diff --git a/docs/gitbook/.gitbook/assets/rbac-default-roles.png b/docs/gitbook/.gitbook/assets/rbac-default-roles.png new file mode 100644 index 0000000000..754ef81d32 Binary files /dev/null and b/docs/gitbook/.gitbook/assets/rbac-default-roles.png differ diff --git a/docs/gitbook/.gitbook/assets/rbac-role-edit1.png b/docs/gitbook/.gitbook/assets/rbac-role-edit1.png new file mode 100644 index 0000000000..ee36633b45 Binary files /dev/null and b/docs/gitbook/.gitbook/assets/rbac-role-edit1.png differ diff --git a/docs/gitbook/.gitbook/assets/rbac-role-edit2.png b/docs/gitbook/.gitbook/assets/rbac-role-edit2.png new file mode 100644 index 0000000000..63b23d2ca9 Binary files /dev/null and b/docs/gitbook/.gitbook/assets/rbac-role-edit2.png differ diff --git a/docs/gitbook/.gitbook/assets/rbac-role-edit3.png b/docs/gitbook/.gitbook/assets/rbac-role-edit3.png new file mode 100644 index 0000000000..4eddfd75db Binary files /dev/null and b/docs/gitbook/.gitbook/assets/rbac-role-edit3.png differ diff --git a/docs/gitbook/SUMMARY.md b/docs/gitbook/SUMMARY.md index b2b2d8660e..b53a4f62c1 100644 --- a/docs/gitbook/SUMMARY.md +++ b/docs/gitbook/SUMMARY.md @@ -182,6 +182,8 @@ * [Slack](destinations/setup/slack.md) * [SNS](destinations/setup/sns.md) * [SQS](destinations/setup/sqs.md) +* [Enterprise](enterprise/README.md) + * [Role-Based Access Control](enterprise/rbac.md) * [Help]() * [Troubleshooting](troubleshooting.md) * [Support](support.md) diff --git a/docs/gitbook/enterprise/README.md b/docs/gitbook/enterprise/README.md new file mode 100644 index 0000000000..0733b12f64 --- /dev/null +++ b/docs/gitbook/enterprise/README.md @@ -0,0 +1,20 @@ +# Panther Enterprise + +In addition to the open-source community edition, Panther offers an enterprise product with all +community features plus: + +* [Role-Based Access Control](rbac.md) +* Premium Analysis Packs for PCI and AWS+ +* Customer Support with SLAs + +and many more features coming soon! + +Panther Enterprise can be deployed in your own AWS account or managed by Panther in our single-tenant +hosted environment. + +Visit our [pricing](https://runpanther.io/pricing/) page and +[request a demo](https://runpanther.io/request-a-demo/) to upgrade today! + +## Upgrading from Community +An existing deployment of the community edition can be upgraded in-place to enterprise with no +loss of data nor extra configuration required. The [deploy process](../quick-start.md) is the same. diff --git a/docs/gitbook/enterprise/rbac.md b/docs/gitbook/enterprise/rbac.md new file mode 100644 index 0000000000..818633c2f2 --- /dev/null +++ b/docs/gitbook/enterprise/rbac.md @@ -0,0 +1,29 @@ +# Role-Based Access Control +Role-Based Access Control (RBAC) gives Panther Enterprise deployments fine-grained access control for +their user accounts. A *role* is a configurable set of permissions and every user is assigned +exactly one role. + +## Default Roles +When you first deploy Panther Enterprise, the following 3 roles are created for you: + +![Default Roles](../.gitbook/assets/rbac-default-roles.png) + +* The "Admin" role will be automatically assigned to all existing users when upgrading from the +community edition and has all available permissions. +* The "Analyst" role can use all of the cloud security and log analysis features, but can't view or +modify settings. +* The "AnalystReadOnly" role can view resources and alerts and Python code, but can't change anything. + +## Customizing Roles +All roles (including the default ones above) are fully customizable by any user with UserModify permissions: + +* You can create as many roles as you want (see the "Create New" button in the screenshot above) +* Roles can be renamed as long as the names are unique +* Role permissions can be changed as long as at least one user has UserModify permissions +* Roles can be deleted as long as no users are currently assigned to them + +When you create or edit a role, you are shown the following screen: + +![Role Edit 1](../.gitbook/assets/rbac-role-edit1.png) +![Role Edit 2](../.gitbook/assets/rbac-role-edit2.png) +![Role Edit 3](../.gitbook/assets/rbac-role-edit3.png) diff --git a/go.mod b/go.mod index 4c57d1a2ea..6d6d5bdfd0 100644 --- a/go.mod +++ b/go.mod @@ -4,13 +4,13 @@ go 1.14 require ( github.com/alecthomas/jsonschema v0.0.0-20200217214135-7152f22193c9 - github.com/aws/aws-lambda-go v1.15.0 - github.com/aws/aws-sdk-go v1.29.32 + github.com/aws/aws-lambda-go v1.16.0 + github.com/aws/aws-sdk-go v1.30.6 github.com/cenkalti/backoff v2.2.1+incompatible github.com/fatih/color v1.9.0 github.com/go-openapi/errors v0.19.4 github.com/go-openapi/loads v0.19.5 // indirect - github.com/go-openapi/runtime v0.19.14 + github.com/go-openapi/runtime v0.19.15 github.com/go-openapi/spec v0.19.7 // indirect github.com/go-openapi/strfmt v0.19.5 github.com/go-openapi/swag v0.19.8 @@ -19,7 +19,6 @@ require ( github.com/google/uuid v1.1.1 github.com/hashicorp/golang-lru v0.5.4 github.com/influxdata/go-syslog/v3 v3.0.0 - github.com/jmespath/go-jmespath v0.3.0 // indirect github.com/joho/godotenv v1.3.0 github.com/json-iterator/go v1.1.9 github.com/kelseyhightower/envconfig v1.4.0 @@ -33,9 +32,10 @@ require ( github.com/stretchr/testify v1.5.1 github.com/tidwall/gjson v1.6.0 github.com/tidwall/pretty v1.0.1 // indirect - go.mongodb.org/mongo-driver v1.3.1 // indirect + go.mongodb.org/mongo-driver v1.3.2 // indirect go.uber.org/zap v1.14.1 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e // indirect + golang.org/x/sys v0.0.0-20200406155108-e3b113bbe6a4 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect gopkg.in/go-playground/validator.v9 v9.31.0 gopkg.in/yaml.v2 v2.2.8 diff --git a/go.sum b/go.sum index f630465ab7..ffc3c15625 100644 --- a/go.sum +++ b/go.sum @@ -14,10 +14,10 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 h1:zV3ejI06GQ59hwDQAvmK1qxOQGB3WuVTRoY0okPTAv0= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= -github.com/aws/aws-lambda-go v1.15.0 h1:QAhRWvXttl8TtBsODN+NzZETkci2mdN/paJ0+1hX/so= -github.com/aws/aws-lambda-go v1.15.0/go.mod h1:FEwgPLE6+8wcGBTe5cJN3JWurd1Ztm9zN4jsXsjzKKw= -github.com/aws/aws-sdk-go v1.29.32 h1:o4I8Qc+h9ht8NXvTHeXZH3EmtSUZ/PC0bg9Wawr+aTA= -github.com/aws/aws-sdk-go v1.29.32/go.mod h1:1KvfttTE3SPKMpo8g2c6jL3ZKfXtFvKscTgahTma5Xg= +github.com/aws/aws-lambda-go v1.16.0 h1:9+Pp1/6cjEXYhwadp8faFXKSOWt7/tHRCnQxQmKvVwM= +github.com/aws/aws-lambda-go v1.16.0/go.mod h1:FEwgPLE6+8wcGBTe5cJN3JWurd1Ztm9zN4jsXsjzKKw= +github.com/aws/aws-sdk-go v1.30.6 h1:GuWgFWWR9CF8mO9SM6N9oZt0vM0yzgPCMDDZOEQb8l4= +github.com/aws/aws-sdk-go v1.30.