# Step 1: Evidence Details

|System|Source of data|Frameworks|Purpose|
|---|---|---|---|
|aws|wiz-integrations|-|The purpose of this task is to fetch assessment details and the latest assessment run evidence, then evaluate ticket creation and closure times against the SLA to update the evidence with compliance statuses accordingly for vulnerability report.|

```
RecomendedEvidenceName: TicketMonitoringReport
```


# Step 2: Define the System Specific Data (a.k.a Extended Data Schema)
# Step 2a: Inputs
  - AssessmentName
    - DataType - String
    - Case Sensitive
  - ControlNumber
    - DataType - String
  - EvidenceName
    - DataType - String
    - Case Sensitive
  - SLAInHours
    - DataType - Integer

# Step 2b: API & Flow

  - GET  {domain_url}/api/v1/plans
     - This endpoint retrieves a list of available plans and is used to obtain the assessment_id for a given assessment name.
  - GET {domain_url}/api/v5/partner/assessment-runs?page=1&page_size=1&assessment_id={assessment_id}
     - This endpoint retrieves a list of assessment runs for a specific assessment_id.
     - Query parameter:
        - page: (integer) The page number to retrieve.
        - page_size: (integer) The number of assessment runs per page.
        - assessment_id: (string) The unique identifier of the assessment obtained from the response of the previous API call.
  - GET  {domain_url}/api/v5/partner/assessment-runs/{assessment_run_id}
     - This endpoint retrieves the details of a specific assessment run by its assessment_run_id.
  - GET {domain_url}/api/v5/partner/assessment-runs/{assessment_run_id}/controls/{control_id}/evidence/{evidence_id}?fileFormat=JSON
     - This endpoint retrieves the evidence associated with a specific control in an assessment run, in the specified file format (e.g., JSON).
     - Query parameter:
        - fileFormat: (string) The format in which the evidence should be returned (e.g., JSON).

# Step 2b: Define the Extended Schema

In [None]:
{
      "id": "12jh34j23v5uo3g511324hikm",
      "System": "AWS",
      "Source": "wiz-integrations",
      "ResourceID": "arn:aws:ec2:us-east-1:234123498732:instance/i-3124kjh3krb1b34",
      "ResourceName": "arn:aws:ec2:us-east-1:2341234934234:instance/i-3124kjh3krb1b34",
      "ResourceType": "virtualMachine",
      "WizResourceType": "VIRTUAL_MACHINE",
      "ResourceURL": "https://us-east-1.console.aws.amazon.com/ec2/v2/home?region=us-east-1#InstanceDetails:instanceId=i-3124kjh3krb1b34",
      "ResourceLocation": "us-east-1",
      "ResourceTags": "{\"itayAr-train\": \"\"}",
      "ComplianceStatus": "NON_COMPLIANT",
      "ComplianceStatusReason": "Unresolved vulnerabilties in the asset undermines cyber security efforts and puts the whole organization under threat",
      "ValidationStatusCode": "OPEN_VULNERABILITIES_FOUND",
      "ValidationStatusNotes": "There are one or more open vulnerabilities detected for this type",
      "Has Vulnerabilities": "Yes",
      "Max CVSSSeverity": "Critical",
      "Max Score": "9.8",
      "Max Exploitability Score": "6.0",
      "Max Impact Score": "6.0",
      "Has Exploit": true,
      "Has CisaKev Exploit": true,
      "Vendor Severity": "High",
      "LastEvaluatedTime": "2024-09-09T21:09:44Z",
      "Environments": [],
      "ResourceStatus": "Active",
      "TicketId": "1234",
      "TicketStatus": "closed",
      "TicketCreatedDate": "2024-09-10 14:39:50.000000 UTC",
      "TicketClosedDate": "2024-09-10 14:41:22.767000 UTC",
      "UserAction": "",
      "ActionStatus": "",
      "ActionResponseURL": "",
      "recordguid__": "123kjb1kj4b12k234j1hb",
      "rowno__": 13,
      "recordstatus__": "active",
      "created_at__": "2024/09/10 12:41:51",
      "last_updated_at__": "2024/09/10 14:42:18",
      "tags__": null,
      "created_by__": "system",
      "last_updated_by__": "123jn14-41j3-412j-j1n2-23n1k4k1223",
      "linkedrecordguids__": null,
      "actions__": null,
      "user_actions__": null,
      "proposals__": null,
      "records_tags__": null,
      "link_data__": null,
      "related_data__": null,
      "status__": null,
      "signal__": null,
      "exceptions__": null,
      "owner__": "123jn14-41j3-412j-j1n2-23n1k4k1223",
      "remediation__": null
}

