Cycode¶
About¶
Cycode is a complete software supply chain security solution that provides visibility, security and integrity across all phases of the SDLC.
Product Details¶
Vendor URL: Cycode
Product Type: Application
Product Tier: Tier III
Integration Method: Webhook
Integration URL: Webhook Integration
Log Guide: n/a
Parser Details¶
Log Format: JSON
Expected Normalization Rate: near 100%
Data Label: CYCODE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| "Cycode" | metadata.vendor_name |
| "Cycode" | metadata.product_name |
| correlation_message | metadata.description |
| source_policy_name | metadata.product_event_type |
| id | metadata.product_log_id |
| link | metadata.url_back_to_product |
| detection_details.external_scanner_id | observer.process.pid |
| detection_details.repository_name | principal.hostname |
| scan_id | principal.process.pid |
| provider | principal.resource.name |
| detection_details.concrete_provider | principal.resource.resource_subtype |
| detection_details.file_path | target.file.full_path |
| detection_details.file_name | target.file.names |
| detection_details.job_url | target.url |
| detection_details.organization_name | target.user.company_name |
| detection_details.organization_id | target.user.group_identifiers |
| detection_details.provider | security_result.about.application |
| source_entity_type | security_result.about.asset.category |
| source_entity_id | security_result.about.asset.asset_id |
| detection_details.repository_id | security_result.about.asset_id |
| detection_unique_id | security_result.about.process.pid |
| source_entity_name | security_result.about.resource.name |
| source_policy_type | security_result.category_details |
| correlation_message | security_result.description |
| priority | security_result.priority_details |
| detection_rule_id | security_result.rule_id |
| source_policy_name | security_result.rule_name |
| detection_details.owasp | security_result.rule_set |
| type | security_result.rule_type |
| severity | security_result.severity |
| severity | security_result.severity_details |
| summary | security_result.summary |
| detection_details.cwe | security_result.threat_feed_name |
| detection_type_id | security_result.threat_id |
Product Event Types¶
| Product Event | Description | UDM Event |
|---|---|---|
| File event | SCAN_FILE | |
| All other | GENERIC_EVENT |
Log Sample¶
{"id":"eventID","source_policy_id":"src_policyID","detection_type_id":"src_policyID","detection_unique_id":"uniqueID","source_entity_id":"repoID","source_policy_name":"Improper Certificate Validation","source_policy_type":"SAST","source_entity_name":"src_entityname","source_entity_type":"Repository","correlation_message":"Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.","detection_details":{"organization_id":"orgID","external_scanner_id":"externalID","organization_name":"org_name","policy_id":"src_policyID","detection_rule_id":"ruleID","file_path":"file_path.py","file_name":"file_name.py","file_extension":".py","start_position":5,"end_position":5,"line":26,"storage_details":{"path":"path.json","folder":"external-scanner-violations","size":610},"cwe":["CWE-295: Improper Certificate Validation"],"owasp":["A3: Sensitive Data Exposure"],"category":"Security","languages":["python"],"repository_name":"src_entityname","repository_id":"repoID","line_in_file":26,"branch_name":"master","branch_id":"branchID","branch_url":"branchUrl","file_url":"fileUrl"},"severity":"Critical","provider":"Github","type":"SAST","is_hidden":false,"link":"https://app.cycode.com/detection/eventID","scan_id":"0scanID","detection_rule_id":"ruleID","labels":null,"tags":null,"sdlc_stages":["Code"],"policy_labels":null,"priority":0,"project_ids":[],"text":"Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.. Link: https://app.cycode.com/detection/eventID","summary":"Cycode detection: Improper Certificate Validation","description":"Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.\n\n-------Alert Info-------\nLink: https://app.cycode.com/detection/eventID\nSeverity: Critical\nSource: Github\nType: SAST\nOrganization Name: org_name\nFile Path: file_path.py\nFile Name: file_name.py\nFile Extension: .py\nStart Position: 5\nEnd Position: 5\nLine: 26\nCategory: Security\nRepository Name: src_entityname\nLine In File: 26\nBranch Name: master\nBranch Url: branchUrl\nFile Url: fileUrl"}
Sample Parsing¶
metadata.product_log_id = "eventID"
metadata.description = "Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation."
metadata.event_timestamp = "2021-12-20T23:54:46.6929430Z"
metadata.event_type = "SCAN_FILE"
metadata.vendor_name = "Cycode"
metadata.product_name = "Cycode"
metadata.product_event_type = "Improper Certificate Validation"
metadata.url_back_to_product = "https://app.cycode.com/detection/eventID"
metadata.ingested_timestamp = "2021-12-20T23:54:46.6929430Z"
principal.hostname = "src_entityname"
principal.process.pid = "scanID"
principal.resource.name = "Github"
target.user.group_identifiers = "orgID"
target.user.company_name = "org_name"
target.url = "fileURL"
target.file.full_path = "file_path.py"
target.file.names = "file_name.py"
observer.process.pid = "externalID"
security_result.about.asset_id = "Repo ID: repoID"
security_result.about.process.pid = "uniqueID"
security_result.asset.asset_id = "Entity ID: repoID"
security_result.asset.category = "Repository"
security_result.resource.name = "src_entityname"
security_result.category_details = "SAST"
security_result.description = "Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation."
security_result.rule_set = "A3: Sensitive Data Exposure"
security_result.rule_id = "ruleID"
security_result.rule_name = "Improper Certificate Validation"
security_result.rule_type = "SAST"
security_result.severity = "CRITICAL"
security_result.severity_details = "Critical"
security_result.summary = "Cycode detection: Improper Certificate Validation"
security_result.priority_details = "0"
security_result.threat_id = "src_policyID"
security_result.threat_feed_name = "CWE-295: Improper Certificate Validation"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon