new example logs with grimoire (#16)

docs/initializeGrid.js

@@ -282,6 +282,33 @@ document.addEventListener('DOMContentLoaded', function() {
         // Finally, append the alerting paragraph (with all images) to the modal body
         modalBody.appendChild(alerting);
 
+        // Example CloudTrail Log
+        let displayLog = false;
+        // Directly checking if we should display the log link
+        for (const simulation of event.simulation) {
+            if (simulation.type === 'commandLine' && simulation.value !== 'N/A') {
+                displayLog = true;
+                break; 
+            }
+        }
+        if (displayLog) {
+            const exampleLog = document.createElement('p');
+            exampleLog.innerHTML = `<strong>Example Log:&nbsp&nbsp</strong>`;
+            const exampleLogLink = `logExamples/?event=${event.eventName}`;
+            const exampleLogAnchor = document.createElement('a');
+            exampleLogAnchor.href = exampleLogLink;
+            const exampleLogImage = document.createElement('img');
+            exampleLogImage.src = 'logos/grimoire.png';
+            exampleLogImage.alt = 'Click to example log';
+            exampleLogImage.style.width = '30px';
+            exampleLogImage.style.height = 'auto';
+            exampleLogImage.style.cursor = 'pointer';
+            exampleLogAnchor.appendChild(exampleLogImage);
+            exampleLog.appendChild(exampleLogAnchor);  
+            modalBody.appendChild(exampleLog);
+        }
+
+
         // Simulation
         const simulation = document.createElement('p');
         simulation.innerHTML = `<strong>Simulation:&nbsp;&nbsp;</strong>`;

docs/logExamples/AddPermission20150331v2.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: lambda:AddPermission on resource: arn:aws:lambda:us-east-1:192374575148:function:my-function because no identity-based policy allows the lambda:AddPermission action",
+      "eventCategory": "Management",
+      "eventID": "006857b2-b20d-4d0a-9150-5dc18ebbd017",
+      "eventName": "AddPermission20150331v2",
+      "eventSource": "lambda.amazonaws.com",
+      "eventTime": "2024-08-18T09:53:52Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.08",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "3ef5515a-d522-46c4-9a16-4edcfc310839",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "lambda.us-east-1.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_e61d79ea-6155-460a-9692-37d3e4544e28 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#lambda.add-permission",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AddRoleToInstanceProfile.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: iam:AddRoleToInstanceProfile on resource: instance profile TrailDiscover because no identity-based policy allows the iam:AddRoleToInstanceProfile action",
+      "eventCategory": "Management",
+      "eventID": "a8e2b2ab-1170-4d6a-8c32-d38e7cbf9f25",
+      "eventName": "AddRoleToInstanceProfile",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-08-18T12:22:48Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "25006053-cfa8-4434-b35b-96d5ace92004",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_4b6c5d63-20ca-4bda-a238-0fefdb083f72 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.add-role-to-instance-profile",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AddUserToGroup.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: iam:AddUserToGroup on resource: group TrailDiscover because no identity-based policy allows the iam:AddUserToGroup action",
+      "eventCategory": "Management",
+      "eventID": "1f8b80aa-6716-4c78-a13f-4209bd6880dd",
+      "eventName": "AddUserToGroup",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-08-18T10:55:30Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "7d1373f4-95bc-4a4d-a3ca-90a891769268",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_e0f1d6f1-b7c6-4aa1-ac99-a8fc4bfdc089 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.add-user-to-group",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AssociateAccessPolicy.json.cloudtrail

