For example, after setting the action for encrypted attachments from untrusted senders, attachments with scripts from untrusted senders, and anomalous attachment types all to warning, the report just says:
[OU name]: Emails with encrypted attachments from untrusted senders are kept in the inbox.
Ideally it would report that all three settings are non-compliant, not just one of them. For example:
[OU name]: The action for encrypted attachments from untrusted senders is set to warning. The action for attachments with scripts from untrusted senders is set to warning. The action for anomalous attachment type is set to warning.
To reproduce
Admin center -> Apps -> Google Workspace -> Gmail -> Safety -> Attachments -> Set the action for multiple categories to "Keep in inbox and show warning"
Run ScubaGoggles. Note that only one category is reported in the report details column.
Expected behavior
All categories would be listed in the Report Details column.
Any helpful log output or screenshots
Refer to GWS.CHAT.7.1 for an example of how to implement Report Details messages like this in Rego.
🐛 Summary
Currently (as of https://github.com/cisagov/ScubaGoggles/pull/278), the report details for GWS.GMAIL.5.5 doesn't always show the full picture.
For example, after setting the action for encrypted attachments from untrusted senders, attachments with scripts from untrusted senders, and anomalous attachment types all to warning, the report just says:
Ideally it would report that all three settings are non-compliant, not just one of them. For example:
To reproduce
Expected behavior
All categories would be listed in the Report Details column.
Any helpful log output or screenshots
Refer to GWS.CHAT.7.1 for an example of how to implement Report Details messages like this in Rego.