diff --git a/Pipfile b/Pipfile index d6724ed71..ad90510e5 100644 --- a/Pipfile +++ b/Pipfile @@ -19,7 +19,7 @@ wrapt = "~=1.15" [packages] policyuniverse = "==1.5.1.20230817" requests = "==2.31.0" -panther-analysis-tool = "~=0.52.1" +panther-analysis-tool = "~=0.52.2" panther-detection-helpers = "==0.4.0" [requires] diff --git a/Pipfile.lock b/Pipfile.lock index e5710a507..ee193312b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "2d6cb439cae8e43dfd78b3fafd7deaae66532baa23cb71f55f844946ac8c3bd4" + "sha256": "026afcb94cce204a0503a31f2038233be9ca4d5dd9a527ac293d76b8085df102" }, "pipfile-spec": 6, "requires": { @@ -162,27 +162,27 @@ }, "boto3": { "hashes": [ - "sha256:b41deed9ca7e0a619510a22e256e3e38b5f532624b4aff8964a1e870877b37bc", - "sha256:c35c560ef0cb0f133b6104bc374d60eeb7cb69c1d5d7907e4305a285d162bef0" + "sha256:47e89d95964f10beee21ee723c3290874fddf364269bd97d200e8bfa9bf93a06", + "sha256:aaddbeb8c37608492f2c8286d004101464833d4c6e49af44601502b8b18785ed" ], "markers": "python_version >= '3.8'", - "version": "==1.35.6" + "version": "==1.35.20" }, "botocore": { "hashes": [ - "sha256:8378c6cfef2dee15eb7b3ebbb55ba9c1de959f231292039b81eb35b72c50ad59", - "sha256:93ef31b80b05758db4dd67e010348a05b9ff43f82839629b7ac334f2a454996e" + "sha256:62412038f960691a299e60492f9ee7e8e75af563f2eca7f3640b3b54b8f5d236", + "sha256:82ad8a73fcd5852d127461c8dadbe40bf679f760a4efb0dde8d4d269ad3f126f" ], "markers": "python_version >= '3.8'", - "version": "==1.35.6" + "version": "==1.35.20" }, "certifi": { "hashes": [ - "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", - "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90" + "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8", + "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9" ], "markers": "python_version >= '3.6'", - "version": "==2024.7.4" + "version": "==2024.8.30" }, "chardet": { "hashes": [ @@ -314,11 +314,11 @@ }, "diff-cover": { "hashes": [ - "sha256:2d520d6c4f41674c7e3010ce5e0f637bd2fab4dc2f8e3e174ad39e0364318310", - "sha256:b5ed20955b3ebdee94476e429cfd9f1324e1c19a04c4aae32a893b11c3673f1e" + "sha256:1e24edc51c39e810c47dd9986e76c333ed95859655c091f572e590c39cabbdbe", + "sha256:85a0b353ebbb678f9e87ea303f75b545bd0baca38f563219bb72f2ae862bba36" ], "markers": "python_full_version >= '3.8.10' and python_full_version < '4.0.0'", - "version": "==9.1.1" + "version": "==9.2.0" }, "dynaconf": { "hashes": [ @@ -420,19 +420,19 @@ }, "graphql-core": { "hashes": [ - "sha256:06d2aad0ac723e35b1cb47885d3e5c45e956a53bc1b209a9fc5369007fe46676", - "sha256:5766780452bd5ec8ba133f8bf287dc92713e3868ddd83aee4faab9fc3e303dc3" + "sha256:1604f2042edc5f3114f49cac9d77e25863be51b23a54a61a23245cf32f6476f0", + "sha256:acbe2e800980d0e39b4685dd058c2f4042660b89ebca38af83020fd872ff1264" ], "markers": "python_version >= '3.6' and python_version < '4'", - "version": "==3.2.3" + "version": "==3.2.4" }, "idna": { "hashes": [ - "sha256:050b4e5baadcd44d760cedbd2b8e639f2ff89bbc7a5730fcc662954303377aac", - "sha256:d838c2c0ed6fced7693d5e8ab8e734d5f8fda53a039c0164afb0b82e771e3603" + "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", + "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" ], "markers": "python_version >= '3.6'", - "version": "==3.8" + "version": "==3.10" }, "iniconfig": { "hashes": [ @@ -557,99 +557,101 @@ }, "multidict": { "hashes": [ - "sha256:01265f5e40f5a17f8241d52656ed27192be03bfa8764d88e8220141d1e4b3556", - "sha256:0275e35209c27a3f7951e1ce7aaf93ce0d163b28948444bec61dd7badc6d3f8c", - "sha256:04bde7a7b3de05732a4eb39c94574db1ec99abb56162d6c520ad26f83267de29", - "sha256:04da1bb8c8dbadf2a18a452639771951c662c5ad03aefe4884775454be322c9b", - "sha256:09a892e4a9fb47331da06948690ae38eaa2426de97b4ccbfafbdcbe5c8f37ff8", - "sha256:0d63c74e3d7ab26de115c49bffc92cc77ed23395303d496eae515d4204a625e7", - "sha256:107c0cdefe028703fb5dafe640a409cb146d44a6ae201e55b35a4af8e95457dd", - "sha256:141b43360bfd3bdd75f15ed811850763555a251e38b2405967f8e25fb43f7d40", - "sha256:14c2976aa9038c2629efa2c148022ed5eb4cb939e15ec7aace7ca932f48f9ba6", - "sha256:19fe01cea168585ba0f678cad6f58133db2aa14eccaf22f88e4a6dccadfad8b3", - "sha256:1d147090048129ce3c453f0292e7697d333db95e52616b3793922945804a433c", - "sha256:1d9ea7a7e779d7a3561aade7d596649fbecfa5c08a7674b11b423783217933f9", - "sha256:215ed703caf15f578dca76ee6f6b21b7603791ae090fbf1ef9d865571039ade5", - "sha256:21fd81c4ebdb4f214161be351eb5bcf385426bf023041da2fd9e60681f3cebae", - "sha256:220dd781e3f7af2c2c1053da9fa96d9cf3072ca58f057f4c5adaaa1cab8fc442", - "sha256:228b644ae063c10e7f324ab1ab6b548bdf6f8b47f3ec234fef1093bc2735e5f9", - "sha256:29bfeb0dff5cb5fdab2023a7a9947b3b4af63e9c47cae2a10ad58394b517fddc", - "sha256:2f4848aa3baa109e6ab81fe2006c77ed4d3cd1e0ac2c1fbddb7b1277c168788c", - "sha256:2faa5ae9376faba05f630d7e5e6be05be22913782b927b19d12b8145968a85ea", - "sha256:2ffc42c922dbfddb4a4c3b438eb056828719f07608af27d163191cb3e3aa6cc5", - "sha256:37b15024f864916b4951adb95d3a80c9431299080341ab9544ed148091b53f50", - "sha256:3cc2ad10255f903656017363cd59436f2111443a76f996584d1077e43ee51182", - "sha256:3d25f19500588cbc47dc19081d78131c32637c25804df8414463ec908631e453", - "sha256:403c0911cd5d5791605808b942c88a8155c2592e05332d2bf78f18697a5fa15e", - "sha256:411bf8515f3be9813d06004cac41ccf7d1cd46dfe233705933dd163b60e37600", - "sha256:425bf820055005bfc8aa9a0b99ccb52cc2f4070153e34b701acc98d201693733", - "sha256:435a0984199d81ca178b9ae2c26ec3d49692d20ee29bc4c11a2a8d4514c67eda", - "sha256:4a6a4f196f08c58c59e0b8ef8ec441d12aee4125a7d4f4fef000ccb22f8d7241", - "sha256:4cc0ef8b962ac7a5e62b9e826bd0cd5040e7d401bc45a6835910ed699037a461", - "sha256:51d035609b86722963404f711db441cf7134f1889107fb171a970c9701f92e1e", - "sha256:53689bb4e102200a4fafa9de9c7c3c212ab40a7ab2c8e474491914d2305f187e", - "sha256:55205d03e8a598cfc688c71ca8ea5f66447164efff8869517f175ea632c7cb7b", - "sha256:5c0631926c4f58e9a5ccce555ad7747d9a9f8b10619621f22f9635f069f6233e", - "sha256:5cb241881eefd96b46f89b1a056187ea8e9ba14ab88ba632e68d7a2ecb7aadf7", - "sha256:60d698e8179a42ec85172d12f50b1668254628425a6bd611aba022257cac1386", - "sha256:612d1156111ae11d14afaf3a0669ebf6c170dbb735e510a7438ffe2369a847fd", - "sha256:6214c5a5571802c33f80e6c84713b2c79e024995b9c5897f794b43e714daeec9", - "sha256:6939c95381e003f54cd4c5516740faba40cf5ad3eeff460c3ad1d3e0ea2549bf", - "sha256:69db76c09796b313331bb7048229e3bee7928eb62bab5e071e9f7fcc4879caee", - "sha256:6bf7a982604375a8d49b6cc1b781c1747f243d91b81035a9b43a2126c04766f5", - "sha256:766c8f7511df26d9f11cd3a8be623e59cca73d44643abab3f8c8c07620524e4a", - "sha256:76c0de87358b192de7ea9649beb392f107dcad9ad27276324c24c91774ca5271", - "sha256:76f067f5121dcecf0d63a67f29080b26c43c71a98b10c701b0677e4a065fbd54", - "sha256:7901c05ead4b3fb75113fb1dd33eb1253c6d3ee37ce93305acd9d38e0b5f21a4", - "sha256:79660376075cfd4b2c80f295528aa6beb2058fd289f4c9252f986751a4cd0496", - "sha256:79a6d2ba910adb2cbafc95dad936f8b9386e77c84c35bc0add315b856d7c3abb", - "sha256:7afcdd1fc07befad18ec4523a782cde4e93e0a2bf71239894b8d61ee578c1319", - "sha256:7be7047bd08accdb7487737631d25735c9a04327911de89ff1b26b81745bd4e3", - "sha256:7c6390cf87ff6234643428991b7359b5f59cc15155695deb4eda5c777d2b880f", - "sha256:7df704ca8cf4a073334e0427ae2345323613e4df18cc224f647f251e5e75a527", - "sha256:85f67aed7bb647f93e7520633d8f51d3cbc6ab96957c71272b286b2f30dc70ed", - "sha256:896ebdcf62683551312c30e20614305f53125750803b614e9e6ce74a96232604", - "sha256:92d16a3e275e38293623ebf639c471d3e03bb20b8ebb845237e0d3664914caef", - "sha256:99f60d34c048c5c2fabc766108c103612344c46e35d4ed9ae0673d33c8fb26e8", - "sha256:9fe7b0653ba3d9d65cbe7698cca585bf0f8c83dbbcc710db9c90f478e175f2d5", - "sha256:a3145cb08d8625b2d3fee1b2d596a8766352979c9bffe5d7833e0503d0f0b5e5", - "sha256:aeaf541ddbad8311a87dd695ed9642401131ea39ad7bc8cf3ef3967fd093b626", - "sha256:b55358304d7a73d7bdf5de62494aaf70bd33015831ffd98bc498b433dfe5b10c", - "sha256:b82cc8ace10ab5bd93235dfaab2021c70637005e1ac787031f4d1da63d493c1d", - "sha256:c0868d64af83169e4d4152ec612637a543f7a336e4a307b119e98042e852ad9c", - "sha256:c1c1496e73051918fcd4f58ff2e0f2f3066d1c76a0c6aeffd9b45d53243702cc", - "sha256:c9bf56195c6bbd293340ea82eafd0071cb3d450c703d2c93afb89f93b8386ccc", - "sha256:cbebcd5bcaf1eaf302617c114aa67569dd3f090dd0ce8ba9e35e9985b41ac35b", - "sha256:cd6c8fca38178e12c00418de737aef1261576bd1b6e8c6134d3e729a4e858b38", - "sha256:ceb3b7e6a0135e092de86110c5a74e46bda4bd4fbfeeb3a3bcec79c0f861e450", - "sha256:cf590b134eb70629e350691ecca88eac3e3b8b3c86992042fb82e3cb1830d5e1", - "sha256:d3eb1ceec286eba8220c26f3b0096cf189aea7057b6e7b7a2e60ed36b373b77f", - "sha256:d65f25da8e248202bd47445cec78e0025c0fe7582b23ec69c3b27a640dd7a8e3", - "sha256:d6f6d4f185481c9669b9447bf9d9cf3b95a0e9df9d169bbc17e363b7d5487755", - "sha256:d84a5c3a5f7ce6db1f999fb9438f686bc2e09d38143f2d93d8406ed2dd6b9226", - "sha256:d946b0a9eb8aaa590df1fe082cee553ceab173e6cb5b03239716338629c50c7a", - "sha256:dce1c6912ab9ff5f179eaf6efe7365c1f425ed690b03341911bf4939ef2f3046", - "sha256:de170c7b4fe6859beb8926e84f7d7d6c693dfe8e27372ce3b76f01c46e489fcf", - "sha256:e02021f87a5b6932fa6ce916ca004c4d441509d33bbdbeca70d05dff5e9d2479", - "sha256:e030047e85cbcedbfc073f71836d62dd5dadfbe7531cae27789ff66bc551bd5e", - "sha256:e0e79d91e71b9867c73323a3444724d496c037e578a0e1755ae159ba14f4f3d1", - "sha256:e4428b29611e989719874670fd152b6625500ad6c686d464e99f5aaeeaca175a", - "sha256:e4972624066095e52b569e02b5ca97dbd7a7ddd4294bf4e7247d52635630dd83", - "sha256:e7be68734bd8c9a513f2b0cfd508802d6609da068f40dc57d4e3494cefc92929", - "sha256:e8e94e6912639a02ce173341ff62cc1201232ab86b8a8fcc05572741a5dc7d93", - "sha256:ea1456df2a27c73ce51120fa2f519f1bea2f4a03a917f4a43c8707cf4cbbae1a", - "sha256:ebd8d160f91a764652d3e51ce0d2956b38efe37c9231cd82cfc0bed2e40b581c", - "sha256:eca2e9d0cc5a889850e9bbd68e98314ada174ff6ccd1129500103df7a94a7a44", - "sha256:edd08e6f2f1a390bf137080507e44ccc086353c8e98c657e666c017718561b89", - "sha256:f285e862d2f153a70586579c15c44656f888806ed0e5b56b64489afe4a2dbfba", - "sha256:f2a1dee728b52b33eebff5072817176c172050d44d67befd681609b4746e1c2e", - "sha256:f7e301075edaf50500f0b341543c41194d8df3ae5caf4702f2095f3ca73dd8da", - "sha256:fb616be3538599e797a2017cccca78e354c767165e8858ab5116813146041a24", - "sha256:fce28b3c8a81b6b36dfac9feb1de115bab619b3c13905b419ec71d03a3fc1423", - "sha256:fe5d7785250541f7f5019ab9cba2c71169dc7d74d0f45253f8313f436458a4ef" + "sha256:052e10d2d37810b99cc170b785945421141bf7bb7d2f8799d431e7db229c385f", + "sha256:06809f4f0f7ab7ea2cabf9caca7d79c22c0758b58a71f9d32943ae13c7ace056", + "sha256:071120490b47aa997cca00666923a83f02c7fbb44f71cf7f136df753f7fa8761", + "sha256:0c3f390dc53279cbc8ba976e5f8035eab997829066756d811616b652b00a23a3", + "sha256:0e2b90b43e696f25c62656389d32236e049568b39320e2735d51f08fd362761b", + "sha256:0e5f362e895bc5b9e67fe6e4ded2492d8124bdf817827f33c5b46c2fe3ffaca6", + "sha256:10524ebd769727ac77ef2278390fb0068d83f3acb7773792a5080f2b0abf7748", + "sha256:10a9b09aba0c5b48c53761b7c720aaaf7cf236d5fe394cd399c7ba662d5f9966", + "sha256:16e5f4bf4e603eb1fdd5d8180f1a25f30056f22e55ce51fb3d6ad4ab29f7d96f", + "sha256:188215fc0aafb8e03341995e7c4797860181562380f81ed0a87ff455b70bf1f1", + "sha256:189f652a87e876098bbc67b4da1049afb5f5dfbaa310dd67c594b01c10388db6", + "sha256:1ca0083e80e791cffc6efce7660ad24af66c8d4079d2a750b29001b53ff59ada", + "sha256:1e16bf3e5fc9f44632affb159d30a437bfe286ce9e02754759be5536b169b305", + "sha256:2090f6a85cafc5b2db085124d752757c9d251548cedabe9bd31afe6363e0aff2", + "sha256:20b9b5fbe0b88d0bdef2012ef7dee867f874b72528cf1d08f1d59b0e3850129d", + "sha256:22ae2ebf9b0c69d206c003e2f6a914ea33f0a932d4aa16f236afc049d9958f4a", + "sha256:22f3105d4fb15c8f57ff3959a58fcab6ce36814486500cd7485651230ad4d4ef", + "sha256:23bfd518810af7de1116313ebd9092cb9aa629beb12f6ed631ad53356ed6b86c", + "sha256:27e5fc84ccef8dfaabb09d82b7d179c7cf1a3fbc8a966f8274fcb4ab2eb4cadb", + "sha256:3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60", + "sha256:3702ea6872c5a2a4eeefa6ffd36b042e9773f05b1f37ae3ef7264b1163c2dcf6", + "sha256:37bb93b2178e02b7b618893990941900fd25b6b9ac0fa49931a40aecdf083fe4", + "sha256:3914f5aaa0f36d5d60e8ece6a308ee1c9784cd75ec8151062614657a114c4478", + "sha256:3a37ffb35399029b45c6cc33640a92bef403c9fd388acce75cdc88f58bd19a81", + "sha256:3c8b88a2ccf5493b6c8da9076fb151ba106960a2df90c2633f342f120751a9e7", + "sha256:3e97b5e938051226dc025ec80980c285b053ffb1e25a3db2a3aa3bc046bf7f56", + "sha256:3ec660d19bbc671e3a6443325f07263be452c453ac9e512f5eb935e7d4ac28b3", + "sha256:3efe2c2cb5763f2f1b275ad2bf7a287d3f7ebbef35648a9726e3b69284a4f3d6", + "sha256:483a6aea59cb89904e1ceabd2b47368b5600fb7de78a6e4a2c2987b2d256cf30", + "sha256:4867cafcbc6585e4b678876c489b9