Skip to content

Commit

Permalink
AWS EC2 Docs (#38444)
Browse files Browse the repository at this point in the history 
* AWS EC2 Docs

* name
  • Loading branch information
@tkatzir
tkatzir authored Feb 2, 2025
1 parent 2cc5e7f commit 79610ce
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion Packs/AWS-EC2/Scripts/AwsEC2SyncAccounts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,4 +46,4 @@ There are no outputs for this script.
>|Id|Arn|Name|Email|JoinedMethod|JoinedTimestamp|Status|
>|---|---|---|---|---|---|---|
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | Name | [email protected] | CREATED | 2023-09-04 09:17:14.299000+00:00 | ACTIVE |
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | ferrum-techs | [email protected] | INVITED | 2022-07-25 09:11:23.528000+00:00 | SUSPENDED |
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | John Doe | [email protected] | INVITED | 2022-07-25 09:11:23.528000+00:00 | SUSPENDED |
4 changes: 2 additions & 2 deletions Packs/AWS-Organizations/Integrations/AWSOrganizations/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,7 @@ Lists all the accounts in the organization or a specific account by ID.
"Id": "111222333444",
"JoinedMethod": "INVITED",
"JoinedTimestamp": "2022-07-25 09:11:23.528000+00:00",
"Name": "ferrum-techs",
"Name": "John Doe",
"Status": "SUSPENDED"
}
],
Expand All @@ -354,7 +354,7 @@ Lists all the accounts in the organization or a specific account by ID.
>|Id|Arn|Name|Email|JoinedMethod|JoinedTimestamp|Status|
>|---|---|---|---|---|---|---|
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | Name | [email protected] | CREATED | 2023-09-04 09:17:14.299000+00:00 | ACTIVE |
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | ferrum-techs | [email protected] | INVITED | 2022-07-25 09:11:23.528000+00:00 | SUSPENDED |
>| 111222333444 | arn:aws:organizations::111222333444:account/o-abcde12345/111222333444 | john-doe | [email protected] | INVITED | 2022-07-25 09:11:23.528000+00:00 | SUSPENDED |

### aws-org-organization-get
Expand Down
4 changes: 2 additions & 2 deletions Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/test_data/input_data.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@
"seconds_to_triaged": 2250786,
"severity": 2,
"show_in_ui": True,
"source_account_domain": "ENV11.FERRUM-TECHS.LOCAL",
"source_account_domain": "ENV11.JOHN-DOE.LOCAL",
"source_account_name": "morganf",
"source_account_object_sid": "S-1-5-21-4043902054-3757442694-3243833439-1141",
"source_account_sam_account_name": "morganf",
Expand Down Expand Up @@ -282,7 +282,7 @@
context_idp_detection = {
'name': 'IDP Detection ID: 20879a8064904ecfbb62c118a6a19411:ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56',
'occurred': '2023-04-20T11:13:10.424647Z', 'last_updated': '2023-06-27T09:29:52.448779709Z',
'rawJSON': '{"added_privileges": ["AdministratorsRole"], "aggregate_id": "aggind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "cid": "20879a8064904ecfbb62c118a6a19411", "comment": "new test comment new test comment2 new test comment2 new test comment2 new test comment2 new test comment new test comment new test comment new test comment new test comment2 new test comment2 new test comment new test comment2 new test comment2 comment", "composite_id": "20879a8064904ecfbb62c118a6a19411:ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "confidence": 20, "context_timestamp": "2023-04-20T11:12:03.089Z", "crawl_edge_ids": {"Sensor": ["[email protected]>%?R;<dP:4XWOiGq9#dnSpb\\"l0^f#1Kl9\'<k^`t9\\"ptE?07V_G^*\'_EU\'/Ch6&[Xsfl<UI$RnhG;AQa[gb#+-\\\\+J1O?GF\\\\U^<^9bluf^^X`dYoqOIQpM,@C%pV[2A%9a\\"T6O4b1:B1@ps8N", "N6GX$`\'=_9i\\"H:bRq0rXhf`Vd$[@1Wr?Lr\'`EGQh3P42Up,g(aNSe7C38V)J@NV=)Rg/2m^+P>?(%>fETtmdN.<_m*o\'\'\\"CCUmBn.;18rN6.!:g%ohR0te,H;Z\\\\DK\\"=MJe1?:_Y=XZj>E=nHY5ge>3^9:\'(g:)A\'RG0W,kPj.CNpo<Vk/RE^G9E!b\'?=G[!!*\'!", "XNXPaKHLg+i\\"HEWkr@-r>$W@\\"o+ta@8q\'lE4T!!e@D;nls7!2S0cEcXKeuua2Q+<<8!<pD:k1.5(j-*D`ECSL7qH1t\'ZZKh\'%UJG\'SaS8QVr:\\"4jTCn[!Z]eCQhZa>bpJ`SjuN\'Y.FcK0JOE\\"K_hb8DEP5rc6I]<!!*\'!"]}, "crawl_vertex_ids": {"Sensor": ["idpind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "uid:20879a8064904ecfbb62c118a6a19411:S-1-5-21-4043902054-3757442694-3243833439-1141", "ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "aggind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56"]}, "crawled_timestamp": "2023-04-20T12:12:10.427005199Z", "created_timestamp": "2023-04-20T11:13:10.424647Z", "description": "A user received new privileges", "display_name": "Privilege escalation (user)", "end_time": "2023-04-20T11:12:03.089Z", "falcon_host_link": "https://falcon.crowdstrike.com/identity-protection/detections/20879a8064904ecfbb62c118a6a19411:ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56?cid=20879a8064904ecfbb62c118a6a19411", "id": "ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "name": "IdpEntityPrivilegeEscalationUser", "objective": "Gain Access", "pattern_id": 51113, "platform": "Windows", "previous_privileges": "0", "privileges": "2177", "product": "idp", "scenario": "privilege_escalation", "seconds_to_resolved": 5869002, "seconds_to_triaged": 2250786, "severity": 2, "show_in_ui": true, "source_account_domain": "ENV11.FERRUM-TECHS.LOCAL", "source_account_name": "morganf", "source_account_object_sid": "S-1-5-21-4043902054-3757442694-3243833439-1141", "source_account_sam_account_name": "morganf", "source_account_upn": "[email protected]", "start_time": "2023-04-20T11:12:03.089Z", "status": "closed", "tactic": "Privilege Escalation", "tactic_id": "TA0004", "tags": [], "technique": "Valid Accounts", "technique_id": "T1078", "timestamp": "2023-04-20T11:12:05.686Z", "type": "idp-user-endpoint-app-info", "updated_timestamp": "2023-06-27T09:29:52.448779709Z", "mirror_direction": null, "mirror_instance": ""}'}
'rawJSON': '{"added_privileges": ["AdministratorsRole"], "aggregate_id": "aggind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "cid": "20879a8064904ecfbb62c118a6a19411", "comment": "new test comment new test comment2 new test comment2 new test comment2 new test comment2 new test comment new test comment new test comment new test comment new test comment2 new test comment2 new test comment new test comment2 new test comment2 comment", "composite_id": "20879a8064904ecfbb62c118a6a19411:ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "confidence": 20, "context_timestamp": "2023-04-20T11:12:03.089Z", "crawl_edge_ids": {"Sensor": ["[email protected]>%?R;<dP:4XWOiGq9#dnSpb\\"l0^f#1Kl9\'<k^`t9\\"ptE?07V_G^*\'_EU\'/Ch6&[Xsfl<UI$RnhG;AQa[gb#+-\\\\+J1O?GF\\\\U^<^9bluf^^X`dYoqOIQpM,@C%pV[2A%9a\\"T6O4b1:B1@ps8N", "N6GX$`\'=_9i\\"H:bRq0rXhf`Vd$[@1Wr?Lr\'`EGQh3P42Up,g(aNSe7C38V)J@NV=)Rg/2m^+P>?(%>fETtmdN.<_m*o\'\'\\"CCUmBn.;18rN6.!:g%ohR0te,H;Z\\\\DK\\"=MJe1?:_Y=XZj>E=nHY5ge>3^9:\'(g:)A\'RG0W,kPj.CNpo<Vk/RE^G9E!b\'?=G[!!*\'!", "XNXPaKHLg+i\\"HEWkr@-r>$W@\\"o+ta@8q\'lE4T!!e@D;nls7!2S0cEcXKeuua2Q+<<8!<pD:k1.5(j-*D`ECSL7qH1t\'ZZKh\'%UJG\'SaS8QVr:\\"4jTCn[!Z]eCQhZa>bpJ`SjuN\'Y.FcK0JOE\\"K_hb8DEP5rc6I]<!!*\'!"]}, "crawl_vertex_ids": {"Sensor": ["idpind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "uid:20879a8064904ecfbb62c118a6a19411:S-1-5-21-4043902054-3757442694-3243833439-1141", "ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "aggind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56"]}, "crawled_timestamp": "2023-04-20T12:12:10.427005199Z", "created_timestamp": "2023-04-20T11:13:10.424647Z", "description": "A user received new privileges", "display_name": "Privilege escalation (user)", "end_time": "2023-04-20T11:12:03.089Z", "falcon_host_link": "https://falcon.crowdstrike.com/identity-protection/detections/20879a8064904ecfbb62c118a6a19411:ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56?cid=20879a8064904ecfbb62c118a6a19411", "id": "ind:20879a8064904ecfbb62c118a6a19411:C0BB6ACD-8FDC-4CBA-9CF9-EBF3E28B3E56", "name": "IdpEntityPrivilegeEscalationUser", "objective": "Gain Access", "pattern_id": 51113, "platform": "Windows", "previous_privileges": "0", "privileges": "2177", "product": "idp", "scenario": "privilege_escalation", "seconds_to_resolved": 5869002, "seconds_to_triaged": 2250786, "severity": 2, "show_in_ui": true, "source_account_domain": "ENV11.JOHN-DOE.LOCAL", "source_account_name": "morganf", "source_account_object_sid": "S-1-5-21-4043902054-3757442694-3243833439-1141", "source_account_sam_account_name": "morganf", "source_account_upn": "[email protected]", "start_time": "2023-04-20T11:12:03.089Z", "status": "closed", "tactic": "Privilege Escalation", "tactic_id": "TA0004", "tags": [], "technique": "Valid Accounts", "technique_id": "T1078", "timestamp": "2023-04-20T11:12:05.686Z", "type": "idp-user-endpoint-app-info", "updated_timestamp": "2023-06-27T09:29:52.448779709Z", "mirror_direction": null, "mirror_instance": ""}'}

