mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 17:58:52 +00:00
110 lines
2.6 KiB
YAML
110 lines
2.6 KiB
YAML
action: global
|
|
title: Cleartext Protocol Usage
|
|
id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f
|
|
status: stable
|
|
description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption
|
|
is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.
|
|
author: Alexandr Yampolskyi, SOC Prime
|
|
date: 2019/03/26
|
|
references:
|
|
- https://www.cisecurity.org/controls/cis-controls-list/
|
|
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
|
|
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
|
|
falsepositives:
|
|
- unknown
|
|
level: low
|
|
tags:
|
|
- CSC4
|
|
- CSC4.5
|
|
- CSC14
|
|
- CSC14.4
|
|
- CSC16
|
|
- CSC16.5
|
|
- NIST CSF 1.1 PR.AT-2
|
|
- NIST CSF 1.1 PR.MA-2
|
|
- NIST CSF 1.1 PR.PT-3
|
|
- NIST CSF 1.1 PR.AC-1
|
|
- NIST CSF 1.1 PR.AC-4
|
|
- NIST CSF 1.1 PR.AC-5
|
|
- NIST CSF 1.1 PR.AC-6
|
|
- NIST CSF 1.1 PR.AC-7
|
|
- NIST CSF 1.1 PR.DS-1
|
|
- NIST CSF 1.1 PR.DS-2
|
|
- ISO 27002-2013 A.9.2.1
|
|
- ISO 27002-2013 A.9.2.2
|
|
- ISO 27002-2013 A.9.2.3
|
|
- ISO 27002-2013 A.9.2.4
|
|
- ISO 27002-2013 A.9.2.5
|
|
- ISO 27002-2013 A.9.2.6
|
|
- ISO 27002-2013 A.9.3.1
|
|
- ISO 27002-2013 A.9.4.1
|
|
- ISO 27002-2013 A.9.4.2
|
|
- ISO 27002-2013 A.9.4.3
|
|
- ISO 27002-2013 A.9.4.4
|
|
- ISO 27002-2013 A.8.3.1
|
|
- ISO 27002-2013 A.9.1.1
|
|
- ISO 27002-2013 A.10.1.1
|
|
- PCI DSS 3.2 2.1
|
|
- PCI DSS 3.2 8.1
|
|
- PCI DSS 3.2 8.2
|
|
- PCI DSS 3.2 8.3
|
|
- PCI DSS 3.2 8.7
|
|
- PCI DSS 3.2 8.8
|
|
- PCI DSS 3.2 1.3
|
|
- PCI DSS 3.2 1.4
|
|
- PCI DSS 3.2 4.3
|
|
- PCI DSS 3.2 7.1
|
|
- PCI DSS 3.2 7.2
|
|
- PCI DSS 3.2 7.3
|
|
---
|
|
logsource:
|
|
product: netflow
|
|
detection:
|
|
selection:
|
|
destination.port:
|
|
- 8080
|
|
- 21
|
|
- 80
|
|
- 23
|
|
- 50000
|
|
- 1521
|
|
- 27017
|
|
- 1433
|
|
- 11211
|
|
- 3306
|
|
- 15672
|
|
- 5900
|
|
- 5901
|
|
- 5902
|
|
- 5903
|
|
- 5904
|
|
condition: selection
|
|
---
|
|
logsource:
|
|
product: firewall
|
|
detection:
|
|
selection1:
|
|
destination.port:
|
|
- 8080
|
|
- 21
|
|
- 80
|
|
- 23
|
|
- 50000
|
|
- 1521
|
|
- 27017
|
|
- 3306
|
|
- 1433
|
|
- 11211
|
|
- 15672
|
|
- 5900
|
|
- 5901
|
|
- 5902
|
|
- 5903
|
|
- 5904
|
|
selection2:
|
|
action:
|
|
- forward
|
|
- accept
|
|
- 2
|
|
condition: selection1 AND selection2
|