Update checkmarx-panel.yaml

http/exposed-panels/checkmk/checkmarx-panel.yaml

@@ -1,25 +1,39 @@
 id: checkmarx-panel-detect
 
 info:
-  name: Checkmarx WebClient Login Panel - Detect
+  name: Checkmarx Login Panel - Detect
-  author: joanbono
+  author: joanbonon,righettod
   severity: info
-  description: Checkmarx WebClient login panel was detected.
+  description: Checkmarx login panel was detected.
+  reference:
+    - https://docs.checkmarx.com/en/34965-44074-checkmarx-sast.html
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cwe-id: CWE-200
   metadata:
     max-request: 1
-  tags: panel,checkmarx
+    verified: true
+    shodan-query: http.html:"CxSASTManagerUri"
+  tags: panel,checkmarx,detect,login
 
 http:
   - method: GET
     path:
+      - "{{BaseURL}}/cxrestapi/help/system/version"
       - "{{BaseURL}}/cxwebclient/Login.aspx"
+      - "{{BaseURL}}/cxrestapi/auth/identity/.well-known/openid-configuration"
 
+    stop-at-first-match: true
     matchers:
-      - type: word
+      - type: dsl
-        words:
+        dsl:
-          - '/CxWebClient/webApp/Scripts/libs/authenticationScripts'
+          - 'status_code == 200'
+          - 'contains_any(to_lower(body), "cxsastmanageruri", "cxauthorityconfigurations", "/cxwebclient/webapp/", "sast_api", "sast_rest_api" , "sast-permissions", "hotfix")'
+        condition: and
+
+    extractors:
+      - type: regex
         part: body
-# digest: 4a0a00473045022073859fd8e881a46904e753b8ac158d4bf504e86ac1ff4e60a5acb794053af8b0022100ef4b06e978f467ae8e190aaa645ebc973b774efa6c29b77423c91459063522c6:922c64590222798bb761d5b6d8e72950
+        group: 1
+        regex:
+          - '(?i)"version":\s*"([0-9.]+)"'