex:
root: inputs.instanceID
iscontext: true
- - operator: isNotEmpty
left:
value:
complex:
root: inputs.instanceProfileName
iscontext: true
- label: USER
condition:
- - operator: isEqualString
Expand Down
18 changes: 9 additions & 9 deletions ...hment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS_README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,26 +28,26 @@ This playbook does not use any integrations.

### Scripts

* GeneratePassword
* Set
* GeneratePassword

### Commands

* aws-ec2-describe-iam-instance-profile-associations
* aws-iam-list-attached-role-policies
* aws-iam-list-role-policies
* aws-iam-get-instance-profile
* aws-iam-list-policy-versions
* aws-iam-create-instance-profile
* aws-iam-get-policy-version
* aws-iam-create-role
* aws-iam-attach-policy
* aws-iam-put-role-policy
* aws-iam-get-role-policy
* aws-iam-create-role
* aws-iam-get-policy-version
* aws-ec2-describe-regions
* aws-ec2-describe-iam-instance-profile-associations
* aws-iam-list-policy-versions
* aws-ec2-describe-instances
* aws-iam-update-login-profile
* aws-iam-update-access-key
* aws-iam-get-instance-profile
* aws-ec2-describe-instances
* aws-iam-get-role-policy
* aws-ec2-describe-regions

## Playbook Inputs

Expand Down
7 changes: 7 additions & 0 deletions Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_15.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

#### Playbooks

##### Cloud Credentials Rotation - AWS

- Fixes a bug in the playbook flow where a wrong field was used for the identity type selection
- Removes an unused playbook input from a conditional task
2 changes: 1 addition & 1 deletion Packs/AWS-Enrichment-Remediation/pack_metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "AWS Enrichment and Remediation",
"description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes",
"support": "xsoar",
"currentVersion": "1.1.14",
"currentVersion": "1.1.15",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",
Expand Down