From 4677b1f82316244f3095107fcd83fee5c79f6378 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Fri, 9 Aug 2024 10:05:50 -0700 Subject: [PATCH] Document the new AWS resources (#299) Signed-off-by: Tim Smith --- docs/mql/resources/aws-pack/README.md | 6 ++-- .../aws-pack/aws.guardduty.detector.md | 17 ++++++---- .../aws-pack/aws.guardduty.finding.md | 32 +++++++++++++++++ docs/mql/resources/aws-pack/aws.guardduty.md | 7 ++-- ....md => aws.iam.accessanalyzer.analyzer.md} | 9 ++--- .../aws.iam.accessanalyzer.finding.md | 34 +++++++++++++++++++ ...sanalyzer.md => aws.iam.accessanalyzer.md} | 25 +++++++------- package.json | 10 +++--- releases/2023-11-14-mondoo-9.7-is-out.md | 2 +- yarn.lock | 34 +++++++++---------- 10 files changed, 124 insertions(+), 52 deletions(-) create mode 100644 docs/mql/resources/aws-pack/aws.guardduty.finding.md rename docs/mql/resources/aws-pack/{aws.accessanalyzer.analyzer.md => aws.iam.accessanalyzer.analyzer.md} (84%) create mode 100644 docs/mql/resources/aws-pack/aws.iam.accessanalyzer.finding.md rename docs/mql/resources/aws-pack/{aws.accessanalyzer.md => aws.iam.accessanalyzer.md} (50%) diff --git a/docs/mql/resources/aws-pack/README.md b/docs/mql/resources/aws-pack/README.md index beaa65c20..44ff99ac4 100644 --- a/docs/mql/resources/aws-pack/README.md +++ b/docs/mql/resources/aws-pack/README.md @@ -15,8 +15,6 @@ Resources included in this pack: | ID | DESCRIPTION | | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | | [aws](aws.md) | AWS resource | -| [aws.accessAnalyzer](aws.accessanalyzer.md) | AWS IAM Access Analyzer resource (for assessing the configuration of AWS IAM Access Analyzer) | -| [aws.accessanalyzer.analyzer](aws.accessanalyzer.analyzer.md) | AWS IAM Access Analyzer resource (provides an object representing an individual AWS IAM Access Analyzer configuration) | | [aws.account](aws.account.md) | AWS Account | | [aws.acm](aws.acm.md) | AWS Certificate Manager resource (for assessing the configuration of AWS Certificate Manager) | | [aws.acm.certificate](aws.acm.certificate.md) | AWS Certificate Manager Certificate resource (provides an object representing an individual ACM certificate) | @@ -99,7 +97,11 @@ Resources included in this pack: | [aws.es.domain](aws.es.domain.md) | Amazon Elasticsearch service domain | | [aws.guardduty](aws.guardduty.md) | Amazon GuardDuty for threat detection | | [aws.guardduty.detector](aws.guardduty.detector.md) | Amazon GuardDuty detector | +| [aws.guardduty.finding](aws.guardduty.finding.md) | AWS Guard Duty finding | | [aws.iam](aws.iam.md) | AWS service to create and manage permissions for users and groups | +| [aws.iam.accessAnalyzer](aws.iam.accessanalyzer.md) | AWS IAM Access Analyzer resource (for assessing the configuration of AWS IAM Access Analyzer) | +| [aws.iam.accessanalyzer.analyzer](aws.iam.accessanalyzer.analyzer.md) | AWS IAM Access Analyzer resource (provides an object representing an individual AWS IAM Access Analyzer configuration) | +| [aws.iam.accessanalyzer.finding](aws.iam.accessanalyzer.finding.md) | AWS IAM Access Analyzer finding | | [aws.iam.group](aws.iam.group.md) | AWS IAM group | | [aws.iam.loginProfile](aws.iam.loginprofile.md) | AWS IAM login profile for a user | | [aws.iam.policy](aws.iam.policy.md) | AWS IAM policy | diff --git a/docs/mql/resources/aws-pack/aws.guardduty.detector.md b/docs/mql/resources/aws-pack/aws.guardduty.detector.md index dfb736a95..85f7c59b4 100644 --- a/docs/mql/resources/aws-pack/aws.guardduty.detector.md +++ b/docs/mql/resources/aws-pack/aws.guardduty.detector.md @@ -20,10 +20,13 @@ The `aws.guardduty.detector` resource provides fields for assessing the configur **Fields** -| ID | TYPE | DESCRIPTION | -| -------------------------- | -------------- | ------------------------------------------------ | -| id | string | Unique ID for the detector | -| region | string | Region for the detector | -| status | string | Status of the detector: ENABLED or DISABLED | -| findingPublishingFrequency | string | Publishing frequency for the detector | -| unarchivedFindings | []dict | List of unarchivedFindings found by the detector | +| ID | TYPE | DESCRIPTION | +| -------------------------- | ----------------------------------------------------------- | ------------------------------------------- | +| id | string | Unique ID for the detector | +| region | string | Region for the detector | +| status | string | Status of the detector: ENABLED or DISABLED | +| features | []dict | Feature set for the detector | +| tags | map[string]string | Tags for the project | +| findingPublishingFrequency | string | Publishing frequency for the detector | +| findings | [][aws.guardduty.finding](aws.guardduty.finding.md) | List of active findings by the detector | +| unarchivedFindings | []dict | Deprecated (use `findings` instead) | diff --git a/docs/mql/resources/aws-pack/aws.guardduty.finding.md b/docs/mql/resources/aws-pack/aws.guardduty.finding.md new file mode 100644 index 000000000..352a6c6c5 --- /dev/null +++ b/docs/mql/resources/aws-pack/aws.guardduty.finding.md @@ -0,0 +1,32 @@ +--- +title: aws.guardduty.finding +id: aws.guardduty.finding +sidebar_label: aws.guardduty.finding +displayed_sidebar: MQL +description: AWS Guard Duty finding +--- + +# aws.guardduty.finding + +**Supported platform** + +- aws + +**Description** + +AWS Guard Duty finding + +**Fields** + +| ID | TYPE | DESCRIPTION | +| ----------- | ------ | ---------------------------------- | +| arn | string | Unique ID for the finding | +| id | string | ID of the finding | +| region | string | Region where the finding was found | +| title | string | Title | +| description | string | Description | +| severity | float | Severity of the finding | +| confidence | float | Confidence level of the finding | +| type | string | Type of finding | +| createdAt | time | Created at time | +| updatedAt | time | Updated at time | diff --git a/docs/mql/resources/aws-pack/aws.guardduty.md b/docs/mql/resources/aws-pack/aws.guardduty.md index 3e9d12faa..7b49c3f9a 100644 --- a/docs/mql/resources/aws-pack/aws.guardduty.md +++ b/docs/mql/resources/aws-pack/aws.guardduty.md @@ -20,9 +20,10 @@ Use the `aws.guardduty` resource to assess the configuration of the AWS GuardDut **Fields** -| ID | TYPE | DESCRIPTION | -| --------- | ------------------------------------------------------------- | --------------------------- | -| detectors | [][aws.guardduty.detector](aws.guardduty.detector.md) | List of GuardDuty detectors | +| ID | TYPE | DESCRIPTION | +| --------- | ------------------------------------------------------------- | --------------------------------- | +| findings | [][aws.guardduty.finding](aws.guardduty.finding.md) | List of GuardDuty active findings | +| detectors | [][aws.guardduty.detector](aws.guardduty.detector.md) | List of GuardDuty detectors | **Examples** diff --git a/docs/mql/resources/aws-pack/aws.accessanalyzer.analyzer.md b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.analyzer.md similarity index 84% rename from docs/mql/resources/aws-pack/aws.accessanalyzer.analyzer.md rename to docs/mql/resources/aws-pack/aws.iam.accessanalyzer.analyzer.md