Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add overly matching detection and MozDef alerting to AWS-Federated-AMR.js #336

Open
gene1wood opened this issue Jul 9, 2020 · 0 comments
Open

Add overly matching detection and MozDef alerting to AWS-Federated-AMR.js #336

gene1wood opened this issue Jul 9, 2020 · 0 comments

Comments

@gene1wood
Copy link
Contributor

We should extend the Auth0 rule which creates the amr claim to detect overly matching policy group names (e.g. e) which effectively permit a ton of people and undermine the benefits of the group filtering feature

https://github.com/mozilla-iam/auth0-deploy/blob/master/rules/AWS-Federated-AMR.js

When cases like this are detected we could

  • Alert to MozDef that a overly matching policy was authored
  • Ignore the overly matching group name when filtering
  • Maybe have a whitelist of group names which both match our "is this overly matching" logic but also should indeed be allowed

Original Jira issue IAM-139
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gene1wood