diff --git a/package.json b/package.json index fae222e..7379c8a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@jupiterone/jupiterone-alert-rules", - "version": "0.36.0", + "version": "0.37.0", "description": "Alert rule packages for the JupiterOne platform", "scripts": { "validate": "tsx ./scripts/validate.ts" diff --git a/rule-packs/index.js b/rule-packs/index.js index f11e4f5..c1dcd40 100644 --- a/rule-packs/index.js +++ b/rule-packs/index.js @@ -21,4 +21,5 @@ module.exports.MITREATTCKExecution = require("./mitre-attck-execution-attack-pat module.exports.AttackPath = require("./attack-path.json"); module.exports.GitlabMaliciousVersions = require("./gitlab-malicious-versions.json"); module.exports.ServiceNowCMDBDevices = require("./servicenow-cmdb-devices.json"); -module.exports.MITREATTCKInitialAccess = require("./mitre-attck-initial-access-attack-paths.json"); \ No newline at end of file +module.exports.MITREATTCKInitialAccess = require("./mitre-attck-initial-access-attack-paths.json"); +module.exports.MITREATTCKLateralMovement = require("./mitre-attck-lateral-movement-attack-paths.json"); \ No newline at end of file diff --git a/rule-packs/mitre-attck-lateral-movement-attack-paths.json b/rule-packs/mitre-attck-lateral-movement-attack-paths.json new file mode 100644 index 0000000..11a033a --- /dev/null +++ b/rule-packs/mitre-attck-lateral-movement-attack-paths.json @@ -0,0 +1,626 @@ +[ + { + "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-aws", + "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in AWS. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_instance THAT !HAS Finding", + "version": "v1" + } + ], + "alertLevel": "MEDIUM" + }, + { + "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-gcp", + "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in Google Cloud. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.", + "queries": [ + { + "name": "query0", + "query": "FIND google_compute_instance THAT !HAS Finding", + "version": "v1" + } + ], + "alertLevel": "MEDIUM" + }, + { + "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-azure", + "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in Azure. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_vm THAT !HAS Finding", + "version": "v1" + } + ], + "alertLevel": "MEDIUM" + }, + { + "name": "lateral-movement-exploitation-of-remote-services-minimize-service-account-permissions", + "description": "M1048 - Application Isolation and Sandboxing - Minimize permissions and access for service accounts to limit impact of exploitation.", + "queries": [ + { + "name": "query0", + "query": "FIND google_iam_service_account AS acct THAT ASSIGNED AS rel google_iam_binding AS binding RETURN acct.displayName, count(rel)", + "version": "v1" + } + ], + "alertLevel": "INFORMATIONAL" + }, + { + "name": "lateral-movement-exploitation-of-remote-services-patch-management", + "description": "M1051 - Update Software - Update software regularly by employing patch management for internal enterprise endpoints and servers.", + "queries": [ + { + "name": "query0", + "query": "FIND HostAgent WITH automaticAppUpdates='OFF' OR automaticDownloadUpdates='OFF' OR automaticOsUpdates='OFF' OR automaticSecurityUpdates='OFF' OR automaticUpdates='OFF' OR autoSecurityPatchEnabled=false and autoSystemPatchEnabled=false", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-movement-exploitation-of-remote-services-scan-for-vulnerable-services", + "description": "M1016 - Vulnerability Scanning - Regularly scan the internal network for available services to identify new and potentially vulnerable services.", + "queries": [ + { + "name": "query0", + "query": "FIND (Device|Host) THAT PROTECTS HostAgent WITH function=('av' OR 'anti-malware') AND active=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-tool-transfer-restrict-smb", + "description": "M1037 - Filter Network Traffic - Consider using the host firewall to restrict file sharing communications such as SMB.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'smb' AND rule.fromPort <= 445 AND rule.toPort >= 445", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-tool-transfer-restrict-smb-legacy", + "description": "M1037 - Filter Network Traffic - Consider using the host firewall to restrict file sharing communications such as SMB.