valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3e5b33388b
SigmaHQ/rules/compliance/cleartext_protocols.yml

112 lines
2.7 KiB
YAML
Raw Normal View History

Fixed global rule syntax
2019-08-05 17:43:15 +00:00
action: global
Update cleartext_protocols.yml
2019-08-05 17:47:03 +00:00
title: Cleartext Protocol Usage
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f
description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption
is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
references:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
- https://www.cisecurity.org/controls/cis-controls-list/
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
author: Alexandr Yampolskyi, SOC Prime
status: stable
Fixed global rule syntax
2019-08-05 17:43:15 +00:00
date: 2019/03/26
falsepositives:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
- unknown
Update cleartext_protocols.yml
2019-08-05 17:47:03 +00:00
level: low
Fixed global rule syntax
2019-08-05 17:43:15 +00:00
tags:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
- CSC4
- CSC4.5
- CSC14
- CSC14.4
- CSC16
- CSC16.5
- NIST CSF 1.1 PR.AT-2
- NIST CSF 1.1 PR.MA-2
- NIST CSF 1.1 PR.PT-3
- NIST CSF 1.1 PR.AC-1
- NIST CSF 1.1 PR.AC-4
- NIST CSF 1.1 PR.AC-5
- NIST CSF 1.1 PR.AC-6
- NIST CSF 1.1 PR.AC-7
- NIST CSF 1.1 PR.DS-1
- NIST CSF 1.1 PR.DS-2
- NIST CSF 1.1 PR.PT-3
- NIST CSF 1.1 PR.PT-3
- ISO 27002-2013 A.9.2.1
- ISO 27002-2013 A.9.2.2
- ISO 27002-2013 A.9.2.3
- ISO 27002-2013 A.9.2.4
- ISO 27002-2013 A.9.2.5
- ISO 27002-2013 A.9.2.6
- ISO 27002-2013 A.9.3.1
- ISO 27002-2013 A.9.4.1
- ISO 27002-2013 A.9.4.2
- ISO 27002-2013 A.9.4.3
- ISO 27002-2013 A.9.4.4
- ISO 27002-2013 A.8.3.1
- ISO 27002-2013 A.9.1.1
- ISO 27002-2013 A.10.1.1
- PCI DSS 3.2 2.1
- PCI DSS 3.2 8.1
- PCI DSS 3.2 8.2
- PCI DSS 3.2 8.3
- PCI DSS 3.2 8.7
- PCI DSS 3.2 8.8
- PCI DSS 3.2 1.3
- PCI DSS 3.2 1.4
- PCI DSS 3.2 4.3
- PCI DSS 3.2 7.1
- PCI DSS 3.2 7.2
- PCI DSS 3.2 7.3
Fixed global rule syntax
2019-08-05 17:43:15 +00:00
---
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
logsource:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
product: netflow
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
detection:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
selection:
destination.port:
- 8080
- 21
- 80
- 23
- 50000
- 1521
- 27017
- 1433
- 11211
- 3306
- 15672
- 5900
- 5901
- 5902
- 5903
- 5904
condition: selection
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
---
logsource:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
product: firewall
compliance rules by SOC prime
2019-08-05 16:42:19 +00:00
detection:
Added UUIDs to rules
2019-11-12 22:12:27 +00:00
selection1:
destination.port:
- 8080
- 21
- 80
- 23
- 50000
- 1521
- 27017
- 3306
- 1433
- 11211
- 15672
- 5900
- 5901
- 5902
- 5903
- 5904
selection2:
action:
- forward
- accept
- 2
condition: selection1 AND selection2
Reference in New Issue Copy Permalink