search

cisagov / ScubaGoggles

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
149 stars 20 forks source link

Detailed Report message - Groups #87

Closed amart241 closed 1 month ago

amart241 commented 10 months ago

x

LaurenBassett commented 7 months ago

Baseline 2.1.1

GroupAccessSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "CLOSED"
    Description := concat("", ["<span class=setting>Groups cannot be accessed by people </span> from outside ", LastEvent.OrgUnit])
}

GroupAccessSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "OPEN"
    Description := concat("", ["<span class=setting>Groups can be accessed by people </span> from outside ", LastEvent.OrgUnit])
}

Baseline 2.2.1

GroupOwnerAddExtMembersSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "true"
    Description := concat("", ["<span class=setting>Group owners have the ability to allow access to external members </span> from outside ", LastEvent.OrgUnit])
}

GroupOwnerAddExtMembersSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "false"
    Description := concat("", ["<span class=setting>Group owners do not have the ability to allow access to external members </span> from outside ", LastEvent.OrgUnit])
}

Baseline 2.3.1

GroupOwnerAllowPostingExtMembersSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "true"
    Description := concat("", ["<span class=setting>Group owners can allow incoming mail for posting group messaging </span> from outside ", LastEvent.OrgUnit])
}

GroupOwnerAllowPostingExtMembersSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "false"
    Description := concat("", ["<span class=setting>Group owners can not allow incoming mail for posting group messaging </span> from outside ", LastEvent.OrgUnit])
}

Baseline 2.4.1

GroupCreationRestrictionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "ADMIN_ONLY"
    Description := concat("", ["<span class=setting>Groups can only be created by admins </span> within ", LastEvent.OrgUnit])
}

GroupCreationRestrictionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "USERS_IN_DOMAIN"
    Description := concat("", ["<span class=setting>Groups can be created by anyone </span> within ", LastEvent.OrgUnit])
}

Baseline 2.5.1


GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "OWNERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by owners only </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "MANAGERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by owners and managers </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "MEMBERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by all group members </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "DOMAIN_USERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by all organization users </span> within ", LastEvent.OrgUnit])
}

Update on 2.5 from issue 158


GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "OWNERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by owners only </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "MANAGERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by owners and managers </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "MEMBERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by all group members </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "DOMAIN_USERS"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by all organization users </span> within ", LastEvent.OrgUnit])
}

GroupConversationViewPermissionSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "PUBLIC"
    Description := concat("", ["<span class=setting>Group conversations can be viewed by everyone"])
}

Baseline 2.6.1


GroupOwnersHideGroupsSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "true"
    Description := concat("", ["<span class=setting>Group owners can hide groups from the directory </span> within ", LastEvent.OrgUnit])
}

GroupOwnersHideGroupsSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "false"
    Description := concat("", ["<span class=setting>Group owners can not hide groups from the directory </span> within ", LastEvent.OrgUnit])
}

Baseline 2.7.1

NewGroupHiddenSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "true"
    Description := concat("", ["<span class=setting>Newly created groups from the directory can be hidden </span> within ", LastEvent.OrgUnit])
}

NewGroupHiddenSettingDetailsStr(LastEvent) = Description if {
    LastEvent.NewValue == "false"
    Description := concat("", ["<span class=setting>Newly created groups from the directory can not be hidden </span> within ", LastEvent.OrgUnit])
}