From 6e4c0e01166e7b72c7bdb46593fb42eed14c1326 Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Sun, 11 Feb 2024 20:21:48 -0600 Subject: [PATCH 1/2] Asana Code Cleanup --- Scripts/SecretServer/Asana/Delinea.PoSH.Helpers/Utils.psm1 | 2 -- Scripts/SecretServer/Asana/Discovery/Asana Discovery.ps1 | 5 +---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/Scripts/SecretServer/Asana/Delinea.PoSH.Helpers/Utils.psm1 b/Scripts/SecretServer/Asana/Delinea.PoSH.Helpers/Utils.psm1 index 0cd83a3..1b9a879 100644 --- a/Scripts/SecretServer/Asana/Delinea.PoSH.Helpers/Utils.psm1 +++ b/Scripts/SecretServer/Asana/Delinea.PoSH.Helpers/Utils.psm1 @@ -28,8 +28,6 @@ function Write-Log { # Write Log data $MessageString = "{0}`t| {1}`t| {2}`t| {3}" -f $Timestamp, $MessageLevel, $logApplicationHeader, $Message $MessageString | Out-File -FilePath $LogFile -Encoding utf8 -Append -ErrorAction SilentlyContinue - $Color = @{ 0 = 'Green'; 1 = 'Cyan'; 2 = 'Yellow'; 3 = 'Red'} - #Write-Host -ForegroundColor $Color[$ErrorLevel] -Object ( $DateTime + $Message) } if($LogFileCheck){ if($LogFile -eq $null -or $LogFile -eq ""){ diff --git a/Scripts/SecretServer/Asana/Discovery/Asana Discovery.ps1 b/Scripts/SecretServer/Asana/Discovery/Asana Discovery.ps1 index c6c6d77..aa85935 100644 --- a/Scripts/SecretServer/Asana/Discovery/Asana Discovery.ps1 +++ b/Scripts/SecretServer/Asana/Discovery/Asana Discovery.ps1 @@ -1,7 +1,6 @@ Import-Module -Name "$env:ProgramFiles\Thycotic Software Ltd\Distributed Engine\Delinea.PoSH.Helpers\Utils.psm1" -#Import-Module -Name ".\Delinea.PoSH.Helpers\Utils.psm1" #region define variables #Define Argument Variables @@ -129,9 +128,7 @@ catch { #region Main Process #Region Get Advanced User Data -<# - if Discovery Mode is set to default, parsing svcAccount names and admin users is skipped -#> + #if Discovery Mode is set to default, parsing svcAccount names and admin users is skipped if($DiscoveryMode -eq "Advanced"){ From 4252840a845095dab5f2e8c86e03999d7da9207e Mon Sep 17 00:00:00 2001 From: tylerezimmerman <100804646+tylerezimmerman@users.noreply.github.com> Date: Sun, 11 Feb 2024 20:48:02 -0600 Subject: [PATCH 2/2] Asan Doc Updates --- .../SecretServer/Asana/Discovery/readme.md | 40 +++++++++---------- Scripts/SecretServer/Asana/Instructions.md | 14 +++---- .../Asana/RemotePasswordChanger/readme.md | 28 ++++++------- .../SecretServer/Asana/Templates/readme.md | 14 ++++--- Scripts/SecretServer/Asana/readme.md | 2 +- 5 files changed, 49 insertions(+), 49 deletions(-) diff --git a/Scripts/SecretServer/Asana/Discovery/readme.md b/Scripts/SecretServer/Asana/Discovery/readme.md index e483b31..fc236ad 100644 --- a/Scripts/SecretServer/Asana/Discovery/readme.md +++ b/Scripts/SecretServer/Asana/Discovery/readme.md @@ -1,8 +1,8 @@ # Asana Local Account Discovery -Add Disclaimer + ## Create Discovery Source -This scanner can help perform a Scan for user accounts within Asana. Account types will be distinguished by appropriate groups, roles, and/or sites designated by Asana. +This scanner can help perform a scan for user accounts within Asana. Account types will be distinguished by appropriate groups, roles, and/or sites designated by Asana. ### Create SaaS Scan Template If this Script has already been created in another Delinea Integration package please skip @@ -12,14 +12,14 @@ to the [Create Account Scan Template](#create-account-scan-template ) - Navigate to **ADMIN** > **Discovery** > **Configuration** > **Scanner Definition** > **Scan Templates** - Click **Create Scan Template** - Fill out the required fields with the information - - **Nmae:** (Example: SaaS Tenant) + - **Name:** (Example: SaaS Tenant) - **Active:** (Checked) - **Scan Type:** Host - **Parent Scan Template:** Host Range - **Fields** - Change HostRange to **tenant-url** - Click Save - - This completes the creation of the Saas Scan Template Creation +- This completes the creation of the Saas Scan Template Creation ### Create Account Scan Template @@ -28,7 +28,7 @@ to the [Create Account Scan Template](#create-account-scan-template ) - Navigate to **ADMIN** > **Discovery** > **Configuration** > **Scanner Definition** > **Scan Templates** - Click **Create Scan Template** - Fill out the required fields with the information - - **Nmae:** (Example: Asana Account) + - **Name:** (Example: Asana Account) - **Active:** (Checked) - **Scan Type:** Account - **Parent Scan Template:** Account(Basic) @@ -38,7 +38,7 @@ to the [Create Account Scan Template](#create-account-scan-template ) - Add field: Service-Account (Leave Parent and Include in Match Blank) - Add field: Local-Account (Leave Parent and Include in Match Blank) - Click Save - - This completes the creation of the Account Scan Template Creation +- This completes the creation of the Account Scan Template Creation ### Create Discovery Script @@ -54,9 +54,9 @@ to the [Create Account Scan Template](#create-account-scan-template ) - Merge Fields: Leave Blank - Script: Copy and paste the Script included in the file [Asana Discovery.ps1](./Asana%20Discovery.ps1) - Click Save - - This completes the creation of the Local Account Discovery Script +- This completes the creation of the Local Account Discovery Script -### Create Saas Tenant Scanner +### Create SaaS Tenant Scanner If this Scanner has already been created in another Delinea Integration package please skip to the [Create Account Scanner Section](#create-Asana-account-scanner) @@ -73,7 +73,7 @@ to the [Create Account Scanner Section](#create-Asana-account-scanner) - **Input Template**: Manual Input Discovery - **Output Template:**: Saas Tenant (Use Template that Was Created in the [SaaS Scan Template Section](#create-saas-scan-template)) - Click Save - - This completes the creation of the Saas Tenant Scanner +- This completes the creation of the Saas Tenant Scanner ### Create Asana Account Scanner @@ -91,7 +91,7 @@ to the [Create Account Scanner Section](#create-Asana-account-scanner) - **Script:** Asana Local Account Scanner (Use Script Created in the [Create Discovery Script Section](#create-discovery-script)) - **Script Arguments:** ```Advanced $[1]$PAToken $[1]$service-account-name $[1]$DomainName``` - Click Save - - This completes the creation of the Asana Account Scanner + - This completes the creation of the Asana Account Scanner ### Create Discovery Source @@ -100,22 +100,22 @@ to the [Create Account Scanner Section](#create-Asana-account-scanner) - Click **Empty Discovery Source** -Enter the Values below - **Name:** (example: Asana Tenant) - - **Site** (Select Site Where Discovery will run) - - **Source Type** Empty + - **Site:** (Select Site Where Discovery will run) + - **Source Type:** Empty - Click Save - Click Cancel on the Add Flow Screen - Click **Add Scanner** -- Find the Saas Tenant Scanner or the Scanner Created in the [Create Saas Tenant Scanner Section](#create-saas-tenant-scanner) and Click **Add Scanner** -- Select the Scanner just Ceated and Click **Edit Scanner** -- In the **lines Parse Format** Section Enter the Source Name (example: Asana Tenant) +- Find the Saas Tenant Scanner or the Scanner Created in the [Create Saas Tenant Scanner Section](#create-saas-tenant-scanner) and click **Add Scanner** +- Select the Scanner just Ceated and click **Edit Scanner** +- In the **Lines Parse Format** Section Enter the Source Name (example: Asana Tenant) - Click **Save** - Click **Add Scanner** - Find the Asana Local Account Scanner or the Scanner Creatted in the [Create Asana Account Scanner Section](#create-Asana-account-scanner) and Click **Add Scanner** -- Select the Scanner just Created and Click **Edit Scanner** +- Select the Scanner just created and click **Edit Scanner** - Click **Edit Scanner** - Click the **Add Secret** Link -- Search for the Discovery Account Secret created in the [Instructions.md file](../Instructions.md) +- Search for the Discovery Account Secret created in the [Instructions File](../Instructions.md) - Check the Use Site Run As Secret Check box to enable it **Note Default Site run as Secret had to be setup in the Site configuration. See the [Setting the Default PowerShell Credential for a Site](https://docs.delinea.com/online-help/secret-server/authentication/secret-based-credentials-for-scripts/index.htm?Highlight=site) Section in the Delinea Documentation @@ -144,11 +144,11 @@ In this section, There are instructions on creating an optional report to displa - Login to