ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(azure): Defender checks related to defender settings (#3347)

Browse Source 
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
This commit is contained in:
Rubén De la Torre Vico
2024-02-06 12:23:36 +01:00
committed by GitHub
parent 89c71a068b
commit fcf902eb1f
11 changed files with 416 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
tests/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled_test.py Normal file
View File

@@ -0,0 +1,115 @@
from unittest import mock
from uuid import uuid4
from prowler.providers.azure.services.defender.defender_service import Setting
from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION
class Test_defender_ensure_mcas_is_enabled:
def test_defender_no_settings(self):
defender_client = mock.MagicMock
defender_client.settings = {}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled import (
defender_ensure_mcas_is_enabled,
)
check = defender_ensure_mcas_is_enabled()
result = check.execute()
assert len(result) == 0
def test_defender_mcas_disabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.settings = {
AZURE_SUBSCRIPTION: {
"MCAS": Setting(
resource_id=resource_id,
resource_type="Microsoft.Security/locations/settings",
kind="DataExportSettings",
enabled=False,
)
}
}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled import (
defender_ensure_mcas_is_enabled,
)
check = defender_ensure_mcas_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Microsoft Defender for Cloud Apps is disabeld for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "MCAS"
assert result[0].resource_id == resource_id
def test_defender_mcas_enabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.settings = {
AZURE_SUBSCRIPTION: {
"MCAS": Setting(
resource_id=resource_id,
resource_type="Microsoft.Security/locations/settings",
kind="DataExportSettings",
enabled=True,
)
}
}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled import (
defender_ensure_mcas_is_enabled,
)
check = defender_ensure_mcas_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Microsoft Defender for Cloud Apps is enabled for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "MCAS"
assert result[0].resource_id == resource_id
def test_defender_mcas_no_settings(self):
defender_client = mock.MagicMock
defender_client.settings = {AZURE_SUBSCRIPTION: {}}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_mcas_is_enabled.defender_ensure_mcas_is_enabled import (
defender_ensure_mcas_is_enabled,
)
check = defender_ensure_mcas_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Microsoft Defender for Cloud Apps not exists for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "MCAS"
assert result[0].resource_id == "MCAS"

115
tests/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled_test.py Normal file
View File

@@ -0,0 +1,115 @@
from unittest import mock
from uuid import uuid4
from prowler.providers.azure.services.defender.defender_service import Setting
from tests.providers.azure.azure_fixtures import AZURE_SUBSCRIPTION
class Test_defender_ensure_wdatp_is_enabled:
def test_defender_no_settings(self):
defender_client = mock.MagicMock
defender_client.settings = {}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled import (
defender_ensure_wdatp_is_enabled,
)
check = defender_ensure_wdatp_is_enabled()
result = check.execute()
assert len(result) == 0
def test_defender_wdatp_disabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.settings = {
AZURE_SUBSCRIPTION: {
"WDATP": Setting(
resource_id=resource_id,
resource_type="Microsoft.Security/locations/settings",
kind="DataExportSettings",
enabled=False,
)
}
}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled import (
defender_ensure_wdatp_is_enabled,
)
check = defender_ensure_wdatp_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Microsoft Defender for Endpoint integration is disabeld for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "WDATP"
assert result[0].resource_id == resource_id
def test_defender_wdatp_enabled(self):
resource_id = str(uuid4())
defender_client = mock.MagicMock
defender_client.settings = {
AZURE_SUBSCRIPTION: {
"WDATP": Setting(
resource_id=resource_id,
resource_type="Microsoft.Security/locations/settings",
kind="DataExportSettings",
enabled=True,
)
}
}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled import (
defender_ensure_wdatp_is_enabled,
)
check = defender_ensure_wdatp_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "PASS"
assert (
result[0].status_extended
== f"Microsoft Defender for Endpoint integration is enabled for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "WDATP"
assert result[0].resource_id == resource_id
def test_defender_wdatp_no_settings(self):
defender_client = mock.MagicMock
defender_client.settings = {AZURE_SUBSCRIPTION: {}}
with mock.patch(
"prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled.defender_client",
new=defender_client,
):
from prowler.providers.azure.services.defender.defender_ensure_wdatp_is_enabled.defender_ensure_wdatp_is_enabled import (
defender_ensure_wdatp_is_enabled,
)
check = defender_ensure_wdatp_is_enabled()
result = check.execute()
assert len(result) == 1
assert result[0].status == "FAIL"
assert (
result[0].status_extended
== f"Microsoft Defender for Endpoint integration not exists for subscription {AZURE_SUBSCRIPTION}."
)
assert result[0].subscription == AZURE_SUBSCRIPTION
assert result[0].resource_name == "WDATP"
assert result[0].resource_id == "WDATP"

34
tests/providers/azure/services/defender/defender_service_test.py
View File

@@ -7,6 +7,7 @@ from prowler.providers.azure.services.defender.defender_service import (
Defender,
Pricing,
SecurityContacts,
Setting,
)
from tests.providers.azure.azure_fixtures import (
AZURE_SUBSCRIPTION,
@@ -67,6 +68,19 @@ def mock_defender_get_security_contacts(_):
}
def mock_defender_get_settings(_):
return {
AZURE_SUBSCRIPTION: {
"MCAS": Setting(
resource_id="/subscriptions/resource_id",
resource_type="Microsoft.Security/locations/settings",
kind="DataExportSettings",
enabled=True,
)
}
}
@patch(
"prowler.providers.azure.services.defender.defender_service.Defender.__get_pricings__",
new=mock_defender_get_pricings,
@@ -79,6 +93,10 @@ def mock_defender_get_security_contacts(_):
"prowler.providers.azure.services.defender.defender_service.Defender.__get_assessments__",
new=mock_defender_get_assessments,
)
@patch(
"prowler.providers.azure.services.defender.defender_service.Defender.__get_settings__",
new=mock_defender_get_settings,
)
@patch(
"prowler.providers.azure.services.defender.defender_service.Defender.__get_security_contacts__",
new=mock_defender_get_security_contacts,
@@ -151,6 +169,22 @@ class Test_Defender_Service:
)
assert defender.assessments[AZURE_SUBSCRIPTION]["default"].status == "Healthy"
def test__get_settings__(self):
defender = Defender(set_mocked_azure_audit_info())
assert len(defender.settings) == 1
assert (
defender.settings[AZURE_SUBSCRIPTION]["MCAS"].resource_id
== "/subscriptions/resource_id"
)
assert (
defender.settings[AZURE_SUBSCRIPTION]["MCAS"].resource_type
== "Microsoft.Security/locations/settings"
)
assert (
defender.settings[AZURE_SUBSCRIPTION]["MCAS"].kind == "DataExportSettings"
)
assert defender.settings[AZURE_SUBSCRIPTION]["MCAS"].enabled
def test__get_security_contacts__(self):
defender = Defender(set_mocked_azure_audit_info())
assert len(defender.security_contacts) == 1