creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
27c6414ca5ae1b96adc7b36e2e486db95cbcb7c0
Anthropic-Cybersecurity-Skills/skills/implementing-conditional-access-policies-azure-ad/scripts/agent.py
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

138 lines
5.5 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Azure AD Conditional Access policy audit agent using Microsoft Graph API."""
import argparse
import json
import logging
import os
import sys
from datetime import datetime
from typing import Dict, List
try:
import requests
except ImportError:
sys.exit("requests required: pip install requests")
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
logger = logging.getLogger(__name__)
GRAPH_BASE = "https://graph.microsoft.com/v1.0"
class ConditionalAccessClient:
"""Client for Microsoft Graph Conditional Access API."""
def __init__(self, tenant_id: str, client_id: str, client_secret: str):
self.token = self._auth(tenant_id, client_id, client_secret)
self.headers = {"Authorization": f"Bearer {self.token}"}
def _auth(self, tenant_id, client_id, client_secret) -> str:
resp = requests.post(
f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
data={"grant_type": "client_credentials", "client_id": client_id,
"client_secret": client_secret,
"scope": "https://graph.microsoft.com/.default"}, timeout=15)
resp.raise_for_status()
return resp.json()["access_token"]
def list_policies(self) -> List[dict]:
"""List all conditional access policies."""
resp = requests.get(f"{GRAPH_BASE}/identity/conditionalAccess/policies",
headers=self.headers, timeout=30)
resp.raise_for_status()
return resp.json().get("value", [])
def list_named_locations(self) -> List[dict]:
"""List named locations used in policies."""
resp = requests.get(f"{GRAPH_BASE}/identity/conditionalAccess/namedLocations",
headers=self.headers, timeout=30)
resp.raise_for_status()
return resp.json().get("value", [])
def audit_policy(policy: dict) -> dict:
"""Audit a single conditional access policy for security gaps."""
findings = []
conditions = policy.get("conditions", {})
grant = policy.get("grantControls", {})
users = conditions.get("users", {})
if "All" in users.get("includeUsers", []) and not users.get("excludeUsers"):
pass
if not grant.get("builtInControls"):
findings.append("No grant controls configured")
if "mfa" not in (grant.get("builtInControls") or []):
findings.append("MFA not required")
if policy.get("state") != "enabled":
findings.append("Policy is not enabled")
apps = conditions.get("applications", {})
if "All" not in apps.get("includeApplications", []):
findings.append("Policy does not cover all applications")
return {
"name": policy.get("displayName", ""),
"state": policy.get("state", ""),
"grant_controls": grant.get("builtInControls", []),
"findings": findings,
"risk_level": "HIGH" if len(findings) >= 2 else "MEDIUM" if findings else "LOW",
}
def check_baseline_policies(policies: List[dict]) -> List[dict]:
"""Check for essential baseline conditional access policies."""
baselines = [
{"name": "Require MFA for admins", "check": lambda p: "mfa" in str(p.get("grantControls", {})).lower() and "admin" in str(p.get("conditions", {}).get("users", {})).lower()},
{"name": "Block legacy authentication", "check": lambda p: "block" in str(p.get("grantControls", {})).lower()},
{"name": "Require compliant devices", "check": lambda p: "compliantDevice" in str(p.get("grantControls", {}))},
]
results = []
for baseline in baselines:
found = any(baseline["check"](p) for p in policies)
results.append({"baseline": baseline["name"], "implemented": found,
"priority": "CRITICAL" if not found else "OK"})
return results
def generate_report(client: ConditionalAccessClient) -> dict:
"""Generate conditional access audit report."""
policies = client.list_policies()
locations = client.list_named_locations()
audited = [audit_policy(p) for p in policies]
baselines = check_baseline_policies(policies)
enabled = sum(1 for p in policies if p.get("state") == "enabled")
report = {
"analysis_date": datetime.utcnow().isoformat(),
"total_policies": len(policies),
"enabled_policies": enabled,
"named_locations": len(locations),
"policy_audits": audited,
"baseline_checks": baselines,
"summary": {
"high_risk": sum(1 for a in audited if a["risk_level"] == "HIGH"),
"missing_baselines": sum(1 for b in baselines if not b["implemented"]),
},
}
return report
def main():
parser = argparse.ArgumentParser(description="Azure AD Conditional Access Audit Agent")
parser.add_argument("--tenant-id", required=True)
parser.add_argument("--client-id", required=True)
parser.add_argument("--client-secret", required=True)
parser.add_argument("--output-dir", default=".")
parser.add_argument("--output", default="conditional_access_report.json")
args = parser.parse_args()
os.makedirs(args.output_dir, exist_ok=True)
client = ConditionalAccessClient(args.tenant_id, args.client_id, args.client_secret)
report = generate_report(client)
out_path = os.path.join(args.output_dir, args.output)
with open(out_path, "w") as f:
json.dump(report, f, indent=2, default=str)
logger.info("Report saved to %s", out_path)
print(json.dumps(report["summary"], indent=2))
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink