security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b2acd800981e1c8d9f747173eb7803f0405cebd6
blue-team-tools/rules/network/firewall/net_firewall_cleartext_protocols.yml
T
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00

90 lines
2.5 KiB
YAML
Raw Blame History

title: Cleartext Protocol Usage
id: d7fb8f0e-bd5f-45c2-b467-19571c490d7e
status: stable
description: |
Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.
Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.
references:
- https://www.cisecurity.org/controls/cis-controls-list/
- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
author: Alexandr Yampolskyi, SOC Prime, Tim Shelton
date: 2019-03-26
modified: 2022-10-10
tags:
- attack.credential-access
# - CSC4
# - CSC4.5
# - CSC14
# - CSC14.4
# - CSC16
# - CSC16.5
# - NIST CSF 1.1 PR.AT-2
# - NIST CSF 1.1 PR.MA-2
# - NIST CSF 1.1 PR.PT-3
# - NIST CSF 1.1 PR.AC-1
# - NIST CSF 1.1 PR.AC-4
# - NIST CSF 1.1 PR.AC-5
# - NIST CSF 1.1 PR.AC-6
# - NIST CSF 1.1 PR.AC-7
# - NIST CSF 1.1 PR.DS-1
# - NIST CSF 1.1 PR.DS-2
# - ISO 27002-2013 A.9.2.1
# - ISO 27002-2013 A.9.2.2
# - ISO 27002-2013 A.9.2.3
# - ISO 27002-2013 A.9.2.4
# - ISO 27002-2013 A.9.2.5
# - ISO 27002-2013 A.9.2.6
# - ISO 27002-2013 A.9.3.1
# - ISO 27002-2013 A.9.4.1
# - ISO 27002-2013 A.9.4.2
# - ISO 27002-2013 A.9.4.3
# - ISO 27002-2013 A.9.4.4
# - ISO 27002-2013 A.8.3.1
# - ISO 27002-2013 A.9.1.1
# - ISO 27002-2013 A.10.1.1
# - PCI DSS 3.2 2.1
# - PCI DSS 3.2 8.1
# - PCI DSS 3.2 8.2
# - PCI DSS 3.2 8.3
# - PCI DSS 3.2 8.7
# - PCI DSS 3.2 8.8
# - PCI DSS 3.2 1.3
# - PCI DSS 3.2 1.4
# - PCI DSS 3.2 4.3
# - PCI DSS 3.2 7.1
# - PCI DSS 3.2 7.2
# - PCI DSS 3.2 7.3
logsource:
category: firewall
detection:
selection:
dst_port:
- 8080
- 21
- 80
- 23
- 50000
- 1521
- 27017
- 3306
- 1433
- 11211
- 15672
- 5900
- 5901
- 5902
- 5903
- 5904
selection_allow1:
action:
- forward
- accept
- 2
selection_allow2:
blocked: "false" # not all fws set action value, but are set to mark as blocked or allowed or not
condition: selection and 1 of selection_allow*
falsepositives:
- Unknown
level: low
Reference in New Issue View Git Blame Copy Permalink