creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 11:44:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-privileged-account-access-review/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.3 KiB
Raw Blame History

Privileged Account Access Review — API Reference

CSV Input Format

The agent consumes a CSV file with these columns:

Column Type Description
username string Account identifier (SAMAccountName or UPN)
owner string Assigned account owner / manager
roles string Semicolon-separated privilege roles
last_used string ISO date YYYY-MM-DD of last interactive logon
last_certified string ISO date YYYY-MM-DD of most recent access review
account_type string human, service, or shared

Checks Performed

Stale Account Detection

Flags accounts whose last_used date exceeds a configurable threshold (default 90 days). Accounts without a last_used value are automatically flagged as high severity.

Shared Account Detection

Matches username against common shared-account patterns: admin, root, service, svc_, shared, generic, temp. Flags accounts matching these patterns that lack an assigned owner.

Excessive Privilege Detection

Compares the roles field against high-risk role names: Domain Admin, Enterprise Admin, Schema Admin, Global Admin, Super Admin, Root. Any match triggers a critical finding.

Recertification Compliance

Compares last_certified against a configurable interval (default 180 days). Accounts never certified are flagged as critical.

Output Schema

{
  "report": "privileged_account_access_review",
  "generated_at": "ISO-8601 timestamp",
  "total_accounts": 150,
  "total_findings": 12,
  "severity_summary": {"critical": 3, "high": 7, "medium": 2},
  "findings": [
    {
      "account": "svc_backup",
      "issue": "shared_account_no_owner",
      "severity": "critical",
      "detail": "Appears shared (matches 'svc_') with no assigned owner"
    }
  ]
}

Compliance Frameworks

  • NIST SP 800-53 AC-2: Account Management — periodic review of privileged accounts
  • CIS Controls v8 5.3: Disable dormant accounts after 45 days of inactivity
  • PCI DSS 8.1.4: Remove/disable inactive user accounts within 90 days
  • SOX Section 404: Internal controls over financial reporting require access reviews
  • ISO 27001 A.9.2.5: Review of user access rights at planned intervals

CLI Usage

python agent.py --input accounts.csv --stale-days 90 --cert-days 180 --output report.json
Reference in New Issue View Git Blame Copy Permalink