Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MITRE compatible ruleset #244

Merged
merged 2 commits into from
Feb 7, 2024
Merged

Add MITRE compatible ruleset #244

merged 2 commits into from
Feb 7, 2024

Conversation

hdtrinh
Copy link
Member

@hdtrinh hdtrinh commented Feb 5, 2024

Add MITRE compatible ruleset

This PR adds new rules for the rule-engine module compatible with MITRE Framework.

Each rule is enriched with a comprehensive description, severity level and additional information.
Rules have been organized in folders according to the MITRE threat category.

I have

  • run cargo fmt;
  • run cargo clippy;
  • run cargo testand all tests pass;
  • linked to the originating issue (if applicable).

@hdtrinh hdtrinh requested review from krsh and banditopazzo February 5, 2024 12:38
vadorovsky
vadorovsky approved these changes Feb 6, 2024
View reviewed changes
Copy link
Member

@vadorovsky vadorovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one comment, but overall looks good. Nice that we will mitigate more real attacks now!

On the side note, we could consider adding some YAML linter to CI - later, not in this PR. We have some very long lines (over 100 chars) and redundant whitespaces and here and there, but I'm not going to nitpick this PR with that, I prefer the CI to do that. 😅

rules /privilege_escalation/ld_preload_shared_object_modif.yaml Outdated Show resolved Hide resolved
@vadorovsky vadorovsky merged commit e5bc078 into main Feb 7, 2024
@vadorovsky vadorovsky deleted the MITRE-ruleset branch February 7, 2024 14:05
@krsh
Copy link
Member

krsh commented Feb 7, 2024

There is a typo: the directory of rules is named rules / ("rules" + white space).
It should have been corrected before the merge.

@krsh krsh restored the MITRE-ruleset branch February 7, 2024 15:03
@krsh krsh mentioned this pull request Feb 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vadorovsky vadorovsky vadorovsky approved these changes

@krsh krsh Awaiting requested review from krsh

@banditopazzo banditopazzo Awaiting requested review from banditopazzo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hdtrinh @krsh @vadorovsky