PCI DSS blog #1027
PCI DSS blog #1027
Conversation
|
Welcome @nigeldouglas-itcarlow! It looks like this is your first PR to falcosecurity/falco-website 🎉 |
Squashed all commits into one single commit. Signed-off-by: nigeldouglas-itcarlow <[email protected]>
nigeldouglas-itcarlow
force-pushed
the
nigeldouglas-itcarlow-pci-dss-blog
branch
from
97d83de to
9e78ca3
Compare
|
/hold until July 6th |
| and not redhat_image | ||
| output: Privileged container started (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline) | ||
| priority: INFO | ||
| tags: [container, privilege_escalation, lateral_movement, T1610, PCI_DSS_10.2.5] |
There was a problem hiding this comment.
@nigeldouglas-itcarlow oh I love this convention about the PCI/DSS reference, can we learn more about it? What standards did you base it on (I am more of a threat detection and less compliance person). We are discussing a new rules maturity and adoption framework here falcosecurity/rules#76 and we wanted to add at least 3 "compliance" rules by Falco 0.36 and/or tag existing ones in this regard? Could you help us? Any feedback welcome re the rules maturity framework proposal! Thanks a bunch in advance!
There was a problem hiding this comment.
@incertum I am happy to help with this. I only tagged the existing rules with the relevant PCI DSS tags based on the standards/controls outlined in the PCI compliance framework - https://www.pcidssguide.com/pci-dss-requirement-10/
I am also working on aligning some existing Falco rules with NIST 800-171 Controls. If this helps?
Either way, I'd be happy to discuss this offline. Is there a meeting set up for the maturity framework proposal?
|
/unhold publish July 6th |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Issif, nigeldouglas-itcarlow The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
LGTM label has been added. Git tree hash: e9867562f1d81f04342d16d609562ee5e980c196
|
What type of PR is this?
/kind content
Any specific area of the project related to this PR?
/area blog
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer: