Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSCD Sprint #2] Final Pull Request / Summary #991

Merged
merged 93 commits into from
Jul 21, 2021
Merged

[OSCD Sprint #2] Final Pull Request / Summary #991

merged 93 commits into from
Jul 21, 2021

Conversation

staf711
Copy link
Contributor

@staf711 staf711 commented May 24, 2021
edited by nadouani
Loading

The last set of Sigma rules developed during the second OSCD sprint.

Summary

  • 24 responders;

WIP

Konakin Maxim, TG @staf71, AT Group, 🇷🇺

Added 16 new responders for Palo Alto:

RA3104: Block internal domain
RA3101: Block external IP address
RA3102: Block internal IP address
RA3109: Block user external communication
RA3110: Block user internal communication
RA3109: Block port external communication
RA3108: Block port internal communication
RA5102: Unblock external domain
RA5101: Unblock external IP address
RA5105: Unblock external user
RA5102: Unblock external domain
RA5101: Unblock internal IP address
RA5105: Unblock user internal communication
RA5104: Unblock port external communication
RA5104: Unblock port internal communication

issue 855; PR 886

Cisco:

Added 2 new responders for Duo Security:

RA3601: Lock user account
RA5601: Unlock locked user account

issue 859; PR 891

David Straßegger, @Strassi7, 🇦🇹

Added 5 new responders for Gmail:

RA4201: Delete email message
RA3201: Block domain on email
RA3202: Block sender on email
RA5201: Unblock domain on email
RA5202: Unblock sender on email

issue 859; PR 891

Daniel Weiner, @DanielWeiner93, 🇺🇸

Added 1 new responder for Azure Active Directory:

RA4601: Revoke authentication credentials (API tokens)

issue 858; PR 906

strassi and others added 30 commits October 6, 2020 18:18
added initial files for gmail responder
ef5fa25
implemented basic responder body
f138f1e
implemented blocking and unblocking of messages
2b758ec
added trashing cap and fixed some comments
b95cbba
changed authenticate function
aa77a4a
@districtofpaige
Add files via upload
0400dd3
implemented initial thehive connection
a4de4de
pseudo implemented blocking mechanisms
26bdc4b
implemented service files
8282fdc
implemented blockdomain (with mock block action)
8a2621c
implemented unblock of domain (dirty and fake data)
64c364e
implemented blocksender (fake n dirty)
682849a
added some comments and fixes
ecd92c7
implemented blocking/unblocking
4723ef1
added trash message function and deleted some code
2d57010
implemeted error message if gmail auth fails
bc5f4e9
implemeted deletemessage service
729f9a3
implemeted helper functions for auth and observable requests
d1866f5
replaced variable to fit new helper functions
4570ebe
changed the hive auth
de99000
added comment for dynamic call part
e9c7c92
@staf711
фвв
677c830
@staf711
Add new responders for PaloAltoNGFW
0e5aa7c 
This reverts commit 677c830.
implemeted helper function for tag and deleted useless comments
d16e0b3
removed custom filter field of case
f2496ce
@staf711
Add responce for PaloAltoNGFW
1a8dfc3
implemented servicec account info for gmail auth
b5edcd4
@staf711
Add response with security rules
456bf91 
Response with rules for:
1. IP address
2. domains
3. users

This response contain security rules with default name, for use need add setting PaloAltoNGFW and the hive.
credentails get valid with the first request; patched gmail_auth
0ad4459
@staf711
Add Responder for port with rules
c45961f 
Add Responder for:
1. Block internal port
2. Block external port
3. Unblock internal port
4. Unblock external port
@yugoslavskiy
Copy link
Contributor

@jeromeleonard @nadouani @saadkadhi Hello guys! We are going to finish the sprint with these responders:

image

They all awaiting your approval in their Pull Requests. Looking forward to it (:

@nadouani nadouani changed the base branch from master to develop July 21, 2021 15:49
@jeromeleonard jeromeleonard merged commit 0c6c85c into develop Jul 21, 2021
@nadouani
Copy link
Contributor

@yugoslavskiy Hello, the PR has been merged, and we will release very soon

This was linked to issues Jul 21, 2021
[OSCD Initiative] Develop Responder for Palo Alto NGFW #855
Closed
[OSCD Initiative] Develop Responder for Azure Active Directory #858
Closed
[OSCD Initiative] Develop Responder for Gmail #859
Closed
[OSCD Initiative] Develop Responder for Duo Security #857
Closed
@nadouani nadouani added this to the 3.0.0 milestone Jul 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.0
6 participants
@staf711 @yugoslavskiy @nadouani @jeromeleonard @districtofpaige @strassi