rules:
  - name: Sumo Logic Access ID
    id: kingfisher.sumologic.1
    pattern: |
      (?xi)
      \b
      sumo
      (?:.|[\n\r]){0,32}?
      (?:access|id)
      (?:.|[\n\r]){0,16}?
      \b
      (
        su[A-Za-z0-9]{10,14}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    visible: false
    examples:
      - 'config.sumologic.access.id = "suK9mP2nQ7rT4wX8"'

  - name: Sumo Logic Access Key
    id: kingfisher.sumologic.2
    pattern: |
      (?xi)
      \b
      sumo
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [A-Za-z0-9]{62,64}
      )
      \b
    pattern_requirements:
      min_digits: 2
      min_uppercase: 2
      min_lowercase: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - '// SumoLogic Private Token: M7nP4qR2tV9wX5yZ8aB1cD3eF5gH7iJ9kL2mN4oP6qR8sT0uV2wX4yZ6aB8cD0eF'
    references:
      - https://help.sumologic.com/docs/manage/security/access-keys/
    
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://api.sumologic.com/api/v1/accessKeys
          headers:
            Accept: application/json
            Authorization: "Basic {{ ACCESS_ID | append: ':' | append: TOKEN | b64enc }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid
    depends_on_rule:
      - rule_id: "kingfisher.sumologic.1"
        variable: ACCESS_ID
    
    revocation:
      type: Http
      content:
        request:
          method: DELETE
          url: https://api.sumologic.com/api/v1/accessKeys/{{ ACCESS_ID }}
          headers:
            Authorization: "Basic {{ ACCESS_ID | append: ':' | append: TOKEN | b64enc }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [204]