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -67,8 +67,8 @@ github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2e github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= -github.com/go-openapi/runtime v0.19.14 h1:/k1/W4Cgs73kOdlPCaZCu77jC1FHhNY6sUOnVvtOX94= -github.com/go-openapi/runtime v0.19.14/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= +github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM= +github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= @@ -144,8 +144,6 @@ github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/go-syslog/v3 v3.0.0 h1:jichmjSZlYK0VMmlz+k4WeOQd7z745YLsvGMqwtYt4I= github.com/influxdata/go-syslog/v3 v3.0.0/go.mod h1:tulsOp+CecTAYC27u9miMgq21GqXRW6VdKbOG+QSP4Q= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= @@ -250,8 +248,8 @@ go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL go.mongodb.org/mongo-driver v1.1.2 h1:jxcFYjlkl8xaERsgLo+RNquI0epW6zuy/ZRQs6jnrFA= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= -go.mongodb.org/mongo-driver v1.3.1 h1:op56IfTQiaY2679w922KVWa3qcHdml2K/Io8ayAOUEQ= -go.mongodb.org/mongo-driver v1.3.1/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= +go.mongodb.org/mongo-driver v1.3.2 h1:IYppNjEV/C+/3VPbhHVxQ4t04eVW0cLp0/pNdW++6Ug= +go.mongodb.org/mongo-driver v1.3.2/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= @@ -300,8 +298,9 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200406155108-e3b113bbe6a4 h1:c1Sgqkh8v6ZxafNGG64r8C8UisIW2TKMJN8P86tKjr0= +golang.org/x/sys v0.0.0-20200406155108-e3b113bbe6a4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= diff --git a/web/src/constants.ts b/web/src/constants.ts index 4d4280cad2..019f68c5a4 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -32,16 +32,16 @@ export const INCLUDE_UPPERCASE_REGEX = new RegExp('(?=.*[A-Z])'); export const INCLUDE_SPECIAL_CHAR_REGEX = new RegExp('[^\\d\\sA-Za-z]'); export const DEFAULT_POLICY_FUNCTION = - 'def policy(resource):\n\t# Write your code here.\n\treturn True'; + 'def policy(resource):\n\t# Return False if the resource is non-compliant, which will trigger alerts/remediation.\n\treturn True'; export const DEFAULT_RULE_FUNCTION = - 'def rule(event):\n\t# Write your rule code here.\n\treturn False'; + 'def rule(event):\n\t# Return True to match the log event and trigger an alert.\n\treturn False'; export const DEFAULT_TITLE_FUNCTION = - "def title(event):\n\t# Write code here for alert title generation.\n\treturn ''"; + "def title(event):\n\t# (Optional) Return a string which will be shown as the alert title.\n\treturn ''"; export const DEFAULT_DEDUP_FUNCTION = - "def dedup(event):\n\t# Write code here for generating dedup string.\n\treturn ''"; + "def dedup(event):\n\t# (Optional) Return a string which will de-duplicate similar alerts.\n\treturn ''"; export const RESOURCE_TYPES = [ 'AWS.ACM.Certificate', diff --git a/web/src/pages/GeneralSettings/GeneralSettings.tsx b/web/src/pages/GeneralSettings/GeneralSettings.tsx index c4acc98fd5..2b2b55a8a2 100644 --- a/web/src/pages/GeneralSettings/GeneralSettings.tsx +++ b/web/src/pages/GeneralSettings/GeneralSettings.tsx @@ -83,21 +83,37 @@ const GeneralSettingsContainer: React.FC = () => { - + Plan Community - - + + Version {process.env.PANTHER_VERSION || 'N/A'} + + + AWS Account ID + + + {process.env.AWS_ACCOUNT_ID || 'N/A'} + + + + + AWS Region + + + {process.env.AWS_REGION || 'N/A'} + +