-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathconnection.yml.sample
150 lines (147 loc) · 4.81 KB
/
connection.yml.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
notify:
redacted: True
suppress_duplicates: True
slack:
webhook_url: https://hooks.slack.com/services/T0XXXXXXXXXXX/BXXXXXXXX/1CIyXXXXXXXXXXXXXXX
jira:
username: "[email protected]"
server_url: "https://amce.atlassian.net"
api_token: "JIRA_API_TOKEN_HERE"
project: "SEC"
issue_type: "Task"
labels:
- "hawk-eye"
assignee: "[email protected]"
issue_fields:
summary_prefix: "[Hawk-eye] PII Exposed - "
description_template: |
A Data Security issue has been identified:
{details}
severity_rules:
Highest:
- query: "length(matches) > `10` && contains(['EMAIL', 'PAN'], pattern_name)"
description: "Detected more than 10 Email or Pan exposed"
High:
- query: "length(matches) > `10` && contains(['EMAIL', 'PAN'], pattern_name) && data_source == 'slack'"
description: "Detected more than 10 Email or Pan exposed in Slack"
Medium:
- query: "length(matches) > `5` && length(matches) <= `10` && contains(['EMAIL', 'PAN'], pattern_name) && data_source == 'slack' && profile == 'customer_support'"
description: "Detected more than 5 and less than 10 Email or Pan exposed in Customer support Slack workspace"
Low:
- query: "length(matches) <= `5`"
description: "Detected less than 5 PII or Secrets"
options:
quick_exit: True
max_matches: 5 ## Default is 1
sources:
redis:
redis_example:
host: YOUR_REDIS_HOST
password: YOUR_REDIS_PASSWORD
s3:
s3_example:
access_key: YOUR_S3_ACCESS_KEY
secret_key: YOUR_S3_SECRET_KEY
bucket_name: YOUR_S3_BUCKET_NAME
cache: true
gcs:
gcs_example:
credentials_file: /path/to/your/credential_file.json
bucket_name: YOUR_GCS_BUCKET_NAME
cache: true
exclude_patterns:
- .pdf
- .docx
firebase:
firebase_example:
credentials_file: /path/to/your/credential_file.json
bucket_name: YOUR_FIREBASE_BUCKET_NAME
cache: true
exclude_patterns:
- .pdf
- .docx
mysql:
mysql_example:
host: YOUR_MYSQL_HOST
port: YOUR_MYSQL_PORT
user: YOUR_MYSQL_USERNAME
password: YOUR_MYSQL_PASSWORD
database: YOUR_MYSQL_DATABASE_NAME
limit_start: 0 # Specify the starting limit for the range
limit_end: 500 # Specify the ending limit for the range
tables:
- table1
- table2
exclude_columns:
- column1
- column2
postgresql:
postgresql_example:
host: YOUR_POSTGRESQL_HOST
port: YOUR_POSTGRESQL_PORT
user: YOUR_POSTGRESQL_USERNAME
password: YOUR_POSTGRESQL_PASSWORD
database: YOUR_POSTGRESQL_DATABASE_NAME
limit_start: 0 # Specify the starting limit for the range
limit_end: 500 # Specify the ending limit for the range
tables:
- table1
- table2
mongodb:
mongodb_example:
uri: YOUR_MONGODB_URI
host: YOUR_MONGODB_HOST
port: YOUR_MONGODB_PORT
username: YOUR_MONGODB_USERNAME
password: YOUR_MONGODB_PASSWORD
database: YOUR_MONGODB_DATABASE_NAME
uri: YOUR_MONGODB_URI # Use either URI or individual connection parameters
limit_start: 0 # Specify the starting limit for the range
limit_end: 500 # Specify the ending limit for the range
collections:
- collection1
- collection2
fs:
fs_example:
path: /path/to/your/filesystem/directory
exclude_patterns:
- .pdf
- .docx
- private
- venv
- node_modules
gdrive:
drive_example:
folder_name:
credentials_file: /Users/kumarohit/Downloads/client_secret.json ## this will be oauth app json file
cache: true
exclude_patterns:
- .pdf
- .docx
gdrive_workspace:
drive_example:
folder_name:
credentials_file: /Users/kumarohit/Downloads/client_secret.json ## this will be service account json file
impersonate_users:
cache: true
exclude_patterns:
- .pdf
- .docx
text:
profile1:
text: "Hello World HHXXXXX"
slack:
slack_example:
channel_types: "public_channel,private_channel"
token: xoxp-XXXXXXXXXXXXXXXXXXXXXXXXX
onlyArchived: False ## By default False, set to True if you want to scan archived channels only
archived_channels: True ## By default False, set to True if you want to scan archived channels also
limit_mins: 15 ## By default 60 mins
read_from: last_message ## By default current Unix timestamp, available options - UNIX Timestamp (e..g: 1737354387), last_message
isExternal: True ## By default None (Scan everything even if its external or not external), set to True if you want to scan external channels only
channel_ids:
- XXXXXXXX
blacklisted_channel_ids:
- XXXXXXXX