-
Notifications
You must be signed in to change notification settings - Fork 6
metrics: update rego and metric yaml #217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: amoe/incident-policy-check-q1
Are you sure you want to change the base?
Changes from all commits
25f6e1f
a8889b9
c2dd2b3
d901b5e
385ab75
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,15 @@ | ||
| # ====== Metadata ====== | ||
| id: IncidentManagementOwnership | ||
| description: TODO (Is this a security feature or just add it as resource?) | ||
| description: This rule assesses whether a [Resource] that has the property [SecurityIncident] set to Java, also has the property [p1:Team] correctly configured. | ||
| implementationGuidelines: | ||
| AMOE: "Which team is in charge of handling security incidents? Keywords are ['Incident Management', 'CERT']" | ||
| AMOE: | ||
| question: "Which team is in charge of handling security incidents?" | ||
| keywords: | ||
| [ | ||
| "Incident Management", | ||
| "CERT", | ||
| ] | ||
|
|
||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add a comment. |
||
| category: IncidentManagement | ||
| version: "1.0" | ||
| comments: "<Enter further description of the metric here.>" | ||
|
|
||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -1 +1,23 @@ | ||||||
| # TODO | ||||||
| package cch.metrics.incident_management_policy01 | ||||||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Adapt name correctly. |
||||||
|
|
||||||
| import data.cch.compare | ||||||
| import rego.v1 | ||||||
| import input as document | ||||||
|
|
||||||
| default applicable := false | ||||||
|
|
||||||
| default compliant := false | ||||||
|
|
||||||
| applicable if { | ||||||
| document | ||||||
| } | ||||||
|
|
||||||
| compliant if { | ||||||
| compare(data.operator, data.target_value, document:SecurityIncident.Team) | ||||||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
| } | ||||||
|
|
||||||
| message := "The document has set the incident management team." if { | ||||||
| compliant | ||||||
| } else := "The document has not set a valid incident management team." if { | ||||||
| not compliant | ||||||
| } | ||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change Resource to PolicyDocument?