mitre · Amndeep7 · Aug 7, 2024 · Jul 17, 2024 · Jul 17, 2024 · Jul 17, 2024
diff --git a/apps/frontend/src/components/global/upload_tabs/FileReader.vue b/apps/frontend/src/components/global/upload_tabs/FileReader.vue
@@ -38,6 +38,7 @@
                   <li>Golang Security Checker (gosec)</li>
                   <li>Ion Channel</li>
                   <li>JFrog Xray</li>
+                  <li>Microsoft Secure Score</li>
                   <li>Nessus</li>
                   <li>Netsparker</li>
                   <li>Nikto</li>

diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts
@@ -18,6 +18,7 @@ import {
   INPUT_TYPES,
   IonChannelMapper,
   JfrogXrayMapper,
+  MsftSecureScoreResults,
   NessusResults,
   NetsparkerMapper,
   NiktoMapper,
@@ -230,6 +231,8 @@ export class InspecIntake extends VuexModule {
     switch (typeGuess) {
       case INPUT_TYPES.JFROG:
         return new JfrogXrayMapper(convertOptions.data).toHdf();
+      case INPUT_TYPES.MSFT_SEC_SCORE:
+        return new MsftSecureScoreResults(convertOptions.data).toHdf();
       case INPUT_TYPES.ASFF:
         return Object.values(
           new ASFFResultsMapper(convertOptions.data).toHdf()

diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md
@@ -16,20 +16,21 @@ OHDF Converters supplies several methods to convert various types of security to
 9.  [**gosec-mapper**] - gosec results JSON file
 10. [**ionchannel-mapper**] - SBOM data from Ion Channel
 11. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
-12. [**nessus-mapper**] - Nessus XML results file
-13. [**netsparker-mapper**] - Netsparker XML results file
-14. [**nikto-mapper**] - Nikto results JSON file
-15. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
-16. [**sarif-mapper**] - SARIF JSON file
-17. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
-18. [**snyk-mapper**] - Snyk results JSON file
-19. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
-20. [**splunk-mapper**] - Splunk instance
-21. [**trufflehog-mapper**] - Trufflehog results json file 
-22. [**twistlock-mapper**] - Twistlock CLI output file
-23. [**veracode-mapper**] - Veracode Scan Results XML file
-24. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
-25. [**zap-mapper**] - OWASP ZAP results JSON
+12. [**msft-secure-mapper**] - Microsoft Secure Score results file
+13. [**nessus-mapper**] - Nessus XML results file
+14. [**netsparker-mapper**] - Netsparker XML results file
+15. [**nikto-mapper**] - Nikto results JSON file
+16. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
+17. [**sarif-mapper**] - SARIF JSON file
+18. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
+19. [**snyk-mapper**] - Snyk results JSON file
+20. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
+21. [**splunk-mapper**] - Splunk instance
+22. [**trufflehog-mapper**] - Trufflehog results json file 
+23. [**twistlock-mapper**] - Twistlock CLI output file
+24. [**veracode-mapper**] - Veracode Scan Results XML file
+25. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
+26. [**zap-mapper**] - OWASP ZAP results JSON
 
 ### NOTICE
 

diff --git a/libs/hdf-converters/index.ts b/libs/hdf-converters/index.ts
@@ -24,6 +24,7 @@ export * as NiktoNistMappingData from './src/mappings/NiktoNistMappingData';
 export * as NistCciMappingData from './src/mappings/NistCciMappingData';
 export * as OWaspNistMappingData from './src/mappings/OWaspNistMappingData';
 export * as ScoutsuiteNistMappingData from './src/mappings/ScoutsuiteNistMappingData';
+export * from './src/msft-secure-score-mapper';
 export * from './src/nessus-mapper';
 export * from './src/netsparker-mapper';
 export * from './src/nikto-mapper';

diff --git a/libs/hdf-converters/package.json b/libs/hdf-converters/package.json
@@ -25,6 +25,7 @@
     "xml2json": "tsx data/converters/xml2json.ts"
   },
   "dependencies": {
+    "@microsoft/microsoft-graph-types": "^2.40.0",
     "@aws-sdk/client-config-service": "^3.95.0",
     "@e965/xlsx": "^0.20.0",
     "@mdi/js": "^7.0.96",

diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json
diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json
diff --git a/...rters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json b/...rters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json
@@ -0,0 +1,161 @@
+{
+  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores",
+  "value": [
+    {
+      "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-01",
+      "azureTenantId": "12345678-1234-1234-1234-1234567890abcd",
+      "activeUserCount": 1,
+      "createdDateTime": "2024-01-01T00:00:00Z",
+      "currentScore": 128,
+      "enabledServices": [
+        "HasOCAS",
+        "HasCLB",
+        "HasMDOP1",
+        "HasMDOP2",
+        "HasEXOP2",
+        "HasSPOP2",
+        "HasAADFree"
+      ],
+      "licensedUserCount": 100,
+      "maxScore": 1000,
+      "vendorInformation": {
+        "provider": "SecureScore",
+        "providerVersion": null,
+        "subProvider": null,
+        "vendor": "Microsoft"
+      },
+      "averageComparativeScores": [
+        {
+          "basis": "AllTenants",
+          "averageScore": 54.65,
+          "appsScore": 29.65,
+          "appsScoreMax": 79,
+          "dataScore": 0.46,
+          "dataScoreMax": 3.27,
+          "deviceScore": 9.13,
+          "deviceScoreMax": 16.76,
+          "identityScore": 36.02,
+          "identityScoreMax": 59.42,
+          "infrastructureScore": 0,
+          "infrastructureScoreMax": 0
+        },
+        {
+          "basis": "TotalSeats",
+          "averageScore": 48.98,
+          "SeatSizeRangeLowerValue": "1",
+          "SeatSizeRangeUpperValue": "100",
+          "appsScore": 34.15,
+          "appsScoreMax": 94.46,
+          "dataScore": 0.5,
+          "dataScoreMax": 3.97,
+          "deviceScore": 6.87,
+          "deviceScoreMax": 12.65,
+          "identityScore": 34.16,
+          "identityScoreMax": 59.5,
+          "infrastructureScore": 0,
+          "infrastructureScoreMax": 0
+        }
+      ],
+      "controlScores": [
+        {
+          "controlCategory": "Apps",
+          "controlName": "spo_idle_session_timeout",
+          "description": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n            <br/>\n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless  of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t",
+          "score": 0,
+          "lastSynced": "2024-01-01T17:12:14Z",
+          "implementationStatus": "The setting is not compliant.",
+          "on": "false",
+          "scoreInPercentage": 0
+        },
+        {
+          "controlCategory": "Apps",
+          "controlName": "spo_legacy_auth",
+          "description": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t<br/>\n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t<br/>\n\t\t\t<i>This information was taken from Center for Internet Security (CIS).</i>\n\t\t",
+          "score": 0,
+          "lastSynced": "2024-01-01T17:12:14Z",
+          "implementationStatus": "The setting is not compliant.",
+          "on": "false",
+          "scoreInPercentage": 0
+        }
+      ]
+    },
+    {
+      "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-02",
+      "azureTenantId": "12345678-1234-1234-1234-1234567890abcd",
+      "activeUserCount": 1,
+      "createdDateTime": "2024-01-01T00:00:00Z",
+      "currentScore": 128,
+      "enabledServices": [
+        "HasOCAS",
+        "HasCLB",
+        "HasMDOP1",
+        "HasMDOP2",
+        "HasEXOP2",
+        "HasSPOP2",
+        "HasAADFree"
+      ],
+      "licensedUserCount": 0,
+      "maxScore": 274,
+      "vendorInformation": {
+        "provider": "SecureScore",
+        "providerVersion": null,
+        "subProvider": null,
+        "vendor": "Microsoft"
+      },
+      "averageComparativeScores": [
+        {
+          "basis": "AllTenants",
+          "averageScore": 54.65,
+          "appsScore": 29.65,
+          "appsScoreMax": 79,
+          "dataScore": 0.46,
+          "dataScoreMax": 3.27,
+          "deviceScore": 9.13,
+          "deviceScoreMax": 16.76,
+          "identityScore": 36.02,
+          "identityScoreMax": 59.42,
+          "infrastructureScore": 0,
+          "infrastructureScoreMax": 0
+        },
+        {
+          "basis": "TotalSeats",
+          "averageScore": 48.98,
+          "SeatSizeRangeLowerValue": "1",
+          "SeatSizeRangeUpperValue": "100",
+          "appsScore": 34.15,
+          "appsScoreMax": 94.46,
+          "dataScore": 0.5,
+          "dataScoreMax": 3.97,
+          "deviceScore": 6.87,
+          "deviceScoreMax": 12.65,
+          "identityScore": 34.16,
+          "identityScoreMax": 59.5,
+          "infrastructureScore": 0,
+          "infrastructureScoreMax": 0
+        }
+      ],
+      "controlScores": [
+        {
+          "controlCategory": "Apps",
+          "controlName": "McasFirewallLogUpload",
+          "description": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.",
+          "score": 0,
+          "lastSynced": "2024-01-01T04:34:13Z",
+          "implementationStatus": "Feature in place: false.",
+          "on": "false",
+          "scoreInPercentage": 0
+        },
+        {
+          "controlCategory": "Apps",
+          "controlName": "McasCutomActivityPolicy",
+          "description": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.",
+          "score": 0,
+          "lastSynced": "2024-01-01T04:34:13Z",
+          "implementationStatus": "Policy in place: false.",
+          "on": "false",
+          "scoreInPercentage": 0
+        }
+      ]
+    }
+  ]
+}