index 3d33ea7a2..663e60731 100644 --- a/docs/mql/resources/aws-pack/aws.accessanalyzer.analyzer.md +++ b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.analyzer.md @@ -1,12 +1,12 @@ --- -title: aws.accessanalyzer.analyzer -id: aws.accessanalyzer.analyzer -sidebar_label: aws.accessanalyzer.analyzer +title: aws.iam.accessanalyzer.analyzer +id: aws.iam.accessanalyzer.analyzer +sidebar_label: aws.iam.accessanalyzer.analyzer displayed_sidebar: MQL description: AWS IAM Access Analyzer resource (provides an object representing an individual AWS IAM Access Analyzer configuration) --- -# aws.accessanalyzer.analyzer +# aws.iam.accessanalyzer.analyzer **Supported platform** @@ -24,6 +24,7 @@ AWS IAM Access Analyzer resource (provides an object representing an individual | name | string | Name for the analyzer | | status | string | Status of the analyzer: ACTIVE, CREATING, DISABLED, or FAILED | | type | string | Type of analyzer: ACCOUNT or ORGANIZATION | +| region | string | Region where the analyzer exists | | tags | map[string]string | Tags for the analyzer | | lastResourceAnalyzed | string | The name of the last resource that was analyzed | | lastResourceAnalyzedAt | time | Last scan timestamp | diff --git a/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.finding.md b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.finding.md new file mode 100644 index 000000000..38a4aaf4d --- /dev/null +++ b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.finding.md @@ -0,0 +1,34 @@ +--- +title: aws.iam.accessanalyzer.finding +id: aws.iam.accessanalyzer.finding +sidebar_label: aws.iam.accessanalyzer.finding +displayed_sidebar: MQL +description: AWS IAM Access Analyzer finding +--- + +# aws.iam.accessanalyzer.finding + +**Supported platform** + +- aws + +**Description** + +AWS IAM Access Analyzer finding + +**Fields** + +| ID | TYPE | DESCRIPTION | +| -------------------- | ------ | ------------------------------- | +| id | string | Finding id | +| error | string | Error message | +| resourceArn | string | Resource | +| resourceOwnerAccount | string | Resource owner | +| resourceType | string | Resource type | +| type | string | Finding type | +| status | string | Finding status | +| analyzedAt | time | Time the finding was generated | +| createdAt | time | Creation timestamp | +| updatedAt | time | Creation timestamp | +| region | string | Region where the finding exists | +| analyzerArn | string | Analyzer ARN | diff --git a/docs/mql/resources/aws-pack/aws.accessanalyzer.md b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.md similarity index 50% rename from docs/mql/resources/aws-pack/aws.accessanalyzer.md rename to docs/mql/resources/aws-pack/aws.iam.accessanalyzer.md index 94bd2b87b..db37d92ea 100644 --- a/docs/mql/resources/aws-pack/aws.accessanalyzer.md +++ b/docs/mql/resources/aws-pack/aws.iam.accessanalyzer.md @@ -1,12 +1,12 @@ --- -title: aws.accessAnalyzer -id: aws.accessAnalyzer -sidebar_label: aws.accessAnalyzer +title: aws.iam.accessAnalyzer +id: aws.iam.accessAnalyzer +sidebar_label: aws.iam.accessAnalyzer displayed_sidebar: MQL description: AWS IAM Access Analyzer resource (for assessing the configuration of AWS IAM Access Analyzer) --- -# aws.accessAnalyzer +# aws.iam.accessAnalyzer **Supported platform** @@ -16,26 +16,25 @@ description: AWS IAM Access Analyzer resource (for assessing the configuration o AWS IAM Access Analyzer resource (for assessing the configuration of AWS IAM Access Analyzer) -The `aws.accessAnalyzer` resource returns a list AWS IAM Access Analyzers configured across the AWS