Skip to content

Add AMOE metric: Incident Management Ownership#122

Draft
lebogg wants to merge 3 commits into
90-new-add-amoe-metricsfrom
amoe/incident-policy-check-q1
Draft

Add AMOE metric: Incident Management Ownership#122
lebogg wants to merge 3 commits into
90-new-add-amoe-metricsfrom
amoe/incident-policy-check-q1

Conversation

@lebogg

@lebogg lebogg commented Aug 11, 2025

Copy link
Copy Markdown
Collaborator

Solves #118

Current Questions:

  • Is Incident Management a group of the "Auditing" security feature or
    • is it directly attached to a resource or
    • is it a resource itself
  • Is ownership a security feature or do we want something like "mixed duties"

@lebogg lebogg linked an issue Aug 11, 2025 that may be closed by this pull request
@oxisto oxisto added the EMERALD label Sep 24, 2025
@@ -0,0 +1,13 @@
# ====== Metadata ======
id: IncidentManagementOwnership
description: TODO (Is this a security feature or just add it as resource?)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This rule assesses whether a [Policy] that offers the property [?], has [SecurityIncident.Team] set correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

IncidentPolicyCheckQ1

4 participants