mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.6 KiB
1.6 KiB
API Reference: Implementing Just-In-Time Access Provisioning
Azure AD PIM API (JIT for Azure)
import requests
headers = {"Authorization": "Bearer <token>"}
# Activate eligible role
requests.post(
"https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests",
headers=headers,
json={"action": "selfActivate", "roleDefinitionId": ROLE_ID,
"directoryScopeId": "/", "justification": "Incident response",
"scheduleInfo": {"expiration": {"type": "afterDuration", "duration": "PT4H"}}})
JIT Risk-Based Approval
| Risk Level | Approval | Max Duration |
|---|---|---|
| Low | Auto-approve | 4 hours |
| Medium | Manager | 8 hours |
| High | Manager + Security | 4 hours |
| Critical | CISO + Manager + Security | 2 hours |
AWS IAM Access Analyzer
# Find unused permissions for JIT conversion
aws accessanalyzer list-findings --analyzer-arn ARN --filter '{"status": {"eq": ["ACTIVE"]}}'
CyberArk PAS REST API (JIT Privileged Access)
# Request JIT access
curl -X POST "https://VAULT/PasswordVault/api/MyRequests" \
-H "Authorization: $TOKEN" \
-d '{"AccountId": "ACC_ID", "Reason": "Maintenance", "TicketingSystemName": "ServiceNow"}'
Key Metrics
| Metric | Target |
|---|---|
| Avg approval time | < 15 min |
| Auto-approval rate | 40-60% (low risk) |
| Standing privilege reduction | > 80% |
| Expired access auto-revoked | 100% |
References
- Azure PIM: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/
- CyberArk JIT: https://docs.cyberark.com/
- NIST 800-53 AC-6: Least Privilege