Skip to content

Commit 7100780

Browse files
derkkila-splunkderkkila-splunk
authored
Merge pull request #25 from leftrightleft/main
Secret Scanning Dashboard
2 parents 4a4706d + 8c4644e commit 7100780

File tree

4 files changed

+155
-2
lines changed

4 files changed

+155
-2
lines changed

github_app_for_splunk/default/data/ui/nav/default.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
<collection label="Advanced Security">
1212
<view name="security_alert_overview" />
1313
<view name="code_scanning_overview" />
14+
<view name="secret_scanning_overview" />
1415
</collection>
1516
<collection label="Developer Insights">
1617
<view name="value_stream_analytics" />

github_app_for_splunk/default/data/ui/views/secret_scanning_overview.xml

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
<form>
2+
<label>Secret Scanning Alerts</label>
3+
<search id="baseSearch">
4+
<query>
5+
`github_webhooks` eventtype="GitHub::SecretScanning" | eval action='action', enterprise=if(isnotnull('enterprise.name'),'enterprise.name','unknown'), organization=if(isnotnull('organization.login'),'organization.login','unknown'), repository=if(isnotnull('repository.name'),'repository.name','unknown'), secret_type=if(isnotnull('alert.secret_type'),'alert.secret_type','unknown'), resolution=if(isnotnull('alert.resolution'),'alert.resolution','unknown'), resolved_at=if(isnotnull('alert.resolved_at'),'alert.resolved_at','unknown'), resolved_by=if(isnotnull('alert.resolved_by.login'),'alert.resolved_by.login','unknown')
6+
</query>
7+
<earliest>$timeTkn.earliest$</earliest>
8+
<latest>$timeTkn.latest$</latest>
9+
<sampleRatio>1</sampleRatio>
10+
</search>
11+
<fieldset submitButton="false" autoRun="true">
12+
<input type="time" token="timeTkn" searchWhenChanged="true">
13+
<label>Time Range</label>
14+
<default>
15+
<earliest>-24h@h</earliest>
16+
<latest>now</latest>
17+
</default>
18+
</input>
19+
<input type="multiselect" token="secret_type" searchWhenChanged="true">
20+
<label>Secret Type</label>
21+
<fieldForLabel>secret_type</fieldForLabel>
22+
<fieldForValue>secret_type</fieldForValue>
23+
<valuePrefix>"</valuePrefix>
24+
<valueSuffix>"</valueSuffix>
25+
<search base="baseSearch">
26+
<query>| table secret_type | dedup secret_type</query>
27+
</search>
28+
<choice value="*">All</choice>
29+
<default>*</default>
30+
<initialValue>*</initialValue>
31+
</input>
32+
<input type="multiselect" token="orgTkn" searchWhenChanged="true">
33+
<label>Organization</label>
34+
<choice value="*">All</choice>
35+
<default>*</default>
36+
<initialValue>*</initialValue>
37+
<valuePrefix>"</valuePrefix>
38+
<valueSuffix>"</valueSuffix>
39+
<delimiter>,</delimiter>
40+
<fieldForLabel>organization</fieldForLabel>
41+
<fieldForValue>organization</fieldForValue>
42+
<search base="baseSearch">
43+
<query>| dedup organization | table organization</query>
44+
</search>
45+
</input>
46+
<input type="multiselect" token="repoTkn" searchWhenChanged="true">
47+
<label>Repositories</label>
48+
<choice value="*">All</choice>
49+
<default>*</default>
50+
<initialValue>*</initialValue>
51+
<valuePrefix>"</valuePrefix>
52+
<valueSuffix>"</valueSuffix>
53+
<delimiter>,</delimiter>
54+
<fieldForLabel>repository</fieldForLabel>
55+
<fieldForValue>repository</fieldForValue>
56+
<search base="baseSearch">
57+
<query>| dedup repository | table repository</query>
58+
</search>
59+
</input>
60+
</fieldset>
61+
<row>
62+
<panel>
63+
<single>
64+
<title>Found Secrets</title>
65+
<search base="baseSearch">
66+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="created" | stats count</query>
67+
</search>
68+
<option name="drilldown">none</option>
69+
<option name="height">150</option>
70+
<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
71+
<option name="refresh.display">progressbar</option>
72+
</single>
73+
</panel>
74+
<panel>
75+
<single>
76+
<title>Fixed Secrets</title>
77+
<search base="baseSearch">
78+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="resolved" | stats count</query>
79+
</search>
80+
<option name="drilldown">none</option>
81+
<option name="height">150</option>
82+
<option name="refresh.display">progressbar</option>
83+
</single>
84+
</panel>
85+
<panel>
86+
<chart>
87+
<title>Secret Types</title>
88+
<search base="baseSearch">
89+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | chart count by secret_type</query>
90+
</search>
91+
<option name="charting.chart">pie</option>
92+
<option name="charting.drilldown">none</option>
93+
<option name="height">175</option>
94+
</chart>
95+
</panel>
96+
<panel>
97+
<chart>
98+
<title>Secrets Found/Fixed Ratio</title>
99+
<search base="baseSearch">
100+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ (action=created OR action=resolved)
101+
| timechart count(_raw) by action
102+
| accum created
103+
| accum resolved
104+
| rename created as "Found"
105+
| rename resolved as "Fixed"</query>
106+
</search>
107+
<option name="charting.axisTitleX.visibility">collapsed</option>
108+
<option name="charting.chart">line</option>
109+
<option name="charting.drilldown">none</option>
110+
<option name="refresh.display">progressbar</option>
111+
<option name="height">175</option>
112+
</chart>
113+
</panel>
114+
</row>
115+
<row>
116+
<panel>
117+
<table>
118+
<title>Fixed Secrets</title>
119+
<search base="baseSearch">
120+
<query> | search action=resolved repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, resolution, resolved_by, _time
121+
| rename secret_type as "Secret Type"
122+
| rename organization as "Organization"
123+
| rename repository as "Repository"
124+
| rename resolution as "Resolution"
125+
| rename resolved_by as "Resolved By"
126+
</query>
127+
</search>
128+
<option name="drilldown">none</option>
129+
</table>
130+
</panel>
131+
</row>
132+
<row>
133+
<panel>
134+
<table>
135+
<title>Found Secrets</title>
136+
<search base="baseSearch">
137+
<query> | search action=created repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, action, _time
138+
| rename secret_type as "Secret Type"
139+
| rename organization as "Organization"
140+
| rename repository as "Repository"
141+
| rename action as "Action"
142+
</query>
143+
</search>
144+
<option name="drilldown">none</option>
145+
</table>
146+
</panel>
147+
</row>
148+
</form>

github_app_for_splunk/default/data/ui/views/welcome_page.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@
6363
Open Source repositories and customers of GitHub Advanced Security have access to application security tooling such as Code Scanning, Secret Scanning, and Dependency Review.
6464
<ol>
6565
<li>The <a href="security_alert_overview"> Advanced Security Overview</a> dashboard gives insight into the security posture of your GitHub Organization</li>
66-
<li>The <a href="code_scanning_overview"> Code Scanning</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
66+
<li>The <a href="code_scanning_overview"> Code Scanning Alerts</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
67+
<li>The <a href="secret_scanning_overview"> Secret Scanning Alerts</a> dashboard provides visibility into secrets like API keys and personal access tokens that have been checked into your repositories</li>
6768
</ol>
6869
</p>
6970
</div>

github_app_for_splunk/default/eventtypes.conf

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ search = `github_webhooks` action IN ("submitted","edited","dismissed") pull_req
1414
search = `github_webhooks` after=* before=* "commits{}.id"=* ref=* "pusher.name"=*
1515

1616
[GitHub::Repo]
17-
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=*
17+
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=* NOT "alert.created_at"=* NOT "alert.number"=*
1818

1919
[GitHub::Project]
2020
search = `github_webhooks` action IN ("created","edited","closed","reopenend","deleted") "project.number"=*
@@ -31,6 +31,9 @@ search = `github_webhooks` action IN ("queued","created","started","completed")
3131
[GitHub::CodeScanning]
3232
search = `github_webhooks` action IN ("appeared_in_branch", "closed_by_user", "created", "fixed", "reopened", "reopened_by_user") "alert.created_at"=*
3333

34+
[GitHub::SecretScanning]
35+
search = `github_webhooks` action IN ("created", "resolved") "alert.secret_type"=*
36+
3437
[GitHub::VulnerabilityAlert]
3538
search = `github_webhooks` action IN ("create", "dismiss", "resolve") "alert.external_identifier"=*
3639

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy