Basic Ransomware Policies

openraven / magpie

A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.

Apache License 2.0

171 stars 26 forks source link

Basic Ransomware Policies #239

Closed curphey closed 2 years ago

curphey commented 3 years ago

Move the policies and rules for ransomware into three policies

Ransomware Prevention
Ransomware Indicators of Compromise
Ransomware Resiliency

The prevention policy will have all the relevant rules for hardening an environment. The IOC policy will have rules such as the C&C servers and unknown KMS keys The Resiliency policy will an analysis of what AWS Assets are being backed up by AWS Backup and relevant settings like backups being encrypted etc.

curphey commented 2 years ago

Closing now in prep for new researchers coming on board and planning rulesets