creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-zero-trust-for-saas-applications/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

48 lines
1.7 KiB
Markdown
Raw Blame History

# API Reference: Zero Trust for SaaS Applications
## Microsoft Graph API v1.0
### Authentication
```python
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Body: grant_type=client_credentials&client_id=X&client_secret=Y&scope=https://graph.microsoft.com/.default
```
### Conditional Access
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/identity/conditionalAccess/policies` | List CA policies |
| GET | `/identity/conditionalAccess/policies/{id}` | Get policy details |
### Enterprise Applications
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/servicePrincipals` | List service principals |
| GET | `/oauth2PermissionGrants` | List OAuth consent grants |
| GET | `/appRoleAssignments` | List app role assignments |
### Identity Protection
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/identityProtection/riskyUsers` | List at-risk users |
| GET | `/identityProtection/riskDetections` | Risk detection events |
### CA Policy Grant Controls
| Control | Description |
|---------|-------------|
| `mfa` | Require multi-factor authentication |
| `compliantDevice` | Require Intune-compliant device |
| `domainJoinedDevice` | Require hybrid Azure AD join |
| `passwordChange` | Force password change |
### Risky OAuth Scopes
| Scope | Risk |
|-------|------|
| `Mail.ReadWrite` | Full mailbox access |
| `Files.ReadWrite.All` | All OneDrive/SharePoint files |
| `Directory.ReadWrite.All` | Full directory modification |
## References
- Graph API: https://learn.microsoft.com/en-us/graph/api/overview
- Conditional Access: https://learn.microsoft.com/en-us/entra/identity/conditional-access/
Reference in New Issue View Git Blame Copy Permalink