### Zendesk Webhook Setup Source: https://docs.kertos.io/en/article/creating-dsrs This section details how to set up a webhook in Zendesk to send DSR information to Kertos. ```APIDOC ## POST /api/v1/external/hooks/zendesk/ ### Description This endpoint receives DSR information from Zendesk via a webhook. ### Method POST ### Endpoint https://api.kertos.io/api/v1/external/hooks/zendesk/ ### Parameters #### Query Parameters None #### Request Body * **ticket_id** (integer) - Required - The ID of the Zendesk ticket. * **requester_email** (string) - Required - The email address of the data subject. * **subject** (string) - Required - The subject of the ticket, indicating the type of DSR (e.g., 'Deletion Request', 'Access Request'). * **description** (string) - Optional - Additional details about the DSR. ### Request Example ```json { "ticket_id": 12345, "requester_email": "data.subject@example.com", "subject": "Data Deletion Request", "description": "User wants to delete their account." } ``` ### Response #### Success Response (200) * **status** (string) - Indicates the success of the webhook reception (e.g., 'received'). * **message** (string) - A confirmation message. #### Response Example ```json { "status": "received", "message": "DSR information received successfully." } ``` ``` -------------------------------- ### HubSpot Webhook Setup Source: https://docs.kertos.io/en/article/creating-dsrs This section outlines the steps to configure a webhook in HubSpot to forward DSR data to Kertos. ```APIDOC ## POST /api/v1/external/dsr-webhook/ ### Description This endpoint is designed to receive DSR data from HubSpot workflows via a webhook. ### Method POST ### Endpoint https://api.kertos.io/api/v1/external/dsr-webhook/ ### Parameters #### Query Parameters None #### Request Body * **data_subject_email** (string) - Required - The email address of the data subject. * **requested_actions** (string) - Required - The type of DSR action requested ('delete' or 'access'). * **needs_approval** (boolean) - Optional - Specifies if the DSR requires manual approval ('true' or 'false'). Defaults to 'false'. ### Request Example ```json { "data_subject_email": "user.to.delete@example.com", "requested_actions": "delete", "needs_approval": true } ``` ### Response #### Success Response (200) * **status** (string) - Indicates the success of the webhook reception (e.g., 'processed'). * **message** (string) - A confirmation message. #### Response Example ```json { "status": "processed", "message": "DSR data processed successfully." } ``` ``` -------------------------------- ### Example Webhook POST Request Source: https://docs.kertos.io/en/article/webhook-api-docs-for-dsrs An example of a POST request sent to a configured webhook URL. This specific example demonstrates a request for deleting data associated with 'jane.miller@kertos.io'. ```http POST https://api.yourdomain.com/webhooks/gdpr/ { "data_subject_identifier": "jane.miller@kertos.io", "operation": "delete", "received_at": "2024-08-24T14:15:22Z" } ``` -------------------------------- ### Enable Microsoft Defender for Open-Source Relational Databases (Azure CLI) Source: https://docs.kertos.io/en/article/ensure-microsoft-defender-for-open-source-relational-databases-is-enabled This command enables Microsoft Defender for open-source relational databases by setting the pricing tier to 'Standard'. It requires the Azure CLI to be installed and authenticated. ```bash az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'standard' ``` -------------------------------- ### Example Webhook Payload for Deletion Request Source: https://docs.kertos.io/en/article/webhook-automation-explained Provides a concrete example of a webhook payload for a 'delete' operation. This demonstrates how a specific data subject identifier and timestamp are formatted, indicating that all associated data for the subject should be deleted. ```json { "data_subject_identifier": "jane.miller@kertos.io", "operation": "delete", "received_at": "2024-08-24T14:15:22Z" } ``` -------------------------------- ### Enable Microsoft Defender for Open-Source Relational Databases (PowerShell) Source: https://docs.kertos.io/en/article/ensure-microsoft-defender-for-open-source-relational-databases-is-enabled This PowerShell command enables Microsoft Defender for open-source relational databases by setting the pricing tier to 'Standard'. It requires the Az.Security PowerShell module to be installed and authenticated. ```powershell Set-AzSecurityPricing -Name "OpenSourceRelationalDatabases" -PricingTier "Standard" ``` -------------------------------- ### Enable App Service Defender