Justified Issues Score

[moonspell79]

trafficstars

I have Justified some issue, but they still show the same score. This confuse me, becouse I though that after I justify the problem, it is acknowledge as something normal and no longer higher my score.

I would like to clean up my account with either fixing issues or justfying it, so and the end of the day I have a score or "zero". Then next day I can check what are new issues. Is there a way to achieve it ?

Thanks.

[scriptsrc]

This was fixed in PR #825 with a very simple change to dart/lib/component/item_table_component/item_table_component.html https://github.com/Netflix/security_monkey/pull/825/files#diff-66e6c0d6b02b84c8228f639fc3ec49d8

I suspect you're on an old codebase. Can you confirm?

[moonspell79]

Hello,

Thanks for contact. Can you tell me how to check security monkey version installed? I was using instruction from latest documentation: http://securitymonkey.readthedocs.io/en/latest/quickstart.html#setup-on-aws-or-gcp

I copied code from developer branch (default):

sudo git clone --depth 1 --branch develop https://github.com/Netflix/security_monkey.git

Which branch shall I use in order to have stable version?

Thanks for your time and helping me out :) Michal

2017-11-04 6:29 GMT+01:00 Patrick Kelley [email protected]:

This was fixed in PR #825 https://github.com/Netflix/security_monkey/pull/825 with a very simple change to dart/lib/component/item_table_component/item_table_ component.html https://github.com/Netflix/security_monkey/pull/825/files#diff- 66e6c0d6b02b84c8228f639fc3ec49d8

I suspect you're on an old codebase. Can you confirm?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-341873514, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTEzYSPKiDwSOW69RV-gFlCo4rydenks5sy_Y-gaJpZM4QHcky .

[moonspell79]

Hello,

I just verified the code changes in #825 and I have it applied already. What I see is that I have justified some issues on 27.10.2017 in security groups (400 points) and since then it still show up in Dashboard. So I have securitygrups score 540 (140 new issues and 400 from justified issues). Attaching screenshot from one justified issue.

Thanks: Michal

2017-11-06 9:17 GMT+01:00 Michal Grzelak [email protected]:

Hello,

Thanks for contact. Can you tell me how to check security monkey version installed? I was using instruction from latest documentation: http://securitymonkey.readthedocs.io/en/latest/ quickstart.html#setup-on-aws-or-gcp

I copied code from developer branch (default):

sudo git clone --depth 1 --branch develop https://github.com/Netflix/security_monkey.git

Which branch shall I use in order to have stable version?

Thanks for your time and helping me out :) Michal

2017-11-04 6:29 GMT+01:00 Patrick Kelley [email protected]:

This was fixed in PR #825 https://github.com/Netflix/security_monkey/pull/825 with a very simple change to dart/lib/component/item_table_component/item_table_component .html https://github.com/Netflix/security_monkey/pull/825/files# diff-66e6c0d6b02b84c8228f639fc3ec49d8

I suspect you're on an old codebase. Can you confirm?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-341873514, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTEzYSPKiDwSOW69RV-gFlCo4rydenks5sy_Y-gaJpZM4QHcky .

[scriptsrc]

Ohh, So you're seeing this on the Dashboard and not on the default Item Search page?

[moonspell79]

I see it on both dashboard and when i do search.

06.11.2017 19:25 "Patrick Kelley" [email protected] napisał(a):

Ohh, So you're seeing this on the Dashboard and not on the default Item Search page?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-342239821, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTEzxw8g1pORgFvqWgMeHtm_3e-yFHks5sz08MgaJpZM4QHcky .

[scriptsrc]

Are you compiling the dart yourself or downloading the static.tar.gz file from the last release?

Have you tried to open the Chrome Inspector and then right-click on the refresh button and go to "Empty Cache and Hard Reload" ?

[moonspell79]

I follow the instruction from latest doc i think dart is compiled there. I used a few browser, private modę, i even see justifued score when exporting result to Excel.

06.11.2017 19:36 "Patrick Kelley" [email protected] napisał(a):

Are you compiling the dart yourself or downloading the static.tar.gz file from the last release?

Have you tried to open the Chrome Inspector and then right-click on the refresh button and go to "Empty Cache and Hard Reload" ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-342243091, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTEw3B5pvfT1tpiQJhq9OXj3NRDu75ks5sz1G8gaJpZM4QHcky .

[ekelson-bcove]

I also am seeing no change in score on the dashboard. I pulled the develop branch and compiled the DART code as of yesterday (11/8/2017)

[moonspell79]

Ok. So you also see this problem? Do you know how to fix IT?

Thanks Michal

09.11.2017 15:54 "Eric Kelson" [email protected] napisał(a):

I also am seeing no change in score on the dashboard. I pulled the develop branch and compiled the DART code as of yesterday (11/8/2017)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-343178685, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTE0olhQlk9zrMarYNiVhWrMhYEl5Mks5s0xI3gaJpZM4QHcky .

[mstair]

The audit runs from the scheduler at hour 10 (for whatever timezone it is set on) daily, you are not seeing it change over days?

