Merge pull request #1043 from vishnusomank/release

update tag from 5G to FIGHT
kubearmor · Jun 15, 2023 · 041752a · 041752a
2 parents 7e834fa + 430532a
commit 041752a
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 21 deletions.
diff --git a/generic/system/ksp-5g-network-service-scanning.yaml b/generic/system/ksp-5g-network-service-scanning.yaml
@@ -8,7 +8,7 @@ metadata:
   name: ksp-5g-network-service-scanning
   namespace: default # Change your namespace
 spec:
-  tags: ["MITRE", "FGT1046","5G"]
+  tags: ["MITRE", "FGT1046","FIGHT"]
   message: "Network service has been scanned!"
   selector:
     matchLabels:

diff --git a/generic/system/ksp-mitre-5g-remote-services.yaml b/generic/system/ksp-mitre-5g-remote-services.yaml
@@ -8,7 +8,7 @@ metadata:
   name: ksp-mitre-5g-remote-services
   namespace: default    # Change your namespace
 spec:
-  tags: ["MITRE", "5G", "FGT1021"]
+  tags: ["MITRE", "FIGHT", "FGT1021"]
   message: "Warning! access sensitive files detected"
   selector:
     matchLabels: 

diff --git a/generic/system/ksp-mitre-5g-tactic-impair-defense.yaml b/generic/system/ksp-mitre-5g-tactic-impair-defense.yaml
@@ -8,7 +8,7 @@ metadata:
   name: ksp-mitre-5g-tactic-impair-defense
   namespace: default  #change with your namespace
 spec:
-  tags: ["MITRE", "FGT1562","5G"]
+  tags: ["MITRE", "FGT1562","FIGHT"]
   message: "Selinux Files Accessed by Unknown Process"
   selector:
     matchLabels:

diff --git a/generic/system/ksp-unsecured_credentials_access.yaml b/generic/system/ksp-unsecured_credentials_access.yaml
@@ -8,7 +8,7 @@ metadata:
   name: ksp-mitre-tactic-credential-access-unsecured-credentials-private-keys
   namespace: default # Change your namespace
 spec:
-  tags: ["MITRE", "MITRE_T1552_unsecured_credentials", "FGT1555", "5G"]
+  tags: ["MITRE", "MITRE_T1552_unsecured_credentials", "FGT1555", "FIGHT"]
   message: "Credentials modification denied"
   selector:
     matchLabels:

diff --git a/generic/system/metadata.yaml b/generic/system/metadata.yaml
@@ -23,6 +23,7 @@ policyRules:
     - name: MITRE-TTP
       url:
       - https://attack.mitre.org/techniques/T1553/
+      - https://fight.mitre.org/techniques/FGT1555
     tldr: Restrict access to trusted certificated bundles in the OS image
     detailed: Operating systems maintain a list of trusted certificates (often called
       trust bundles) in file system. These bundles decides which authorities are trusted.
@@ -36,22 +37,6 @@ policyRules:
       has an attribute set from being downloaded from the Internet, or getting an
       indication that you are about to connect to an untrusted site.
   yaml: ksp-unsecured_credentials_access.yaml
-- name: credentials-from-password-stores
-  precondition: 
-  - /etc/ssl/.*
-  - OPTSCAN
-  description:
-    refs:
-    - name: MITRE-5G
-      url:
-      - https://fight.mitre.org/techniques/FGT1555
-    tldr: Adversaries may search for common password storage locations to obtain user credentials.
-    detailed: Adversaries may search for common password storage locations to obtain user credentials.
-      Passwords are stored in several places on a system, depending on the operating system or application 
-      holding the credentials. There are also specific applications that store passwords to make it easier 
-      for users manage and maintain. Once credentials are obtained, they can be used to perform lateral movement 
-      and access restricted information.
-  yaml: ksp-unsecured_credentials_access.yaml
 - name: system-owner-discovery
   precondition: 
   - /usr/bin/who

diff --git a/tags.yaml b/tags.yaml
@@ -647,7 +647,7 @@ tags:
   - MITRE_TA0003_Persistence
   - AWS_FSBP_cloudtrail.1
   - FGT1555
-  - 5G
+  - FIGHT
   - FGT1562
   - FGT1609
   - FGT1046
-Original file line number
+Diff line change
@@ Expand Up / @@ -647,7 +647,7 @@ tags: @@
       - MITRE_TA0003_Persistence
       - AWS_FSBP_cloudtrail.1
       - FGT1555
-      - 5G
+      - FIGHT
       - FGT1562
       - FGT1609
       - FGT1046
@@ Expand Down @@