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'smb' AND rule.fromPort <= 139 AND rule.toPort >= 139", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-ssh-aws", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in aws if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_security_group AS sg THAT ALLOWS AS rule Internet WHERE rule.ingress=true AND rule.fromPort <= 22 AND rule.toPort >= 22", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-ssh-gcp", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in google cloud if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND Internet THAT ALLOWS AS rule google_compute_firewall AS firewall THAT PROTECTS google_compute_network AS network THAT CONTAINS google_compute_subnetwork AS subnetwork WHERE firewall.ingress=true AND rule.ipProtocol='ssh' AND rule.fromPort <= 22 AND rule.toPort >= 22", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-ssh-azure", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in azure if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_security_group THAT ALLOWS AS rule Internet WHERE rule.inbound=true AND rule.fromPort <= 22 AND rule.toPort >= 22", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-rdp-aws", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in aws if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_security_group AS sg THAT ALLOWS AS rule Internet WHERE rule.ingress=true AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-rdp-gcp", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in google cloud if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND Internet THAT ALLOWS AS rule google_compute_firewall AS firewall THAT PROTECTS google_compute_network AS network THAT CONTAINS google_compute_subnetwork AS subnetwork WHERE firewall.ingress=true AND rule.ipProtocol='rdp' AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-disable-rdp-azure", + "description": "M1042 - Disable or Remove Feature or Program - Disable the remote service (ex: SSH, RDP, etc.) in azure if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_security_group THAT ALLOWS AS rule Internet WHERE rule.inbound=true AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-block-unecessary-traffic", + "description": "M1030 - Network Segmentation - Enable firewall rules to block unnecessary traffic between network security zones within a network.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall WITH ingressRules = 'null' OR egressRules = 'null'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-enforce-password-policies-aws", + "description": "M1027 - Password Policies - Set and enforce secure password policies for AWS accounts.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_account THAT HAS aws_iam THAT !HAS aws_iam_account_password_policy", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-enforce-password-policies-gcp", + "description": "M1027 - Password Policies - Set and enforce secure password policies for Google Cloud accounts.", + "queries": [ + { + "name": "query0", + "query": "FIND google_iam_service_account THAT !RELATES TO Policy WITH displayName ~= 'password'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-enforce-password-policies-azure", + "description": "M1027 - Password Policies - Set and enforce secure password policies for Azure accounts.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_vm THAT HAS azure_policy_state WITH complianceState != 'Compliant' THAT DEFINES azure_policy_definition WITH displayName ~= ('Audit Windows machines that do not have a maximum password age of 70 days' OR 'Audit Windows machines that do not have a minimum password age of 1 day' OR 'Audit Windows machines that do not have the password complexity setting enabled' OR 'Audit Windows machines that do not store passwords using reversible encryption' OR 'Audit Windows machines that allow re-use of the previous 24 passwords' OR 'Audit Windows machines that do not restrict the minimum password length to 14 characters' OR 'Audit Linux machines that allow remote connections from accounts without passwords' OR 'Audit Linux machines that do not have the passwd file permissions set to 0644' OR 'Audit Linux machines that have accounts without passwords')", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-hijacking-remove-unecessary-remote-desktop-users", + "description": "M1047 - Audit - Audit the Remote Desktop Users group membership regularly. Remove unnecessary accounts and groups from Remote Desktop Users groups.", + "queries": [ + { + "name": "query0", + "query": "FIND (User) WITH accountEnabled != true THAT RELATES TO (Group|UserGroup) with displayName ~= 'remote'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-disable-rdp-aws", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in aws if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_security_group AS sg THAT ALLOWS AS rule Internet WHERE rule.ingress=true AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-disable-rdp-gcp", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in google cloud if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "find Internet THAT ALLOWS as rule google_compute_firewall as firewall THAT PROTECTS google_compute_network as network THAT CONTAINS google_compute_subnetwork as subnetwork WHERE firewall.ingress=true AND rule.ipProtocol='rdp' AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-disable-rdp-azure", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in azure if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "Find azure_security_group that allows as rule Internet where rule.inbound=true and rule.fromPort <= 3389 and rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-disable-rdp", + "description": "M1030 - Network Segmentation - Enable firewall rules to block RDP traffic between network security zones within a network.