mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,146 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Mobile Application Management Agent - audits MDM policies, app inventory, and compliance posture."""
|
||||
|
||||
import json
|
||||
import argparse
|
||||
import logging
|
||||
import subprocess
|
||||
from collections import defaultdict
|
||||
from datetime import datetime
|
||||
|
||||
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def mdm_api_request(base_url, token, endpoint, method="GET"):
|
||||
"""Execute MDM API request via curl."""
|
||||
cmd = ["curl", "-s", "-X", method,
|
||||
"-H", f"Authorization: Bearer {token}",
|
||||
"-H", "Accept: application/json",
|
||||
f"{base_url}{endpoint}"]
|
||||
result = subprocess.run(cmd, capture_output=True, text=True)
|
||||
return json.loads(result.stdout) if result.stdout else {}
|
||||
|
||||
|
||||
def get_managed_devices(base_url, token):
|
||||
"""Get all managed devices."""
|
||||
return mdm_api_request(base_url, token, "/api/v1/devices")
|
||||
|
||||
|
||||
def get_managed_apps(base_url, token):
|
||||
"""Get managed application inventory."""
|
||||
return mdm_api_request(base_url, token, "/api/v1/apps")
|
||||
|
||||
|
||||
def get_compliance_policies(base_url, token):
|
||||
"""Get device compliance policies."""
|
||||
return mdm_api_request(base_url, token, "/api/v1/compliance/policies")
|
||||
|
||||
|
||||
def get_app_protection_policies(base_url, token):
|
||||
"""Get MAM app protection policies."""
|
||||
return mdm_api_request(base_url, token, "/api/v1/app-protection-policies")
|
||||
|
||||
|
||||
def audit_device_compliance(devices):
|
||||
"""Audit device compliance status."""
|
||||
compliant = 0
|
||||
non_compliant = 0
|
||||
issues = defaultdict(int)
|
||||
for device in devices:
|
||||
if device.get("compliance_state") == "compliant":
|
||||
compliant += 1
|
||||
else:
|
||||
non_compliant += 1
|
||||
for issue in device.get("compliance_issues", []):
|
||||
issues[issue] += 1
|
||||
return {
|
||||
"total_devices": len(devices),
|
||||
"compliant": compliant,
|
||||
"non_compliant": non_compliant,
|
||||
"compliance_rate": round(compliant / max(len(devices), 1) * 100, 1),
|
||||
"top_issues": dict(sorted(issues.items(), key=lambda x: x[1], reverse=True)[:10]),
|
||||
}
|
||||
|
||||
|
||||
def audit_app_security(apps):
|
||||
"""Audit managed app security configuration."""
|
||||
findings = []
|
||||
for app in apps:
|
||||
app_name = app.get("name", "unknown")
|
||||
if not app.get("managed"):
|
||||
findings.append({"app": app_name, "issue": "unmanaged_app", "severity": "medium"})
|
||||
if app.get("data_sharing_allowed"):
|
||||
findings.append({"app": app_name, "issue": "data_sharing_enabled", "severity": "high"})
|
||||
if not app.get("encryption_required"):
|
||||
findings.append({"app": app_name, "issue": "encryption_not_required", "severity": "high"})
|
||||
if not app.get("pin_required"):
|
||||
findings.append({"app": app_name, "issue": "no_app_pin", "severity": "medium"})
|
||||
if app.get("allow_backup_to_cloud"):
|
||||
findings.append({"app": app_name, "issue": "cloud_backup_allowed", "severity": "medium"})
|
||||
return findings
|
||||
|
||||
|
||||
def audit_protection_policies(policies):
|
||||
"""Audit MAM protection policy configuration."""
|
||||
results = []
|
||||
for policy in policies:
|
||||
checks = {
|
||||
"data_transfer_restricted": policy.get("restrict_cut_copy_paste", False),
|
||||
"save_as_blocked": policy.get("block_save_as", False),
|
||||
"screen_capture_blocked": policy.get("block_screen_capture", False),
|
||||
"managed_browser_required": policy.get("require_managed_browser", False),
|
||||
"min_os_version_set": bool(policy.get("minimum_os_version")),
|
||||
"jailbreak_detection": policy.get("block_jailbroken", False),
|
||||
"offline_grace_period_set": bool(policy.get("offline_interval")),
|
||||
}
|
||||
passed = sum(1 for v in checks.values() if v)
|
||||
results.append({
|
||||
"policy_name": policy.get("name", "unknown"),
|
||||
"platform": policy.get("platform", "unknown"),
|
||||
"checks": checks,
|
||||
"score": round(passed / max(len(checks), 1) * 100, 1),
|
||||
})
|
||||
return results
|
||||
|
||||
|
||||
def generate_report(devices, apps, policies, protection_policies):
|
||||
device_audit = audit_device_compliance(devices)
|
||||
app_findings = audit_app_security(apps)
|
||||
policy_audit = audit_protection_policies(protection_policies)
|
||||
report = {
|
||||
"timestamp": datetime.utcnow().isoformat(),
|
||||
"device_compliance": device_audit,
|
||||
"app_security_findings": len(app_findings),
|
||||
"high_severity_findings": len([f for f in app_findings if f["severity"] == "high"]),
|
||||
"app_findings_detail": app_findings[:20],
|
||||
"protection_policy_audit": policy_audit,
|
||||
"overall_mam_score": round(
|
||||
sum(p["score"] for p in policy_audit) / max(len(policy_audit), 1), 1),
|
||||
}
|
||||
return report
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Mobile Application Management Audit Agent")
|
||||
parser.add_argument("--mdm-url", required=True, help="MDM/UEM API base URL")
|
||||
parser.add_argument("--token", required=True, help="API bearer token")
|
||||
parser.add_argument("--output", default="mam_audit_report.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
devices = get_managed_devices(args.mdm_url, args.token)
|
||||
apps = get_managed_apps(args.mdm_url, args.token)
|
||||
policies = get_compliance_policies(args.mdm_url, args.token)
|
||||
protection = get_app_protection_policies(args.mdm_url, args.token)
|
||||
report = generate_report(devices, apps, policies, protection)
|
||||
with open(args.output, "w") as f:
|
||||
json.dump(report, f, indent=2, default=str)
|
||||
logger.info("MAM audit: %d devices (%.1f%% compliant), %d app findings, MAM score %.1f%%",
|
||||
report["device_compliance"]["total_devices"],
|
||||
report["device_compliance"]["compliance_rate"],
|
||||
report["app_security_findings"], report["overall_mam_score"])
|
||||
print(json.dumps(report, indent=2, default=str))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user