valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 09:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update AzureTokenRevoker.py

Browse Source
This commit is contained in:
Daniel Weiner 2020-11-21 19:04:05 -05:00 committed by GitHub
parent e47eda9c2b
commit 580dc212fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
responders/AzureTokenRevoker/AzureTokenRevoker.py
View File

@ -1,10 +1,10 @@
#!/usr/bin/env python3
# encoding: utf-8
import json
import requests
import cortexutils
import traceback
import datetime
# Process json inputs
from cortexutils.responder import Responder
# Initialize Azure Class
@ -14,10 +14,12 @@ class AzureTokenRevoker(Responder):
self.client_id = self.get_params('config.client_id', None, 'Azure AD Application ID/Client ID Missing')
self.client_secret = self.get_params('config.client_secret', None, 'Azure AD Registered Application Client Secret Missing')
self.redirect_uri = self.get_params('config.redirect_uri', None, 'Set a redirect URI in Azure AD Registered Application. (ex. https://logon.microsoftonline.<tenant id>/oauth2/token)')
self.user = self.get_params('user', None, 'No UPN supplied to revoke credentials for')
self.time = ''
def run(self):
try:
self.user = self.get_params('data.data', None, 'No UPN supplied to revoke credentials for')
if not self.user:
self.error("No user supplied")
base_resource = "https://graph.microsoft.com"
token_data = {
@ -44,21 +46,21 @@ class AzureTokenRevoker(Responder):
base_url = 'https://graph.microsoft.com/v1.0/'
r = requests.post(base_url + 'users/{}/revokeSignInSessions'.format(user), headers=headers)
r = requests.post(base_url + 'users/{}/revokeSignInSessions'.format(self.user), headers=headers)
if r.status_code != 200:
self.error('Failure to revoke access tokens of user {}: {}'.format(user, r.content))
self.error('Failure to revoke access tokens of user {}: {}'.format(self.user, r.content))
else:
#record time of successful auth token revokation
self.time = datetime.datetime.now()
self.time = datetime.datetime.utcnow().st
except Exception as ex:
self.error(traceback.format_exc())
# Build report to return to Cortex
full_report = {"message": "User {} authentication tokens successfully revoked at {}".format(self.user, self.time)}
self.report(full_report)
def operations(self, raw):
#Needs to be changed
return [self.build_operation('AddTagToArtifact', tag='AzureAD:UserAADAuthTokensReset{}'.format(self.time))]
if __name__ == '__main__':
AzureTokenRevoker().run()