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'rdp' AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-session-hijacking-rdp-limit-remote-users", + "description": "M1018 - User Account Management - Limit remote user permissions if remote access is necessary.", + "queries": [ + { + "name": "query0", + "query": "FIND (User) (THAT RELATES TO (Group|UserGroup) with displayName ~= 'remote')? THAT RELATES TO azure_conditional_access_policy WITH displayName ~= 'admin'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-perform-audits-and-scans", + "description": "M1047 - Audit - Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.", + "queries": [ + { + "name": "query0", + "query": "FIND (Resource|Configuration|Policy) THAT !RELATES TO (Scanner|Assessment)", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-use-mfa-aws", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in aws.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_iam_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-use-mfa-gcp", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in google cloud.", + "queries": [ + { + "name": "query0", + "query": "FIND google_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-use-mfa-azure", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in azure.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-password-anti-reuse", + "description": "M1027 - Password Policies - Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_iam_account_password_policy WITH historyCount < 10 OR historyCount=undefined", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-audit-remote-users", + "description": "M1047 - Audit - Audit the Remote Desktop Users group membership regularly. Remove unnecessary accounts and groups from Remote Desktop Users groups.", + "queries": [ + { + "name": "query0", + "query": "FIND User WITH accountEnabled != true THAT RELATES TO (Group|UserGroup) with displayName ~= 'remote'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-disable-rdp-aws", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in aws if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_security_group AS sg THAT ALLOWS AS rule Internet WHERE rule.ingress=true AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-disable-rdp-gcp", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in google cloud if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "find Internet THAT ALLOWS as rule google_compute_firewall as firewall THAT PROTECTS google_compute_network as network THAT CONTAINS google_compute_subnetwork as subnetwork WHERE firewall.ingress=true AND rule.ipProtocol='rdp' AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-disable-rdp-azure", + "description": "M1042 - Disable or Remove Feature or Program - Disable the RDP service in azure if it is unnecessary.", + "queries": [ + { + "name": "query0", + "query": "Find azure_security_group that allows as rule Internet where rule.inbound=true and rule.fromPort <= 3389 and rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-use-mfa", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication for remote logins.", + "queries": [ + { + "name": "query0", + "query": "FIND User WITH mfaEnabled = true THAT RELATES TO (Group|UserGroup) WITH displayName ~= 'remote'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-block-rdp-traffic", + "description": "M1030 - Network Segmentation - Do not leave RDP accessible from the internet. Enable firewall rules to block RDP traffic between network security zones within a network.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'rdp' AND rule.fromPort <= 3389 AND rule.toPort >= 3389", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-remote-desktop-protocol-limit-remote-user-permissions", + "description": "M1018 - User Account Management - Limit remote user permissions if remote access is necessary.", + "queries": [ + { + "name": "query0", + "query": "FIND (User) (THAT RELATES TO (Group|UserGroup) with displayName ~= 'remote')? THAT ASSIGNED as rel AccessPolicy", + "version": "v1" + } + ], + "alertLevel": "INFORMATIONAL" + }, + { + "name": "remote-services-smb-windows-admin-shares-restrict-smb", + "description": "M1037 - Filter Network Traffic - Consider using the host firewall to restrict file sharing communications such as SMB.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'smb' AND rule.fromPort <= 445 AND rule.toPort >= 445", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-smb-windows-admin-shares-restrict-smb-legacy", + "description": "M1037 - Filter Network Traffic - Consider using the host firewall to restrict file sharing communications such as SMB.