I integrated ZAP scans (by proxying e2e tests) in our CI pipelines. I'm checking alert filter plugin to flag false positives. Due to organisational requirements we are supposed to generate two zap html reports
Report without suppressing false positives
Report after suppressing false positives
When I use http://zap/JSON/alertFilter/action/addAlertFilter/... api to mark false positives before active or passive scans, alerts marked as false positives are not reported in HTML (This is expected). After generating report by suppressing false positives, I removed the false positive alert filter using http://zap/JSON/alertFilter/action/removeAlertFilter/... and tried generating report to get all alerts, but Im not getting report with all alerts.
Using ZAP in UI mode I learnt, creating alert filter after alters are generated doesnt change generated alert confidence. We need to apply the alert filter by clicking the button "Apply" in create alter filter dialog. This will change the confidence of alert already generated and now report contains the alerts.
Now I'm unable to find out how to do this via zap api! api for alert filter has create, view and remove alter filter but no apply. how to "apply" the alert filter from zap api? Thank you.
The "Apply Filter" option is really just for manual testing. Filters are applied when the alerts are raised - once they are applied you can 'un-apply' them. You added the filter, ran the active scan and the false positives were removed during the scan. Removing the filter after that will only affect scans you perform after you have removed it. You can still access all of the 'false positive' alerts via the ZAP API. It you still really want to be able to apply a filter dynamically via the API then raise an enhancement request: https://github.com/zaproxy/zaproxy/issues/new?labels=enhancement&template=Feature_request.md
Related
Is there a way to create an Alert Center notification based on criteria returned in the Google Workspace Email Log Search?
For example..
If an email address sends a message to 1000+ recipients or sends 1000 messages to 1000 recipients...
We already see the System Defined alert center actions if say... someone flags a message as phishing, but we want to create a triggered alert rule based on the count of messages.
Thanks in advance.
This can be done using the Investigation tool found at ‘Security’ > ‘Investigation Tool’ Be advised this is a feature available for these editions: Enterprise; Education Standard and Plus as documented here
Basically what you are looking to do is build a query like this:
Data Source = Gmail Log Events
With Conditions Below:
Event Is User spam classification
AND
Spam classification Is Phishing
Like this
Then:
Click on the three dots at the top right, next to the bin icon.
Click on ‘Create activity rule’
Add a name + description. Click on ‘Next: View conditions’
Click on ‘Next: Add Actions’
Select the time window: 24hrs o 1hr
Scroll down and set the threshold desired and configure it (basically after how many incidents this will be triggered)
Add a desired action, eg. Send to quarantine, etc.
Select the severity of this rule
Check the box to ‘Send to alert center’
10.Configure Email Notifications.
11.Click on ‘Next: Review’ and make sure it is set to ‘Active’
12.Finally click on ‘Create Rule’
Keep in mind this may take some propagation time of up to 48hrs. For more information on the Investigation Tool see here
Unfortunately the way the Alert Center works would not allow an integration with the Email log search.
They both work on a different way, the Alert center has his own set of parameters to determine the severity, while the Email log search works like a direct tool to audit the data manually.
I believe the best available option to create rules and get notifications an alerts while using the Alert Center dat, is the Investigation tool which is only available with certain versions, check it!
For your reference i have attached the image of my dashboard below. My requirement is i have to send an alert E-mail whenever the value reached the threshold limit but here the challenge is i am not able to create an alert E-mail notification for Gauge dashboard because i am not able to locate the alert icon.
Could some one help me to achieve this?
You can't - or actually you can. Meaning that for now it is only possible to set up alarms using a graph - therefore it is not possible to set up Gauge-alerts, if that is what you are looking for.
From the documentation:
Currently only the graph panel supports alert rules.
Workaround
(which is actually quite simple to setup - especially if you only have 6 gauges)
:
So my suggestion would be to create a graph with the queries + alert conditions and setup your notification channels.
In your alert conditions you can specify each query (A, B, C, etc). One for each gauge..
For reference check out the documentation: https://grafana.com/docs/grafana/latest/alerting/rules/
If that isn't what you are looking for then please specify the question, and I will gladly help.
If you go to business manager of facebook, then go to the "All Audiences", then under the "Audiences" tab, you will see a "Filters" button right beside the "Create Audience" button. Now my question is, which part the json data being provided by the facebook apis should I based the data that I should pull out based from these filters ?
- Recently Used
- In Active Adverts
- Action Needed
- Shared
Because unlike the "ready" and "not ready" status, those four filters that I mentioned are not straight forward where I can just look for the numbers from the returned json data. so how ?
Most likely, not all of this information is available through the API.
However, if you take a look at the following doc, you can see some reelvant fields that may help:
https://developers.facebook.com/docs/marketing-api/reference/custom-audience
Most likely you can use the field operation_status to look at whether an audience needs action.
For whether it's shared, take a look ad the edge adaccounts which will let you see the ad accounts this audience has been shared with.
For recently used, you'll probably have to look at the edge ads and review the status of the ads.
