Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zengrc pack #436

Closed
wants to merge 36 commits into from
Closed

Zengrc pack #436

Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
5ccc0f4
[dc] Remove vestigial column is AzIC
sfc-gh-afedorov Aug 4, 2020
118b073
[dc] Remove manual Jamf schedule
sfc-gh-afedorov Aug 6, 2020
947c394
Update azure_log.py
sfc-gh-afedorov Aug 6, 2020
75eb368
Bump version to v1.9.6
sfc-gh-afedorov Aug 6, 2020
bbbb4c2
[handler] adds custom payload to sn
sfc-gh-afedorov Aug 10, 2020
be4b06c
[dc] improve logging in runner
sfc-gh-afedorov Aug 11, 2020
e8a58e5
[dc] Fix gsuite logs connector
sfc-gh-afedorov Aug 12, 2020
6638e9f
[dc] Fix Jira handler correlation logic (#424)
sfc-gh-afedorov Aug 12, 2020
27b0fcc
Upgrade dependencies (#425)
Aug 12, 2020
77c6423
[dc, pack] Custom Okta domain and pack
sfc-gh-afedorov Aug 14, 2020
d23bb3b
[dc] Keep Okta backwards compatible
sfc-gh-afedorov Aug 21, 2020
45a576b
[tests] Fix minor bug in teardown
sfc-gh-afedorov Aug 21, 2020
8e7500f
[db] Log error in violations runner
sfc-gh-afedorov Aug 21, 2020
d6d50ee
[handlers] Standardize Slack envars / params
sfc-gh-afedorov Aug 22, 2020
4475ff3
[ingest] Remove Zengrc
sfc-gh-afedorov Aug 22, 2020
ed487cf
[handler] Minor fixes to Jira handler
sfc-gh-afedorov Aug 22, 2020
d452139
[handlers] Standardize SMTP handler
sfc-gh-afedorov Aug 22, 2020
c4fdeb5
[run] Minor improvements to runners
sfc-gh-afedorov Aug 22, 2020
972c5cd
[handlers] Add single handler use-case
sfc-gh-afedorov Aug 25, 2020
cf3bc6d
[run] Remove baselines runner
sfc-gh-afedorov Aug 26, 2020
bd443e9
[dc] Fix Okta DC to include sortOrder
sfc-gh-afedorov Aug 27, 2020
5e55b8e
[dc] Jamf improvements
sfc-gh-afedorov Aug 28, 2020
7d23674
[AQR] Default to all alerts
sfc-gh-afedorov Aug 28, 2020
03b022e
Update run.py
sfc-gh-afedorov Sep 2, 2020
045314e
[dc] Add regions to config recorders
sfc-gh-afedorov Sep 2, 2020
2844b94
[dc] Tune AWSIC to AWS rate limit
sfc-gh-afedorov Sep 2, 2020
2cf48eb
[dc] Fix AWSIC to record ServerTimeout errors
sfc-gh-afedorov Sep 12, 2020
8dd630b
[dc] Adds logic for custom collect_apis
sfc-gh-afedorov Sep 12, 2020
79c3702
[ingest] Removes agari and ingest_runner.py
sfc-gh-afedorov Sep 12, 2020
3f6821e
[setup] Add non-install deps
sfc-gh-afedorov Sep 12, 2020
2d345aa
[handler] Minor fixes in Jira handler
sfc-gh-afedorov Sep 12, 2020
e9f2f5e
[pack] Add ZenGRC
sfc-gh-afedorov Sep 12, 2020
25d1384
Update zengrc.sql.fmt
sfc-gh-afedorov Sep 12, 2020
d393946
Merge branch 'v1.10.0' into zengrc_pack
sfc-gh-afedorov Sep 23, 2020
8d59cb0
Update setup.py
sfc-gh-afedorov Sep 23, 2020
6adfd46
Update jira.py
sfc-gh-afedorov Sep 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 125 additions & 0 deletions packs/zengrc.sql.fmt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
-- --
-- - name: ZenGCR asset ingestion
-- - params:
-- - name: user
-- - name: pass
-- secret: true
-- - name: subdomain
-- - name: api_integration_arn
-- - name: api_subdomain
-- - name: api_region
-- default: us-west-2
-- - name: warehouse
-- default: snowalert
--

CREATE OR REPLACE TABLE data.zengrc (
raw VARIANT,
event_time TIMESTAMP_LTZ
)
;

CREATE OR REPLACE VIEW zengrc_assessments COPY GRANTS AS (
SELECT
raw,
event_time
FROM data.zengrc
WHERE raw:"type" = 'Assessment'
)
;

CREATE OR REPLACE VIEW zengrc_audits COPY GRANTS AS (
SELECT
raw,
event_time
FROM data.zengrc
WHERE raw:"type" = 'Audit'
)
;

CREATE OR REPLACE VIEW zengrc_controls COPY GRANTS AS (
SELECT
raw,
event_time
FROM data.zengrc
where raw:"type" = 'Control'
)
;

CREATE OR REPLACE VIEW zengrc_issues COPY GRANTS AS (
SELECT
raw,
event_time
FROM data.zengrc
WHERE raw:"type" = 'Issue'
)
;

CREATE OR REPLACE VIEW zengrc_requests COPY GRANTS AS (
SELECT raw, event_time
FROM data.zengrc
WHERE raw:"type" = 'Request'
)
;

CREATE OR REPLACE VIEW zengrc_risks COPY GRANTS AS (
SELECT raw, event_time
FROM data.zengrc
WHERE raw:"type" = 'Risk'
)
;

CREATE OR REPLACE SECURE EXTERNAL FUNCTION zengrc_load(type STRING)
RETURNS VARIANT
RETURNS NULL ON NULL INPUT
VOLATILE
COMMENT='https://docs.api.zengrc.com/'
API_INTEGRATION={api_integration_arn}
HEADERS=(
'basicauth'='{user}:{pass}'
'host'='{subdomain}.api.zengrc.com'
'path'='/api/v2/{0}'
'nextpage-path'='links.next.href'
'results-path'='data'
)
AS 'https://{api_subdomain}.execute-api.{api_region}.amazonaws.com/prod/https'
;

CREATE OR REPLACE FUNCTION zengrc_load_all()
RETURNS TABLE (raw VARIANT, event_time TIMESTAMP_LTZ(9))
AS $$
SELECT
value raw,
CURRENT_TIMESTAMP event_time
FROM (
SELECT zengrc_load('assessments') result
UNION ALL
SELECT zengrc_load('audits') result
UNION ALL
SELECT zengrc_load('issues') result
UNION ALL
SELECT zengrc_load('requests') result
UNION ALL
SELECT zengrc_load('controls') result
UNION ALL
SELECT zengrc_load('people') result
UNION ALL
SELECT zengrc_load('objectives') result
UNION ALL
SELECT zengrc_load('programs') result
UNION ALL
SELECT zengrc_load('systems') result
UNION ALL
SELECT zengrc_load('risks') result
), LATERAL FLATTEN( input => result )
$$
;

CREATE OR REPLACE TASK zengrc_load_all
WAREHOUSE={warehouse}
SCHEDULE='USING CRON 0 0 * * * UTC'
AS
INSERT INTO data.zengrc (raw, event_time)
SELECT * FROM TABLE(zengrc_load())
;
ALTER TASK zengrc_load_all RESUME;