This repository was archived by the owner on Apr 10, 2025. It is now read-only.
This repository was archived by the owner on Apr 10, 2025. It is now read-only.
Question for issue_token_secrets and list_secret policies #17
Description
Documentation link
Describe the problem
I am currently studying your detection rules and have come across a couple of questions that I would appreciate your assistance with.
Regarding the "issue_token_secrets" rule, it appears to detect permissions related to modifying or creating secrets. I would like to understand how this rule handles the issuance of administrator-equivalent service account privileges.
Additionally, I believe that the risk level associated with the "list_secret" rule could be increased. I would like to suggest considering an adjustment to reflect a higher level of risk.