account. - **Fields** -| ID | TYPE | DESCRIPTION | -| --------- | ----------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -| analyzers | [][aws.accessanalyzer.analyzer](aws.accessanalyzer.analyzer.md) | List of `aws.accessanalyzer.analyzer` objects for all AWS IAM Access Analyzers configured within the account | +| ID | TYPE | DESCRIPTION | +| --------- | ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| analyzers | [][aws.iam.accessanalyzer.analyzer](aws.iam.accessanalyzer.analyzer.md) | List of `aws.iam.accessanalyzer.analyzer` objects for all AWS IAM Access Analyzers configured within the account | +| findings | [][aws.iam.accessanalyzer.finding](aws.iam.accessanalyzer.finding.md) | List of all active findings for all analyzers and regions | **Examples** Return a list of AWS IAM Access Analyzers configured across the AWS account ```coffee -aws.accessAnalyzer.analyzers +aws.iam.accessAnalyzer.analyzers ``` -Return a list of `aws.accessAnalyzer.analyzer` resources and the value for specified fields +Return a list of `aws.iam.accessAnalyzer.analyzer` resources and the value for specified fields ```coffee -aws.accessAnalyzer.analyzers { +aws.iam.accessAnalyzer.analyzers { arn name status @@ -46,7 +45,7 @@ aws.accessAnalyzer.analyzers { Ensure that IAM Access analyzer is enabled for all regions ```coffee -aws.accessAnalyzer.analyzers.all( +aws.iam.accessAnalyzer.analyzers.all( status == "ACTIVE" ) ``` diff --git a/package.json b/package.json index 8207a7333..4807e092f 100644 --- a/package.json +++ b/package.json @@ -16,10 +16,10 @@ }, "dependencies": { "@algolia/client-search": "^4.24.0", - "@docusaurus/core": "^3.4.0", - "@docusaurus/plugin-client-redirects": "^3.4.0", - "@docusaurus/preset-classic": "^3.4.0", - "@docusaurus/theme-search-algolia": "^3.4.0", + "@docusaurus/core": "3.4.0", + "@docusaurus/plugin-client-redirects": "3.4.0", + "@docusaurus/preset-classic": "3.4.0", + "@docusaurus/theme-search-algolia": "3.4.0", "@fontsource/roboto": "^5.0.14", "@mdx-js/react": "^3.0.1", "@stackql/docusaurus-plugin-hubspot": "^1.0.0", @@ -58,7 +58,7 @@ ] }, "devDependencies": { - "@docusaurus/tsconfig": "^3.4.0", + "@docusaurus/tsconfig": "3.4.0", "@types/react": "^18.3.3", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.7", diff --git a/releases/2023-11-14-mondoo-9.7-is-out.md b/releases/2023-11-14-mondoo-9.7-is-out.md index dad511259..2898de52d 100644 --- a/releases/2023-11-14-mondoo-9.7-is-out.md +++ b/releases/2023-11-14-mondoo-9.7-is-out.md @@ -100,7 +100,7 @@ AWS resources include new default values to improve data pack queries and naviga - globalTableVersion - id -[aws.accessanalyzer.analyzer](/mql/resources/aws-pack/aws.accessanalyzer.analyzer/) +[aws.accessanalyzer.analyzer](/mql/resources/aws-pack/aws.iam.accessanalyzer.analyzer/) - createdAt - lastResourceAnalyzed diff --git a/yarn.lock b/yarn.lock index 8dc94d578..a9c7a57d3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1225,7 +1225,7 @@ "@docsearch/css" "3.6.1" algoliasearch "^4.19.1" -"@docusaurus/core@3.4.0", "@docusaurus/core@^3.4.0": +"@docusaurus/core@3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.4.0.tgz#bdbf1af4b2f25d1bf4a5b62ec6137d84c821cb3c" integrity sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w== @@ -1360,7 +1360,7 @@ react-helmet-async "*" react-loadable "npm:@docusaurus/react-loadable@6.0.0" -"@docusaurus/plugin-client-redirects@^3.4.0": +"@docusaurus/plugin-client-redirects@3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.4.0.tgz#10eafc9adcf3f9be7cc33d77e816040dc7a8d368" integrity