To save having to make multiple requests, you can take a look at field expansion in the Graph API, which will let you query for fields of objects in results using a single request:
https://developers.facebook.com/docs/graph-api/using-graph-api#fieldexpansion
I'm building a Moodle course for my students who are part of different batches. Each batch refers same lesson notes, but the Quiz and Assignment activities vary for each batch. The students are categorized into groups for the course and access to the activities is restricted. But the course page displays following message for restricted activities. :
"Not available unless: You belong to "
Is there any way to hide the activity as well as a message for restricted users.
You can hide the conditions by clicking on the 'eye' symbol beside the condition you want to hide:
https://docs.moodle.org/en/Restrict_access_settings#Hiding_the_conditions
You could use a hidden section and move the activity within, however the activity won't be accessible by the students in that case, expect if you're running Moodle 3.3. which is providing the new feature stealth mode: https://docs.moodle.org/33/en/Stealth_activities
Maybe it's what you are looking for?
I am attempting to track successful form Submissions using an event in Google Analytics via Google Tag Manager. My current setup successfully tracks when users submit the form. However, the event still fires even when the form submission is invalid and does not submit (ie a user hasn't filled out all of the required fields, clicks the submit button, the form attempts to validate, but comes back to the user with errors instead of submitting). I have the Check Validation feature on my listener checked which theoretically should keep the tag from firing if the form submission is prevented, so it's not the obvious error.
The form in question is created with Sitecore's Web Forms for Marketers. Colleagues of mine have had similar unsolved issues with their WFFM forms.
This particular form is used to gate content so that only users who fill out the form will have access to the content resource. So for example if I go to www.mydomain.com/resource I will be redirected to www.mydomain.com/form where if I fill out all of my information correctly and submit it I will then be redirected to the resource that I was originally attempting to view at www.mydomain.com/resource.
Here's my setup:
Tag 1
Name: Form Submission Listener
Type: Form Submit Listener
Wait For Tags: Checked
Max Wait Time: 2000 milliseconds
Check Validation: Checked
No advanced Settings
Firing Rule: On form pages by URL
Tag 2
Name: Event Form Submission
Type: Universal Analytics
Tracking ID: UA-.....
Enable Display Advertising Features: Checked
Track Type: Event
Category: Form
Action: Submission
Label: {{Form resource URL}}
Non-Interaction Hit: False
No More Settings
No Advanced Settings
Firing Rules: {{event}} equals gtm.formSubmit
Theoretically the Check Validation check box should prevent the tag from firing if the form does not successfully submit, but in the case of this form it does not. The tag fires regardless of whether the form submits or not.
Apologies that I cannot link to the form as it is for a client and behind security.
We were able to find an answer to our question via the Sitecore forums, but I wanted to pass it along for your benefit.
From Sitecore:
The Web Forms module provides the double level validation, 1-client validation, 2-server validation.
By default, the client validation is disable for the Required Field validator. So, when you press Submit, the form posts to the server, and returns with the validation error. It's a possible reason why Google Analytics considers that as a form submit.
Find the following item in the Master database:
/sitecore/system/Modules/Web Forms for Marketers/Settings/System/System Validation/NotEmpty
Find the "Enable Client Script" checkbox and enable it.
Save and publish the item.
Check whether the issue was fixed.
This fixed the issue for all of our text based fields. It did not fix the issue for the one checkbox on the form. I've followed up with sitecore on this, but I figured that I'd update here in the meantime.
With only the checkbox remaining I was also able to use a a macro and add to my original firing rule in google tag manager so that the event would not fire if the checkbox was not checked.
I created a Custom Javascript Macro called Radio Button Checked (not sure it's the best, but it worked), and added a new condition to my original Form Submission Rule: {{Radio Button Checked}} equals true
The macro:
function() {
var radioName = "radioButtonName";
try {
var buttons = document.getElementsByName(radioName);
for (var i = 0;i < buttons.length;i++){
if(buttons[i].checked) {
return true;
}
}
} catch(e) {}
return false;
}
EDIT: Sitecore got back to me about the checkbox issue.
From Sitecore:
Currently the CheckBox field type doesn't have the client-side validation. I registered it as a bug for the WFFM module. I'll let you know as soon as it's fixed.
They let me know also that this isn't something that will be fixed near-term so I need to continue using my GTM workaround for the check box field.
The Google Chrome plugin "Tag Assistant" is super helpful in debugging these sorts of issues. It will show you what (if any) structural or implementation issues exist on a given page that might be preventing your intended tracking behavior (https://chrome.google.com/webstore/detail/tag-assistant-by-google/kejbdjndbnbjgmefkgdddjlbokphdefk?hl=en)
My gut feel is that this issue is not specifically related to WFFM, but may be due to the implementation of the Tag Manager code on the page. I seem to recall having an issue like this when the Tag Manager include code gets dumped inside the auto-generated .NET tag when using WebForms in general. Google's docs (https://developers.google.com/tag-manager/quickstart) say to put it immediately after the opening tag, and I recall that being my issue with tracking form submits.
This is all from memory, so I could be wrong, but it's something else to check.
Good luck!