273b13e9fff9f6d6d66add5e15d11d926cb", + "sha256:48e171e52d1c4d33888e529b999e5900356b9ae588c2f09a52dcefb158b27506", + "sha256:4a9cb68166a34117d6646c0023c7b759bf197bee5ad4272f420a0141d7eb03a0", + "sha256:4b820514bfc0b98a30e3d85462084779900347e4d49267f747ff54060cc33925", + "sha256:4e18b656c5e844539d506a0a06432274d7bd52a7487e6828c63a63d69185626c", + "sha256:4e9f48f58c2c523d5a06faea47866cd35b32655c46b443f163d08c6d0ddb17d6", + "sha256:50b3a2710631848991d0bf7de077502e8994c804bb805aeb2925a981de58ec2e", + "sha256:55b6d90641869892caa9ca42ff913f7ff1c5ece06474fbd32fb2cf6834726c95", + "sha256:57feec87371dbb3520da6192213c7d6fc892d5589a93db548331954de8248fd2", + "sha256:58130ecf8f7b8112cdb841486404f1282b9c86ccb30d3519faf301b2e5659133", + "sha256:5845c1fd4866bb5dd3125d89b90e57ed3138241540897de748cdf19de8a2fca2", + "sha256:59bfeae4b25ec05b34f1956eaa1cb38032282cd4dfabc5056d0a1ec4d696d3aa", + "sha256:5b48204e8d955c47c55b72779802b219a39acc3ee3d0116d5080c388970b76e3", + "sha256:5c09fcfdccdd0b57867577b719c69e347a436b86cd83747f179dbf0cc0d4c1f3", + "sha256:6180c0ae073bddeb5a97a38c03f30c233e0a4d39cd86166251617d1bbd0af436", + "sha256:682b987361e5fd7a139ed565e30d81fd81e9629acc7d925a205366877d8c8657", + "sha256:6b5d83030255983181005e6cfbac1617ce9746b219bc2aad52201ad121226581", + "sha256:6bb5992037f7a9eff7991ebe4273ea7f51f1c1c511e6a2ce511d0e7bdb754492", + "sha256:73eae06aa53af2ea5270cc066dcaf02cc60d2994bbb2c4ef5764949257d10f43", + "sha256:76f364861c3bfc98cbbcbd402d83454ed9e01a5224bb3a28bf70002a230f73e2", + "sha256:820c661588bd01a0aa62a1283f20d2be4281b086f80dad9e955e690c75fb54a2", + "sha256:82176036e65644a6cc5bd619f65f6f19781e8ec2e5330f51aa9ada7504cc1926", + "sha256:87701f25a2352e5bf7454caa64757642734da9f6b11384c1f9d1a8e699758057", + "sha256:9079dfc6a70abe341f521f78405b8949f96db48da98aeb43f9907f342f627cdc", + "sha256:90f8717cb649eea3504091e640a1b8568faad18bd4b9fcd692853a04475a4b80", + "sha256:957cf8e4b6e123a9eea554fa7ebc85674674b713551de587eb318a2df3e00255", + "sha256:99f826cbf970077383d7de805c0681799491cb939c25450b9b5b3ced03ca99f1", + "sha256:9f636b730f7e8cb19feb87094949ba54ee5357440b9658b2a32a5ce4bce53972", + "sha256:a114d03b938376557927ab23f1e950827c3b893ccb94b62fd95d430fd0e5cf53", + "sha256:a185f876e69897a6f3325c3f19f26a297fa058c5e456bfcff8015e9a27e83ae1", + "sha256:a7a9541cd308eed5e30318430a9c74d2132e9a8cb46b901326272d780bf2d423", + "sha256:aa466da5b15ccea564bdab9c89175c762bc12825f4659c11227f515cee76fa4a", + "sha256:aaed8b0562be4a0876ee3b6946f6869b7bcdb571a5d1496683505944e268b160", + "sha256:ab7c4ceb38d91570a650dba194e1ca87c2b543488fe9309b4212694174fd539c", + "sha256:ac10f4c2b9e770c4e393876e35a7046879d195cd123b4f116d299d442b335bcd", + "sha256:b04772ed465fa3cc947db808fa306d79b43e896beb677a56fb2347ca1a49c1fa", + "sha256:b1c416351ee6271b2f49b56ad7f308072f6f44b37118d69c2cad94f3fa8a40d5", + "sha256:b225d95519a5bf73860323e633a664b0d85ad3d5bede6d30d95b35d4dfe8805b", + "sha256:b2f59caeaf7632cc633b5cf6fc449372b83bbdf0da4ae04d5be36118e46cc0aa", + "sha256:b58c621844d55e71c1b7f7c498ce5aa6985d743a1a59034c57a905b3f153c1ef", + "sha256:bf6bea52ec97e95560af5ae576bdac3aa3aae0b6758c6efa115236d9e07dae44", + "sha256:c08be4f460903e5a9d0f76818db3250f12e9c344e79314d1d570fc69d7f4eae4", + "sha256:c7053d3b0353a8b9de430a4f4b4268ac9a4fb3481af37dfe49825bf45ca24156", + "sha256:c943a53e9186688b45b323602298ab727d8865d8c9ee0b17f8d62d14b56f0753", + "sha256:ce2186a7df133a9c895dea3331ddc5ddad42cdd0d1ea2f0a51e5d161e4762f28", + "sha256:d093be959277cb7dee84b801eb1af388b6ad3ca6a6b6bf1ed7585895789d027d", + "sha256:d094ddec350a2fb899fec68d8353c78233debde9b7d8b4beeafa70825f1c281a", + "sha256:d1a9dd711d0877a1ece3d2e4fea11a8e75741ca21954c919406b44e7cf971304", + "sha256:d569388c381b24671589335a3be6e1d45546c2988c2ebe30fdcada8457a31008", + "sha256:d618649d4e70ac6efcbba75be98b26ef5078faad23592f9b51ca492953012429", + "sha256:d83a047959d38a7ff552ff94be767b7fd79b831ad1cd9920662db05fec24fe72", + "sha256:d8fff389528cad1618fb4b26b95550327495462cd745d879a8c7c2115248e399", + "sha256:da1758c76f50c39a2efd5e9859ce7d776317eb1dd34317c8152ac9251fc574a3", + "sha256:db7457bac39421addd0c8449933ac32d8042aae84a14911a757ae6ca3eef1392", + "sha256:e27bbb6d14416713a8bd7aaa1313c0fc8d44ee48d74497a0ff4c3a1b6ccb5167", + "sha256:e617fb6b0b6953fffd762669610c1c4ffd05632c138d61ac7e14ad187870669c", + "sha256:e9aa71e15d9d9beaad2c6b9319edcdc0a49a43ef5c0a4c8265ca9ee7d6c67774", + "sha256:ec2abea24d98246b94913b76a125e855eb5c434f7c46546046372fe60f666351", + "sha256:f179dee3b863ab1c59580ff60f9d99f632f34ccb38bf67a33ec6b3ecadd0fd76", + "sha256:f4c035da3f544b1882bac24115f3e2e8760f10a0107614fc9839fd232200b875", + "sha256:f67f217af4b1ff66c68a87318012de788dd95fcfeb24cc889011f4e1c7454dfd", + "sha256:f90c822a402cb865e396a504f9fc8173ef34212a342d92e362ca498cad308e28", + "sha256:ff3827aef427c89a25cc96ded1759271a93603aba9fb977a6d264648ebf989db" ], - "markers": "python_version >= '3.7'", - "version": "==6.0.5" + "markers": "python_version >= '3.8'", + "version": "==6.1.0" }, "nested-lookup": { "hashes": [ @@ -667,16 +669,16 @@ }, "panther-analysis-tool": { "hashes": [ - "sha256:52a20800f5313e3493cf82cc7681e586f8c3589edf1083352696875faba9c5e8" + "sha256:f240d3ce5928603659ee84397627f3d79c6af58adb49de68362d22050c3d7942" ], "index": "pypi", - "version": "==0.52.1" + "version": "==0.52.2" }, "panther-core": { "hashes": [ - "sha256:41acf19a0a90fcbcb4f932a5e780162f9072e50717eec1fd1e1e36b93b1dcfc2" + "sha256:1856638d21d7f6b5d800da7b213afe3b145e1aab3bf0668e7cd82eaef0230a51" ], - "version": "==0.11.1" + "version": "==0.11.2" }, "panther-detection-helpers": { "hashes": [ @@ -727,11 +729,11 @@ }, "pytest": { "hashes": [ - "sha256:4ba08f9ae7dcf84ded419494d229b48d0903ea6407b030eaec46df5e6a73bba5", - "sha256:c132345d12ce551242c87269de812483f5bcc87cdbb4722e48487ba194f9fdce" + "sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181", + "sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2" ], "markers": "python_version >= '3.8'", - "version": "==8.3.2" + "version": "==8.3.3" }, "python-dateutil": { "hashes": [ @@ -810,88 +812,103 @@ }, "regex": { "hashes": [ - "sha256:01b689e887f612610c869421241e075c02f2e3d1ae93a037cb14f88ab6a8934c", - "sha256:04ce29e2c5fedf296b1a1b0acc1724ba93a36fb14031f3abfb7abda2806c1535", - "sha256:0ffe3f9d430cd37d8fa5632ff6fb36d5b24818c5c986893063b4e5bdb84cdf24", - "sha256:18300a1d78cf1290fa583cd8b7cde26ecb73e9f5916690cf9d42de569c89b1ce", - "sha256:185e029368d6f89f36e526764cf12bf8d6f0e3a2a7737da625a76f594bdfcbfc", - "sha256:19c65b00d42804e3fbea9708f0937d157e53429a39b7c61253ff15670ff62cb5", - "sha256:228b0d3f567fafa0633aee87f08b9276c7062da9616931382993c03808bb68ce", - "sha256:23acc72f0f4e1a9e6e9843d6328177ae3074b4182167e34119ec7233dfeccf53", - "sha256:25419b70ba00a16abc90ee5fce061228206173231f004437730b67ac77323f0d", - "sha256:2dfbb8baf8ba2c2b9aa2807f44ed272f0913eeeba002478c4577b8d29cde215c", - "sha256:2f1baff13cc2521bea83ab2528e7a80cbe0ebb2c6f0bfad15be7da3aed443908", - "sha256:33e2614a7ce627f0cdf2ad104797d1f68342d967de3695678c0cb84f530709f8", - "sha256:3426de3b91d1bc73249042742f45c2148803c111d1175b283270177fdf669024", - "sha256:382281306e3adaaa7b8b9ebbb3ffb43358a7bbf585fa93821300a418bb975281", - "sha256:3d974d24edb231446f708c455fd08f94c41c1ff4f04bcf06e5f36df5ef50b95a", - "sha256:3f3b6ca8eae6d6c75a6cff525c8530c60e909a71a15e1b731723233331de4169", - "sha256:3fac296f99283ac232d8125be932c5cd7644084a30748fda013028c815ba3364", - "sha256:416c0e4f56308f34cdb18c3f59849479dde5b19febdcd6e6fa4d04b6c31c9faa", - "sha256:438d9f0f4bc64e8dea78274caa5af971ceff0f8771e1a2333620969936ba10be", - "sha256:43affe33137fcd679bdae93fb25924979517e011f9dea99163f80b82eadc7e53", - "sha256:44fc61b99035fd9b3b9453f1713234e5a7c92a04f3577252b45feefe1b327759", - "sha256:45104baae8b9f67569f0f1dca5e1f1ed77a54ae1cd8b0b07aba89272710db61e", - "sha256:4fdd1384619f406ad9037fe6b6eaa3de2749e2e12084abc80169e8e075377d3b", - "sha256:538d30cd96ed7d1416d3956f94d54e426a8daf7c14527f6e0d6d425fcb4cca52", - "sha256:558a57cfc32adcf19d3f791f62b5ff564922942e389e3cfdb538a23d65a6b610", - "sha256:5eefee9bfe23f6df09ffb6dfb23809f4d74a78acef004aa904dc7c88b9944b05", - "sha256:64bd50cf16bcc54b274e20235bf8edbb64184a30e1e53873ff8d444e7ac656b2", - "sha256:65fd3d2e228cae024c411c5ccdffae4c315271eee4a8b839291f84f796b34eca", - "sha256:66b4c0731a5c81921e938dcf1a88e978264e26e6ac4ec96a4d21ae0354581ae0", - "sha256:68a8f8c046c6466ac61a36b65bb2395c74451df2ffb8458492ef49900efed293", - "sha256:6a1141a1dcc32904c47f6846b040275c6e5de0bf73f17d7a409035d55b76f289", - "sha256:6b9fc7e9cc983e75e2518496ba1afc524227c163e43d706688a6bb9eca41617e", - "sha256:6f51f9556785e5a203713f5efd9c085b4a45aecd2a42573e2b5041881b588d1f", - "sha256:7214477bf9bd195894cf24005b1e7b496f46833337b5dedb7b2a6e33f66d962c", - "sha256:731fcd76bbdbf225e2eb85b7c38da9633ad3073822f5ab32379381e8c3c12e94", - "sha256:74007a5b25b7a678459f06559504f1eec2f0f17bca218c9d56f6a0a12bfffdad", - "sha256:7a5486ca56c8869070a966321d5ab416ff0f83f30e0e2da1ab48815c8d165d46", - "sha256:7c479f5ae937ec9985ecaf42e2e10631551d909f203e31308c12d703922742f9", - "sha256:7df9ea48641da022c2a3c9c641650cd09f0cd15e8908bf931ad538f5ca7919c9", - "sha256:7e37e809b9303ec3a179085415cb5f418ecf65ec98cdfe34f6a078b46ef823ee", - "sha256:80c811cfcb5c331237d9bad3bea2c391114588cf4131707e84d9493064d267f9", - "sha256:836d3cc225b3e8a943d0b02633fb2f28a66e281290302a79df0e1eaa984ff7c1", - "sha256:84c312cdf839e8b579f504afcd7b65f35d60b6285d892b19adea16355e8343c9", - "sha256:86b17ba823ea76256b1885652e3a141a99a5c4422f4a869189db328321b73799", - "sha256:871e3ab2838fbcb4e0865a6e01233975df3a15e6fce93b6f99d75cacbd9862d1", - "sha256:88ecc3afd7e776967fa16c80f974cb79399ee8dc6c96423321d6f7d4b881c92b", - "sha256:8bc593dcce679206b60a538c302d03c29b18e3d862609317cb560e18b66d10cf", - "sha256:8fd5afd101dcf86a270d254364e0e8dddedebe6bd1ab9d5f732f274fa00499a5", - "sha256:945352286a541406f99b2655c973852da7911b3f4264e010218bbc1cc73168f2", - "sha256:973335b1624859cb0e52f96062a28aa18f3a5fc77a96e4a3d6d76e29811a0e6e", - "sha256:994448ee01864501912abf2bad9203bffc34158e80fe8bfb5b031f4f8e16da51", - "sha256:9cfd009eed1a46b27c14039ad5bbc5e71b6367c5b2e6d5f5da0ea91600817506", - "sha256:a2ec4419a3fe6cf8a4795752596dfe0adb4aea40d3683a132bae9c30b81e8d73", - "sha256:a4997716674d36a82eab3e86f8fa77080a5d8d96a389a61ea1d0e3a94a582cf7", - "sha256:a512eed9dfd4117110b1881ba9a59b31433caed0c4101b361f768e7bcbaf93c5", - "sha256:a82465ebbc9b1c5c50738536fdfa7cab639a261a99b469c9d4c7dcbb2b3f1e57", - "sha256:ae2757ace61bc4061b69af19e4689fa4416e1a04840f33b441034202b5cd02d4", - "sha256:b16582783f44fbca6fcf46f61347340c787d7530d88b4d590a397a47583f31dd", - "sha256:ba2537ef2163db9e6ccdbeb6f6424282ae4dea43177402152c67ef869cf3978b", - "sha256:bf7a89eef64b5455835f5ed30254ec19bf41f7541cd94f266ab7cbd463f00c41", - "sha256:c0abb5e4e8ce71a61d9446040c1e86d4e6d23f9097275c5bd49ed978755ff0fe", - "sha256:c414cbda77dbf13c3bc88b073a1a9f375c7b0cb5e115e15d4b73ec3a2fbc6f59", - "sha256:c51edc3541e11fbe83f0c4d9412ef6c79f664a3745fab261457e84465ec9d5a8", - "sha256:c5e69fd3eb0b409432b537fe3c6f44ac089c458ab6b78dcec14478422879ec5f", - "sha256:c918b7a1e26b4ab40409820ddccc5d49871a82329640f5005f73572d5eaa9b5e", - "sha256:c9bb87fdf2ab2370f21e4d5636e5317775e5d51ff32ebff2cf389f71b9b13750", - "sha256:ca5b2028c2f7af4e13fb9fc29b28d0ce767c38c7facdf64f6c2cd040413055f1", - "sha256:d0a07763776188b4db4c9c7fb1b8c494049f84659bb387b71c73bbc07f189e96", - "sha256:d33a0021893ede5969876052796165bab6006559ab845fd7b515a30abdd990dc", - "sha256:d55588cba7553f0b6ec33130bc3e114b355570b45785cebdc9daed8c637dd440", - "sha256:dac8e84fff5d27420f3c1e879ce9929108e873667ec87e0c8eeb413a5311adfe", - "sha256:eaef80eac3b4cfbdd6de53c6e108b4c534c21ae055d1dbea2de6b3b8ff3def38", - "sha256:eb462f0e346fcf41a901a126b50f8781e9a474d3927930f3490f38a6e73b6950", - "sha256:eb563dd3aea54c797adf513eeec819c4213d7dbfc311874eb4fd28d10f2ff0f2", - "sha256:f273674b445bcb6e4409bf8d1be67bc4b58e8b46fd0d560055d515b8830063cd", - "sha256:f6442f0f0ff81775eaa5b05af8a0ffa1dda36e9cf6ec1e0d3d245e8564b684ce", - "sha256:fb168b5924bef397b5ba13aabd8cf5df7d3d93f10218d7b925e360d436863f66", - "sha256:fbf8c2f00904eaf63ff37718eb13acf8e178cb940520e47b2f05027f5bb34ce3", - "sha256:fe4ebef608553aff8deb845c7f4f1d0740ff76fa672c011cc0bacb2a00fbde86" + "sha256:01c2acb51f8a7d6494c8c5eafe3d8e06d76563d8a8a4643b37e9b2dd8a2ff623", + "sha256:02087ea0a03b4af1ed6ebab2c54d7118127fee8d71b26398e8e4b05b78963199", + "sha256:040562757795eeea356394a7fb13076ad4f99d3c62ab0f8bdfb21f99a1f85664", + "sha256:042c55879cfeb21a8adacc84ea347721d3d83a159da6acdf1116859e2427c43f", + "sha256:079400a8269544b955ffa9e31f186f01d96829110a3bf79dc338e9910f794fca", + "sha256:07f45f287