tetragon: Add MITRE ATT&CK references and tags to privileged execution events.

cilium / tetragon

eBPF-based Security Observability and Runtime Enforcement

Apache License 2.0

3.66k stars 369 forks source link

Privileged execution will be automatically tagged with following:

    {
      "process_exec": {
        "process": {
          "exec_id": "cm9yb25vYToyNTM0Nzk3NjE2NzY0NjY6NzQxMDI2",
          "pid": 741026,
          "uid": 0,
          "cwd": "/home/tixxdz/work/roronoa/code/src/github.com/tixxdz/tetragon",
          "binary": "/usr/bin/sudo",
          "arguments": "id",
          "..."
        }
        "message": "Privilege Escalation via SUID/SGID binary execution",
        "tags": [
          "attack.techniques",
          "attack.T1548",
          "attack.T1068",
          "attack.tactics",
          "attack.TA0004"
        ]
      }
    }

tetragon: Add MITRE ATT&CK references and tags to privileged execution events.

Name	Link
Latest commit	e7f35961a55b04791b36eb22ad3b95e9f881e3a3
Latest deploy log	https://app.netlify.com/sites/tetragon/deploys/673637f8ea07100008849be7
Deploy Preview	https://deploy-preview-3110--tetragon.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

Name

Link

Latest commit

e7f35961a55b04791b36eb22ad3b95e9f881e3a3

Latest deploy log

https://app.netlify.com/sites/tetragon/deploys/673637f8ea07100008849be7

Deploy Preview

https://deploy-preview-3110--tetragon.netlify.app

Preview on mobile

Toggle QR Code...

Use your smartphone camera to open QR code link.

cilium / tetragon

tetragon: Add MITRE ATT&CK references and tags to privileged execution events. #3110

Deploy Preview for tetragon ready!

cilium / tetragon

tetragon: Add MITRE ATT&CK references and tags to privileged execution events. #3110

✅ Deploy Preview for tetragon ready!

Deploy Preview for tetragon ready!