sha512-Pr8kyh/+OsmYCvdZhc60jy/FnrY6flD2TEAhl4rJxeVFxnvvRgEhoaIVX8q9MuJmaQoh6frPk94pjs7/6YgBDQ== @@ -1492,7 +1492,7 @@ sitemap "^7.1.1" tslib "^2.6.0" -"@docusaurus/preset-classic@^3.4.0": +"@docusaurus/preset-classic@3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz#6082a32fbb465b0cb2c2a50ebfc277cff2c0f139" integrity sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg== @@ -1563,7 +1563,7 @@ tslib "^2.6.0" utility-types "^3.10.0" -"@docusaurus/theme-search-algolia@3.4.0", "@docusaurus/theme-search-algolia@^3.4.0": +"@docusaurus/theme-search-algolia@3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz#c499bad71d668df0d0f15b0e5e33e2fc4e330fcc" integrity sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q== @@ -1593,7 +1593,7 @@ fs-extra "^11.1.1" tslib "^2.6.0" -"@docusaurus/tsconfig@^3.4.0": +"@docusaurus/tsconfig@3.4.0": version "3.4.0" resolved "https://registry.yarnpkg.com/@docusaurus/tsconfig/-/tsconfig-3.4.0.tgz#2b6ea208e580facc6e3330433e9b4321ef0eb3f5" integrity sha512-0qENiJ+TRaeTzcg4olrnh0BQ7eCxTgbYWBnWUeQDc84UYkt/T3pDNnm3SiQkqPb+YQ1qtYFlC0RriAElclo8Dg== @@ -1811,9 +1811,9 @@ graceful-fs "4.2.10" "@pnpm/npm-conf@^2.1.0": - version "2.3.0" - resolved "https://registry.yarnpkg.com/@pnpm/npm-conf/-/npm-conf-2.3.0.tgz#c687bd4eecd16347e197db3bfe7e28b12aa80bfd" - integrity sha512-DqrO+oXGR7HCuicNy6quk6ALJSDDPKI7RZz1bP5im8mSL8J2e+9w26LdkjuAfpAjOutYUJVbnXnx4IbTQeIgfw== + version "2.3.1" + resolved "https://registry.yarnpkg.com/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz#bb375a571a0bd63ab0a23bece33033c683e9b6b0" + integrity sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw== dependencies: "@pnpm/config.env-replace" "^1.1.0" "@pnpm/network.ca-file" "^1.0.1" @@ -2915,9 +2915,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001646: - version "1.0.30001650" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001650.tgz#dd1eba0938e39536d184c3c99b2569a13788bc16" - integrity sha512-fgEc7hP/LB7iicdXHUI9VsBsMZmUmlVJeQP2qqQW+3lkqVhbmjEU8zp+h5stWeilX+G7uXuIUIIlWlDw9jdt8g== + version "1.0.30001651" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001651.tgz#52de59529e8b02b1aedcaaf5c05d9e23c0c28138" + integrity sha512-9Cf+Xv1jJNe1xPZLGuUXLNkE1BoDkqRqYyFJ9TDYSqhduqA4hu4oR9HluGoWYQC/aj8WHjsGVV+bwkh0+tegRg== ccount@^2.0.0: version "2.0.1" @@ -7470,9 +7470,9 @@ schema-utils@^4.0.0, schema-utils@^4.0.1: ajv-keywords "^5.1.0" search-insights@^2.16.0: - version "2.16.0" - resolved "https://registry.yarnpkg.com/search-insights/-/search-insights-2.16.0.tgz#f1df948a5cd8448460feba315f051dd10b23fb36" - integrity sha512-6ukNTOkN2OvJ8SJRmWionpn39OHOov1rx72kyGDYk60CaGrDfmT8wXYzgKLW9VFk+dVVXlUmWQVvrkRvx/x3Mg== + version "2.16.1" + resolved "https://registry.yarnpkg.com/search-insights/-/search-insights-2.16.1.tgz#41bb52ec5e1cb9331f5afcddff02c23e111c3c93" + integrity sha512-3OMcoa+6ZSl5KjpWiP+jsEURf81S3ipiTodfkguWaXNOvS4ILfYe8cwV4gXopTEN+G1avWqBdf0HmSToVcAxFA== section-matter@^1.0.0: version "1.0.0" @@ -8042,9 +8042,9 @@ type-fest@^2.13.0, type-fest@^2.5.0: integrity sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA== type-fest@^4.19.0: - version "4.23.0" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-4.23.0.tgz#8196561a6b835175473be744f3e41e2dece1496b" - integrity sha512-ZiBujro2ohr5+Z/hZWHESLz3g08BBdrdLMieYFULJO+tWc437sn8kQsWLJoZErY8alNhxre9K4p3GURAG11n+w== + version "4.24.0" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-4.24.0.tgz#28d18f2d2afb020e46f6d1236e944d7aa4f92dde" + integrity sha512-spAaHzc6qre0TlZQQ2aA/nGMe+2Z/wyGk5Z+Ru2VUfdNwT6kWO6TjevOlpebsATEG1EIQ2sOiDszud3lO5mt/Q== type-is@~1.6.18: version "1.6.18"