Build a simple command line scanner which can be run in CI/CD plug-ins, at runtime to scan container images, running containers. hosts, volumes and more for known indicators of compromise pertaining to:
Cryptominers
Malware
Malicious files, binaries and packages
Live connections, and C2 activities
Any malicious traces in file systems, log files etc
Why?
Multiple reasons to do these as part of CI/CD and at runtime to figure out
Supply chain IOCs
Am I pwned checks on production infrastructure
No such tool exists for K8s and serverless so this fills a major gap
How?
YARA rule matching, its static but this seems to be the best way to exchange and add to community threat intel.
Problem Statement:
Build a simple command line scanner which can be run in CI/CD plug-ins, at runtime to scan container images, running containers. hosts, volumes and more for known indicators of compromise pertaining to:
Why?
Multiple reasons to do these as part of CI/CD and at runtime to figure out
How?
YARA rule matching, its static but this seems to be the best way to exchange and add to community threat intel.