remote_incident_id = 'inc:afb5d1512a00480f53e9ad91dc3e4b55:1cf23a95678a421db810e11b5db693bd'
remote_detection_id = 'ldt:15dbb9d8f06b89fe9f61eb46e829d986:528715079668'
Expand Down
6 changes: 3 additions & 3 deletions ...eFalcon/Integrations/CrowdStrikeFalcon/test_data/test_list_identity_entities_command.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@
"mock_responses": [{"entities":{"nodes":[{"isHuman":false,"isProgrammatic":false,"primaryDisplayName":"DC1ENV11ADC02",
"riskFactors":[{"severity":"MEDIUM","type":"LDAPS_CHANNEL_BINDING"},{"severity":"NORMAL","type":"LDAP_SIGNING_DISABLED"},
{"severity":"NORMAL","type":"SPOOLER_SERVICE_RUNNING"}],"riskScore":0.65,"riskScoreSeverity":"MEDIUM",
"secondaryDisplayName":"dc1env11adc02.env11.ferrum-techs.local"}],
"secondaryDisplayName":"dc1env11adc02.env11.john-doe.local"}],
"pageInfo":{"endCursor":"eyJfaWQiOiIwYjI2MmYzMS04YmU2LTRiMTYtOGRiMS1mZjA1NTRlNGJmMTIifQ==","hasNextPage":true}}}],
"expected_hr": "### Identity entities\n|Primary Display Name|Secondary Display Name|Is Human|Is Programmatic|Risk Score|Risk Score Severity|Risk Factors|\n|---|---|---|---|---|---|---|\n| DC1ENV11ADC02 | dc1env11adc02.env11.ferrum-techs.local | false | false | 0.65 | MEDIUM | {'severity': 'MEDIUM', 'type': 'LDAPS_CHANNEL_BINDING'},<br>{'severity': 'NORMAL', 'type': 'LDAP_SIGNING_DISABLED'},<br>{'severity': 'NORMAL', 'type': 'SPOOLER_SERVICE_RUNNING'} |\n",
"expected_hr": "### Identity entities\n|Primary Display Name|Secondary Display Name|Is Human|Is Programmatic|Risk Score|Risk Score Severity|Risk Factors|\n|---|---|---|---|---|---|---|\n| DC1ENV11ADC02 | dc1env11adc02.env11.john-doe.local | false | false | 0.65 | MEDIUM | {'severity': 'MEDIUM', 'type': 'LDAPS_CHANNEL_BINDING'},<br>{'severity': 'NORMAL', 'type': 'LDAP_SIGNING_DISABLED'},<br>{'severity': 'NORMAL', 'type': 'SPOOLER_SERVICE_RUNNING'} |\n",
"expected_ec": [
{
"Ishuman": false,
Expand All @@ -35,7 +35,7 @@
],
"Riskscore": 0.65,
"Riskscoreseverity": "MEDIUM",
"Secondarydisplayname": "dc1env11adc02.env11.ferrum-techs.local"
"Secondarydisplayname": "dc1env11adc02.env11.john-doe.local"
}
],
"expected_res_len": 1
Expand Down

0 comments on commit 79610ce

Please sign in to comment.