469039ffc2c53caf6803cd506eb5f5f637f1d4acb37a738f71dd066", + "sha256:09d77559e80dcc9d24570da3745ab859a9cf91953062e4ab126ba9d5993688ca", + "sha256:0cbff728659ce4bbf4c30b2a1be040faafaa9eca6ecde40aaff86f7889f4ab39", + "sha256:0e12c481ad92d129c78f13a2a3662317e46ee7ef96c94fd332e1c29131875b7d", + "sha256:0ea51dcc0835eea2ea31d66456210a4e01a076d820e9039b04ae8d17ac11dee6", + "sha256:0ffbcf9221e04502fc35e54d1ce9567541979c3fdfb93d2c554f0ca583a19b35", + "sha256:1494fa8725c285a81d01dc8c06b55287a1ee5e0e382d8413adc0a9197aac6408", + "sha256:16e13a7929791ac1216afde26f712802e3df7bf0360b32e4914dca3ab8baeea5", + "sha256:18406efb2f5a0e57e3a5881cd9354c1512d3bb4f5c45d96d110a66114d84d23a", + "sha256:18e707ce6c92d7282dfce370cd205098384b8ee21544e7cb29b8aab955b66fa9", + "sha256:220e92a30b426daf23bb67a7962900ed4613589bab80382be09b48896d211e92", + "sha256:23b30c62d0f16827f2ae9f2bb87619bc4fba2044911e2e6c2eb1af0161cdb766", + "sha256:23f9985c8784e544d53fc2930fc1ac1a7319f5d5332d228437acc9f418f2f168", + "sha256:297f54910247508e6e5cae669f2bc308985c60540a4edd1c77203ef19bfa63ca", + "sha256:2b08fce89fbd45664d3df6ad93e554b6c16933ffa9d55cb7e01182baaf971508", + "sha256:2cce2449e5927a0bf084d346da6cd5eb016b2beca10d0013ab50e3c226ffc0df", + "sha256:313ea15e5ff2a8cbbad96ccef6be638393041b0a7863183c2d31e0c6116688cf", + "sha256:323c1f04be6b2968944d730e5c2091c8c89767903ecaa135203eec4565ed2b2b", + "sha256:35f4a6f96aa6cb3f2f7247027b07b15a374f0d5b912c0001418d1d55024d5cb4", + "sha256:3b37fa423beefa44919e009745ccbf353d8c981516e807995b2bd11c2c77d268", + "sha256:3ce4f1185db3fbde8ed8aa223fc9620f276c58de8b0d4f8cc86fd1360829edb6", + "sha256:46989629904bad940bbec2106528140a218b4a36bb3042d8406980be1941429c", + "sha256:4838e24ee015101d9f901988001038f7f0d90dc0c3b115541a1365fb439add62", + "sha256:49b0e06786ea663f933f3710a51e9385ce0cba0ea56b67107fd841a55d56a231", + "sha256:4db21ece84dfeefc5d8a3863f101995de646c6cb0536952c321a2650aa202c36", + "sha256:54c4a097b8bc5bb0dfc83ae498061d53ad7b5762e00f4adaa23bee22b012e6ba", + "sha256:54d9ff35d4515debf14bc27f1e3b38bfc453eff3220f5bce159642fa762fe5d4", + "sha256:55b96e7ce3a69a8449a66984c268062fbaa0d8ae437b285428e12797baefce7e", + "sha256:57fdd2e0b2694ce6fc2e5ccf189789c3e2962916fb38779d3e3521ff8fe7a822", + "sha256:587d4af3979376652010e400accc30404e6c16b7df574048ab1f581af82065e4", + "sha256:5b513b6997a0b2f10e4fd3a1313568e373926e8c252bd76c960f96fd039cd28d", + "sha256:5ddcd9a179c0a6fa8add279a4444015acddcd7f232a49071ae57fa6e278f1f71", + "sha256:6113c008a7780792efc80f9dfe10ba0cd043cbf8dc9a76ef757850f51b4edc50", + "sha256:635a1d96665f84b292e401c3d62775851aedc31d4f8784117b3c68c4fcd4118d", + "sha256:64ce2799bd75039b480cc0360907c4fb2f50022f030bf9e7a8705b636e408fad", + "sha256:69dee6a020693d12a3cf892aba4808fe168d2a4cef368eb9bf74f5398bfd4ee8", + "sha256:6a2644a93da36c784e546de579ec1806bfd2763ef47babc1b03d765fe560c9f8", + "sha256:6b41e1adc61fa347662b09398e31ad446afadff932a24807d3ceb955ed865cc8", + "sha256:6c188c307e8433bcb63dc1915022deb553b4203a70722fc542c363bf120a01fd", + "sha256:6edd623bae6a737f10ce853ea076f56f507fd7726bee96a41ee3d68d347e4d16", + "sha256:73d6d2f64f4d894c96626a75578b0bf7d9e56dcda8c3d037a2118fdfe9b1c664", + "sha256:7a22ccefd4db3f12b526eccb129390942fe874a3a9fdbdd24cf55773a1faab1a", + "sha256:7fb89ee5d106e4a7a51bce305ac4efb981536301895f7bdcf93ec92ae0d91c7f", + "sha256:846bc79ee753acf93aef4184c040d709940c9d001029ceb7b7a52747b80ed2dd", + "sha256:85ab7824093d8f10d44330fe1e6493f756f252d145323dd17ab6b48733ff6c0a", + "sha256:8dee5b4810a89447151999428fe096977346cf2f29f4d5e29609d2e19e0199c9", + "sha256:8e5fb5f77c8745a60105403a774fe2c1759b71d3e7b4ca237a5e67ad066c7199", + "sha256:98eeee2f2e63edae2181c886d7911ce502e1292794f4c5ee71e60e23e8d26b5d", + "sha256:9d4a76b96f398697fe01117093613166e6aa8195d63f1b4ec3f21ab637632963", + "sha256:9e8719792ca63c6b8340380352c24dcb8cd7ec49dae36e963742a275dfae6009", + "sha256:a0b2b80321c2ed3fcf0385ec9e51a12253c50f146fddb2abbb10f033fe3d049a", + "sha256:a4cc92bb6db56ab0c1cbd17294e14f5e9224f0cc6521167ef388332604e92679", + "sha256:a738b937d512b30bf75995c0159c0ddf9eec0775c9d72ac0202076c72f24aa96", + "sha256:a8f877c89719d759e52783f7fe6e1c67121076b87b40542966c02de5503ace42", + "sha256:a906ed5e47a0ce5f04b2c981af1c9acf9e8696066900bf03b9d7879a6f679fc8", + "sha256:ae2941333154baff9838e88aa71c1d84f4438189ecc6021a12c7573728b5838e", + "sha256:b0d0a6c64fcc4ef9c69bd5b3b3626cc3776520a1637d8abaa62b9edc147a58f7", + "sha256:b5b029322e6e7b94fff16cd120ab35a253236a5f99a79fb04fda7ae71ca20ae8", + "sha256:b7aaa315101c6567a9a45d2839322c51c8d6e81f67683d529512f5bcfb99c802", + "sha256:be1c8ed48c4c4065ecb19d882a0ce1afe0745dfad8ce48c49586b90a55f02366", + "sha256:c0256beda696edcf7d97ef16b2a33a8e5a875affd6fa6567b54f7c577b30a137", + "sha256:c157bb447303070f256e084668b702073db99bbb61d44f85d811025fcf38f784", + "sha256:c57d08ad67aba97af57a7263c2d9006d5c404d721c5f7542f077f109ec2a4a29", + "sha256:c69ada171c2d0e97a4b5aa78fbb835e0ffbb6b13fc5da968c09811346564f0d3", + "sha256:c94bb0a9f1db10a1d16c00880bdebd5f9faf267273b8f5bd1878126e0fbde771", + "sha256:cb130fccd1a37ed894824b8c046321540263013da72745d755f2d35114b81a60", + "sha256:ced479f601cd2f8ca1fd7b23925a7e0ad512a56d6e9476f79b8f381d9d37090a", + "sha256:d05ac6fa06959c4172eccd99a222e1fbf17b5670c4d596cb1e5cde99600674c4", + "sha256:d552c78411f60b1fdaafd117a1fca2f02e562e309223b9d44b7de8be451ec5e0", + "sha256:dd4490a33eb909ef5078ab20f5f000087afa2a4daa27b4c072ccb3cb3050ad84", + "sha256:df5cbb1fbc74a8305b6065d4ade43b993be03dbe0f8b30032cced0d7740994bd", + "sha256:e28f9faeb14b6f23ac55bfbbfd3643f5c7c18ede093977f1df249f73fd22c7b1", + "sha256:e464b467f1588e2c42d26814231edecbcfe77f5ac414d92cbf4e7b55b2c2a776", + "sha256:e4c22e1ac1f1ec1e09f72e6c44d8f2244173db7eb9629cc3a346a8d7ccc31142", + "sha256:e53b5fbab5d675aec9f0c501274c467c0f9a5d23696cfc94247e1fb56501ed89", + "sha256:e93f1c331ca8e86fe877a48ad64e77882c0c4da0097f2212873a69bbfea95d0c", + "sha256:e997fd30430c57138adc06bba4c7c2968fb13d101e57dd5bb9355bf8ce3fa7e8", + "sha256:e9a091b0550b3b0207784a7d6d0f1a00d1d1c8a11699c1a4d93db3fbefc3ad35", + "sha256:eab4bb380f15e189d1313195b062a6aa908f5bd687a0ceccd47c8211e9cf0d4a", + "sha256:eb1ae19e64c14c7ec1995f40bd932448713d3c73509e82d8cd7744dc00e29e86", + "sha256:ecea58b43a67b1b79805f1a0255730edaf5191ecef84dbc4cc85eb30bc8b63b9", + "sha256:ee439691d8c23e76f9802c42a95cfeebf9d47cf4ffd06f18489122dbb0a7ad64", + "sha256:eee9130eaad130649fd73e5cd92f60e55708952260ede70da64de420cdcad554", + "sha256:f47cd43a5bfa48f86925fe26fbdd0a488ff15b62468abb5d2a1e092a4fb10e85", + "sha256:f6fff13ef6b5f29221d6904aa816c34701462956aa72a77f1f151a8ec4f56aeb", + "sha256:f745ec09bc1b0bd15cfc73df6fa4f726dcc26bb16c23a03f9e3367d357eeedd0", + "sha256:f8404bf61298bb6f8224bb9176c1424548ee1181130818fcd2cbffddc768bed8", + "sha256:f9268774428ec173654985ce55fc6caf4c6d11ade0f6f914d48ef4719eb05ebb", + "sha256:faa3c142464efec496967359ca99696c896c591c56c53506bac1ad465f66e919" ], "markers": "python_version >= '3.8'", - "version": "==2024.7.24" + "version": "==2024.9.11" }, "requests": { "hashes": [ @@ -1148,107 +1165,109 @@ }, "urllib3": { "hashes": [ - "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472", - "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168" + "sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac", + "sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9" ], "markers": "python_version >= '3.8'", - "version": "==2.2.2" + "version": "==2.2.3" }, "yarl": { "hashes": [ - "sha256:008d3e808d03ef28542372d01057fd09168419cdc8f848efe2804f894ae03e51", - "sha256:03caa9507d3d3c83bca08650678e25364e1843b484f19986a527630ca376ecce", - "sha256:07574b007ee20e5c375a8fe4a0789fad26db905f9813be0f9fef5a68080de559", - "sha256:09efe4615ada057ba2d30df871d2f668af661e971dfeedf0c159927d48bbeff0", - "sha256:0d2454f0aef65ea81037759be5ca9947539667eecebca092733b2eb43c965a81", - "sha256:0e9d124c191d5b881060a9e5060627694c3bdd1fe24c5eecc8d5d7d0eb6faabc", - "sha256:18580f672e44ce1238b82f7fb87d727c4a131f3a9d33a5e0e82b793362bf18b4", - "sha256:1f23e4fe1e8794f74b6027d7cf19dc25f8b63af1483d91d595d4a07eca1fb26c", - "sha256:206a55215e6d05dbc6c98ce598a59e6fbd0c493e2de4ea6cc2f4934d5a18d130", - "sha256:23d32a2594cb5d565d358a92e151315d1b2268bc10f4610d098f96b147370136", - "sha256:26a1dc6285e03f3cc9e839a2da83bcbf31dcb0d004c72d0730e755b33466c30e", - "sha256:29e0f83f37610f173eb7e7b5562dd71467993495e568e708d99e9d1944f561ec", - "sha256:2b134fd795e2322b7684155b7855cc99409d10b2e408056db2b93b51a52accc7", - "sha256:2d47552b6e52c3319fede1b60b3de120fe83bde9b7bddad11a69fb0af7db32f1", - "sha256:357495293086c5b6d34ca9616a43d329317feab7917518bc97a08f9e55648455", - "sha256:35a2b9396879ce32754bd457d31a51ff0a9d426fd9e0e3c33394bf4b9036b099", - "sha256:3777ce5536d17989c91696db1d459574e9a9bd37660ea7ee4d3344579bb6f129", - "sha256:3986b6f41ad22988e53d5778f91855dc0399b043fc8946d4f2e68af22ee9ff10", - "sha256:44d8ffbb9c06e5a7f529f38f53eda23e50d1ed33c6c869e01481d3fafa6b8142", - "sha256:49a180c2e0743d5d6e0b4d1a9e5f633c62eca3f8a86ba5dd3c471060e352ca98", - "sha256:4aa9741085f635934f3a2583e16fcf62ba835719a8b2b28fb2917bb0537c1dfa", - "sha256:4b21516d181cd77ebd06ce160ef8cc2a5e9ad35fb1c5930882baff5ac865eee7", - "sha256:4b3c1ffe10069f655ea2d731808e76e0f452fc6c749bea04781daf18e6039525", - "sha256:4c7d56b293cc071e82532f70adcbd8b61909eec973ae9d2d1f9b233f3d943f2c", - "sha256:4e9035df8d0880b2f1c7f5031f33f69e071dfe72ee9310cfc76f7b605958ceb9", - "sha256:54525ae423d7b7a8ee81ba189f131054defdb122cde31ff17477951464c1691c", - "sha256:549d19c84c55d11687ddbd47eeb348a89df9cb30e1993f1b128f4685cd0ebbf8", - "sha256:54beabb809ffcacbd9d28ac57b0db46e42a6e341a030293fb3185c409e626b8b", - "sha256:566db86717cf8080b99b58b083b773a908ae40f06681e87e589a976faf8246bf", - "sha256:5a2e2433eb9344a163aced6a5f6c9222c0786e5a9e9cac2c89f0b28433f56e23", - "sha256:5aef935237d60a51a62b86249839b51345f47564208c6ee615ed2a40878dccdd", - "sha256:604f31d97fa493083ea21bd9b92c419012531c4e17ea6da0f65cacdcf5d0bd27", - "sha256:63b20738b5aac74e239622d2fe30df4fca4942a86e31bf47a81a0e94c14df94f", - "sha256:686a0c2f85f83463272ddffd4deb5e591c98aac1897d65e92319f729c320eece", - "sha256:6a962e04b8f91f8c4e5917e518d17958e3bdee71fd1d8b88cdce74dd0ebbf434", - "sha256:6ad6d10ed9b67a382b45f29ea028f92d25bc0bc1daf6c5b801b90b5aa70fb9ec", - "sha256:6f5cb257bc2ec58f437da2b37a8cd48f666db96d47b8a3115c29f316313654ff", - "sha256:6fe79f998a4052d79e1c30eeb7d6c1c1056ad33300f682465e1b4e9b5a188b78", - "sha256:7855426dfbddac81896b6e533ebefc0af2f132d4a47340cee6d22cac7190022d", - "sha256:7d5aaac37d19b2904bb9dfe12cdb08c8443e7ba7d2852894ad448d4b8f442863", - "sha256:801e9264d19643548651b9db361ce3287176671fb0117f96b5ac0ee1c3530d53", - "sha256:81eb57278deb6098a5b62e88ad8281b2ba09f2f1147c4767522353eaa6260b31", - "sha256:824d6c50492add5da9374875ce72db7a0733b29c2394890aef23d533106e2b15", - "sha256:8397a3817d7dcdd14bb266283cd1d6fc7264a48c186b986f32e86d86d35fbac5", - "sha256:848cd2a1df56ddbffeb375535fb62c9d1645dde33ca4d51341378b3f5954429b", - "sha256:84fc30f71689d7fc9168b92788abc977dc8cefa806909565fc2951d02f6b7d57", - "sha256:8619d6915b3b0b34420cf9b2bb6d81ef59d984cb0fde7544e9ece32b4b3043c3", - "sha256:8a854227cf581330ffa2c4824d96e52ee621dd571078a252c25e3a3b3d94a1b1", - "sha256:8be9e837ea9113676e5754b43b940b50cce76d9ed7d2461df1af39a8ee674d9f", - "sha256:928cecb0ef9d5a7946eb6ff58417ad2fe9375762382f1bf5c55e61645f2c43ad", - "sha256:957b4774373cf6f709359e5c8c4a0af9f6d7875db657adb0feaf8d6cb3c3964c", - "sha256:992f18e0ea248ee03b5a6e8b3b4738850ae7dbb172cc41c966462801cbf62cf7", - "sha256:9fc5fc1eeb029757349ad26bbc5880557389a03fa6ada41703db5e068881e5f2", - "sha256:a00862fb23195b6b8322f7d781b0dc1d82cb3bcac346d1e38689370cc1cc398b", - "sha256:a3a6ed1d525bfb91b3fc9b690c5a21bb52de28c018530ad85093cc488bee2dd2", - "sha256:a6327976c7c2f4ee6816eff196e25385ccc02cb81427952414a64811037bbc8b", - "sha256:a7409f968456111140c1c95301cadf071bd30a81cbd7ab829169fb9e3d72eae9", - "sha256:a825ec844298c791fd28ed14ed1bffc56a98d15b8c58a20e0e08c1f5f2bea1be", - "sha256:a8c1df72eb746f4136fe9a2e72b0c9dc1da1cbd23b5372f94b5820ff8ae30e0e", - "sha256:a9bd00dc3bc395a662900f33f74feb3e757429e545d831eef5bb280252631984", - "sha256:aa102d6d280a5455ad6a0f9e6d769989638718e938a6a0a2ff3f4a7ff8c62cc4", - "sha256:aaaea1e536f98754a6e5c56091baa1b6ce2f2700cc4a00b0d49eca8dea471074", - "sha256:ad4d7a90a92e528aadf4965d685c17dacff3df282db1121136c382dc0b6014d2", - "sha256:b8477c1ee4bd47c57d49621a062121c3023609f7a13b8a46953eb6c9716ca392", - "sha256:ba6f52cbc7809cd8d74604cce9c14868306ae4aa0282016b641c661f981a6e91", - "sha256:bac8d525a8dbc2a1507ec731d2867025d11ceadcb4dd421423a5d42c56818541", - "sha256:bef596fdaa8f26e3d66af846bbe77057237cb6e8efff8cd7cc8dff9a62278