Pricing Tier (Azure CLI) Source: https://docs.kertos.io/en/article/verify-that-that-microsoft-defender-for-app-services-is-set-to-on This command enables Microsoft Defender for App Service by setting the pricing tier to 'Standard'. It requires the Azure CLI to be installed and authenticated. ```bash az security pricing create -n AppServices --tier 'standard' ``` -------------------------------- ### Simple Data Subject Request Example Source: https://docs.kertos.io/en/article/ingress-api-docs-for-dsr An example JSON payload demonstrating how to create a basic data subject request. This payload identifies the data subject via an email address and specifies a 'delete' action. It serves as a starting point for integrating with the Kertos API. ```json { "requested_actions": [ "delete" ], "received_at": "2020-01-01T00:00:00Z", "skip_verification_email": false, "channel": "phone", "data_subject": { "first_name": "John", "last_name": "Doe", "subject_type": "customer", "identifiers": [ { "identifier_type": "Email", "identifier": "john.doe@kertos.io", "is_verified": true, "is_used_for_communication": true } ] } } ``` -------------------------------- ### Enable Defender for SQL Servers on Machines (Azure CLI) Source: https://docs.kertos.io/en/article/verify-that-that-microsoft-defender-for-sql-servers-on-machines-is-set-to-on This command enables Microsoft Defender for SQL Servers on Machines by setting the pricing tier to 'Standard' for SQL Server Virtual Machines. Ensure you have the Azure CLI installed and are logged into your account. ```bash az security pricing create -n SqlServerVirtualMachines --tier 'standard' ``` -------------------------------- ### Enable App Service Defender Pricing Tier (PowerShell) Source: https://docs.kertos.io/en/article/verify-that-that-microsoft-defender-for-app-services-is-set-to-on This PowerShell command enables Microsoft Defender for App Service by setting the pricing tier to 'Standard'. It requires the Azure PowerShell module to be installed and authenticated. ```powershell Set-AzSecurityPricing -Name "AppServices" -PricingTier "Standard" ``` -------------------------------- ### Enable Defender for SQL Servers on Machines (PowerShell) Source: https://docs.kertos.io/en/article/verify-that-that-microsoft-defender-for-sql-servers-on-machines-is-set-to-on This PowerShell command enables Microsoft Defender for SQL Servers on Machines by setting the pricing tier to 'Standard' for SQL Server Virtual Machines. Ensure you have the Azure PowerShell module installed and are connected to your Azure account. ```powershell Set-AzSecurityPricing -Name 'SqlServerVirtualMachines' -PricingTier 'Standard' ``` -------------------------------- ### Get and Create Network Watcher using PowerShell Source: https://docs.kertos.io/en/article/verify-that-network-watcher-is-enabled-for-all-locations-in-the-azure-subscription These PowerShell commands retrieve existing Network Watcher instances and create a new one if it's missing. The `Get-AzNetworkWatcher` command lists watchers, and `New-AzNetworkWatcher` creates a new one, requiring name, location, and resource group. Ensure you have the Azure PowerShell module installed and are connected to your Azure account. ```powershell Get-AzNetworkWatcher New-AzNetworkWatcher -Name -Location -ResourceGroupName ``` -------------------------------- ### Enable Microsoft Defender for IoT with PowerShell Source: https://docs.kertos.io/en/article/verify-that-microsoft-defender-for-iot-hub-is-set-to-on This PowerShell command enables Microsoft Defender for IoT for a specified Azure IoT Hub. It requires resource group, solution name, IoT hub resource ID, and location as parameters. Ensure you replace placeholders with your actual resource values. ```powershell New-AzIotSecuritySolution \ -ResourceGroupName "" \ -Name "" \ -IotHubs "" \ -Location "" ``` -------------------------------- ### Enable Microsoft Defender for IoT with Azure CLI Source: https://docs.kertos.io/en/article/verify-that-microsoft-defender-for-iot-hub-is-set-to-on This command enables Microsoft Defender for IoT for a specified Azure IoT Hub using the Azure CLI. It requires resource group, solution name, IoT hub resource ID, and location as parameters. Ensure you replace placeholders with your actual resource values. ```bash az iot security-solution create \ --resource-group \ --name \ --iot-hubs \ --location ``` -------------------------------- ### IAM Trust Policy Example for Lambda Role Source: https://docs.kertos.io/en/article/protect-iam-service-roles-from-confused-deputy-attacks-using-proper-trust-policies This JSON policy example demonstrates