@@ -0,0 +1,38 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "eventCategory": "Management",
+      "eventID": "03b3c880-17ce-45e6-982a-79d070460e09",
+      "eventName": "AssociateAccessPolicy",
+      "eventSource": "eks.amazonaws.com",
+      "eventTime": "2024-08-18T12:43:49Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "90ea76d5-dacb-44a0-9710-81191e76c8a7",
+      "requestParameters": {
+         "accessScope": {
+            "type": "cluster"
+         },
+         "name": "beta-fish",
+         "policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy",
+         "principalArn": "arn%3Aaws%3Aiam%3A%3A111122223333%3Arole%2FTrailDiscover"
+      },
+      "responseElements": {
+         "message": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: eks:AssociateAccessPolicy on resource: arn:aws:eks:us-east-1:192374575148:access-entry/beta-fish/role/111122223333/TrailDiscover/*"
+      },
+      "sourceIPAddress": "109.196.12.142",
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_e791fd0b-b98a-48e6-a8ef-c38b2abc60a9 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#eks.associate-access-policy",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AssumeRole.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789012:role/TrailDiscover",
+      "eventCategory": "Management",
+      "eventID": "74291117-984f-4ac2-bffc-0dd438b58e6f",
+      "eventName": "AssumeRole",
+      "eventSource": "sts.amazonaws.com",
+      "eventTime": "2024-08-18T09:09:31Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.08",
+      "managementEvent": true,
+      "readOnly": true,
+      "recipientAccountId": "192374575148",
+      "requestID": "edd53727-ec83-4da8-a688-72ecc99bf27b",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "sts.us-east-1.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_354f3334-f231-4480-83d7-9a4de162169c cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#sts.assume-role",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AttachGroupPolicy.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: iam:AttachGroupPolicy on resource: group TrailDiscover because no identity-based policy allows the iam:AttachGroupPolicy action",
+      "eventCategory": "Management",
+      "eventID": "14ce1828-e25d-45bd-b886-bfa662caf2a9",
+      "eventName": "AttachGroupPolicy",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-08-18T12:27:07Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "3f539f76-5bae-41c0-aa98-eaefc137eaee",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_08e8906a-5dc5-4e01-b282-e8b9bb86f137 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.attach-group-policy",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AttachRolePolicy.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: iam:AttachRolePolicy on resource: role TrailDiscover because no identity-based policy allows the iam:AttachRolePolicy action",
+      "eventCategory": "Management",
+      "eventID": "7cfaafa9-f396-4389-aa8c-67a29ce73b4e",
+      "eventName": "AttachRolePolicy",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-08-18T11:30:49Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "38761281-e338-4846-b3c4-fd60a917dc8e",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_c65b0090-dde5-4bd2-9f9d-2d315cb3782b cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.attach-role-policy",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AttachUserPolicy.json.cloudtrail

@@ -0,0 +1,35 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:iam::192374575148:user/TrailDiscover is not authorized to perform: iam:AttachUserPolicy on resource: user TrailDiscover because no identity-based policy allows the iam:AttachUserPolicy action",
+      "eventCategory": "Management",
+      "eventID": "37bd1355-17f1-4e7e-8775-1b67b63cefe6",
+      "eventName": "AttachUserPolicy",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-08-18T11:40:56Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "622ad57d-9423-4991-bfdd-5c309a28a93d",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_67d26213-c448-444b-a6fe-607ceb083b90 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.attach-user-policy",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]

docs/logExamples/AttachVolume.json.cloudtrail

@@ -0,0 +1,40 @@
+[
+   {
+      "awsRegion": "us-east-1",
+      "errorCode": "Client.InvalidParameterValue",
+      "errorMessage": "The instance ID 'TrailDiscoverInstanceId' is malformed",
+      "eventCategory": "Management",
+      "eventID": "a09130b7-6927-4dfc-89cc-2506928a30b2",
+      "eventName": "AttachVolume",
+      "eventSource": "ec2.amazonaws.com",
+      "eventTime": "2024-08-18T15:18:51Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.09",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "192374575148",
+      "requestID": "9d8cad96-e719-4c67-b7ff-7738da952d17",
+      "requestParameters": {
+         "deleteOnTermination": false,
+         "device": "TrailDiscoverDeviceName",
+         "instanceId": "TrailDiscoverInstanceId",
+         "volumeId": "TrailDiscoverVolumeId"
+      },
+      "responseElements": null,
+      "sourceIPAddress": "109.196.12.142",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "ec2.us-east-1.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#5.10.16.3-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_355458f0-581a-4101-a27f-a97908384ae2 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#ec2.attach-volume",
+      "userIdentity": {
+         "accessKeyId": "AKIASZSTLCAWF4CPBKMF",
+         "accountId": "192374575148",
+         "arn": "arn:aws:iam::192374575148:user/TrailDiscover",
+         "principalId": "AIDASZSTLCAWCAFWFS22H",
+         "type": "IAMUser",
+         "userName": "TrailDiscover"
+      }
+   }
+]