bbf", - "sha256:c0ec0ed476f77db9fb29bca17f0a8fcc7bc97ad4c6c1d8959c507decb22e8572", - "sha256:c38c9ddb6103ceae4e4498f9c08fac9b590c5c71b0370f98714768e22ac6fa66", - "sha256:c7224cab95645c7ab53791022ae77a4509472613e839dab722a72abe5a684575", - "sha256:c74018551e31269d56fab81a728f683667e7c28c04e807ba08f8c9e3bba32f14", - "sha256:ca06675212f94e7a610e85ca36948bb8fc023e458dd6c63ef71abfd482481aa5", - "sha256:d1d2532b340b692880261c15aee4dc94dd22ca5d61b9db9a8a361953d36410b1", - "sha256:d25039a474c4c72a5ad4b52495056f843a7ff07b632c1b92ea9043a3d9950f6e", - "sha256:d5ff2c858f5f6a42c2a8e751100f237c5e869cbde669a724f2062d4c4ef93551", - "sha256:d7d7f7de27b8944f1fee2c26a88b4dabc2409d2fea7a9ed3df79b67277644e17", - "sha256:d7eeb6d22331e2fd42fce928a81c697c9ee2d51400bd1a28803965883e13cead", - "sha256:d8a1c6c0be645c745a081c192e747c5de06e944a0d21245f4cf7c05e457c36e0", - "sha256:d8b889777de69897406c9fb0b76cdf2fd0f31267861ae7501d93003d55f54fbe", - "sha256:d9e09c9d74f4566e905a0b8fa668c58109f7624db96a2171f21747abc7524234", - "sha256:db8e58b9d79200c76956cefd14d5c90af54416ff5353c5bfd7cbe58818e26ef0", - "sha256:ddb2a5c08a4eaaba605340fdee8fc08e406c56617566d9643ad8bf6852778fc7", - "sha256:e0381b4ce23ff92f8170080c97678040fc5b08da85e9e292292aba67fdac6c34", - "sha256:e23a6d84d9d1738dbc6e38167776107e63307dfc8ad108e580548d1f2c587f42", - "sha256:e516dc8baf7b380e6c1c26792610230f37147bb754d6426462ab115a02944385", - "sha256:ea65804b5dc88dacd4a40279af0cdadcfe74b3e5b4c897aa0d81cf86927fee78", - "sha256:ec61d826d80fc293ed46c9dd26995921e3a82146feacd952ef0757236fc137be", - "sha256:ee04010f26d5102399bd17f8df8bc38dc7ccd7701dc77f4a68c5b8d733406958", - "sha256:f3bc6af6e2b8f92eced34ef6a96ffb248e863af20ef4fde9448cc8c9b858b749", - "sha256:f7d6b36dd2e029b6bcb8a13cf19664c7b8e19ab3a58e0fefbb5b8461447ed5ec" + "sha256:01a8697ec24f17c349c4f655763c4db70eebc56a5f82995e5e26e837c6eb0e49", + "sha256:02da8759b47d964f9173c8675710720b468aa1c1693be0c9c64abb9d8d9a4867", + "sha256:04293941646647b3bfb1719d1d11ff1028e9c30199509a844da3c0f5919dc520", + "sha256:067b961853c8e62725ff2893226fef3d0da060656a9827f3f520fb1d19b2b68a", + "sha256:077da604852be488c9a05a524068cdae1e972b7dc02438161c32420fb4ec5e14", + "sha256:09696438cb43ea6f9492ef237761b043f9179f455f405279e609f2bc9100212a", + "sha256:0b8486f322d8f6a38539136a22c55f94d269addb24db5cb6f61adc61eabc9d93", + "sha256:0ea9682124fc062e3d931c6911934a678cb28453f957ddccf51f568c2f2b5e05", + "sha256:0f351fa31234699d6084ff98283cb1e852270fe9e250a3b3bf7804eb493bd937", + "sha256:14438dfc5015661f75f85bc5adad0743678eefee266ff0c9a8e32969d5d69f74", + "sha256:15061ce6584ece023457fb8b7a7a69ec40bf7114d781a8c4f5dcd68e28b5c53b", + "sha256:15439f3c5c72686b6c3ff235279630d08936ace67d0fe5c8d5bbc3ef06f5a420", + "sha256:17b5a386d0d36fb828e2fb3ef08c8829c1ebf977eef88e5367d1c8c94b454639", + "sha256:18ac56c9dd70941ecad42b5a906820824ca72ff84ad6fa18db33c2537ae2e089", + "sha256:1bb2d9e212fb7449b8fb73bc461b51eaa17cc8430b4a87d87be7b25052d92f53", + "sha256:1e969fa4c1e0b1a391f3fcbcb9ec31e84440253325b534519be0d28f4b6b533e", + "sha256:1fa2e7a406fbd45b61b4433e3aa254a2c3e14c4b3186f6e952d08a730807fa0c", + "sha256:2164cd9725092761fed26f299e3f276bb4b537ca58e6ff6b252eae9631b5c96e", + "sha256:21a7c12321436b066c11ec19c7e3cb9aec18884fe0d5b25d03d756a9e654edfe", + "sha256:238a21849dd7554cb4d25a14ffbfa0ef380bb7ba201f45b144a14454a72ffa5a", + "sha256:250e888fa62d73e721f3041e3a9abf427788a1934b426b45e1b92f62c1f68366", + "sha256:25861303e0be76b60fddc1250ec5986c42f0a5c0c50ff57cc30b1be199c00e63", + "sha256:267b24f891e74eccbdff42241c5fb4f974de2d6271dcc7d7e0c9ae1079a560d9", + "sha256:27fcb271a41b746bd0e2a92182df507e1c204759f460ff784ca614e12dd85145", + "sha256:2909fa3a7d249ef64eeb2faa04b7957e34fefb6ec9966506312349ed8a7e77bf", + "sha256:3257978c870728a52dcce8c2902bf01f6c53b65094b457bf87b2644ee6238ddc", + "sha256:327c724b01b8641a1bf1ab3b232fb638706e50f76c0b5bf16051ab65c868fac5", + "sha256:3de5292f9f0ee285e6bd168b2a77b2a00d74cbcfa420ed078456d3023d2f6dff", + "sha256:3fce4da3703ee6048ad4138fe74619c50874afe98b1ad87b2698ef95bf92c96d", + "sha256:3ff6b1617aa39279fe18a76c8d165469c48b159931d9b48239065767ee455b2b", + "sha256:400cd42185f92de559d29eeb529e71d80dfbd2f45c36844914a4a34297ca6f00", + "sha256:4179522dc0305c3fc9782549175c8e8849252fefeb077c92a73889ccbcd508ad", + "sha256:4307d9a3417eea87715c9736d050c83e8c1904e9b7aada6ce61b46361b733d92", + "sha256:476e20c433b356e16e9a141449f25161e6b69984fb4cdbd7cd4bd54c17844998", + "sha256:489fa8bde4f1244ad6c5f6d11bb33e09cf0d1d0367edb197619c3e3fc06f3d91", + "sha256:48a28bed68ab8fb7e380775f0029a079f08a17799cb3387a65d14ace16c12e2b", + "sha256:48dfd117ab93f0129084577a07287376cc69c08138694396f305636e229caa1a", + "sha256:4973eac1e2ff63cf187073cd4e1f1148dcd119314ab79b88e1b3fad74a18c9d5", + "sha256:498442e3af2a860a663baa14fbf23fb04b0dd758039c0e7c8f91cb9279799bff", + "sha256:501c503eed2bb306638ccb60c174f856cc3246c861829ff40eaa80e2f0330367", + "sha256:504cf0d4c5e4579a51261d6091267f9fd997ef58558c4ffa7a3e1460bd2336fa", + "sha256:61a5f2c14d0a1adfdd82258f756b23a550c13ba4c86c84106be4c111a3a4e413", + "sha256:637c7ddb585a62d4469f843dac221f23eec3cbad31693b23abbc2c366ad41ff4", + "sha256:66b63c504d2ca43bf7221a1f72fbe981ff56ecb39004c70a94485d13e37ebf45", + "sha256:67459cf8cf31da0e2cbdb4b040507e535d25cfbb1604ca76396a3a66b8ba37a6", + "sha256:688654f8507464745ab563b041d1fb7dab5d9912ca6b06e61d1c4708366832f5", + "sha256:6907daa4b9d7a688063ed098c472f96e8181733c525e03e866fb5db480a424df", + "sha256:69721b8effdb588cb055cc22f7c5105ca6fdaa5aeb3ea09021d517882c4a904c", + "sha256:6d23754b9939cbab02c63434776df1170e43b09c6a517585c7ce2b3d449b7318", + "sha256:7175a87ab8f7fbde37160a15e58e138ba3b2b0e05492d7351314a250d61b1591", + "sha256:72bf26f66456baa0584eff63e44545c9f0eaed9b73cb6601b647c91f14c11f38", + "sha256:74db2ef03b442276d25951749a803ddb6e270d02dda1d1c556f6ae595a0d76a8", + "sha256:750f656832d7d3cb0c76be137ee79405cc17e792f31e0a01eee390e383b2936e", + "sha256:75e0ae31fb5ccab6eda09ba1494e87eb226dcbd2372dae96b87800e1dcc98804", + "sha256:768ecc550096b028754ea28bf90fde071c379c62c43afa574edc6f33ee5daaec", + "sha256:7d51324a04fc4b0e097ff8a153e9276c2593106a811704025bbc1d6916f45ca6", + "sha256:7e975a2211952a8a083d1b9d9ba26472981ae338e720b419eb50535de3c02870", + "sha256:8215f6f21394d1f46e222abeb06316e77ef328d628f593502d8fc2a9117bde83", + "sha256:8258c86f47e080a258993eed877d579c71da7bda26af86ce6c2d2d072c11320d", + "sha256:8418c053aeb236b20b0ab8fa6bacfc2feaaf7d4683dd96528610989c99723d5f", + "sha256:87f020d010ba80a247c4abc335fc13421037800ca20b42af5ae40e5fd75e7909", + "sha256:884eab2ce97cbaf89f264372eae58388862c33c4f551c15680dd80f53c89a269", + "sha256:8a336eaa7ee7e87cdece3cedb395c9657d227bfceb6781295cf56abcd3386a26", + "sha256:8aef1b64da41d18026632d99a06b3fefe1d08e85dd81d849fa7c96301ed22f1b", + "sha256:8aef97ba1dd2138112890ef848e17d8526fe80b21f743b4ee65947ea184f07a2", + "sha256:8ed653638ef669e0efc6fe2acb792275cb419bf9cb5c5049399f3556995f23c7", + "sha256:9361628f28f48dcf8b2f528420d4d68102f593f9c2e592bfc842f5fb337e44fd", + "sha256:946eedc12895873891aaceb39bceb484b4977f70373e0122da483f6c38faaa68", + "sha256:94d0caaa912bfcdc702a4204cd5e2bb01eb917fc4f5ea2315aa23962549561b0", + "sha256:964a428132227edff96d6f3cf261573cb0f1a60c9a764ce28cda9525f18f7786", + "sha256:999bfee0a5b7385a0af5ffb606393509cfde70ecca4f01c36985be6d33e336da", + "sha256:a08ea567c16f140af8ddc7cb58e27e9138a1386e3e6e53982abaa6f2377b38cc", + "sha256:a28b70c9e2213de425d9cba5ab2e7f7a1c8ca23a99c4b5159bf77b9c31251447", + "sha256:a34e1e30f1774fa35d37202bbeae62423e9a79d78d0874e5556a593479fdf239", + "sha256:a4264515f9117be204935cd230fb2a052dd3792789cc94c101c535d349b3dab0", + "sha256:a7915ea49b0c113641dc4d9338efa9bd66b6a9a485ffe75b9907e8573ca94b84", + "sha256:aac44097d838dda26526cffb63bdd8737a2dbdf5f2c68efb72ad83aec6673c7e", + "sha256:b91044952da03b6f95fdba398d7993dd983b64d3c31c358a4c89e3c19b6f7aef", + "sha256:ba444bdd4caa2a94456ef67a2f383710928820dd0117aae6650a4d17029fa25e", + "sha256:c2dc4250fe94d8cd864d66018f8344d4af50e3758e9d725e94fecfa27588ff82", + "sha256:c35f493b867912f6fda721a59cc7c4766d382040bdf1ddaeeaa7fa4d072f4675", + "sha256:c92261eb2ad367629dc437536463dc934030c9e7caca861cc51990fe6c565f26", + "sha256:ce928c9c6409c79e10f39604a7e214b3cb69552952fbda8d836c052832e6a979", + "sha256:d95b52fbef190ca87d8c42f49e314eace4fc52070f3dfa5f87a6594b0c1c6e46", + "sha256:dae7bd0daeb33aa3e79e72877d3d51052e8b19c9025ecf0374f542ea8ec120e4", + "sha256:e286580b6511aac7c3268a78cdb861ec739d3e5a2a53b4809faef6b49778eaff", + "sha256:e4b53f73077e839b3f89c992223f15b1d2ab314bdbdf502afdc7bb18e95eae27", + "sha256:e8f63904df26d1a66aabc141bfd258bf738b9bc7bc6bdef22713b4f5ef789a4c", + "sha256:f3a6d90cab0bdf07df8f176eae3a07127daafcf7457b997b2bf46776da2c7eb7", + "sha256:f41fa79114a1d2eddb5eea7b912d6160508f57440bd302ce96eaa384914cd265", + "sha256:f46f81501160c28d0c0b7333b4f7be8983dbbc161983b6fb814024d1b4952f79", + "sha256:f61db3b7e870914dbd9434b560075e0366771eecbe6d2b5561f5bc7485f39efd" ], - "markers": "python_version >= '3.7'", - "version": "==1.9.4" + "markers": "python_version >= '3.8'", + "version": "==1.11.1" } }, "develop": { @@ -1300,100 +1319,100 @@ }, "boto3": { "hashes": [ - "sha256:b41deed9ca7e0a619510a22e256e3e38b5f532624b4aff8964a1e870877b37bc", - "sha256:c35c560ef0cb0f133b6104bc374d60eeb7cb69c1d5d7907e4305a285d162bef0" + "sha256:47e89d95964f10beee21ee723c3290874fddf364269bd97d200e8bfa9bf93a06", + "sha256:aaddbeb8c37608492f2c8286d004101464833d4c6e49af44601502b8b18785ed" ], "markers": "python_version >= '3.8'", - "version": "==1.35.6" + "version": "==1.35.20" }, "botocore": { "hashes": [ - "sha256:8378c6cfef2dee15eb7b3ebbb55ba9c1de959f231292039b81eb35b72c50ad59", - "sha256:93ef31b80b05758db4dd67e010348a05b9ff43f82839629b7ac334f2a454996e" + "sha256:62412038f960691a299e60492f9ee7e8e75af563f2eca7f3640b3b54b8f5d236", + "sha256:82ad8a73fcd5852d127461c8dadbe40bf679f760a4efb0dde8d4d269ad3f126f" ], "markers": "python_version >= '3.8'", - "version": "==1.35.6" + "version": "==1.35.20" }, "certifi": { "hashes": [ - "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", - "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90" + "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8", + "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9" ], "markers": "python_version >= '3.6'", - "version": "==2024.7.4" + "version": "==2024.8.30" }, "cffi": { "hashes": [ - "sha256:011aff3524d578a9412c8b3cfaa50f2c0bd78e03eb7af7aa5e0df59b158efb2f", - "sha256:0a048d4f6630113e54bb4b77e315e1ba32a5a31512c31a273807d0027a7e69ab", - "sha256:0bb15e7acf8ab35ca8b24b90af52c8b391690ef5c4aec3d31f38f0d37d2cc499", - "sha256:0d46ee4764b88b91f16661a8befc6bfb24806d885e27436fdc292ed7e6f6d058", - "sha256:0e60821d312f99d3e1569202518dddf10ae547e799d75aef3bca3a2d9e8ee693", - "sha256:0fdacad9e0d9fc23e519efd5ea24a70348305e8d7d85ecbb1a5fa66dc834e7fb", - "sha256:14b9cbc8f7ac98a739558eb86fabc283d4d564dafed50216e7f7ee62d0d25377", - "sha256:17c6d6d3260c7f2d94f657e6872591fe8733872a86ed1345bda872cfc8c74885", - "sha256:1a2ddbac59dc3716bc79f27906c010406155031a1c801410f1bafff17ea304d2", - "sha256:2404f3de742f47cb62d023f0ba7c5a916c9c653d5b368cc966382ae4e57da401", - "sha256:24658baf6224d8f280e827f0a50c46ad819ec8ba380a42448e24459daf809cf4", - "sha256:24aa705a5f5bd3a8bcfa4d123f03413de5d86e497435693b638cbffb7d5d8a1b", - "sha256:2770bb0d5e3cc0e31e7318db06efcbcdb7b31bcb1a70086d3177692a02256f59", - "sha256:331ad15c39c9fe9186ceaf87203a9ecf5ae0ba2538c9e898e3a6967e8ad3db6f", - "sha256:3aa9d43b02a0c681f0bfbc12d476d47b2b2b6a3f9287f11ee42989a268a1833c", - "sha256:41f4915e09218744d8bae14759f983e466ab69b178de38066f7579892ff2a555", - "sha256:4304d4416ff032ed50ad6bb87416d802e67139e31c0bde4628f36a47a3164bfa", - "sha256:435a22d00ec7d7ea533db494da8581b05977f9c37338c80bc86314bec2619424", - "sha256:45f7cd36186db767d803b1473b3c659d57a23b5fa491ad83c6d40f2af58e4dbb", - "sha256:48b389b1fd5144603d61d752afd7167dfd205973a43151ae5045b35793232aa2", - "sha256:4e67d26532bfd8b7f7c05d5a766d6f437b362c1bf203a3a5ce3593a645e870b8", - "sha256:516a405f174fd3b88829eabfe4bb296ac602d6a0f68e0d64d5ac9456194a5b7e", - "sha256:5ba5c243f4004c750836f81606a9fcb7841f8874ad8f3bf204ff5e56332b72b9", - "sha256:5bdc0f1f610d067c70aa3737ed06e2726fd9d6f7bfee4a351f4c40b6831f4e82", - "sha256:6107e445faf057c118d5050560695e46d272e5301feffda3c41849641222a828", - "sha256:6327b572f5770293fc062a7ec04160e89741e8552bf1c358d1a23eba68166759", - "sha256:669b29a9eca6146465cc574659058ed949748f0809a2582d1f1a324eb91054dc", - "sha256:6ce01337d23884b21c03869d2f68c5523d43174d4fc405490eb0091057943118", - "sha256:6d872186c1617d143969defeadac5a904e6e374183e07977eedef9c07c8953bf", - "sha256:6f76a90c345796