mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-06 17:35:19 +00:00
110 lines
2.7 KiB
YAML
110 lines
2.7 KiB
YAML
title: Default Credentials Usage
|
|
id: 1a395cbc-a84a-463a-9086-ed8a70e573c7
|
|
status: stable
|
|
description: Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts. Sigma detects default credentials
|
|
usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
|
|
author: Alexandr Yampolskyi, SOC Prime
|
|
references:
|
|
- https://www.cisecurity.org/controls/cis-controls-list/
|
|
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
|
|
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
|
- https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists
|
|
date: 2019/03/26
|
|
logsource:
|
|
product: qualys
|
|
detection:
|
|
selection:
|
|
host.scan.vuln:
|
|
- 10693
|
|
- 11507
|
|
- 11633
|
|
- 11804
|
|
- 11821
|
|
- 11847
|
|
- 11867
|
|
- 11931
|
|
- 11935
|
|
- 11950
|
|
- 12541
|
|
- 12558
|
|
- 12559
|
|
- 12560
|
|
- 12562
|
|
- 12563
|
|
- 12565
|
|
- 12587
|
|
- 12590
|
|
- 12599
|
|
- 12702
|
|
- 12705
|
|
- 12706
|
|
- 12907
|
|
- 12928
|
|
- 12929
|
|
- 13053
|
|
- 13178
|
|
- 13200
|
|
- 13218
|
|
- 13241
|
|
- 13253
|
|
- 13274
|
|
- 13296
|
|
- 13301
|
|
- 13327
|
|
- 13373
|
|
- 13374
|
|
- 13409
|
|
- 13530
|
|
- 13532
|
|
- 20065
|
|
- 20073
|
|
- 20081
|
|
- 27202
|
|
- 27358
|
|
- 38702
|
|
- 38719
|
|
- 42045
|
|
- 42417
|
|
- 43029
|
|
- 43220
|
|
- 43221
|
|
- 43222
|
|
- 43223
|
|
- 43225
|
|
- 43246
|
|
- 43431
|
|
- 43484
|
|
- 86857
|
|
- 87098
|
|
- 87106
|
|
condition: selection
|
|
falsepositives:
|
|
- unknown
|
|
level: medium
|
|
# tags:
|
|
# - CSC4
|
|
# - CSC4.2
|
|
# - NIST CSF 1.1 PR.AC-4
|
|
# - NIST CSF 1.1 PR.AT-2
|
|
# - NIST CSF 1.1 PR.MA-2
|
|
# - NIST CSF 1.1 PR.PT-3
|
|
# - ISO 27002-2013 A.9.1.1
|
|
# - ISO 27002-2013 A.9.2.2
|
|
# - ISO 27002-2013 A.9.2.3
|
|
# - ISO 27002-2013 A.9.2.4
|
|
# - ISO 27002-2013 A.9.2.5
|
|
# - ISO 27002-2013 A.9.2.6
|
|
# - ISO 27002-2013 A.9.3.1
|
|
# - ISO 27002-2013 A.9.4.1
|
|
# - ISO 27002-2013 A.9.4.2
|
|
# - ISO 27002-2013 A.9.4.3
|
|
# - ISO 27002-2013 A.9.4.4
|
|
# - PCI DSS 3.2 2.1
|
|
# - PCI DSS 3.2 7.1
|
|
# - PCI DSS 3.2 7.2
|
|
# - PCI DSS 3.2 7.3
|
|
# - PCI DSS 3.2 8.1
|
|
# - PCI DSS 3.2 8.2
|
|
# - PCI DSS 3.2 8.3
|
|
# - PCI DSS 3.2 8.7
|