how to secure an IAM role assumed by AWS Lambda. It includes `aws:SourceAccount` and `aws:SourceArn` condition keys to restrict role assumption to a specific AWS account and Lambda function, preventing confused deputy attacks. ```json { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "123456789012" }, "ArnLike": { "aws:SourceArn": "arn:aws:lambda:us-east-1:123456789012:function:my-function" } } } ``` -------------------------------- ### Create Azure Activity Log Alert for SQL Firewall Rule Changes (Azure CLI) Source: https://docs.kertos.io/en/article/verify-that-activity-log-alert-exists-for-create-or-update-sql-server-firewall-rule This Azure CLI command creates an Activity Log Alert rule to monitor the 'Microsoft.Sql/servers/firewallRules/write' operation. It specifies the resource group, scope, condition (category and operation name), and the action group to be notified. Ensure you replace placeholders with your specific deployment details. ```bash az monitor activity-log alert create \ --name "" \ --resource-group "" \ --scope "/subscriptions/" \ --condition category=Administrative and operationName=Microsoft.Sql/servers/firewallRules/write \ --action-group \ --enabled true ``` -------------------------------- ### Enable log_checkpoints using PowerShell Source: https://docs.kertos.io/en/article/verify-that-server-parameter-log-checkpoints-is-set-to-on-for-postgresql-database-server This PowerShell command updates the `log_checkpoints` configuration for an Azure PostgreSQL server. It requires the resource group name, server name, parameter name, and the desired value ('on'). Replace placeholders with your specific Azure details. ```powershell Update-AzPostgreSqlConfiguration \ -ResourceGroupName "" \ -ServerName "" \ -Name "log_checkpoints" \ -Value "on" ``` -------------------------------- ### Enable Network Watcher using Azure CLI Source: https://docs.kertos.io/en/article/verify-that-network-watcher-is-enabled-for-all-locations-in-the-azure-subscription This command configures Network Watcher for a specific region, enabling it. It requires the region name, resource group name, and a flag to enable it. Ensure you have the Azure CLI installed and are logged in to your Azure account. ```azurecli az network watcher configure --locations --enabled true --resource-group ``` -------------------------------- ### Subscribe Email to SNS Topic (AWS CLI) Source: https://docs.kertos.io/en/article/configure-a-log-metric-filter-and-alarm-for-unauthorized-api-calls This AWS CLI command subscribes an email address to an existing SNS topic. Replace `` with the ARN of your SNS topic and `you@example.com` with the desired email address. This ensures that notifications sent to the SNS topic are delivered to the specified email. ```bash aws sns subscribe \ --topic-arn \ --protocol email \ --notification-endpoint you@example.com ``` -------------------------------- ### Enable PostgreSQL 'log_connections' via Azure CLI Source: https://docs.kertos.io/en/article/verify-that-server-parameter-log-connections-is-set-to-on-for-postgresql-database-server This command enables the 'log_connections' parameter for an Azure PostgreSQL server. It requires the resource group name, server name, and sets the parameter value to 'on'. ```bash az postgres server configuration set \ --resource-group \ --server-name \ --name log_connections \ --value on ``` -------------------------------- ### Configure AWS Security Contact via CLI Source: https://docs.kertos.io/en/article/register-a-valid-security-contact-in-the-aws-account-settings This command configures the security contact for your AWS account using the AWS Command Line Interface. It requires the alternate contact type, email address, and name. A phone number is optional but recommended. Ensure you have the AWS CLI installed and configured. ```bash aws account put-alternate-contact \ --alternate-contact-type SECURITY \ --email-address security@yourdomain.com \ --name "Security Team" \ --phone-number "+491234567890" ``` -------------------------------- ### Create Application Insights Component via Azure CLI Source: https://docs.kertos.io/en/article/verify-that-application-insights-are-configured Deploys an Application Insights component using the Azure CLI. Requires specifying application name, resource group, location, kind, retention period, Log Analytics Workspace resource ID, and subscription ID. This command is essential for automating the setup of application monitoring. ```azurecli az monitor app-insights component create \ --app \ --resource-group \ --location \ --kind "web" \ --retention-time \ --workspace \ --subscription ```