There is a slight inconsistency in the rule behavior.
The rule P-ControlPathIndirectMany triggers correctly when the number of indirect members reaches ≥ 20, but the
Details
field in the report remains empty when the value is exactly 20, preventing the analyst from identifying the affected objects.
Root cause: Mismatch between trigger and detail logging conditions:
Trigger: value >= 20 (RuleAttribute.cs)
Details: NumberOfIndirectMembers > 20 (HealthcheckRulePrivilegedControlPathIndirectMany.cs)
Proposed fix
Align the conditions by changing:
NumberOfIndirectMembers > 20 to: NumberOfIndirectMembers >= 20
There is a slight inconsistency in the rule behavior.
The rule P-ControlPathIndirectMany triggers correctly when the number of indirect members reaches ≥ 20, but the
Details
field in the report remains empty when the value is exactly 20, preventing the analyst from identifying the affected objects.Root cause: Mismatch between trigger and detail logging conditions:
Trigger: value >= 20 (RuleAttribute.cs)
Details: NumberOfIndirectMembers > 20 (HealthcheckRulePrivilegedControlPathIndirectMany.cs)
Proposed fix
Align the conditions by changing:
NumberOfIndirectMembers > 20 to: NumberOfIndirectMembers >= 20