Update Rule Fields (#36)

* using the rule fields now

* update dependencies

Makefile

@@ -29,5 +29,5 @@ install:
 test:
 	for d in $(analysis_directories); \
 	do \
-		panther_analysis_tool test --policies $$d; \
+		panther_analysis_tool test --path $$d; \
 	done

aws_rules_cis/aws_cloudtrail_created.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_cloudtrail_created.py
-PolicyID: AWS.CloudTrail.Created
+RuleID: AWS.CloudTrail.Created
 DisplayName: A CloudTrail Was Created or Updated
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -19,9 +19,9 @@ Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Ope
 Tests:
   -
     Name: CloudTrail Was Created
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -63,9 +63,9 @@ Tests:
       }
   -
     Name: KMS Decrypt Event
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_cloudtrail_stopped.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_cloudtrail_stopped.py
-PolicyID: AWS.CloudTrail.Stopped
+RuleID: AWS.CloudTrail.Stopped
 DisplayName: CloudTrail Stopped
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -19,9 +19,9 @@ Reference: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_Ope
 Tests:
   -
     Name: CloudTrail Was Stopped
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -63,9 +63,9 @@ Tests:
       }
   -
     Name: CloudTrail Was Started
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_config_service_created.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_config_service_created.py
-PolicyID: AWS.ConfigService.Created
+RuleID: AWS.ConfigService.Created
 DisplayName: AWS Config Service Created
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -20,9 +20,9 @@ Reference: https://aws.amazon.com/config/
 Tests:
   -
     Name: Config Recorder Delivery Channel Created
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -63,9 +63,9 @@ Tests:
       }
   -
     Name: Config Recorder Deleted
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_config_service_disabled_deleted.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_config_service_disabled_deleted.py
-PolicyID: AWS.ConfigService.DisabledDeleted
+RuleID: AWS.ConfigService.DisabledDeleted
 DisplayName: AWS Config Service Disabled
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -20,9 +20,9 @@ Reference: https://aws.amazon.com/config/
 Tests:
   -
     Name: Config Recorder Delivery Channel Created
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -63,9 +63,9 @@ Tests:
       }
   -
     Name: Config Recorder Deleted
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_console_login_failed.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_console_login_failed.py
-PolicyID: AWS.Console.LoginFailed
+RuleID: AWS.Console.LoginFailed
 DisplayName: Failed Console Login
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -19,9 +19,9 @@ Reference: https://amzn.to/3aMSmTd
 Tests:
   -
     Name: Failed Login
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -52,9 +52,9 @@ Tests:
       }
   -
     Name: Successful Login
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -85,9 +85,9 @@ Tests:
       }
   -
     Name: Non Login Event
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.06",
           "userIdentity": {

aws_rules_cis/aws_console_login_without_mfa.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_console_login_without_mfa.py
-PolicyID: AWS.Console.LoginWithoutMFA
+RuleID: AWS.Console.LoginWithoutMFA
 DisplayName: Logins Without MFA
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -18,9 +18,9 @@ Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.h
 Tests:
   -
     Name: No MFA
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -51,9 +51,9 @@ Tests:
       }
   -
     Name: Yes MFA
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -84,9 +84,9 @@ Tests:
       }
   -
     Name: No MFA but Login Failed
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_ec2_gateway_modified.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_ec2_gateway_modified.py
-PolicyID: AWS.EC2.GatewayModified
+RuleID: AWS.EC2.GatewayModified
 DisplayName: EC2 Network Gateway Modified
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -18,9 +18,9 @@ Reference: reference.link
 Tests:
   -
     Name: Network Gateway Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -64,9 +64,9 @@ Tests:
       }
   -
     Name: Network Gateway Not Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_ec2_network_acl_modified.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_ec2_network_acl_modified.py
-PolicyID: AWS.EC2.NetworkACLModified
+RuleID: AWS.EC2.NetworkACLModified
 DisplayName: EC2 Network ACL Modified
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -18,9 +18,9 @@ Reference: reference.link
 Tests:
   -
     Name: Network ACL Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -70,9 +70,9 @@ Tests:
       }
   -
     Name: Network ACL Not Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_ec2_route_table_modified.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_ec2_route_table_modified.py
-PolicyID: AWS.EC2.RouteTableModified
+RuleID: AWS.EC2.RouteTableModified
 DisplayName: EC2 Route Table Modified
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -17,9 +17,9 @@ Reference: reference.link
 Tests:
   -
     Name: Route Table Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -64,9 +64,9 @@ Tests:
       }
   -
     Name: Route Table Not Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {

aws_rules_cis/aws_ec2_security_group_modified.yml

@@ -1,9 +1,9 @@
 AnalysisType: rule
 Filename: aws_ec2_security_group_modified.py
-PolicyID: AWS.EC2.SecurityGroupModified
+RuleID: AWS.EC2.SecurityGroupModified
 DisplayName: EC2 Security Group Modified
 Enabled: true
-ResourceTypes:
+LogTypes:
   - AWS.CloudTrail
 Tags:
   - AWS
@@ -19,9 +19,9 @@ Reference: reference.link
 Tests:
   -
     Name: Security Group Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: true
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {
@@ -85,9 +85,9 @@ Tests:
       }
   -
     Name: Security Group Not Modified
-    ResourceType: AWS.CloudTrail
+    LogType: AWS.CloudTrail
     ExpectedResult: false
-    Resource:
+    Log:
       {
           "eventVersion": "1.05",
           "userIdentity": {