[moonspell79]

No. It didn't change for last week or more. I also trud to run schelduer from command line with no efect. I am really interested in sorting it out, as customer i support in aws likes the Security Monkey and want to have it depliyed in production. I can also share my config or live share desktop if that can help somehow. Thank you. Michal

09.11.2017 17:14 "Michael Stair" [email protected] napisał(a):

The audit runs from the scheduler at hour 10 (for whatever timezone it is set on) daily, you are not seeing it change over days?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-343205356, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTE1AN2KpEng_9UT_GBkWAUIZmWFQPks5s0yTkgaJpZM4QHcky .

[mstair]

Oh sorry, this is justify vs "fix", let me check.

[mstair]

I built from the latest develop code and UI and confirmed I see same. I am looking into where justified issues get reflected in scoring.

[moonspell79]

Hello,

Were you able to find solution for this problem?

Thanks: Michał

2017-11-10 19:43 GMT+01:00 Michael Stair [email protected]:

I built from the latest develop code and UI and confirmed I see same. I am looking into where justified issues get reflected in scoring.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Netflix/security_monkey/issues/854#issuecomment-343553766, or mute the thread https://github.com/notifications/unsubscribe-auth/AdDTEy81qMa67B4J4vgYGV_d0zHBAaprks5s1JlggaJpZM4QHcky .

[mappindrones]

Hi mstair - any luck on finding where this is tabulating incorrectly?

[mstair]

@mappindrones Apologies, I did not follow up. I just did a fresh pull, rebuilt the UI, and justified a few issues. I will check tomorrow.

[mappindrones]

Just rebuilt SM yesterday and same issue as before. Looks like for justified items the score is 0 on the search page, but still shows up on the dashboard total for Accounts and High Score Items. I've tried the empty cache and hard reload in Chrome. Any thoughts?

[MKgridSec]

Hi @mstair I'm seeing an issue similar to this both with scores still showing as though the issue was not fixed or justified on the search results section. Compiling dart and using the codebase as recent as https://github.com/Netflix/security_monkey/pull/1091

I think this may be related to inconsistencies in the API responses between /api/1/items/itemNumberHERE and /api/1/items?searchparams

First example with justified issues:

1. Auditor finds issue with Item

2. then the issue is justified

3. Search for the justified issue by ARN, name, account etc.

4. the search triggers an API like this: GET /api/1/items?accounts=EXAMPLE&accounttypes=&active=True&arns=&count=25&enabledonly=true&names=&page=1&regions=&technologies=iamrole.

5. results: of the API call like this: {"count": 25, "items": [{"account": "EXAMPLE", "justification": null, "account_type": "AWS", "name": "EXAMPLEROLE", "technology": "iamrole", "issue": "Sensitive Permissions", "region": "universal", "score": 10, "notes": "Service [s3] Category: [Permissions] Resources: [\"*\"]", "item_links": [], "item_id": 33877, "justified": false, "fixed": false, "justified_date": "2018-04-20 20:03:19.462511", "id": 41874} .... Note Justified shows false but a justified_date is present

6. Click on the particular Item within the search results. the detail page does the following: API call to GET /api/1/items/33877

{"justification": "Required to function", "issue": "Sensitive Permissions", "notes": "Service [iam] Category: [Permissions] Resources: [\"*\"]", "score": 10, "item_links": [{"id": 33877, "name": "REDEACTED"}], "item_id": 33877, "justified_user": "USER", "justified": true, "fixed": false, "justified_date": "2018-07-12 18:43:11.761536", "id": 93368} Note the Justified: true

second example (fixed issues)

1. Auditor finds issue with Item
2. item issue is fixed but item is still present (ie not deleted)
3. Search results show old unjustified or unfixed scores. GET /api/1/items?accounts=&accounttypes=&arns=ARNREDACTED&count=25&names=&page=1&regions=&technologies= example:

{"count": 1, "items": [{"account": "EXAMPLE", "account_type": "AWS", "name": "ARNREDACTED", "region": "us-east-1", "unjustified_issue_score": 2, "num_issues": 1, "active": true, "issue_score": 2, "first_seen": "2018-05-11 16:28:16.715374", "technology": "lambda", "id": 40744, "last_seen": "2018-08-08 00:55:51.097552"}], "total": 1, "page": 1, "auth": {"authenticated": true, "user": "USER", "roles": [{"name": "Admin"}, {"name": "Justify"}, {"name": "Comment"}, {"name": "View"}]}}

4. clicking on item shows accurate score. example: GET /api/1/items/40744 returns

{"item": {"account": "EXAMPLE", "account_type": "AWS", "name": "REDACTED (ARNREDACTED)", "region": "us-east-1", "technology": "lambda", "id": 40744}, "revisions": [{"active": true, "date_created": "2018-08-08 00:55:51.097552", "date_last_ephemeral_change": null, "id": 176747, "item_id": 40744}, {"active": true, "date_created": "2018-05-11 16:28:16.715374", "date_last_ephemeral_change": null, "id": 59089, "item_id": 40744}], "auth": {"authenticated": true, "user": "USER", "roles": [{"name": "Admin"}, {"name": "Justify"}, {"name": "Comment"}, {"name": "View"}]}, "issues": [], "comments": []} Note "issues": []

I haven't had time to research further but I think it is related to the ItemList class. https://github.com/Netflix/security_monkey/blob/develop/security_monkey/views/item.py#L143