Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
# ====== Metadata ======
id: IncidentManagementOwnership
description: TODO (Is this a security feature or just add it as resource?)
description: This rule assesses whether a [Resource] that has the property [SecurityIncident] set to Java, also has the property [p1:Team] correctly configured.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change Resource to PolicyDocument?

implementationGuidelines:
AMOE: "Which team is in charge of handling security incidents? Keywords are ['Incident Management', 'CERT']"
AMOE:
question: "Which team is in charge of handling security incidents?"
keywords:
[
"Incident Management",
"CERT",
]

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a comment.

category: IncidentManagement
version: "1.0"
comments: "<Enter further description of the metric here.>"
Expand Down
24 changes: 23 additions & 1 deletion metrics/IncidentManagement/Ownership/metric.rego
Original file line number Diff line number Diff line change
@@ -1 +1,23 @@
# TODO
package cch.metrics.incident_management_policy01

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adapt name correctly.


import data.cch.compare
import rego.v1
import input as document

default applicable := false

default compliant := false

applicable if {
document
}

compliant if {
compare(data.operator, data.target_value, document:SecurityIncident.Team)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
compare(data.operator, data.target_value, document:SecurityIncident.Team)
compare(data.operator, data.target_value, documen.securityIncident.team)

}

message := "The document has set the incident management team." if {
compliant
} else := "The document has not set a valid incident management team." if {
not compliant
}
Loading