diff --git a/rules/compliance/cleartext_protocols.yml b/rules/compliance/firewall_cleartext_protocols.yml similarity index 82% rename from rules/compliance/cleartext_protocols.yml rename to rules/compliance/firewall_cleartext_protocols.yml index e50e0ea2..77b309b2 100644 --- a/rules/compliance/cleartext_protocols.yml +++ b/rules/compliance/firewall_cleartext_protocols.yml @@ -1,5 +1,5 @@ -action: global title: Cleartext Protocol Usage +id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e status: stable description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access. @@ -9,9 +9,6 @@ references: - https://www.cisecurity.org/controls/cis-controls-list/ - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf -falsepositives: - - unknown -level: low # tags: # - CSC4 # - CSC4.5 @@ -55,32 +52,6 @@ level: low # - PCI DSS 3.2 7.1 # - PCI DSS 3.2 7.2 # - PCI DSS 3.2 7.3 ---- -id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f -logsource: - product: netflow -detection: - selection: - destination.port: - - 8080 - - 21 - - 80 - - 23 - - 50000 - - 1521 - - 27017 - - 1433 - - 11211 - - 3306 - - 15672 - - 5900 - - 5901 - - 5902 - - 5903 - - 5904 - condition: selection ---- -id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e logsource: category: firewall detection: @@ -108,3 +79,6 @@ detection: - accept - 2 condition: selection1 AND selection2 +falsepositives: + - unknown +level: low \ No newline at end of file diff --git a/rules/compliance/netflow_cleartext_protocols.yml b/rules/compliance/netflow_cleartext_protocols.yml new file mode 100644 index 00000000..455d225c --- /dev/null +++ b/rules/compliance/netflow_cleartext_protocols.yml @@ -0,0 +1,79 @@ +title: Cleartext Protocol Usage +id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f +status: stable +description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption + is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access. +author: Alexandr Yampolskyi, SOC Prime +date: 2019/03/26 +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf +# tags: + # - CSC4 + # - CSC4.5 + # - CSC14 + # - CSC14.4 + # - CSC16 + # - CSC16.5 + # - NIST CSF 1.1 PR.AT-2 + # - NIST CSF 1.1 PR.MA-2 + # - NIST CSF 1.1 PR.PT-3 + # - NIST CSF 1.1 PR.AC-1 + # - NIST CSF 1.1 PR.AC-4 + # - NIST CSF 1.1 PR.AC-5 + # - NIST CSF 1.1 PR.AC-6 + # - NIST CSF 1.1 PR.AC-7 + # - NIST CSF 1.1 PR.DS-1 + # - NIST CSF 1.1 PR.DS-2 + # - ISO 27002-2013 A.9.2.1 + # - ISO 27002-2013 A.9.2.2 + # - ISO 27002-2013 A.9.2.3 + # - ISO 27002-2013 A.9.2.4 + # - ISO 27002-2013 A.9.2.5 + # - ISO 27002-2013 A.9.2.6 + # - ISO 27002-2013 A.9.3.1 + # - ISO 27002-2013 A.9.4.1 + # - ISO 27002-2013 A.9.4.2 + # - ISO 27002-2013 A.9.4.3 + # - ISO 27002-2013 A.9.4.4 + # - ISO 27002-2013 A.8.3.1 + # - ISO 27002-2013 A.9.1.1 + # - ISO 27002-2013 A.10.1.1 + # - PCI DSS 3.2 2.1 + # - PCI DSS 3.2 8.1 + # - PCI DSS 3.2 8.2 + # - PCI DSS 3.2 8.3 + # - PCI DSS 3.2 8.7 + # - PCI DSS 3.2 8.8 + # - PCI DSS 3.2 1.3 + # - PCI DSS 3.2 1.4 + # - PCI DSS 3.2 4.3 + # - PCI DSS 3.2 7.1 + # - PCI DSS 3.2 7.2 + # - PCI DSS 3.2 7.3 +logsource: + product: netflow +detection: + selection: + destination.port: + - 8080 + - 21 + - 80 + - 23 + - 50000 + - 1521 + - 27017 + - 1433 + - 11211 + - 3306 + - 15672 + - 5900 + - 5901 + - 5902 + - 5903 + - 5904 + condition: selection +falsepositives: + - unknown +level: low \ No newline at end of file