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'smb' AND rule.fromPort <= 139 AND rule.toPort >= 139", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-smb-windows-admin-shares-password-anti-reuse", + "description": "M1027 - Password Policies - Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed.", + "queries": [ + { + "name": "query0", + "query": "find aws_iam_account_password_policy with historyCount < 10 or historyCount=undefined", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-smb-windows-admin-shares-password-anti-reuse", + "description": "M1027 - Password Policies - Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed.", + "queries": [ + { + "name": "query0", + "query": "find aws_iam_account_password_policy with historyCount < 10 or historyCount=undefined", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-vnc-restrict-vnc-traffic-port-5900", + "description": "M1037 - Filter Network Traffic - VNC defaults to TCP ports 5900 for the server, 5800 for browser access, and 5500 for a viewer in listening mode. Filtering or blocking these ports will inhibit VNC traffic utilizing default ports.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'vnc' AND rule.fromPort <= 5900 AND rule.toPort >= 5900", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-vnc-restrict-vnc-traffic-port-5800", + "description": "M1037 - Filter Network Traffic - VNC defaults to TCP ports 5900 for the server, 5800 for browser access, and 5500 for a viewer in listening mode. Filtering or blocking these ports will inhibit VNC traffic utilizing default ports.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'vnc' AND rule.fromPort <= 5800 AND rule.toPort >= 5800", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-vnc-restrict-vnc-traffic-port-5500", + "description": "M1037 - Filter Network Traffic - VNC defaults to TCP ports 5900 for the server, 5800 for browser access, and 5500 for a viewer in listening mode. Filtering or blocking these ports will inhibit VNC traffic utilizing default ports.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall AS fw THAT ALLOWS AS rule * AS src WHERE rule.ingress = true AND rule.ipProtocol = 'vnc' AND rule.fromPort <= 5500 AND rule.toPort >= 5500", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-cloud-services-use-mfa-aws", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in aws.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_iam_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-cloud-services-use-mfa-gcp", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in google cloud.", + "queries": [ + { + "name": "query0", + "query": "FIND google_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-cloud-services-use-mfa-azure", + "description": "M1032 - Multi-factor Authenticaion - Use multi-factor authentication on remote service logons where possible in azure.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_user WITH mfaEnabled!=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-cloud-services-limit-high-privilege-accounts-aws", + "description": "M1026 - Privileged Account Management - Limit the number of high-privileged domain and cloud accounts in aws, and ensure that these are not used for day-to-day operations. Ensure that on-premises accounts do not have privileged cloud permissions and that isolated, cloud-only accounts are used for managing cloud environments.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_iam_user WITH accessKeyLastUsed >= date.now-1day (THAT HAS aws_iam_group)? (THAT ASSIGNED aws_iam_role)? (THAT TRUSTS aws_iam_role)? THAT ASSIGNED AccessPolicy THAT ALLOWS as allows * WHERE allows.admin=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "remote-services-cloud-services-limit-high-privilege-accounts-gcp", + "description": "M1026 - Privileged Account Management - Limit the number of high-privileged domain and cloud accounts in google cloud, and ensure that these are not used for day-to-day operations. Ensure that on-premises accounts do not have privileged cloud permissions and that isolated, cloud-only accounts are used for managing cloud environments.", + "queries": [ + { + "name": "query0", + "query": "FIND google_user WITH lastLoginOn >= date.now-1day AND admin = true OR isAdmin = true OR isDelegatedAdmin = true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "software-deployment-tools-network-isolation", + "description": "M1030 - Network Segmentation - Ensure proper system isolation for critical network systems through use of firewalls.", + "queries": [ + { + "name": "query0", + "query": "FIND Firewall WITH ingressRules = 'null' or egressRules = 'null'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-movement-taint-shared-content-antivirus", + "description": "M1049 - Antivirus/Antimalware - Anti-virus can be used to automatically quarantine suspicious files.", + "queries": [ + { + "name": "query0", + "query": "FIND (Device|Host) THAT PROTECTS HostAgent WITH function=('av' or 'anti-malware') and active=true", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-movement-use-alternate-authentication-material-use-ad", + "description": "M1015 - Active Directory Configuration - Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.", + "queries": [ + { + "name": "query0", + "query": "FIND azure_sql_server THAT !HAS azure_sql_server_active_directory_admin", + "version": "v1" + } + ], + "alertLevel": "HIGH" + }, + { + "name": "lateral-movement-use-alternate-authentication-material-use-least-privilege", + "description": "M1018 - User Account Management - Enforce the principle of least-privilege. Do not allow a domain user to be in the local administrator group on multiple systems.", + "queries": [ + { + "name": "query0", + "query": "FIND aws_iam_user (THAT HAS aws_iam_group)? (THAT ASSIGNED aws_iam_role)? (THAT TRUSTS aws_iam_role)? THAT ASSIGNED AccessPolicy THAT ALLOWS as allows * WHERE allows.permission='FULL_CONTROL'", + "version": "v1" + } + ], + "alertLevel": "HIGH" + } + ]pm \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index e21ea50..dd714ad 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4,7 +4,7 @@ "@babel/code-frame@^7.0.0": version "7.24.7" - resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.7.tgz#882fd9e09e8ee324e496bd040401c6f046ef4465" + resolved "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.7.tgz" integrity sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA== dependencies: "@babel/highlight" "^7.24.7" @@ -12,12 +12,12 @@ "@babel/helper-validator-identifier@^7.24.7": version "7.24.7" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz#75b889cfaf9e35c2aaf42cf0d72c8e91719251db" + resolved "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz" integrity sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w== "@babel/highlight@^7.24.7": version "7.24.7" - resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.24.7.tgz#a05ab1df134b286558aae0ed41e6c5f731bf409d" + resolved "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz" integrity sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw== dependencies: "@babel/helper-validator-identifier" "^7.24.7" @@ -25,129 +25,14 @@ js-tokens "^4.0.0" picocolors "^1.0.0" -"@esbuild/aix-ppc64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.23.0.tgz#145b74d5e4a5223489cabdc238d8dad902df5259" - integrity sha512-3sG8Zwa5fMcA9bgqB8AfWPQ+HFke6uD3h1s3RIwUNK8EG7a4buxvuFTs3j1IMs2NXAk9F30C/FF4vxRgQCcmoQ== - -"@esbuild/android-arm64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.23.0.tgz#453bbe079fc8d364d4c5545069e8260228559832" - integrity sha512-EuHFUYkAVfU4qBdyivULuu03FhJO4IJN9PGuABGrFy4vUuzk91P2d+npxHcFdpUnfYKy0PuV+n6bKIpHOB3prQ== - -"@esbuild/android-arm@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.23.0.tgz#26c806853aa4a4f7e683e519cd9d68e201ebcf99" - integrity sha512-+KuOHTKKyIKgEEqKbGTK8W7mPp+hKinbMBeEnNzjJGyFcWsfrXjSTNluJHCY1RqhxFurdD8uNXQDei7qDlR6+g== - -"@esbuild/android-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.23.0.tgz#1e51af9a6ac1f7143769f7ee58df5b274ed202e6" - integrity sha512-WRrmKidLoKDl56LsbBMhzTTBxrsVwTKdNbKDalbEZr0tcsBgCLbEtoNthOW6PX942YiYq8HzEnb4yWQMLQuipQ== - "@esbuild/darwin-arm64@0.23.0": version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.23.0.tgz#d996187a606c9534173ebd78c58098a44dd7ef9e" + resolved "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.23.0.tgz" integrity sha512-YLntie/IdS31H54Ogdn+v50NuoWF5BDkEUFpiOChVa9UnKpftgwzZRrI4J132ETIi+D8n6xh9IviFV3eXdxfow== -"@esbuild/darwin-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.23.0.tgz#30c8f28a7ef4e32fe46501434ebe6b0912e9e86c" - integrity sha512-IMQ6eme4AfznElesHUPDZ+teuGwoRmVuuixu7sv92ZkdQcPbsNHzutd+rAfaBKo8YK3IrBEi9SLLKWJdEvJniQ== - -"@esbuild/freebsd-arm64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.23.0.tgz#30f4fcec8167c08a6e8af9fc14b66152232e7fb4" - integrity sha512-0muYWCng5vqaxobq6LB3YNtevDFSAZGlgtLoAc81PjUfiFz36n4KMpwhtAd4he8ToSI3TGyuhyx5xmiWNYZFyw== - -"@esbuild/freebsd-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.23.0.tgz#1003a6668fe1f5d4439e6813e5b09a92981bc79d" - integrity sha512-XKDVu8IsD0/q3foBzsXGt/KjD/yTKBCIwOHE1XwiXmrRwrX6Hbnd5Eqn/WvDekddK21tfszBSrE/WMaZh+1buQ== - -"@esbuild/linux-arm64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.23.0.tgz#3b9a56abfb1410bb6c9138790f062587df3e6e3a" - integrity sha512-j1t5iG8jE7BhonbsEg5d9qOYcVZv/Rv6tghaXM/Ug9xahM0nX/H2gfu6X6z11QRTMT6+aywOMA8TDkhPo8aCGw== - -"@esbuild/linux-arm@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.23.0.tgz#237a8548e3da2c48cd79ae339a588f03d1889aad" - integrity sha512-SEELSTEtOFu5LPykzA395Mc+54RMg1EUgXP+iw2SJ72+ooMwVsgfuwXo5Fn0wXNgWZsTVHwY2cg4Vi/bOD88qw== - -"@esbuild/linux-ia32@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.23.0.tgz#4269cd19cb2de5de03a7ccfc8855dde3d284a238" - integrity