Secret Server Tenant (If you have not already done so) - Navigate to the Reports module -- click on the New Report Button +- Click on the New Report Button - Fill in the following values: - - Name: The name of the Discovery Source you just Created in the [Create Discovery Source ](#create-discovery-source) Section + - Name: The name of the Discovery Source you just Created in the [Create Discovery Source ](#create-discovery-source) section - Description: (Enter something meaningful to your organization) - - Category: Select the Section where you would like the report to appear (ex. Discovery Scan) + - Category: Select the section where you would like the report to appear (ex. Discovery Scan) - Report SQL: Copy and Paste the SQL Query below ***Note** " You must replace the WHERE d.DiscoverySourceId = 32 value with the Discovery Source ID of the Discovery source you are reporting on. You can find this by opening up the Discovery source and finding the ID in the URL diff --git a/Scripts/SecretServer/Asana/Instructions.md b/Scripts/SecretServer/Asana/Instructions.md index cd1f7c8..1bb4cf8 100644 --- a/Scripts/SecretServer/Asana/Instructions.md +++ b/Scripts/SecretServer/Asana/Instructions.md @@ -38,8 +38,6 @@ Due to the requirement of user challenge interaction with the Client_Credentials More information can be found [here](https://developers.asana.com/docs/authentication). -​ - ### Prerequisites @@ -58,15 +56,13 @@ More information can be found [here](https://developers.asana.com/docs/authentic - Create and record the PAT using the user account with appropriate permissions that the client needs to access the restricted resources on the instance. - - -*** For more information and directions, click [here](https://developers.asana.com/docs/personal-access-token). +- For more information and directions, click [here](https://developers.asana.com/docs/personal-access-token). - Document the following values as they will be needed in the upcoming sections -- PAT value + - PAT value @@ -90,7 +86,7 @@ The following steps are required to create the Secret Template for Asana Users: - Click on Import. -- Copy and Paste the XML in the [Asana User Template.xml File](./Templates/Asana%20User%20Account.xml) +- Copy and Paste the XML in the [Asana User Template File](./Templates/Asana%20User%20Account.xml) - Click on Save @@ -114,7 +110,7 @@ The following steps are required to create the Secret Template for Asana Discove - Click on Import. -- Copy and Paste the XML in the [Asana Discovery Account Template.xml File](./Templates/Asana%20Discovery%20Credentials.xml) +- Copy and Paste the XML in the [Asana Discovery Account Template File](./Templates/Asana%20Discovery%20Credentials.xml) - Click on Save @@ -131,7 +127,7 @@ The following steps are required to create the Secret Template for Asana Discove - Click on Create Secret -- Select the template created in the earlier step [Above](#Asana-discovery-account-template). +- Select the template created in the earlier step [above](#Asana-discovery-account-template). - Fill out the required fields with the information from the application registration diff --git a/Scripts/SecretServer/Asana/RemotePasswordChanger/readme.md b/Scripts/SecretServer/Asana/RemotePasswordChanger/readme.md index 9d11a42..5b0dd94 100644 --- a/Scripts/SecretServer/Asana/RemotePasswordChanger/readme.md +++ b/Scripts/SecretServer/Asana/RemotePasswordChanger/readme.md @@ -1,12 +1,12 @@ # Asana Remote Password changer -The steps below show how to Set up and configure a Asana Remote Password Changer, and Delinea Secret Server. +The steps below show how to set up and configure a Asana Remote Password Changer, and Delinea Secret Server. -If you have not already done so, please follow the steps in the **Instructions.md Document** found [Here](../Instructions.md) +If you have not already done so, please follow the steps in the **Instructions Document** found [Here](../Instructions.md) ## Disclaimer > [!WARNING] -> **Currently, Asana does not support remote password changing or heartbeating for user accounts. The scripts provided here are placeholders to enable the functionality within and for Discovery.** +> **Currently, Asana does not support remote password changing or heartbeating for user accounts. The scripts provided here are placeholders to enable the functionality for Discovery.** ## Create Scripts @@ -23,9 +23,9 @@ If you have not already done so, please follow the steps in the **Instructions.m - **Script Type**: Powershell - **Category**: Password Changing - **Merge Fields**: Leave Blank - - **Script**: Copy and paste the Script included in the file [Asana Remote Password Changer.ps1](./Asana%20RPC%20Placeholder.ps1) + - **Script**: Copy and paste the Script included in the file [Asana Remote Password Changer](./Asana%20RPC%20Placeholder.ps1) - Click Save - - This completes the creation of the Remote Password Script +- This completes the creation of the Remote Password Script ### Heartbeat Script @@ -39,9 +39,9 @@ If you have not already done so, please follow the steps in the **Instructions.m - **Script Type**: Powershell - **Category**: Heartbeat - **Merge Fields**: Leave Blank - - **Script**: Copy and paste the Script included in the file [Asana Heartbeat.ps1](./Asana%20Heartbeat%20Placeholder.ps1) + - **Script**: Copy and paste the Script included in the file [Asana Heartbeat](./Asana%20Heartbeat%20Placeholder.ps1) - Click Save - - This completes the creation of the Asana Heartbeat Script +- This completes the creation of the Asana Heartbeat Script ## Create Password Changer @@ -49,7 +49,7 @@ If you have not already done so, please follow the steps in the **Instructions.m - Navigate to **ADMIN** > **Remote Password Changing** - Click on Options (Dropdown List) and select ***Configure Password Changers** - Click on Create Password Changer -- Click on ***Base Password Changer* (Dropdown List) and Select PowerShell Script +- Click on **Base Password Changer** (Dropdown List) and select PowerShell Script - Enter a Name (Example - Asana Remote Password Changer ) - Click Save - Under the **Verify Password Changed Commands** section, Enter the following information: @@ -58,8 +58,8 @@ If you have not already done so, please follow the steps in the **Instructions.m - **Script Args**: ``` ``` - Click **Save** -- Under the **Password Change Commands** Section, Enter the following information: - - **PowerShell Script** (DropdownList) Select PowerShell Script or the Script that was Created in the [remote-password-changer-script](#remote-password-changer-script) Section +- Under the **Password Change Commands** section, enter the following information: + - **PowerShell Script** (DropdownList) Select PowerShell Script or the Script that was created in the [remote-password-changer-script](#remote-password-changer-script) Section - **Script Args**: ``` ``` - Click **Save** @@ -69,7 +69,7 @@ If you have not already done so, please follow the steps in the **Instructions.m - Log in to Secret Server Tenant (if not alreday logged in) - Navigate to **ADMIN** > **Secret Templates** -- Find and Select the Asana User Template created in the [Instructions.md Document](../Instructions.md) +- Find and Select the Asana User Template created in the [Instructions Document](../Instructions.md) - Select the **Mapping** Tab - In the **Password Changing** section, click edit and fill out the following - **Enable RPC** Checked @@ -89,11 +89,11 @@ If you have not already done so, please follow the steps in the **Instructions.m - Log in to Secret Server Tenant (if not already logged in) - Navigate to **ADMIN** > **Remote Password Changing** -- Click on Options (Dropdown List) and select ***Configure Password Changers** +- Click on Options (Dropdown List) and select **Configure Password Changers** - Select the Asana Remote Password Changer or the Password Changer created in the [create-password-change](#create-password-changer) section -- Click **Configure Scan Template at the bottom of the page** +- Click **Configure Scan Template** at the bottom of the page - Click Edit -- Click the **Scan Template to use** (Dropdown List) Select the Asana User template created in the [Instructions.md Document](../Instructions.md) +- Click the **Scan Template to Use** (Dropdown List) Select the Asana User template created in the [Instructions Document](../Instructions.md) - Map the following fields that appear after the