eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/crates/kingfisher-rules/data/rules/trendmicro.yml
Mick Grove 372b0e579e more rules
2026-04-03 21:35:28 -07:00

80 lines
2.6 KiB
YAML
Raw Permalink Blame History

rules:
- name: Trend Micro Deep Security API Key
id: kingfisher.trendmicro.1
pattern: |
(?xi)
(?:deepsecurity|api[_-]?secret[_-]?key)
(?:.|[\n\r]){0,32}?
[=:"'\s]
\b
(
[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}
:
[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}
:
[A-Za-z0-9+/]{40,60}={0,2}
)
pattern_requirements:
min_digits: 10
min_entropy: 3.5
confidence: high
examples:
- "configuration.api_key['api-secret-key'] = \"A1B2C3D4-123F-789B-8730-BFB8F436C404:8C8ABCB9-C17A-4074-B439-C80F512FCC8A:0b84PcDP8pMKfhY28a5cTXL03bgrMnPYHzuKLxwvz8U=\""
- "api_secret_key = \"E5F6A7B8-1234-5678-ABCD-EF0123456789:12345678-ABCD-1234-ABCD-123456789ABC:Xk93PcDP8pMKfhY28a5cTXL03bgrMnPYHzuKLxwvXY=\""
references:
- https://automation.deepsecurity.trendmicro.com/article/20_0/api-reference/
- https://cloudone.trendmicro.com/docs/account-and-user-management/c1-api-key/
validation:
type: Http
content:
request:
method: GET
url: https://app.deepsecurity.trendmicro.com/api/apikeys
headers:
api-secret-key: "{{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: StatusMatch
status: [401, 403]
negative: true
- name: Trend Micro Cloud One API Key
id: kingfisher.trendmicro.2
pattern: |
(?x)
\b
(
tmc1
[A-Za-z0-9]{26,32}
:
[A-Za-z0-9]{60,70}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.5
confidence: high
examples:
- "apikey = \"tmc19x73r7hegUnG30NSt8BO3UxoY3Z:8TdvS0r4ncyB7audRVbMSc2rSehMQWfXCkSJ9crBr0F0rc3GU4nd3rBr0bLernrSp8\""
- "TMC_API_KEY=tmc1AbCdEfGhIjKlMnOpQrStUvWxYz12:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
references:
- https://cloudone.trendmicro.com/docs/account-and-user-management/c1-api-key/
validation:
type: Http
content:
request:
method: GET
url: https://cloudone.trendmicro.com/api/accounts/me
headers:
Authorization: "ApiKey {{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: StatusMatch
status: [401, 403]
negative: true
View git blame Copy permalink