sha512-P7O5Tkh2NbgIm2R6x1zGJJsnacDzTFcRWZyTTMgFdVit6E98LTxO+v8LCCLWRvPrjdzXHx9FEOA8oAZPyApWUA== - -"@esbuild/linux-loong64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.23.0.tgz#82b568f5658a52580827cc891cb69d2cb4f86280" - integrity sha512-InQwepswq6urikQiIC/kkx412fqUZudBO4SYKu0N+tGhXRWUqAx+Q+341tFV6QdBifpjYgUndV1hhMq3WeJi7A== - -"@esbuild/linux-mips64el@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.23.0.tgz#9a57386c926262ae9861c929a6023ed9d43f73e5" - integrity sha512-J9rflLtqdYrxHv2FqXE2i1ELgNjT+JFURt/uDMoPQLcjWQA5wDKgQA4t/dTqGa88ZVECKaD0TctwsUfHbVoi4w== - -"@esbuild/linux-ppc64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.23.0.tgz#f3a79fd636ba0c82285d227eb20ed8e31b4444f6" - integrity sha512-cShCXtEOVc5GxU0fM+dsFD10qZ5UpcQ8AM22bYj0u/yaAykWnqXJDpd77ublcX6vdDsWLuweeuSNZk4yUxZwtw== - -"@esbuild/linux-riscv64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.23.0.tgz#f9d2ef8356ce6ce140f76029680558126b74c780" - integrity sha512-HEtaN7Y5UB4tZPeQmgz/UhzoEyYftbMXrBCUjINGjh3uil+rB/QzzpMshz3cNUxqXN7Vr93zzVtpIDL99t9aRw== - -"@esbuild/linux-s390x@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.23.0.tgz#45390f12e802201f38a0229e216a6aed4351dfe8" - integrity sha512-WDi3+NVAuyjg/Wxi+o5KPqRbZY0QhI9TjrEEm+8dmpY9Xir8+HE/HNx2JoLckhKbFopW0RdO2D72w8trZOV+Wg== - -"@esbuild/linux-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.23.0.tgz#c8409761996e3f6db29abcf9b05bee8d7d80e910" - integrity sha512-a3pMQhUEJkITgAw6e0bWA+F+vFtCciMjW/LPtoj99MhVt+Mfb6bbL9hu2wmTZgNd994qTAEw+U/r6k3qHWWaOQ== - -"@esbuild/netbsd-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.23.0.tgz#ba70db0114380d5f6cfb9003f1d378ce989cd65c" - integrity sha512-cRK+YDem7lFTs2Q5nEv/HHc4LnrfBCbH5+JHu6wm2eP+d8OZNoSMYgPZJq78vqQ9g+9+nMuIsAO7skzphRXHyw== - -"@esbuild/openbsd-arm64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/openbsd-arm64/-/openbsd-arm64-0.23.0.tgz#72fc55f0b189f7a882e3cf23f332370d69dfd5db" - integrity sha512-suXjq53gERueVWu0OKxzWqk7NxiUWSUlrxoZK7usiF50C6ipColGR5qie2496iKGYNLhDZkPxBI3erbnYkU0rQ== - -"@esbuild/openbsd-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.23.0.tgz#b6ae7a0911c18fe30da3db1d6d17a497a550e5d8" - integrity sha512-6p3nHpby0DM/v15IFKMjAaayFhqnXV52aEmv1whZHX56pdkK+MEaLoQWj+H42ssFarP1PcomVhbsR4pkz09qBg== - -"@esbuild/sunos-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.23.0.tgz#58f0d5e55b9b21a086bfafaa29f62a3eb3470ad8" - integrity sha512-BFelBGfrBwk6LVrmFzCq1u1dZbG4zy/Kp93w2+y83Q5UGYF1d8sCzeLI9NXjKyujjBBniQa8R8PzLFAUrSM9OA== - -"@esbuild/win32-arm64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.23.0.tgz#b858b2432edfad62e945d5c7c9e5ddd0f528ca6d" - integrity sha512-lY6AC8p4Cnb7xYHuIxQ6iYPe6MfO2CC43XXKo9nBXDb35krYt7KGhQnOkRGar5psxYkircpCqfbNDB4uJbS2jQ== - -"@esbuild/win32-ia32@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.23.0.tgz#167ef6ca22a476c6c0c014a58b4f43ae4b80dec7" - integrity sha512-7L1bHlOTcO4ByvI7OXVI5pNN6HSu6pUQq9yodga8izeuB1KcT2UkHaH6118QJwopExPn0rMHIseCTx1CRo/uNA== - -"@esbuild/win32-x64@0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.23.0.tgz#db44a6a08520b5f25bbe409f34a59f2d4bcc7ced" - integrity sha512-Arm+WgUFLUATuoxCJcahGuk6Yj9Pzxd6l11Zb/2aAuv5kWWvvfhLFo2fni4uSK5vzlUdCGZ/BdV5tH8klj8p8g== - "@jupiterone/platform-sdk-errors@^2.1.1": version "2.1.1" - resolved "https://registry.yarnpkg.com/@jupiterone/platform-sdk-errors/-/platform-sdk-errors-2.1.1.tgz#e156aa53009f7b90d36bc0346658bdadb40dc8b7" + resolved "https://registry.npmjs.org/@jupiterone/platform-sdk-errors/-/platform-sdk-errors-2.1.1.tgz" integrity sha512-OyYx1GkcL2X0U7Z0oJCLBD1RcWKPWLVLroQWFFHlJ9OIGw0OhX9TyX+8GTmdXM8X/NBRGNI8LIM5fyncjXH4+Q== dependencies: "@types/uuid" "^8.3.0" @@ -155,7 +40,7 @@ "@jupiterone/query-language-interface-types@^3.17.0": version "3.17.0" - resolved "https://registry.yarnpkg.com/@jupiterone/query-language-interface-types/-/query-language-interface-types-3.17.0.tgz#502cc9b2fa0a01c15041e9757678f455b76fcf6d" + resolved "https://registry.npmjs.org/@jupiterone/query-language-interface-types/-/query-language-interface-types-3.17.0.tgz" integrity sha512-P63k43OD7a2piNf2wZC0Uq42/A4XiOvohwttwCUf1HtoOBUigE40Ru5394sgblhJLeqmcB2kNqEW9lnff+kgpQ== dependencies: "@jupiterone/platform-sdk-errors" "^2.1.1" @@ -163,7 +48,7 @@ "@jupiterone/query-language-parser@^3.16.1": version "3.17.0" - resolved "https://registry.yarnpkg.com/@jupiterone/query-language-parser/-/query-language-parser-3.17.0.tgz#31bca21af1102c8dd38ba1e728dab350760835f3" + resolved "https://registry.npmjs.org/@jupiterone/query-language-parser/-/query-language-parser-3.17.0.tgz" integrity sha512-KM2jgsOrRX9SH7iI5p1VHZmD4e7YYnIdPcS/zPKlwAdSilJhe5fpJnRVEQ6wUTqduLqsH79P2JWGmTa99pnzGg== dependencies: "@babel/code-frame" "^7.0.0" @@ -178,31 +63,31 @@ "@types/node@^20.11.13": version "20.14.15" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.15.tgz#e59477ab7bc7db1f80c85540bfd192a0becc588b" + resolved "https://registry.npmjs.org/@types/node/-/node-20.14.15.tgz" integrity