# Step 3: Define the Standard Schema

In [None]:
{
    # Meta
    "System": "AWS",
    "Source": "wiz-integrations",

    # Resource info
    "ResourceID": "arn:aws:ec2:us-east-1:234123498732:instance/i-3124kjh3krb1b34",
    "ResourceName": "arn:aws:ec2:us-east-1:2341234934234:instance/i-3124kjh3krb1b34",
    "ResourceType": "virtualMachine",
    "ResourceLocation": "us-east-1",
    "ResourceTags": "{\"itayAr-train\": \"\"}",
    "ResourceURL": "https://us-east-1.console.aws.amazon.com/ec2/v2/home?region=us-east-1#InstanceDetails:instanceId=i-3124kjh3krb1b34",

    # Data
    "SLAInHours": "2",
    "TicketId": "1234",
    "TicketStatus": "closed",
    "TicketCreatedDate": "2024-09-10 14:39:50.000000 UTC",
    "TicketClosedDate": "2024-09-10 14:41:22.767000 UTC",

    # Compliance details
    "ValidationStatusCode": "TCKT_CLOSED_WITHIN_SLA",
    "ValidationStatusNotes": "Vulnerability was remediated within SLA (ticket opened and closed within SLA).",
    "ComplianceStatus": "COMPLIANT",
    "ComplianceStatusReason": "The record is compliant, since the ticket was both opened and closed within SLA time.",
    "EvaluatedTime": "2024-07-06T17:17:28.109334Z",

    # User editable data
    "UserAction":"",

    # Action editable data
    "ActionStatus":"",
    "ActionResponseURL":""
}

# Step 3a: Sample Data

|System|Source|ResourceID|ResourceName|ResourceType|ResourceLocation|ResourceTags|ResourceURL|SLAInHours|TicketId|TicketStatus|TicketCreatedDate|TicketClosedData|ValidationStatusCode|ValidationStatusNotes|ComplianceStatus|ComplianceStatusReason|EvaluatedTime|UserAction|ActionStatus|ActionResponseURL|
|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|------|
|AWS|wiz-integrations|arn:aws:ec2:us-east-1:234123498732:instance/i-3124kjh3krb1b34|arn:aws:ec2:us-east-1:2341234934234:instance/i-3124kjh3krb1b34|virtualMachine|us-east-1|{\"itayAr-train\": \"\"}|https://us-east-1.console.aws.amazon.com/ec2/v2/home?region={region}#InstanceDetails:instanceId=i-3124kjh3krb1b34|2|1234|closed|2024-09-10 14:39:50.000000 UTC|2024-09-10 14:41:22.767000 UTC|TCKT_CLSD_IN_SLA|Vulnerability was remediated within SLA (ticket opened and closed within SLA).|COMPLIANT|The record is compliant, since the ticket was both opened and closed within SLA time.|2024-07-06T17:17:28.109334Z||||


# Step 4: Describe the Compliance Taxonomy

|ValidationStatusCode|ValidationStatusNotes|ComplianceStatus|ComplianceStatusReason|
|---|---|---|---|
|TCKT_CLSD_IN_SLA|Vulnerability was remediated within SLA (ticket opened and closed within SLA).|COMPLIANT|The record is compliant, since the ticket was both opened and closed within SLA time.|
|TCKT_OPEN_IN_SLA|The ticket is open, and the SLA has not yet expired.|COMPLIANT|The record is compliant, as the ticket is still open and within the SLA period.|
|TCKT_CLSD_SLA_BRCH|Vulnerability was not remediated within SLA (ticket closed after SLA).|NON_COMPLIANT|The record is non-compliant, since the ticket closed after SLA time.|
|TCKT_OPEN_SLA_BRCH|SLA is breached and the ticket is still open.|NON_COMPLIANT|The record is non-compliant, since SLA was breached and the ticket is still open.|
|TCKT_NOT_OPEN|Ticket was not opened for the vulnerability.|NON_COMPLIANT|The record is non-compliant, since no ticket was opened to address the vulnerability.|

# Step 5: Calculation for Compliance Percentage and Status

In [None]:
# Calculation of Compliance Percentage

TotalCount = Count of 'COMPLIANT' and 'NON_COMPLIANT' records
CompliantCount = Count of 'COMPLIANT' records

CompliancePCT = (CompliantCount / TotalCount) * 100

Compliance Status
COMPLIANT - 100%
NON_COMPLIANT - 0% to less than 100%
NOT_DETERMINED - If no records are found.

\# Step 6: Describe (in words) the Remediation Steps for Non-Compliance

# Step 7. Control Setup Details

| Control Details            |                               |
|----------------------------|-------------------------------|
| **RuleName**               | TicketMonitoring              |
| **PreRequisiteRuleNames**  |   N/A                         |
| **ExtendedSchemaRuleNames**| N/A                           |
| **ApplicationClassName**   | compliancecow                 |
| **PostSynthesizerName**    |             N/A               |