c01d85e6332e81cab6d70de83b829cf1d9762d0a3da59c7932", - "sha256:70d2aa9fb00cf52034feac4b913181a6e10356019b18ef89bc7c12a283bf5f5a", - "sha256:7cbc78dc018596315d4e7841c8c3a7ae31cc4d638c9b627f87d52e8abaaf2d29", - "sha256:856bf0924d24e7f93b8aee12a3a1095c34085600aa805693fb7f5d1962393206", - "sha256:8a98748ed1a1df4ee1d6f927e151ed6c1a09d5ec21684de879c7ea6aa96f58f2", - "sha256:93a7350f6706b31f457c1457d3a3259ff9071a66f312ae64dc024f049055f72c", - "sha256:964823b2fc77b55355999ade496c54dde161c621cb1f6eac61dc30ed1b63cd4c", - "sha256:a003ac9edc22d99ae1286b0875c460351f4e101f8c9d9d2576e78d7e048f64e0", - "sha256:a0ce71725cacc9ebf839630772b07eeec220cbb5f03be1399e0457a1464f8e1a", - "sha256:a47eef975d2b8b721775a0fa286f50eab535b9d56c70a6e62842134cf7841195", - "sha256:a8b5b9712783415695663bd463990e2f00c6750562e6ad1d28e072a611c5f2a6", - "sha256:a9015f5b8af1bb6837a3fcb0cdf3b874fe3385ff6274e8b7925d81ccaec3c5c9", - "sha256:aec510255ce690d240f7cb23d7114f6b351c733a74c279a84def763660a2c3bc", - "sha256:b00e7bcd71caa0282cbe3c90966f738e2db91e64092a877c3ff7f19a1628fdcb", - "sha256:b50aaac7d05c2c26dfd50c3321199f019ba76bb650e346a6ef3616306eed67b0", - "sha256:b7b6ea9e36d32582cda3465f54c4b454f62f23cb083ebc7a94e2ca6ef011c3a7", - "sha256:bb9333f58fc3a2296fb1d54576138d4cf5d496a2cc118422bd77835e6ae0b9cb", - "sha256:c1c13185b90bbd3f8b5963cd8ce7ad4ff441924c31e23c975cb150e27c2bf67a", - "sha256:c3b8bd3133cd50f6b637bb4322822c94c5ce4bf0d724ed5ae70afce62187c492", - "sha256:c5d97162c196ce54af6700949ddf9409e9833ef1003b4741c2b39ef46f1d9720", - "sha256:c815270206f983309915a6844fe994b2fa47e5d05c4c4cef267c3b30e34dbe42", - "sha256:cab2eba3830bf4f6d91e2d6718e0e1c14a2f5ad1af68a89d24ace0c6b17cced7", - "sha256:d1df34588123fcc88c872f5acb6f74ae59e9d182a2707097f9e28275ec26a12d", - "sha256:d6bdcd415ba87846fd317bee0774e412e8792832e7805938987e4ede1d13046d", - "sha256:db9a30ec064129d605d0f1aedc93e00894b9334ec74ba9c6bdd08147434b33eb", - "sha256:dbc183e7bef690c9abe5ea67b7b60fdbca81aa8da43468287dae7b5c046107d4", - "sha256:dca802c8db0720ce1c49cce1149ff7b06e91ba15fa84b1d59144fef1a1bc7ac2", - "sha256:dec6b307ce928e8e112a6bb9921a1cb00a0e14979bf28b98e084a4b8a742bd9b", - "sha256:df8bb0010fdd0a743b7542589223a2816bdde4d94bb5ad67884348fa2c1c67e8", - "sha256:e4094c7b464cf0a858e75cd14b03509e84789abf7b79f8537e6a72152109c76e", - "sha256:e4760a68cab57bfaa628938e9c2971137e05ce48e762a9cb53b76c9b569f1204", - "sha256:eb09b82377233b902d4c3fbeeb7ad731cdab579c6c6fda1f763cd779139e47c3", - "sha256:eb862356ee9391dc5a0b3cbc00f416b48c1b9a52d252d898e5b7696a5f9fe150", - "sha256:ef9528915df81b8f4c7612b19b8628214c65c9b7f74db2e34a646a0a2a0da2d4", - "sha256:f3157624b7558b914cb039fd1af735e5e8049a87c817cc215109ad1c8779df76", - "sha256:f3e0992f23bbb0be00a921eae5363329253c3b86287db27092461c887b791e5e", - "sha256:f9338cc05451f1942d0d8203ec2c346c830f8e86469903d5126c1f0a13a2bcbb", - "sha256:ffef8fd58a36fb5f1196919638f73dd3ae0db1a878982b27a9a5a176ede4ba91" + "sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8", + "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2", + "sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1", + "sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15", + "sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36", + "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", + "sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8", + "sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36", + "sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17", + "sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf", + "sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc", + "sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3", + "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed", + "sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702", + "sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1", + "sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8", + "sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903", + "sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6", + "sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d", + "sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b", + "sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e", + "sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be", + "sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c", + "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683", + "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9", + "sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c", + "sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8", + "sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1", + "sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4", + "sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655", + "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67", + "sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595", + "sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0", + "sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65", + "sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41", + "sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6", + "sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401", + "sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6", + "sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3", + "sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16", + "sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93", + "sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e", + "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4", + "sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964", + "sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c", + "sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576", + "sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0", + "sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3", + "sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662", + "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3", + "sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff", + "sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5", + "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd", + "sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f", + "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5", + "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14", + "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d", + "sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9", + "sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7", + "sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382", + "sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a", + "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e", + "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a", + "sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4", + "sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99", + "sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87", + "sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b" ], "markers": "platform_python_implementation != 'PyPy'", - "version": "==1.17.0" + "version": "==1.17.1" }, "charset-normalizer": { "hashes": [ @@ -1501,36 +1520,36 @@ }, "cryptography": { "hashes": [ - "sha256:0663585d02f76929792470451a5ba64424acc3cd5227b03921dab0e2f27b1709", - "sha256:08a24a7070b2b6804c1940ff0f910ff728932a9d0e80e7814234269f9d46d069", - "sha256:232ce02943a579095a339ac4b390fbbe97f5b5d5d107f8a08260ea2768be8cc2", - "sha256:2905ccf93a8a2a416f3ec01b1a7911c3fe4073ef35640e7ee5296754e30b762b", - "sha256:299d3da8e00b7e2b54bb02ef58d73cd5f55fb31f33ebbf33bd00d9aa6807df7e", - "sha256:2c6d112bf61c5ef44042c253e4859b3cbbb50df2f78fa8fae6747a7814484a70", - "sha256:31e44a986ceccec3d0498e16f3d27b2ee5fdf69ce2ab89b52eaad1d2f33d8778", - "sha256:3d9a1eca329405219b605fac09ecfc09ac09e595d6def650a437523fcd08dd22", - "sha256:3dcdedae5c7710b9f97ac6bba7e1052b95c7083c9d0e9df96e02a1932e777895", - "sha256:47ca71115e545954e6c1d207dd13461ab81f4eccfcb1345eac874828b5e3eaaf", - "sha256:4a997df8c1c2aae1e1e5ac49c2e4f610ad037fc5a3aadc7b64e39dea42249431", - "sha256:51956cf8730665e2bdf8ddb8da0056f699c1a5715648c1b0144670c1ba00b48f", - "sha256:5bcb8a5620008a8034d39bce21dc3e23735dfdb6a33a06974739bfa04f853947", - "sha256:64c3f16e2a4fc51c0d06af28441881f98c5d91009b8caaff40cf3548089e9c74", - "sha256:6e2b11c55d260d03a8cf29ac9b5e0608d35f08077d8c087be96287f43af3ccdc", - "sha256:7b3f5fe74a5ca32d4d0f302ffe6680fcc5c28f8ef0dc0ae8f40c0f3a1b4fca66", - "sha256:844b6d608374e7d08f4f6e6f9f7b951f9256db41421917dfb2d003dde4cd6b66", - "sha256:9a8d6802e0825767476f62aafed40532bd435e8a5f7d23bd8b4f5fd04cc80ecf", - "sha256:aae4d918f6b180a8ab8bf6511a419473d107df4dbb4225c7b48c5c9602c38c7f", - "sha256:ac1955ce000cb29ab40def14fd1bbfa7af2017cca696ee696925615cafd0dce5", - "sha256:b88075ada2d51aa9f18283532c9f60e72170041bba88d7f37e49cbb10275299e", - "sha256:cb013933d4c127349b3948aa8aaf2f12c0353ad0eccd715ca789c8a0f671646f", - "sha256:cc70b4b581f28d0a254d006f26949245e3657d40d8857066c2ae22a61222ef55", - "sha256:e9c5266c432a1e23738d178e51c2c7a5e2ddf790f248be939448c0ba2021f9d1", - "sha256:ea9e57f8ea880eeea38ab5abf9fbe39f923544d7884228ec67d666abd60f5a47", - "sha256:ee0c405832ade84d4de74b9029bedb7b31200600fa524d218fc29bfa371e97f5", - "sha256:fdcb265de28585de5b859ae13e3846a8e805268a823a12a4da2597f1f5afc9f0" + "sha256:014f58110f53237ace6a408b5beb6c427b64e084eb451ef25a28308270086494", + "sha256:1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806", + "sha256:203e92a75716d8cfb491dc47c79e17d0d9207ccffcbcb35f598fbe463ae3444d", + "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062", + "sha256:2bd51274dcd59f09dd952afb696bf9c61a7a49dfc764c04dd33ef7a6b502a1e2", + "sha256:38926c50cff6f533f8a2dae3d7f19541432610d114a70808f0926d5aaa7121e4", + "sha256:511f4273808ab590912a93ddb4e3914dfd8a388fed883361b02dea3791f292e1", + "sha256:58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85", + "sha256:5b43d1ea6b378b54a1dc99dd8a2b5be47658fe9a7ce0a58ff0b55f4b43ef2b84", + "sha256:61ec41068b7b74268fa86e3e9e12b9f0c21fcf65434571dbb13d954bceb08042", + "sha256:666ae11966643886c2987b3b721899d250855718d6d9ce41b521252a17985f4d", + "sha256:68aaecc4178e90719e95298515979814bda0cbada1256a4485414860bd7ab962", + "sha256:7c05650fe8023c5ed0d46793d4b7d7e6cd9c04e68eabe5b0aeea836e37bdcec2", + "sha256:80eda8b3e173f0f247f711eef62be51b599b5d425c429b5d4ca6a05e9e856baa", + "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d", + "sha256:88cce104c36870d70c49c7c8fd22885875d950d9ee6ab54df2745f83ba0dc365", + "sha256:9d3cdb25fa98afdd3d0892d132b8d7139e2c087da1712041f6b762e4f807cc96", + "sha256:a575913fb06e05e6b4b814d7f7468c2c660e8bb16d8d5a1faf9b33ccc569dd47", + "sha256:ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d", + "sha256:c1332724be35d23a854994ff0b66530119500b6053d0bd3363265f7e5e77288d", + "sha256:d03a475165f3134f773d1388aeb19c2d25ba88b6a9733c5c590b9ff7bbfa2e0c", + "sha256:d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb", + "sha256:de41fd81a41e53267cb020bb3a7212861da53a7d39f863585d13ea11049cf277", + "sha256:e710bf40870f4db63c3d7d929aa9e09e4e7ee219e703f949ec4073b4294f6172", + "sha256:ea25acb556320250756e53f9e20a4177515f012c9eaea17eb7587a8c4d8ae034", + "sha256:f98bf604c82c416bc829e490c700ca1553eafdf2912a91e23a79d97d9801372a", + "sha256:fba1007b3ef89946dbbb515aeeb41e30203b004f0b4b00e5e16078b518563289" ], "markers": "python_version >= '3.7'", - "version": "==43.0.0" + "version": "==43.0.1" }, "decorator": { "hashes": [ @@ -1552,11 +1571,11 @@ }, "idna": { "hashes": [ - "sha256:050b4e5baadcd44d760cedbd2b8e639f2ff89bbc7a5730fcc662954303377aac", - "sha256:d838c2c0ed6fced7693d5e8ab8e734d5f8fda53a039c0164afb0b82e771e3603" + "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", + "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" ], "markers": "python_version >= '3.6'", - "version": "==3.8" + "version": "==3.10" }, "isort": { "hashes": [ @@ -1718,12 +1737,12 @@ }, "moto": { "hashes": [ - "sha256:984377a9c4536543fc09f49a1d5210c61c4a4f55c79719f7d9f8dcdd9bf55ea5", - "sha256:ddf8864f0d61af88fd07a4e5eac428c6bebf4fcd10023f8e756e65e9e7b7e4a5" + "sha256:0f849243269fd03372426c302b18cb605302da32620d7f0266be6a40735b2acd", + "sha256:c738ffe85d3844ef37b865951736c4faf2e0f3e4f05db87bdad97a6c01b88174" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==5.0.13" + "version": "==5.0.14" }, "mypy": { "hashes": [ @@ -1793,11 +1812,11 @@ }, "platformdirs": { "hashes": [ - "sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee", - "sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3" + "sha256:50a5450e2e84f44539718293cbb1da0a0885c9d14adf21b77bae4e66fc99d9b5", + "sha256:d4e0b7d8ec176b341fb03cb11ca12d0276faa8c485f9cd218f613840463fc2c0" ], "markers": "python_version >= '3.8'", - "version": "==4.2.2" + "version": "==4.3.3" }, "pycparser": { "hashes": [ @@ -1919,11 +1938,11 @@ }, "rich": { "hashes": [ - "sha256:2e85306a063b9492dffc86278197a60cbece75bcb766022f3436f567cae11bdc", - "sha256:a5ac1f1cd448ade0d59cc3356f7db7a7ccda2c8cbae9c7a90c28ff463d3e91f4" + "sha256:1760a3c0848469b97b558fc61c85233e3dafb69c7a071b4d60c38099d3cd4c06", + "sha256:8260cda28e3db6bf04d2d1ef4dbc03ba80a824c88b0e7668a0f23126a424844a" ], "markers": "python_full_version >= '3.7.0'", - "version": "==13.8.0" + "version": "==13.8.1" }, "s3transfer": { "hashes": [ @@ -1967,11 +1986,11 @@ }, "urllib3": { "hashes": [ - "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472", - "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168" + "sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac", + "sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9" ], "markers": "python_version >= '3.8'", - "version": "==2.2.2" + "version": "==2.2.3" }, "werkzeug": { "hashes": [ diff --git a/correlation_rules/aws_sso_access_token_retrieved_by_unauthenticated_ip.yml b/correlation_rules/aws_sso_access_token_retrieved_by_unauthenticated_ip.yml index 95e50c090..18303a56b 100644 --- a/correlation_rules/aws_sso_access_token_retrieved_by_unauthenticated_ip.yml +++ b/correlation_rules/aws_sso_access_token_retrieved_by_unauthenticated_ip.yml @@ -32,19 +32,19 @@ Tests: RuleOutputs: - ID: Absent CLI Prompt Matches: - p_udm.user.id: - igor.stravinsky: + sourceIPAddress: + "1.2.3.4": - 0 - ID: SSO Access Token Retrieved Matches: - p_udm.user.id: - igor.stravinsky: + sourceIPAddress: + "1.2.3.4": - 2 - Name: AWS SSO Access Token Retrieved by Unauthenticated IP ExpectedResult: true RuleOutputs: - ID: SSO Access Token Retrieved Matches: - p_udm.user.id: - igor.stravinsky: + sourceIPAddress: + "1.2.3.4": - 2 \ No newline at end of file diff --git a/global_helpers/panther_wiz_helpers.py b/global_helpers/panther_wiz_helpers.py new file mode 100644 index 000000000..39441b50a --- /dev/null +++ b/global_helpers/panther_wiz_helpers.py @@ -0,0 +1,15 @@ +def wiz_success(event): + if event.get("status", "") == "SUCCESS": + return True + return False + + +def wiz_alert_context(event): + return { + "action": event.get("action", ""), + "user": event.get("user", ""), + "source_ip": event.get("sourceip", ""), + "event_id": event.get("id", ""), + "service_account": event.get("serviceaccount", ""), + "action_parameters": event.get("actionparameters", ""), + } diff --git a/global_helpers/panther_wiz_helpers.yml b/global_helpers/panther_wiz_helpers.yml new file mode 100644 index 000000000..9802088f4 --- /dev/null +++ b/global_helpers/panther_wiz_helpers.yml @@ -0,0 +1,5 @@ +AnalysisType: global +Filename: panther_wiz_helpers.py +GlobalID: "panther_wiz_helpers" +Description: > + Used to define global helpers for Wiz events diff --git a/packs/github.yml b/packs/github.yml index d0fcf0bb7..cd8c7e0e4 100644 --- a/packs/github.yml +++ b/packs/github.yml @@ -18,6 +18,7 @@ PackDefinition: #- GitHub.Repo.HookModified - GitHub.Repo.InitialAccess - Github.Repo.VisibilityChange + - Github.Repo.VulnerabilityDismissed - GitHub.Secret.Scanning.Alert.Created - GitHub.Team.Modified - GitHub.Webhook.Modified diff --git a/packs/wiz.yml b/packs/wiz.yml index 68b2cce38..ff87a58e4 100644 --- a/packs/wiz.yml +++ b/packs/wiz.yml @@ -5,6 +5,23 @@ DisplayName: "Panther Wiz Pack" PackDefinition: IDs: - Wiz.Alert.Passthrough + - Wiz.Update.IP.Restrictions + - Wiz.Update.Support.Contact.List + - Wiz.SAML.Identity.Provider.Change + - Wiz.Data.Classifier.Updated.Or.Deleted + - Wiz.Update.Login.Settings + - Wiz.Image.Integrity.Validator.Updated.Or.Deleted + - Wiz.Update.Scanner.Settings + - Wiz.User.Created.Or.Deleted + - Wiz.Rotate.Service.Account.Secret + - Wiz.Connector.Updated.Or.Deleted + - Wiz.Service.Account.Change + - Wiz.Revoke.User.Sessions + - Wiz.User.Role.Updated.Or.Deleted + - Wiz.Integration.Updated.Or.Deleted + - Wiz.Rule.Change + - Wiz.CICD.Scan.Policy.Updated.Or.Deleted + - panther_wiz_helpers - panther_base_helpers - panther_config - panther_config_defaults diff --git a/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.py b/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.py new file mode 100644 index 000000000..30c256af9 --- /dev/null +++ b/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteCICDScanPolicy", "UpdateCICDScanPolicy"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.yml b/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.yml new file mode 100644 index 000000000..b0973f558 --- /dev/null +++ b/rules/wiz_rules/wiz_cicd_scan_policy_updated_or_deleted.yml @@ -0,0 +1,92 @@ +AnalysisType: rule +RuleID: Wiz.CICD.Scan.Policy.Updated.Or.Deleted +Description: This rule detects updates and deletions of CICD scan policies. +DisplayName: Wiz CICD Scan Policy Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/academy/ci-cd-security-best-practices +Enabled: true +Filename: wiz_cicd_scan_policy_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteCICDScanPolicy + ExpectedResult: true + Log: + { + "action": "DeleteCICDScanPolicy", + "actionparameters": { + "input": { + "id": "12345-cd1f-4a4b-b3e4-12345" + } + }, + "id": "12345-de20-4e00-b958-12345", + "log_type": null, + "requestid": "12345-284b-4166-aea7-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "SUCCESS", + "timestamp": "2023-09-01 14:27:42.694", + "user": { + "id": "test@company.com", + "name": "test@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteCICDScanPolicy - Fail + ExpectedResult: false + Log: + { + "action": "DeleteCICDScanPolicy", + "actionparameters": { }, + "id": "12345-de20-4e00-b958-12345", + "log_type": null, + "requestid": "12345-284b-4166-aea7-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "FAILED", + "timestamp": "2023-09-01 14:27:42.694", + "user": { + "id": "test@company.com", + "name": "test@company.com" + } + } diff --git a/rules/wiz_rules/wiz_connector_updated_or_deleted.py b/rules/wiz_rules/wiz_connector_updated_or_deleted.py new file mode 100644 index 000000000..212d962cd --- /dev/null +++ b/rules/wiz_rules/wiz_connector_updated_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteConnector", "UpdateConnector"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_connector_updated_or_deleted.yml b/rules/wiz_rules/wiz_connector_updated_or_deleted.yml new file mode 100644 index 000000000..1769e6f02 --- /dev/null +++ b/rules/wiz_rules/wiz_connector_updated_or_deleted.yml @@ -0,0 +1,96 @@ +AnalysisType: rule +RuleID: Wiz.Connector.Updated.Or.Deleted +Description: This rule detects updates and deletions of connectors. +DisplayName: Wiz Connector Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://help.vulcancyber.com/en/articles/6735270-wiz-connector # article about integration with Vulcan +Enabled: true +Filename: wiz_connector_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteConnector + ExpectedResult: true + Log: + { + "id": "c4fe1656-23a3-4b60-a689-d59a337c5551", + "action": "DeleteConnector", + "requestId": "471b9148-887a-49ff-ad83-162d7e38cf4e", + "status": "SUCCESS", + "timestamp": "2024-07-09T08:03:09.825336Z", + "actionParameters": { + "input": { + "id": "7a55031b-98f4-4a64-b77c-ad0bc9d7b54b" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteConnector - Fail + ExpectedResult: false + Log: + { + "id": "c4fe1656-23a3-4b60-a689-d59a337c5551", + "action": "DeleteConnector", + "requestId": "471b9148-887a-49ff-ad83-162d7e38cf4e", + "status": "FAILED", + "timestamp": "2024-07-09T08:03:09.825336Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.py b/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.py new file mode 100644 index 000000000..19d531b25 --- /dev/null +++ b/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteDataClassifier", "UpdateDataClassifier"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.yml b/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.yml new file mode 100644 index 000000000..5164d3433 --- /dev/null +++ b/rules/wiz_rules/wiz_data_classifier_updated_or_deleted.yml @@ -0,0 +1,98 @@ +AnalysisType: rule +RuleID: Wiz.Data.Classifier.Updated.Or.Deleted +Description: This rule detects updates and deletions of data classifiers. +DisplayName: Wiz Data Classifier Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/solutions/dspm +Enabled: true +Filename: wiz_data_classifier_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteDataClassifier + ExpectedResult: true + Log: + { + "action": "DeleteDataClassifier", + "actionparameters": { + "input": { + "id": "CUSTOM-12345-c697-4c0f-9689-12345" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "id": "12345-2df6-4c45-838f-12345", + "log_type": "auditLogEntries", + "requestid": "12435-b44f-4216-ad13-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "SUCCESS", + "timestamp": "2024-07-31 18:10:36.936", + "user": { + "id": "test@company.com", + "name": "test@company.com" + }, + "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteDataClassifier - Fail + ExpectedResult: false + Log: + { + "action": "DeleteDataClassifier", + "actionparameters": { }, + "id": "12345-2df6-4c45-838f-12345", + "log_type": "auditLogEntries", + "requestid": "12435-b44f-4216-ad13-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "FAILED", + "timestamp": "2024-07-31 18:10:36.936", + "user": { + "id": "test@company.com", + "name": "test@company.com" + }, + "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" + } diff --git a/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.py b/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.py new file mode 100644 index 000000000..6d770523f --- /dev/null +++ b/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteImageIntegrityValidator", "UpdateImageIntegrityValidator"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.yml b/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.yml new file mode 100644 index 000000000..cfe82bdf7 --- /dev/null +++ b/rules/wiz_rules/wiz_image_integrity_validator_updated_or_deleted.yml @@ -0,0 +1,97 @@ +AnalysisType: rule +RuleID: Wiz.Image.Integrity.Validator.Updated.Or.Deleted +Description: This rule detects updates and deletions of image integrity validators. +DisplayName: Wiz Image Integrity Validator Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/blog/ensuring-supply-chain-security-verify-container-image-integrity-with-the-wiz-admi +Enabled: true +Filename: wiz_image_integrity_validator_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteImageIntegrityValidator + ExpectedResult: true + Log: + { + "action": "DeleteImageIntegrityValidator", + "actionparameters": { + "input": { + "id": "12345-5273-4bcb-9bd6-12345" + }, + "selection": [ + "_stub" + ] + }, + "id": "12345-362c-494a-b601-12345", + "log_type": "auditLogEntries", + "requestid": "12345-6532-4130-bb3a-12345", + "serviceaccount": { + "id": "test", + "name": "test1" + }, + "sourceip": "8.8.8.8", + "status": "SUCCESS", + "timestamp": "2024-04-16 21:45:03.392", + "user": null, + "useragent": "Terraform-Provider/1.10.2360" + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteImageIntegrityValidator - Fail + ExpectedResult: false + Log: + { + "action": "DeleteImageIntegrityValidator", + "actionparameters": { }, + "id": "12345-362c-494a-b601-12345", + "log_type": "auditLogEntries", + "requestid": "12345-6532-4130-bb3a-12345", + "serviceaccount": { + "id": "test", + "name": "test1" + }, + "sourceip": "8.8.8.8", + "status": "FAILED", + "timestamp": "2024-04-16 21:45:03.392", + "user": null, + "useragent": "Terraform-Provider/1.10.2360" + } diff --git a/rules/wiz_rules/wiz_integration_updated_or_deleted.py b/rules/wiz_rules/wiz_integration_updated_or_deleted.py new file mode 100644 index 000000000..8fa56f2aa --- /dev/null +++ b/rules/wiz_rules/wiz_integration_updated_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteIntegration", "UpdateIntegration"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_integration_updated_or_deleted.yml b/rules/wiz_rules/wiz_integration_updated_or_deleted.yml new file mode 100644 index 000000000..fe12b9ca9 --- /dev/null +++ b/rules/wiz_rules/wiz_integration_updated_or_deleted.yml @@ -0,0 +1,96 @@ +AnalysisType: rule +RuleID: Wiz.Integration.Updated.Or.Deleted +Description: This rule detects updates and deletions of Wiz integrations. +DisplayName: Wiz Integration Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/integrations +Enabled: true +Filename: wiz_integration_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteIntegration + ExpectedResult: true + Log: + { + "action": "DeleteIntegration", + "actionParameters": { + "input": { + "id": "ab4ab152-509c-425b-aa1f-601b386dfe3f" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "id": "62e490d5-484c-4c21-a2ed-b6ebcaaa5aad", + "log_type": "auditLogEntries", + "requestId": "bc968f65-060c-40a0-85de-3d74d02d6a54", + "sourceIP": "12.34.56.78", + "status": "SUCCESS", + "timestamp": "2024-06-27 09:19:08.731355000", + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteIntegration - Fail + ExpectedResult: false + Log: + { + "action": "DeleteIntegration", + "actionParameters": { }, + "id": "62e490d5-484c-4c21-a2ed-b6ebcaaa5aad", + "log_type": "auditLogEntries", + "requestId": "bc968f65-060c-40a0-85de-3d74d02d6a54", + "sourceIP": "12.34.56.78", + "status": "FAILED", + "timestamp": "2024-06-27 09:19:08.731355000", + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" + } diff --git a/rules/wiz_rules/wiz_revoke_user_sessions.py b/rules/wiz_rules/wiz_revoke_user_sessions.py new file mode 100644 index 000000000..79a05c4cd --- /dev/null +++ b/rules/wiz_rules/wiz_revoke_user_sessions.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "RevokeUserSessions" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_revoke_user_sessions.yml b/rules/wiz_rules/wiz_revoke_user_sessions.yml new file mode 100644 index 000000000..ccb9b069d --- /dev/null +++ b/rules/wiz_rules/wiz_revoke_user_sessions.yml @@ -0,0 +1,96 @@ +AnalysisType: rule +RuleID: Wiz.Revoke.User.Sessions +Description: This rule detects user sessions revoked. +DisplayName: Wiz Revoke User Sessions +Runbook: Verify that this change was planned. If not, revoke all the sessions of the account and change its credentials +Reference: https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr +Enabled: true +Filename: wiz_revoke_user_sessions.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0040:T1531 # Account Access Removal +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: RevokeUserSessions + ExpectedResult: true + Log: + { + "id": "07fdb41e-e83d-46e2-814a-6cebc47acf97", + "action": "RevokeUserSessions", + "requestId": "5fa96b8f-2c85-4c2d-b0f9-d4a4307ea8a7", + "status": "SUCCESS", + "timestamp": "2024-07-31T17:55:29.239928Z", + "actionParameters": { + "input": { + "id": "" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: RevokeUserSessions - Fail + ExpectedResult: false + Log: + { + "id": "07fdb41e-e83d-46e2-814a-6cebc47acf97", + "action": "RevokeUserSessions", + "requestId": "5fa96b8f-2c85-4c2d-b0f9-d4a4307ea8a7", + "status": "FAILED", + "timestamp": "2024-07-31T17:55:29.239928Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_rotate_service_account_secret.py b/rules/wiz_rules/wiz_rotate_service_account_secret.py new file mode 100644 index 000000000..9577440df --- /dev/null +++ b/rules/wiz_rules/wiz_rotate_service_account_secret.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "RotateServiceAccountSecret" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_rotate_service_account_secret.yml b/rules/wiz_rules/wiz_rotate_service_account_secret.yml new file mode 100644 index 000000000..7d27f5ee4 --- /dev/null +++ b/rules/wiz_rules/wiz_rotate_service_account_secret.yml @@ -0,0 +1,113 @@ +AnalysisType: rule +RuleID: Wiz.Rotate.Service.Account.Secret +Description: This rule detects service account secrets rotations. +DisplayName: Wiz Rotate Service Account Secret +Runbook: Verify the action was planned. +Reference: https://www.wiz.io/academy/kubernetes-secrets +Enabled: true +Filename: wiz_rotate_service_account_secret.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0001:T1078.004 # Valid Accounts: Cloud Accounts +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: RotateServiceAccountSecret + ExpectedResult: true + Log: + { + "id": "d78f5ef1-3814-4d47-b789-0e43d4cc0ef2", + "action": "RotateServiceAccountSecret", + "requestId": "2303f545-a219-4c6d-b217-b76bb5e06a20", + "status": "SUCCESS", + "timestamp": "2024-07-16T10:47:43.562393Z", + "actionParameters": { + "ID": "rsao...", + "selection": [ + "__typename", + { + "serviceAccount": [ + "__typename", + "id", + "enabled", + "name", + "clientId", + "scopes", + "lastRotatedAt", + "expiresAt", + "description", + { + "integration": [ + "__typename", + "id" + ] + }, + "clientSecret" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: RotateServiceAccountSecret - Fail + ExpectedResult: false + Log: + { + "id": "d78f5ef1-3814-4d47-b789-0e43d4cc0ef2", + "action": "RotateServiceAccountSecret", + "requestId": "2303f545-a219-4c6d-b217-b76bb5e06a20", + "status": "FAILED", + "timestamp": "2024-07-16T10:47:43.562393Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_rule_change.py b/rules/wiz_rules/wiz_rule_change.py new file mode 100644 index 000000000..153fb0a3a --- /dev/null +++ b/rules/wiz_rules/wiz_rule_change.py @@ -0,0 +1,47 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = [ + "DeleteAutomationRule", + "UpdateAutomationRule", + "DeleteCloudEventRule", + "UpdateCloudEventRule", + "DeleteCloudConfigurationRule", + "UpdateCloudConfigurationRule", + "DeleteHostConfigurationRule", + "UpdateHostConfigurationRule", + "CreateIgnoreRule", + "DeleteIgnoreRule", # we have no sample log for such event, but I suppose there should be one + "UpdateIgnoreRule", + "CreateMalwareExclusion", + "UpdateMalwareExclusion", +] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) + + +def severity(event): + action = event.get("action", "ACTION_NOT_FOUND") + if "Delete" in action: + return "High" + if "Create" in action: + return "Low" + return "Default" diff --git a/rules/wiz_rules/wiz_rule_change.yml b/rules/wiz_rules/wiz_rule_change.yml new file mode 100644 index 000000000..b81b59334 --- /dev/null +++ b/rules/wiz_rules/wiz_rule_change.yml @@ -0,0 +1,97 @@ +AnalysisType: rule +RuleID: Wiz.Rule.Change +Description: This rule detects creations, updates and deletions of Wiz rules. +DisplayName: Wiz Rule Change +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. If needed, review the privileges of existing accounts. +Reference: https://www.wiz.io/blog/custom-runtime-rules-and-response-policies +Enabled: true +Filename: wiz_rule_change.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteCloudConfigurationRule + ExpectedResult: true + Log: + { + "action": "DeleteCloudConfigurationRule", + "actionparameters": { + "input": { + "id": "12345-3fd7-4063-8e06-12345" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "id": "12345-0301-491d-9fe6-12345", + "log_type": "auditLogEntries", + "requestid": "12345-c18f-4ce0-9288-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "SUCCESS", + "timestamp": "2024-03-24 10:58:31.347", + "user": { + "id": "testy@company.com", + "name": "testy@company.com" + }, + "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteCloudConfigurationRule - Fail + ExpectedResult: false + Log: + { + "action": "DeleteCloudConfigurationRule", + "id": "12345-0301-491d-9fe6-12345", + "log_type": "auditLogEntries", + "requestid": "12345-c18f-4ce0-9288-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "FAILED", + "timestamp": "2024-03-24 10:58:31.347", + "user": { + "id": "testy@company.com", + "name": "testy@company.com" + }, + "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" + } diff --git a/rules/wiz_rules/wiz_saml_identity_provider_change.py b/rules/wiz_rules/wiz_saml_identity_provider_change.py new file mode 100644 index 000000000..d183ed51b --- /dev/null +++ b/rules/wiz_rules/wiz_saml_identity_provider_change.py @@ -0,0 +1,29 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = [ + "UpdateSAMLIdentityProvider", + "DeleteSAMLIdentityProvider", + "CreateSAMLIdentityProvider", + "ModifySAMLIdentityProviderGroupMappings", +] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_saml_identity_provider_change.yml b/rules/wiz_rules/wiz_saml_identity_provider_change.yml new file mode 100644 index 000000000..071b6c5bd --- /dev/null +++ b/rules/wiz_rules/wiz_saml_identity_provider_change.yml @@ -0,0 +1,95 @@ +AnalysisType: rule +RuleID: Wiz.SAML.Identity.Provider.Change +Description: This rule detects creations, updates and deletions of SAML identity providers. +DisplayName: Wiz SAML Identity Provider Change +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://support.wiz.io/hc/en-us/articles/5644029716380-Single-Sign-on-SSO-Overview +Enabled: true +Filename: wiz_saml_identity_provider_change.py +Severity: High +Reports: + MITRE ATT&CK: + - TA0004:T1484.002 # Domain or Tenant Policy Modification: Trust Modification +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteSAMLIdentityProvider + ExpectedResult: true + Log: + { + "id": "0fc891d1-c2e3-4db2-b896-7af27964c71b", + "action": "DeleteSAMLIdentityProvider", + "requestId": "eec733c5-175c-4d0c-8b65-b9344f223a36", + "status": "SUCCESS", + "timestamp": "2024-07-12T08:59:33.946633Z", + "actionParameters": { + "input": { + "id": "" + }, + "selection": [ + "_stub" + ] + }, + "userAgent": "Wiz-Terraform-Provider/1.13.3433", + "sourceIP": "12.34.56.78", + "serviceAccount": { + "id": "", + "name": "test-graphql-api" + }, + "user": null + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteSAMLIdentityProvider - Fail + ExpectedResult: false + Log: + { + "id": "0fc891d1-c2e3-4db2-b896-7af27964c71b", + "action": "DeleteSAMLIdentityProvider", + "requestId": "eec733c5-175c-4d0c-8b65-b9344f223a36", + "status": "FAILED", + "timestamp": "2024-07-12T08:59:33.946633Z", + "actionParameters": { }, + "userAgent": "Wiz-Terraform-Provider/1.13.3433", + "sourceIP": "12.34.56.78", + "serviceAccount": { + "id": "", + "name": "test-graphql-api" + }, + "user": null + } diff --git a/rules/wiz_rules/wiz_service_account_change.py b/rules/wiz_rules/wiz_service_account_change.py new file mode 100644 index 000000000..b8faba6fd --- /dev/null +++ b/rules/wiz_rules/wiz_service_account_change.py @@ -0,0 +1,28 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = [ + "CreateServiceAccount", + "DeleteServiceAccount", + "UpdateServiceAccount", +] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_service_account_change.yml b/rules/wiz_rules/wiz_service_account_change.yml new file mode 100644 index 000000000..70c6ad5bf --- /dev/null +++ b/rules/wiz_rules/wiz_service_account_change.yml @@ -0,0 +1,98 @@ +AnalysisType: rule +RuleID: Wiz.Service.Account.Change +Description: This rule detects creations, updates and deletions of service accounts. +DisplayName: Wiz Service Account Change +Runbook: Confirm this user acted with valid business intent and determine whether this activity was authorized. +Reference: https://www.wiz.io/blog/non-human-identities-dashboard +Enabled: true +Filename: wiz_service_account_change.py +Severity: High +Reports: + MITRE ATT&CK: + - TA0001:T1078.004 # Valid Accounts: Cloud Accounts +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteServiceAccount + ExpectedResult: true + Log: + { + "id": "ac5630ca-2dd9-40a5-8137-140443cd8087", + "action": "DeleteServiceAccount", + "requestId": "a9291dc4-a17c-4af7-bb9e-17905082221f", + "status": "SUCCESS", + "timestamp": "2024-07-09T14:16:02.836387Z", + "actionParameters": { + "input": { + "id": "rsao..." + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "__typename": "User", + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteServiceAccount - Fail + ExpectedResult: false + Log: + { + "id": "ac5630ca-2dd9-40a5-8137-140443cd8087", + "action": "DeleteServiceAccount", + "requestId": "a9291dc4-a17c-4af7-bb9e-17905082221f", + "status": "FAILED", + "timestamp": "2024-07-09T14:16:02.836387Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "__typename": "User", + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_update_ip_restrictions.py b/rules/wiz_rules/wiz_update_ip_restrictions.py new file mode 100644 index 000000000..85337be52 --- /dev/null +++ b/rules/wiz_rules/wiz_update_ip_restrictions.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "UpdateIPRestrictions" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_update_ip_restrictions.yml b/rules/wiz_rules/wiz_update_ip_restrictions.yml new file mode 100644 index 000000000..51f8e5e66 --- /dev/null +++ b/rules/wiz_rules/wiz_update_ip_restrictions.yml @@ -0,0 +1,105 @@ +AnalysisType: rule +RuleID: Wiz.Update.IP.Restrictions +Description: This rule detects updates of IP restrictions. +DisplayName: Wiz Update IP Restrictions +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://support.wix.com/en/article/wix-enterprise-managing-access-to-your-sites-using-ip-allowlisting +Enabled: true +Filename: wiz_update_ip_restrictions.py +Severity: High +Reports: + MITRE ATT&CK: + - TA0003:T1556.009 # Modify Authentication Process: Conditional Access Policies +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: UpdateIPRestrictions + ExpectedResult: true + Log: + { + "id": "66aa29d4-7a2e-4b09-a46c-ff72b2c55425", + "action": "UpdateIPRestrictions", + "requestId": "22681d26-0ba0-4730-8f05-0b2c3adefe1b", + "status": "SUCCESS", + "timestamp": "2024-07-31T18:10:33.436381Z", + "actionParameters": { + "input": { + "serviceAccountAccessAllowedIPs": [ + "0.0.0.0/0" + ], + "userAccessAllowedIPs": [ ] + }, + "selection": [ + "__typename", + { + "ipRestrictions": [ + "__typename", + "userAccessAllowedIPs", + "serviceAccountAccessAllowedIPs" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: UpdateIPRestrictions - Fail + ExpectedResult: false + Log: + { + "id": "66aa29d4-7a2e-4b09-a46c-ff72b2c55425", + "action": "UpdateIPRestrictions", + "requestId": "22681d26-0ba0-4730-8f05-0b2c3adefe1b", + "status": "FAILED", + "timestamp": "2024-07-31T18:10:33.436381Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_update_login_settings.py b/rules/wiz_rules/wiz_update_login_settings.py new file mode 100644 index 000000000..b5cb8ddf1 --- /dev/null +++ b/rules/wiz_rules/wiz_update_login_settings.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "UpdateLoginSettings" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_update_login_settings.yml b/rules/wiz_rules/wiz_update_login_settings.yml new file mode 100644 index 000000000..f8df6c50a --- /dev/null +++ b/rules/wiz_rules/wiz_update_login_settings.yml @@ -0,0 +1,105 @@ +AnalysisType: rule +RuleID: Wiz.Update.Login.Settings +Description: This rule detects updates of Wiz login settings. +DisplayName: Wiz Update Login Settings +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://support.wiz.io/hc/en-us/categories/5311977085340-User-Management +Enabled: true +Filename: wiz_update_login_settings.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0006:T1556 # Modify Authentication Process +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: UpdateLoginSettings + ExpectedResult: true + Log: + { + "id": "f77a8e1e-5674-42d1-9f1e-8a259dc736cd", + "action": "UpdateLoginSettings", + "requestId": "417f1751-bcc1-4d38-86aa-eb781790bdd6", + "status": "SUCCESS", + "timestamp": "2024-06-16T13:14:22.291227Z", + "actionParameters": { + "input": { + "patch": { + "approvedUserDomains": [ + "abc.com", + ] + } + }, + "selection": [ + "__typename", + { + "loginSettings": [ + "__typename", + "approvedUserDomains" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: UpdateLoginSettings - Fail + ExpectedResult: false + Log: + { + "id": "f77a8e1e-5674-42d1-9f1e-8a259dc736cd", + "action": "UpdateLoginSettings", + "requestId": "417f1751-bcc1-4d38-86aa-eb781790bdd6", + "status": "FAILED", + "timestamp": "2024-06-16T13:14:22.291227Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_update_scanner_settings.py b/rules/wiz_rules/wiz_update_scanner_settings.py new file mode 100644 index 000000000..b033999ab --- /dev/null +++ b/rules/wiz_rules/wiz_update_scanner_settings.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "UpdateScannerSettings" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_update_scanner_settings.yml b/rules/wiz_rules/wiz_update_scanner_settings.yml new file mode 100644 index 000000000..a265c3298 --- /dev/null +++ b/rules/wiz_rules/wiz_update_scanner_settings.yml @@ -0,0 +1,114 @@ +AnalysisType: rule +RuleID: Wiz.Update.Scanner.Settings +Description: This rule detects updates of Wiz scanner settings. +DisplayName: Wiz Update Scanner Settings +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/academy/secret-scanning +Enabled: true +Filename: wiz_update_scanner_settings.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: UpdateScannerSettings + ExpectedResult: true + Log: + { + "id": "dd48b7fe-576d-453d-a0d0-1f61425b1bb7", + "action": "UpdateScannerSettings", + "requestId": "d5c55350-0d54-46eb-88ee-4942f80e700c", + "status": "SUCCESS", + "timestamp": "2024-06-18T12:09:33.985762Z", + "actionParameters": { + "input": { + "patch": { + "computeResourceGroupMemberScanSamplingEnabled": true, + "maxComputeResourceGroupMemberScanCount": 2, + "prioritizeActiveComputeResourceGroupMembers": true + } + }, + "selection": [ + "__typename", + { + "scannerSettings": [ + "__typename", + "computeResourceGroupMemberScanSamplingEnabled", + "maxComputeResourceGroupMemberScanCount", + { + "customFileDetectionList": [ + "__typename", + "id", + "url", + "fileDetectionCount" + ] + } + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: UpdateScannerSettings - Fail + ExpectedResult: false + Log: + { + "id": "dd48b7fe-576d-453d-a0d0-1f61425b1bb7", + "action": "UpdateScannerSettings", + "requestId": "d5c55350-0d54-46eb-88ee-4942f80e700c", + "status": "FAILED", + "timestamp": "2024-06-18T12:09:33.985762Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_update_support_contact_list.py b/rules/wiz_rules/wiz_update_support_contact_list.py new file mode 100644 index 000000000..00e65ae67 --- /dev/null +++ b/rules/wiz_rules/wiz_update_support_contact_list.py @@ -0,0 +1,22 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") == "UpdateSupportContactList" + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_update_support_contact_list.yml b/rules/wiz_rules/wiz_update_support_contact_list.yml new file mode 100644 index 000000000..89bd32a3e --- /dev/null +++ b/rules/wiz_rules/wiz_update_support_contact_list.yml @@ -0,0 +1,110 @@ +AnalysisType: rule +RuleID: Wiz.Update.Support.Contact.List +Description: This rule detects updates of Wiz support contact list. +DisplayName: Wiz Update Support Contact List +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. +Reference: https://www.wiz.io/ +Enabled: true +Filename: wiz_update_support_contact_list.py +Severity: Low +Reports: + MITRE ATT&CK: + - TA0035:T1636.003 # Protected User Data: Contact List +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: UpdateSupportContactList + ExpectedResult: true + Log: + { + "id": "3a9d0fc8-8466-4e79-a2cd-014a068b985c", + "action": "UpdateSupportContactList", + "requestId": "fddf46ff-c69a-4f5b-a06d-c05ec95dbb21", + "status": "SUCCESS", + "timestamp": "2024-07-23T10:16:54.517212Z", + "actionParameters": { + "input": { + "patch": { + "contacts": [ + "test.user@company.com" + ] + } + }, + "selection": [ + "__typename", + { + "supportContactList": [ + "__typename", + { + "contacts": [ + "__typename", + "id" + ] + } + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: UpdateSupportContactList - Fail + ExpectedResult: false + Log: + { + "id": "3a9d0fc8-8466-4e79-a2cd-014a068b985c", + "action": "UpdateSupportContactList", + "requestId": "fddf46ff-c69a-4f5b-a06d-c05ec95dbb21", + "status": "FAILED", + "timestamp": "2024-07-23T10:16:54.517212Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } diff --git a/rules/wiz_rules/wiz_user_created_or_deleted.py b/rules/wiz_rules/wiz_user_created_or_deleted.py new file mode 100644 index 000000000..32dd14cfd --- /dev/null +++ b/rules/wiz_rules/wiz_user_created_or_deleted.py @@ -0,0 +1,24 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["CreateUser", "DeleteUser"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) diff --git a/rules/wiz_rules/wiz_user_created_or_deleted.yml b/rules/wiz_rules/wiz_user_created_or_deleted.yml new file mode 100644 index 000000000..aecc58380 --- /dev/null +++ b/rules/wiz_rules/wiz_user_created_or_deleted.yml @@ -0,0 +1,98 @@ +AnalysisType: rule +RuleID: Wiz.User.Created.Or.Deleted +Description: This rule detects creations and deletions of Wiz users. +DisplayName: Wiz User Created Or Deleted +Runbook: Verify that this change was planned. +Reference: https://support.wiz.io/hc/en-us/categories/5311977085340-User-Management +Enabled: true +Filename: wiz_user_created_or_deleted.py +Severity: Low +Reports: + MITRE ATT&CK: + - TA0003:T1136.003 # Create Account + - TA0005:T1070.009 # Indicator Removal +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: Deleted rule + ExpectedResult: false + Log: + { + "action": "DeleteCloudConfigurationRule", + "actionparameters": { + "input": { + "id": "12345-3fd7-4063-8e06-12345" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "id": "12345-0301-491d-9fe6-12345", + "log_type": "auditLogEntries", + "requestid": "12345-c18f-4ce0-9288-12345", + "serviceaccount": null, + "sourceip": "8.8.8.8", + "status": "SUCCESS", + "timestamp": "2024-03-24 10:58:31.347", + "user": { + "id": "testy@company.com", + "name": "testy@company.com" + }, + "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" + } + - Name: CreateUser + ExpectedResult: true + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: CreateUser - Fail + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "FAILED", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } diff --git a/rules/wiz_rules/wiz_user_role_updated_or_deleted.py b/rules/wiz_rules/wiz_user_role_updated_or_deleted.py new file mode 100644 index 000000000..ce336fe37 --- /dev/null +++ b/rules/wiz_rules/wiz_user_role_updated_or_deleted.py @@ -0,0 +1,31 @@ +from panther_wiz_helpers import wiz_alert_context, wiz_success + +SUSPICIOUS_ACTIONS = ["DeleteUserRole", "UpdateUserRole"] + + +def rule(event): + if not wiz_success(event): + return False + return event.get("action", "ACTION_NOT_FOUND") in SUSPICIOUS_ACTIONS + + +def title(event): + return ( + f"[Wiz]: [{event.get('action', 'ACTION_NOT_FOUND')}] action " + f"performed by user [{event.deep_get('user', 'name', default='USER_NAME_NOT_FOUND')}]" + ) + + +def dedup(event): + return event.get("id") + + +def alert_context(event): + return wiz_alert_context(event) + + +def severity(event): + action = event.get("action", "ACTION_NOT_FOUND") + if "Delete" in action: + return "High" + return "Default" diff --git a/rules/wiz_rules/wiz_user_role_updated_or_deleted.yml b/rules/wiz_rules/wiz_user_role_updated_or_deleted.yml new file mode 100644 index 000000000..7fa6981eb --- /dev/null +++ b/rules/wiz_rules/wiz_user_role_updated_or_deleted.yml @@ -0,0 +1,96 @@ +AnalysisType: rule +RuleID: Wiz.User.Role.Updated.Or.Deleted +Description: This rule detects updates and deletions of Wiz user roles. +DisplayName: Wiz User Role Updated Or Deleted +Runbook: Verify that this change was planned. If not, revert the change and ensure this doesn't happen again. Review privileges given to accounts to ensure the principle of minimal privilege +Reference: https://www.wiz.io/blog/cloud-security-custom-roles-democratization +Enabled: true +Filename: wiz_user_role_updated_or_deleted.py +Severity: Medium +Reports: + MITRE ATT&CK: + - TA0003:T1098.001 # Account Manipulation +LogTypes: + - Wiz.Audit +DedupPeriodMinutes: 60 +Threshold: 1 +Tests: + - Name: DeleteUserRole + ExpectedResult: true + Log: + { + "id": "671d8e2d-1ca8-47eb-bf1c-d46cd3f0d737", + "action": "DeleteUserRole", + "requestId": "a83aba82-c707-4a2f-9761-fe9ee723b703", + "status": "SUCCESS", + "timestamp": "2024-07-31T18:09:28.790129Z", + "actionParameters": { + "input": { + "id": "b92c4032-9af8-4e2d-b6dc-3bf2005bb7ad" + }, + "selection": [ + "__typename", + "_stub" + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + } + - Name: CreateUser + ExpectedResult: false + Log: + { + "id": "220d23be-f07c-4d97-b4a6-87ad04eddb14", + "action": "CreateUser", + "requestId": "0d9521b2-c3f8-4a73-bf7c-20257788752e", + "status": "SUCCESS", + "timestamp": "2024-07-29T09:40:15.66643Z", + "actionParameters": { + "input": { + "assignedProjectIds": null, + "email": "testy@company.com", + "expiresAt": null, + "name": "Test User", + "role": "GLOBAL_ADMIN" + }, + "selection": [ + "__typename", + { + "user": [ + "__typename", + "id" + ] + } + ] + }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "8.8.8.8", + "serviceAccount": null, + "user": { + "id": "someuser@company.com", + "name": "someuser@company.com" + } + } + - Name: DeleteUserRole - Fail + ExpectedResult: false + Log: + { + "id": "671d8e2d-1ca8-47eb-bf1c-d46cd3f0d737", + "action": "DeleteUserRole", + "requestId": "a83aba82-c707-4a2f-9761-fe9ee723b703", + "status": "FAILED", + "timestamp": "2024-07-31T18:09:28.790129Z", + "actionParameters": { }, + "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36", + "sourceIP": "12.34.56.78", + "serviceAccount": null, + "user": { + "id": "test.user@company.com", + "name": "user@company.com" + } + }