selection - **tenant-url** -> Domain - **Username** -> username diff --git a/Scripts/SecretServer/Asana/Templates/readme.md b/Scripts/SecretServer/Asana/Templates/readme.md index 825346f..50dfb90 100644 --- a/Scripts/SecretServer/Asana/Templates/readme.md +++ b/Scripts/SecretServer/Asana/Templates/readme.md @@ -8,7 +8,7 @@ The following steps are required to create the Secret Template for Asana Users: - Navigate to Admin / Secret Templates - Click on Create / Import Template - Click on Import. -- Copy and Paste the XML in the [Asana User Template.xml File](./Asana%20User%20Account.xml) +- Copy and Paste the XML in the [Asana User Template File](./Asana%20User%20Account.xml) - Click on Save - This completes the creation of the User Account template @@ -20,7 +20,7 @@ The following steps are required to create the Secret Template for Asana Discove - Navigate to Admin / Secret Templates - Click on Create / Import Template - Click on Import. -- Copy and Paste the XML in the [Asana Discovery Account Template.xml File](./Asana%20Discovery%20Credentials.xml) +- Copy and Paste the XML in the [Asana Discovery Account Template File](./Asana%20Discovery%20Credentials.xml) - Click on Save - This completes the creation of the Discovery Account template @@ -30,7 +30,7 @@ The following steps are required to create the Secret Template for Asana Discove - Log in to the Delinea Secret Server (If you have not already done so) - Navigate to Secrets - Click on Create Secret -- Select the template created in the earlier step [Above](#Asana-discovery-account-template). +- Select the template created in the earlier step [above](#Asana-discovery-account-template). - Fill out the required fields with the information from the application registration - Secret Name (for example Asana Discovery Account) - tenant-url (base Asana url with no trailing slash) @@ -44,9 +44,13 @@ The following steps are required to create the Secret Template for Asana Discove - The **service-account-name** field will contain a comma-separated list of Naming conventions you designate as **Service Accounts**. This assumes you have allocated and assigned a naming convention specifically for demarking service accounts. Examples to match naming conventions like *svc-accountName* and *ApplicationSvc2*: ```Svc-*,*svc*``` + +- The **DomainName** field will contain a single domain for identifying users of a particular domain. All users not part of this domain will be considered "Local Accounts". + + > [!IMPORTANT] > A wildcard character (*) will be used to format the naming convention appropriately. Currently, the filter does **not** use Regular Expression and is not case sensitive. -- The **DomainName** field will contain a single domain for identifying users of a particular domain. All users not part of this domain will be considered "Local Accounts". + > [!NOTE] -> This field is matched from the domain of users' email address. For example, if the field value contains "Domain.com", any user's email with @domain.com will be matched (Local-Account = False) and all other domains will return Local-Account = True. \ No newline at end of file +> This field is matched from the domain of users email address. For example, if the field value contains "domain.com", any users email with @domain.com will be matched (Local-Account = False) and all other domains will return Local-Account = True. \ No newline at end of file diff --git a/Scripts/SecretServer/Asana/readme.md b/Scripts/SecretServer/Asana/readme.md index 0e87f4f..7c37718 100644 --- a/Scripts/SecretServer/Asana/readme.md +++ b/Scripts/SecretServer/Asana/readme.md @@ -2,7 +2,7 @@ -This package is designed to discover Asana User Accounts. It will provide detailed instructions and the necessary Scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the Instructions.md document which can be found [Here](./Instructions.md) +This package is designed to discover Asana User Accounts. It will provide detailed instructions and the necessary Scripts to perform these functions. Before beginning to implement any of the specific processes it is a requirement to perform the tasks contained in the Instructions.md document which can be found [here](./Instructions.md)