sha512-Fz1xDMCF/B00/tYSVMlmK7hVeLh7jE5f3B7X1/hmV0MJBwE27KlS7EvD/Yp+z1lm8mVhwV5w+n8jOZG8AfTlKw== dependencies: undici-types "~5.26.4" "@types/uuid@^8.3.0": version "8.3.4" - resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-8.3.4.tgz#bd86a43617df0594787d38b735f55c805becf1bc" + resolved "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz" integrity sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw== ansi-styles@^3.2.1: version "3.2.1" - resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-3.2.1.tgz#41fbb20243e50b12be0f04b8dedbf07520ce841d" + resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz" integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== dependencies: color-convert "^1.9.0" bowser@^2.3.0: version "2.11.0" - resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f" + resolved "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz" integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA== chalk@^2.4.2: version "2.4.2" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" + resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== dependencies: ansi-styles "^3.2.1" @@ -211,56 +96,56 @@ chalk@^2.4.2: chalk@^5.2.0: version "5.3.0" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.3.0.tgz#67c20a7ebef70e7f3970a01f90fa210cb6860385" + resolved "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz" integrity sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w== color-convert@^1.9.0: version "1.9.3" - resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8" + resolved "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz" integrity sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg== dependencies: color-name "1.1.3" color-convert@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + resolved "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz" integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== dependencies: color-name "~1.1.4" -color-name@1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25" - integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== - color-name@~1.1.4: version "1.1.4" - resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2" + resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== +color-name@1.1.3: + version "1.1.3" + resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz" + integrity sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw== + commander@^2.19.0: version "2.20.3" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33" + resolved "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz" integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== dayjs@^1.7.7: version "1.11.12" - resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.12.tgz#5245226cc7f40a15bf52e0b99fd2a04669ccac1d" + resolved "https://registry.npmjs.org/dayjs/-/dayjs-1.11.12.tgz" integrity sha512-Rt2g+nTbLlDWZTwwrIXjy9MeiZmSDI375FvZs72ngxx8PDC6YXOeR3q5LAuPzjZQxhiWdRKac7RKV+YyQYfYIg== didyoumean@^1.2.1: version "1.2.2" - resolved "https://registry.yarnpkg.com/didyoumean/-/didyoumean-1.2.2.tgz#989346ffe9e839b4555ecf5666edea0d3e8ad037" + resolved "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz" integrity sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw== discontinuous-range@1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/discontinuous-range/-/discontinuous-range-1.0.0.tgz#e38331f0844bba49b9a9cb71c771585aab1bc65a" + resolved "https://registry.npmjs.org/discontinuous-range/-/discontinuous-range-1.0.0.tgz" integrity sha512-c68LpLbO+7kP/b1Hr1qs8/BJ09F5khZGTxqxZuhzxpmwJKOgRFHJWIb9/KmqnqHhLdO55aOxFH/EGBvUQbL/RQ== esbuild@~0.23.0: version "0.23.0" - resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.23.0.tgz#de06002d48424d9fdb7eb52dbe8e95927f852599" + resolved "https://registry.npmjs.org/esbuild/-/esbuild-0.23.0.tgz" integrity sha512-1lvV17H2bMYda/WaFb2jLPeHU3zml2k4/yagNMG8Q/YtfMjCwEUZa2eXXMgZTVSL5q1n4H7sQ0X6CdJDqqeCFA== optionalDependencies: "@esbuild/aix-ppc64" "0.23.0" @@ -290,62 +175,57 @@ esbuild@~0.23.0: escape-string-regexp@^1.0.5: version "1.0.5" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" + resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg== euberlog@^2.5.1: version "2.5.1" - resolved "https://registry.yarnpkg.com/euberlog/-/euberlog-2.5.1.tgz#c300b3e52ab8cf315048bc7c236599c5198e2d7b" + resolved "https://registry.npmjs.org/euberlog/-/euberlog-2.5.1.tgz" integrity sha512-7dS87eaX97jIelkX+b5tsYtE7obrRbTo5HHC067vpQrNgs/NTKCpmJJIBAlg98Em9yZfYwll1mmqroMZjXMHCQ== dependencies: chalk "^5.2.0" color-convert "^2.0.1" -fsevents@~2.3.3: - version "2.3.3" - resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" - integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== - get-tsconfig@^4.7.5: version "4.7.6" - resolved "https://registry.yarnpkg.com/get-tsconfig/-/get-tsconfig-4.7.6.tgz#118fd5b7b9bae234cc7705a00cd771d7eb65d62a" + resolved "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.6.tgz" integrity sha512-ZAqrLlu18NbDdRaHq+AKXzAmqIUPswPWKUchfytdAjiRFnCe5ojG2bstg6mRiZabkKfCoL/e98pbBELIV/YCeA== dependencies: