-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVulnerabilityAssessmentQualys.yaml
109 lines (108 loc) · 5.66 KB
/
VulnerabilityAssessmentQualys.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
version: 1
ATT&CK version: 8.2
creation date: 03/17/2021
name: Integrated Vulnerability Scanner Powered by Qualys
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: Azure
tags:
- Azure Defender
- Azure Security Center
description: >-
This control provides a on-demand and scheduled vulnerability scan for Windows and Linux endpoints
that are being protected by Azure Defender. The scanner generates a list of possible
vulnerabilities in Azure Security Center for possible remediation.
techniques:
- id: T1189
name: Drive-by Compromise
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1190
name: Exploit Public-Facing Application
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1203
name: Exploitation for Client Execution
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1068
name: Exploitation for Privilege Escalation
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1211
name: Exploitation for Defense Evasion
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1212
name: Exploitation for Credential Access
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
- id: T1210
name: Exploitation of Remote Services
technique-scores:
- category: Protect
value: Partial
comments: >-
Once this control is deployed, it can detect known vulnerabilities in Windows and various
Linux endpoints. This information can be used to patch, isolate, or remove vulnerable
software and machines. This control does not directly protect against exploitation and it
is not effective against zero day attacks, vulnerabilities with no available patch, and
software that may not be analyzed by the scanner. As a result, the score is capped at
Partial.
comments: >-
Once this control is deployed, it will run a scan every four hours and scans can be run on demand.
Documentation notes that within 48 hours of the disclosure of a critical vulnerability, Qualys
incorporates the information into their processing and can identify affected machines.
All scores are capped at Partial since this control identifies vulnerabilities and does not
address the detected vulnerabilities.
references:
- 'https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm'
- 'https://docs.microsoft.com/en-us/azure/security-center/remediate-vulnerability-findings-vm'