Skip to content

Commit

Permalink
Merge pull request #1286 from TheHive-Project/AzureAD-EntraID-renaming
Browse files Browse the repository at this point in the history 
MSEntraID Folder structure & naming adjustments
  • Loading branch information
@nusantara-self
nusantara-self authored Oct 22, 2024
2 parents 4129710 + ed3839a commit bffc7ee
Show file tree
Hide file tree
Showing 10 changed files with 15 additions and 15 deletions.
14 changes: 7 additions & 7 deletions ...rs/GetEntraIDSignIns/GetEntraIDSignIns.py → analyzers/MSEntraID/MSEntraID.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from cortexutils.analyzer import Analyzer

# Initialize Azure Class
class GetEntraIDSignIns(Analyzer):
class MSEntraID(Analyzer):
def __init__(self):
Analyzer.__init__(self)
self.client_id = self.get_param('config.client_id', None, 'Microsoft Entra ID Application ID/Client ID Missing')
Expand Down Expand Up @@ -143,20 +143,20 @@ def summary(self, raw):
taxonomies = []

if len(raw.get('signIns', [])) == 0:
taxonomies.append(self.build_taxonomy('info', 'EntraIDSignins', 'SignIns', 'None'))
taxonomies.append(self.build_taxonomy('info', 'MSEntraIDSignins', 'SignIns', 'None'))
else:
taxonomies.append(self.build_taxonomy('safe', 'EntraIDSignins', 'Count', len(raw['signIns'])))
taxonomies.append(self.build_taxonomy('safe', 'MSEntraIDSignins', 'Count', len(raw['signIns'])))

stats = raw.get("sum_stats", {})
if stats.get("riskySignIns", 0) != 0:
taxonomies.append(self.build_taxonomy('suspicious', 'EntraIDSignins', 'Risky', stats["riskySignIns"]))
taxonomies.append(self.build_taxonomy('suspicious', 'MSEntraIDSignins', 'Risky', stats["riskySignIns"]))
if stats.get("externalStateSignIns", 0) != 0:
taxonomies.append(self.build_taxonomy('suspicious', 'EntraIDSignins', 'OutOfState', stats["externalStateSignIns"]))
taxonomies.append(self.build_taxonomy('suspicious', 'MSEntraIDSignins', 'OutOfState', stats["externalStateSignIns"]))
if stats.get("foreignSignIns", 0) != 0:
taxonomies.append(self.build_taxonomy('malicious', 'EntraIDSignins', 'ForeignSignIns', stats["foreignSignIns"]))
taxonomies.append(self.build_taxonomy('malicious', 'MSEntraIDSignins', 'ForeignSignIns', stats["foreignSignIns"]))

return {'taxonomies': taxonomies}


if __name__ == '__main__':
GetEntraIDSignIns().run()
MSEntraID().run()
6 changes: 3 additions & 3 deletions .../GetEntraIDSignIns/GetEntraIDSignIns.json → ...yzers/MSEntraID/MSEntraID_GetSignIns.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"name": "GetEntraIDSignIns",
"name": "MSEntraID_GetSignIns",
"version": "1.0",
"author": "@jahamilto",
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Pull all Microsoft Entra ID sign ins for a user within the specified amount of time.",
"dataTypeList": ["mail"],
"command": "GetEntraIDSignIns/GetEntraIDSignIns.py",
"baseConfig": "GetEntraIDSignIns",
"command": "MSEntraID/MSEntraID.py",
"baseConfig": "MSEntraID",
"configurationItems": [
{"name": "tenant_id",
"description": "Microsoft Entra ID Tenant ID",
Expand Down
0 analyzers/GetEntraIDSignIns/README.md → analyzers/MSEntraID/README.md
View file
File renamed without changes.
0 analyzers/GetEntraIDSignIns/requirements.txt → analyzers/MSEntraID/requirements.txt
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions ...ntraIDTokenRevoker/EntraIDTokenRevoker.py → responders/MSEntraID/MSEntraID.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from cortexutils.responder import Responder

# Initialize Azure Class
class EntraIDTokenRevoker(Responder):
class MSEntraID(Responder):
def __init__(self):
Responder.__init__(self)
self.client_id = self.get_param('config.client_id', None, 'Microsoft Entra ID Application ID/Client ID Missing')
Expand Down Expand Up @@ -67,4 +67,4 @@ def run(self):


if __name__ == '__main__':
EntraIDTokenRevoker().run()
MSEntraID().run()
6 changes: 3 additions & 3 deletions ...raIDTokenRevoker/EntraIDTokenRevoker.json → ...ers/MSEntraID/MSEntraID_TokenRevoker.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"name": "EntraIDTokenRevoker",
"name": "MSEntraID_TokenRevoker",
"version": "1.1",
"author": "Daniel Weiner @dmweiner, revised by @jahamilto",
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Revoke all Microsoft Entra ID authentication session tokens for a User Principal Name.",
"dataTypeList": ["thehive:case_artifact"],
"command": "EntraIDTokenRevoker/EntraIDTokenRevoker.py",
"baseConfig": "EntraIDTokenRevoker",
"command": "MSEntraID/MSEntraID.py",
"baseConfig": "MSEntraID",
"configurationItems": [
{"name": "tenant_id",
"description": "Microsoft Entra ID Tenant ID",
Expand Down
0 responders/EntraIDTokenRevoker/README.md → responders/MSEntraID/README.md
View file
File renamed without changes.
0 ...ders/EntraIDTokenRevoker/requirements.txt → responders/MSEntraID/requirements.txt
View file
File renamed without changes.
0 ...templates/GetEntraIDSignIns_1_0/long.html → ...plates/MSEntraID_GetSignIns_1_0/long.html
View file
File renamed without changes.
0 ...emplates/GetEntraIDSignIns_1_0/short.html → ...lates/MSEntraID_GetSignIns_1_0/short.html
View file
File renamed without changes.

0 comments on commit bffc7ee

Please sign in to comment.