security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0bad54dbda170d5369f54ccede5f11f999da4de
blue-team-tools/rules/compliance/host_without_firewall.yml
T

31 lines
966 B
YAML
Raw Normal View History

compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
title: Host Without Firewall
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
Added level
2019-08-05 19:51:22 +02:00
description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
author: Alexandr Yampolskyi, SOC Prime
references:
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
- https://www.cisecurity.org/controls/cis-controls-list/
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
date: 2019/03/19
status: stable
Added level
2019-08-05 19:51:22 +02:00
level: low
compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
logsource:
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
product: Qualys
compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
detection:
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
selection:
event.category: Security Policy
host.scan.vuln_name: Firewall Product Not Detected*
condition: selection
compliance rules by SOC prime
2019-08-05 19:42:19 +03:00
tags:
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
- CSC9
- CSC9.4
- NIST CSF 1.1 PR.AC-5
- NIST CSF 1.1 PR.AC-6
- NIST CSF 1.1 PR.AC-7
- NIST CSF 1.1 DE.AE-1
- ISO 27002-2013 A.9.1.2
- ISO 27002-2013 A.13.2.1
- ISO 27002-2013 A.13.2.2
- ISO 27002-2013 A.14.1.2
- PCI DSS 3.2 1.4
Reference in New Issue Copy Permalink