Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Rule] Potential AWS Credential Exposure #955

Open
bm11100 opened this issue Feb 22, 2021 · 1 comment
Open

[New Rule] Potential AWS Credential Exposure #955

bm11100 opened this issue Feb 22, 2021 · 1 comment
Assignees
@bm11100
Labels
backlog Integration: AWS AWS related rules Rule: New Proposal for new rule v7.14.0 7.14 rules release package

Comments

@bm11100
Copy link
Contributor

bm11100 commented Feb 22, 2021
edited

Description

Noting these AWS API calls that return credentials. These could be split into multiple rules based on different datasets or a single rule targeting all possible exposures based on noise testing.

Required Info

  • Eventing Sources:
  • Target Operating Systems:

  • Platforms
    aws

  • Target ECS Version: x.x.x

  • New fields required in ECS for this?

  • Related issues or PRs

Optional Info

APIs

chime:CreateApiKey
codepipeline:PollForJobs
cognito-identity:GetOpenIdToken
cognito-identity:GetOpenIdTokenForDeveloperIdentity
cognito-identity:GetCredentialsForIdentity
connect:GetFederationToken
connect:GetFederationTokens
ecr:GetAuthorizationToken
gamelift:RequestUploadCredentials
iam:CreateAccessKey
iam:CreateLoginProfile
iam:CreateServiceSpecificCredential
iam:ResetServiceSpecificCredential
iam:UpdateAccessKey
lightsail:GetInstanceAccessDetails
lightsail:GetRelationalDatabaseMasterUserPassword
rds-db:connect
redshift:GetClusterCredentials
sso:GetRoleCredentials
mediapackage:RotateChannelCredentials
mediapackage:RotateIngestEndpointCredentials
sts:AssumeRole
sts:AssumeRoleWithSaml
sts:AssumeRoleWithWebIdentity
sts:GetFederationToken
sts:GetSessionToken
@bm11100 bm11100 added Integration: AWS AWS related rules Rule: New Proposal for new rule labels Feb 22, 2021
@bm11100 bm11100 self-assigned this Feb 22, 2021
@bm11100 bm11100 added the v7.14.0 7.14 rules release package label Mar 15, 2021
This was referenced Apr 26, 2021
Closed
Closed
This was referenced May 18, 2021
Merged
Merged
@botelastic
Copy link

botelastic bot commented Aug 25, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale 60 days of inactivity label Aug 25, 2021
@botelastic botelastic bot removed the stale 60 days of inactivity label Aug 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bm11100 bm11100

Labels
backlog Integration: AWS AWS related rules Rule: New Proposal for new rule v7.14.0 7.14 rules release package
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brokensound77 @bm11100