search

center-for-threat-informed-defense / security-stack-mappings

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.
https://center-for-threat-informed-defense.github.io/mappings-explorer/
Apache License 2.0
380 stars 63 forks source link

Add T1648, T1556, T1578 and T1606 to AWS IAM #178

Closed MrCloudSec closed 1 week ago

MrCloudSec commented 1 year ago
tiffb commented 1 year ago

sergargar, thank you for submitting these mappings to our project! I’ll review and get back to you with any questions.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

tiffb commented 1 year ago

Please note that this project was published in 2021 with mappings to ATT&CK for Enterprise v9. So, for example, the mapping to T1648 (created May 2022) would not be included in this repository. We plan to update all mappings to a newer version of ATT&CK this year and will take this under consideration.

The remaining techniques you mention have been updated since the project release which may have affected the existing mappings. It does seem that AWS IAM can help prevent the modification of infrastructure components (T1578) or authentication mechanisms and processes (T1556), as well as forged credential materials (T1606) and cloud infrastructure discovery (T1580). We will look to include these in the mapping repository.

We are much appreciative of your input and contributions on enhancing this resource! Please let us know if you have any other suggestions or questions. Thanks!

tiffb commented 1 year ago

Hi sergargar! We’ll add those techniques when we update these mappings to incorporate a newer version of ATT&CK later this year.