/
mongodb_external_user_invited.yml
73 lines (73 loc) · 2.3 KB
/
mongodb_external_user_invited.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
AnalysisType: rule
Description: "An external user has been invited to a MongoDB org. "
DisplayName: "MongoDB External User Invited"
Enabled: true
Filename: mongodb_external_user_invited.py
Severity: Medium
Reference: https://www.mongodb.com/docs/v4.2/tutorial/create-users/
Tags:
- Configuration Required
Tests:
- ExpectedResult: false
Mocks:
- objectName: ALLOWED_DOMAINS
returnValue: >-
[
"company.com"
]
Log:
created: "2023-06-07 16:57:55"
currentValue: {}
eventTypeName: INVITED_TO_ORG
id: 6480b7139bd8a012345ABCDE
isGlobalAdmin: false
links:
- href: https://cloud.mongodb.com/api/atlas/v1.0/orgs/12345xyzlmnce4f17d6e8e130/events/6480b7139bd8a012345ABCDE
rel: self
orgId: 12345xyzlmnce4f17d6e8e130
p_event_time: "2023-06-07 16:57:55"
p_log_type: MongoDB.OrganizationEvent
p_parse_time: "2023-06-07 17:04:42.59"
p_row_id: ea276b16216684d9e198c0d0188a3d
p_schema_version: 0
p_source_id: 7c3cb124-9c30-492c-99e6-46518c232d73
p_source_label: MongoDB
remoteAddress: 1.2.3.4
targetUsername: insider@company.com
userId: 647f654f93bebc69123abc1
username: user@company.com
Name: Internal Invite
- ExpectedResult: true
Mocks:
- objectName: ALLOWED_DOMAINS
returnValue: >-
[
"company.com"
]
Log:
created: "2023-06-07 16:57:55"
currentValue: {}
eventTypeName: INVITED_TO_ORG
id: 6480b7139bd8a012345ABCDE
isGlobalAdmin: false
links:
- href: https://cloud.mongodb.com/api/atlas/v1.0/orgs/12345xyzlmnce4f17d6e8e130/events/6480b7139bd8a012345ABCDE
rel: self
orgId: 12345xyzlmnce4f17d6e8e130
p_event_time: "2023-06-07 16:57:55"
p_log_type: MongoDB.OrganizationEvent
p_parse_time: "2023-06-07 17:04:42.59"
p_row_id: ea276b16216684d9e198c0d0188a3d
p_schema_version: 0
p_source_id: 7c3cb124-9c30-492c-99e6-46518c232d73
p_source_label: MongoDB
remoteAddress: 1.2.3.4
targetUsername: outsider@other.com
userId: 647f654f93bebc69123abc1
username: user@company.com
Name: External User Invite
DedupPeriodMinutes: 60
LogTypes:
- MongoDB.OrganizationEvent
RuleID: "MongoDB.External.UserInvited"
Threshold: 1