security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
3a20687cadd9d3f05cecf2ecc46c22a6d4996b01
blue-team-tools/rules-compliance/other/netflow_cleartext_protocols.yml
T
Nasreddine Bencherchali 3a20687cad Merge PR #5738 from @nasbench - rename folders and update readme 
chore: rename folders and update readme
2025-11-03 10:35:44 +01:00

84 lines
2.2 KiB
YAML
Raw Blame History

title: Cleartext Protocol Usage Via Netflow
id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f
status: stable
description: |
Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels
Ensure that an encryption is used for all sensitive information in transit.
Ensure that an encrypted channels is used for all administrative account access.
references:
- https://www.cisecurity.org/controls/cis-controls-list/
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
author: Alexandr Yampolskyi, SOC Prime
date: 2019-03-26
modified: 2022-11-18
tags:
- attack.credential-access
# - CSC4
# - CSC4.5
# - CSC14
# - CSC14.4
# - CSC16
# - CSC16.5
# - NIST CSF 1.1 PR.AT-2
# - NIST CSF 1.1 PR.MA-2
# - NIST CSF 1.1 PR.PT-3
# - NIST CSF 1.1 PR.AC-1
# - NIST CSF 1.1 PR.AC-4
# - NIST CSF 1.1 PR.AC-5
# - NIST CSF 1.1 PR.AC-6
# - NIST CSF 1.1 PR.AC-7
# - NIST CSF 1.1 PR.DS-1
# - NIST CSF 1.1 PR.DS-2
# - ISO 27002-2013 A.9.2.1
# - ISO 27002-2013 A.9.2.2
# - ISO 27002-2013 A.9.2.3
# - ISO 27002-2013 A.9.2.4
# - ISO 27002-2013 A.9.2.5
# - ISO 27002-2013 A.9.2.6
# - ISO 27002-2013 A.9.3.1
# - ISO 27002-2013 A.9.4.1
# - ISO 27002-2013 A.9.4.2
# - ISO 27002-2013 A.9.4.3
# - ISO 27002-2013 A.9.4.4
# - ISO 27002-2013 A.8.3.1
# - ISO 27002-2013 A.9.1.1
# - ISO 27002-2013 A.10.1.1
# - PCI DSS 3.2 2.1
# - PCI DSS 3.2 8.1
# - PCI DSS 3.2 8.2
# - PCI DSS 3.2 8.3
# - PCI DSS 3.2 8.7
# - PCI DSS 3.2 8.8
# - PCI DSS 3.2 1.3
# - PCI DSS 3.2 1.4
# - PCI DSS 3.2 4.3
# - PCI DSS 3.2 7.1
# - PCI DSS 3.2 7.2
# - PCI DSS 3.2 7.3
logsource:
service: netflow
detection:
selection:
destination.port:
- 8080
- 21
- 80
- 23
- 50000
- 1521
- 27017
- 1433
- 11211
- 3306
- 15672
- 5900
- 5901
- 5902
- 5903
- 5904
condition: selection
falsepositives:
- Unknown
level: low
Reference in New Issue View Git Blame Copy Permalink