resolve-pkg-maps "^1.0.0" has-flag@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd" + resolved "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz" integrity sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw== js-tokens@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" + resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== lodash.get@^4.4.2: version "4.4.2" - resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99" + resolved "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz" integrity sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ== lodash@^4.17.15: version "4.17.21" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== -moo@0.4.2: - version "0.4.2" - resolved "https://registry.yarnpkg.com/moo/-/moo-0.4.2.tgz#3cb40862d9ef4e356e0e7c5331f7b6cb1a9a8e70" - integrity sha512-tPmMMokeW2m6+jb7nrZqR+zwjr6reQLChlkzWdXyxxYxJ7flu5bJnXNM3PxgtpXQexso+799E1ZfBUVViIV5Vg== - moo@^0.4.3: version "0.4.3" - resolved "https://registry.yarnpkg.com/moo/-/moo-0.4.3.tgz#3f847a26f31cf625a956a87f2b10fbc013bfd10e" + resolved "https://registry.npmjs.org/moo/-/moo-0.4.3.tgz" integrity sha512-gFD2xGCl8YFgGHsqJ9NKRVdwlioeW3mI1iqfLNYQOv0+6JRwG58Zk9DIGQgyIaffSYaO1xsKnMaYzzNr1KyIAw== +moo@0.4.2: + version "0.4.2" + resolved "https://registry.npmjs.org/moo/-/moo-0.4.2.tgz" + integrity sha512-tPmMMokeW2m6+jb7nrZqR+zwjr6reQLChlkzWdXyxxYxJ7flu5bJnXNM3PxgtpXQexso+799E1ZfBUVViIV5Vg== + nearley@2.16.0: version "2.16.0" - resolved "https://registry.yarnpkg.com/nearley/-/nearley-2.16.0.tgz#77c297d041941d268290ec84b739d0ee297e83a7" + resolved "https://registry.npmjs.org/nearley/-/nearley-2.16.0.tgz" integrity sha512-Tr9XD3Vt/EujXbZBv6UAHYoLUSMQAxSsTnm9K3koXzjzNWY195NqALeyrzLZBKzAkL3gl92BcSogqrHjD8QuUg== dependencies: commander "^2.19.0" @@ -356,17 +236,17 @@ nearley@2.16.0: picocolors@^1.0.0: version "1.0.1" - resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1" + resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz" integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew== railroad-diagrams@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/railroad-diagrams/-/railroad-diagrams-1.0.0.tgz#eb7e6267548ddedfb899c1b90e57374559cddb7e" + resolved "https://registry.npmjs.org/railroad-diagrams/-/railroad-diagrams-1.0.0.tgz" integrity sha512-cz93DjNeLY0idrCNOH6PviZGRN9GJhsdm9hpn1YCS879fj4W+x5IFJhhkRZcwVgMmFF7R82UA/7Oh+R8lLZg6A== randexp@0.4.6: version "0.4.6" - resolved "https://registry.yarnpkg.com/randexp/-/randexp-0.4.6.tgz#e986ad5e5e31dae13ddd6f7b3019aa7c87f60ca3" + resolved "https://registry.npmjs.org/randexp/-/randexp-0.4.6.tgz" integrity sha512-80WNmd9DA0tmZrw9qQa62GPPWfuXJknrmVmLcxvq4uZBdYqb1wYoKTmnlGUchvVWe0XiLupYkBoXVOxz3C8DYQ== dependencies: discontinuous-range "1.0.0" @@ -374,34 +254,34 @@ randexp@0.4.6: regexp-tree@^0.1.27: version "0.1.27" - resolved "https://registry.yarnpkg.com/regexp-tree/-/regexp-tree-0.1.27.tgz#2198f0ef54518ffa743fe74d983b56ffd631b6cd" + resolved "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz" integrity sha512-iETxpjK6YoRWJG5o6hXLwvjYAoW+FEZn9os0PD/b6AP6xQwsa/Y7lCVgIixBbUPMfhu+i2LtdeAqVTgGlQarfA== resolve-pkg-maps@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz#616b3dc2c57056b5588c31cdf4b3d64db133720f" + resolved "https://registry.npmjs.org/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz" integrity sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw== ret@~0.1.10: version "0.1.15" - resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc" + resolved "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz" integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg== semver@^5.4.1: version "5.7.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + resolved "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== supports-color@^5.3.0: version "5.5.0" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f" + resolved "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz" integrity sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow== dependencies: has-flag "^3.0.0" tsx@^4.7.0: version "4.17.0" - resolved "https://registry.yarnpkg.com/tsx/-/tsx-4.17.0.tgz#6ffd9851a0c7aa4ecacf4dc19f28d82112af25c5" + resolved "https://registry.npmjs.org/tsx/-/tsx-4.17.0.tgz" integrity sha512-eN4mnDA5UMKDt4YZixo9tBioibaMBpoxBkD+rIPAjVmYERSG0/dWEY1CEFuV89CgASlKL499q8AhmkMnnjtOJg== dependencies: esbuild "~0.23.0" @@ -411,15 +291,15 @@ tsx@^4.7.0: typescript@^5.3.3: version "5.5.4" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.4.tgz#d9852d6c82bad2d2eda4fd74a5762a8f5909e9ba" + resolved "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz" integrity sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q== undici-types@~5.26.4: version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== uuid@^8.3.2: version "8.3.2" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" + resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==