forked from mirrors/kingfisher
53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
rules:
|
|
- name: Keen.io API Key
|
|
id: kingfisher.keenio.1
|
|
pattern: |
|
|
(?xi)
|
|
(?:keen)
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:API|READ|WRITE|MASTER|KEY|SECRET|TOKEN)
|
|
(?:.|[\n\r]){0,16}?
|
|
\b
|
|
(
|
|
[A-Fa-f0-9]{64}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 3.5
|
|
examples:
|
|
- "KEEN_READ_KEY=a3b8f29e4d1c6a0578e23d9f41b6c8e2f7d2a1b849c3b05d6e81f2a794c3d5b0"
|
|
- 'keen_write_key: "9f4b2d7e1a3c8056d2e7f1b94a6c3d80e7d2a1f849c3b05d6e81f2a794c3d5b0"'
|
|
- "export KEEN_API_KEY=d4e8f2a7b1c39605d2e7f1b94a6c3d80a3b8f29e4d1c6a0578e23d9f41b6c8e2"
|
|
references:
|
|
- https://keen.io/docs/api/
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.keenio.2
|
|
variable: KEEN_PROJECT_ID
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://api.keen.io/3.0/projects/{{ KEEN_PROJECT_ID }}/events?api_key={{ TOKEN }}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
|
|
- name: Keen.io Project ID
|
|
id: kingfisher.keenio.2
|
|
visible: false
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(?:KEEN_PROJECT_ID|keen_project_id|PROJECT_ID|project_id)
|
|
\s* [=:] \s* ["']?
|
|
(
|
|
[a-f0-9]{24}
|
|
)
|
|
["']?
|
|
confidence: medium
|
|
min_entropy: 1.0
|
|
examples:
|
|
- 'KEEN_PROJECT_ID=507f1f77bcf86cd799439011'
|
|
- 'project_id: "5f47ac10e91b2a0017b4c8d2"'
|