cloud-native-security-hub
所属分类:云原生工具
开发工具:Makefile
文件大小:47KB
下载次数:0
上传日期:2020-03-26 09:15:05
上 传 者:
sh-1993
说明: 云本机安全中心-安全资源
(Cloud Native Security Hub - Security Resources)
文件列表:
.circleci (0, 2020-03-26)
.circleci\config.yml (397, 2020-03-26)
CODE_OF_CONDUCT.md (2038, 2020-03-26)
CONTRIBUTING.md (1923, 2020-03-26)
Dockerfile (102, 2020-03-26)
LICENSE (11357, 2020-03-26)
Makefile (257, 2020-03-26)
OWNERS (136, 2020-03-26)
resources (0, 2020-03-26)
resources\falco (0, 2020-03-26)
resources\falco\admin.yaml (1413, 2020-03-26)
resources\falco\apache.yaml (3455, 2020-03-26)
resources\falco\consul.yaml (4399, 2020-03-26)
resources\falco\cve (0, 2020-03-26)
resources\falco\cve\2019-11246.yaml (2866, 2020-03-26)
resources\falco\cve\2019-14287.yaml (2083, 2020-03-26)
resources\falco\cve\2019-5736.yaml (1682, 2020-03-26)
resources\falco\elasticsearch.yaml (4494, 2020-03-26)
resources\falco\etcd.yaml (5247, 2020-03-26)
resources\falco\fim.yaml (3749, 2020-03-26)
resources\falco\fluentd.yaml (3130, 2020-03-26)
resources\falco\gke.yaml (16135, 2020-03-26)
resources\falco\haproxy.yaml (4354, 2020-03-26)
resources\falco\kubernetes.yaml (14748, 2020-03-26)
resources\falco\mongo.yaml (3569, 2020-03-26)
resources\falco\nginx.yaml (4725, 2020-03-26)
resources\falco\php-fpm.yaml (5459, 2020-03-26)
resources\falco\postgres.yaml (4506, 2020-03-26)
resources\falco\redis.yaml (3036, 2020-03-26)
resources\falco\rook.yaml (4608, 2020-03-26)
resources\falco\ssh.yaml (1335, 2020-03-26)
resources\falco\traefik.yaml (2359, 2020-03-26)
resources\openpolicyagent (0, 2020-03-26)
resources\openpolicyagent\trusted_registry_images_policy.yaml (1058, 2020-03-26)
vendors (0, 2020-03-26)
vendors\apache.yaml (775, 2020-03-26)
vendors\coreos.yaml (519, 2020-03-26)
vendors\elastic.yaml (859, 2020-03-26)
... ...
# Cloud Native Security Hub
 
Cloud Native Security Hub is a platform for discovering and sharing rules and
configurations for cloud native security tools.
This repository contains all the security resources which will be displayed on
https://securityhub.dev
## Usage
### Adding a new Falco Rule
You can use the following template or copy from any existent resource.
```yaml
apiVersion: v1
kind: FalcoRules
vendor: Apache # This is the provider name, is shipped by the vendor or by the community?
name: Apache # The name of the rule, is this for a product or we are protecting against a CVE
shortDescription: Falco rules for securing Apache HTTP Server # What does this rule does?
version: 1.0.0 # The version of the security resource
description: |
# This is markdown!
Add *anything* you want and it will be rendered on the security hub!
keywords: # A list of keywords. See the categories on https://securityhub.dev
- web
icon: # A reference to an icon or an image for the rule
maintainers: # Who are maintaining this rule?
- name: Nestor Salceda # Maintainer
link: https://github.com/nestorsalceda # His/her GitHub link
- name: Fede Barcelona
link: https://github.com/tembleking
rules:
- raw: |
# Here goes the Falco rule itself, written in YAML
- rule: Unexpected inbound tcp connection apache
desc: Detect inbound traffic to apache using tcp on a port outside of expected set
condition: inbound and evt.rawres >= 0 and not fd.sport in (apache_allowed_inbound_ports_tcp) and app_apache
output: Inbound network connection to apache on unexpected port (command=%proc.cmdline pid=%proc.pid connection=%fd.name sport=%fd.sport user=%user.name %container.info image=%container.image)
priority: NOTICE
```
## Contributing
Contributors are welcome!
See the [CONTRIBUTING.md](./CONTRIBUTING.md)
近期下载者:
相关文件:
收藏者: