forked from mirrors/kingfisher
78 lines
1.9 KiB
YAML
78 lines
1.9 KiB
YAML
rules:
|
|
- name: Sumo Logic Access ID
|
|
id: kingfisher.sumologic.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
sumo
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:access|id)
|
|
(?:.|[\n\r]){0,16}?
|
|
\b
|
|
(
|
|
su[A-Za-z0-9]{10,14}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
visible: false
|
|
examples:
|
|
- 'config.sumologic.access.id = "suK9mP2nQ7rT4wX8"'
|
|
|
|
- name: Sumo Logic Access Key
|
|
id: kingfisher.sumologic.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
sumo
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
[A-Za-z0-9]{62,64}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_lowercase: 2
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- '// SumoLogic Private Token: M7nP4qR2tV9wX5yZ8aB1cD3eF5gH7iJ9kL2mN4oP6qR8sT0uV2wX4yZ6aB8cD0eF'
|
|
references:
|
|
- https://help.sumologic.com/docs/manage/security/access-keys/
|
|
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: https://api.sumologic.com/api/v1/accessKeys
|
|
headers:
|
|
Accept: application/json
|
|
Authorization: "Basic {{ ACCESS_ID | append: ':' | append: TOKEN | b64enc }}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: JsonValid
|
|
depends_on_rule:
|
|
- rule_id: "kingfisher.sumologic.1"
|
|
variable: ACCESS_ID
|
|
|
|
revocation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: DELETE
|
|
url: https://api.sumologic.com/api/v1/accessKeys/{{ ACCESS_ID }}
|
|
headers:
|
|
Authorization: "Basic {{ ACCESS_ID | append: ':' | append: TOKEN | b64enc }}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [204]
|