New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Logging #112

Open

shivaccuknox opened this issue May 21, 2024 · 0 comments

Labels

adapter Intent tactic: initialAccess

Contributor

shivaccuknox commented May 21, 2024 •

edited

Loading

This work item needs review from the NSF team as jaehyun is also working on eBPF based monitoring of HTTP:

API Logging Intent can detect below techniques

Unauthorized access to Network Exposure Function (NEF) via token fraud: DS0015: Logs of connection attempts to NEF
Trusted Relationships: DS0015: Monitor logs for unexpected actions taken by any delegated administrator accounts (WebUI)

One possible approach is

This intent uses the kubeArmor adapter to trigger KubeArmor to initiate API logging.
API logging can be configured on ip:port number. This parameter will have to be supplied by the intent. NEF endpoint, WebUI endpoints
The logs can be streamed to SentryFlow

shivaccuknox added this to NIMBUS

shivaccuknox converted this from a draft issue

shivaccuknox added the Intent label

nandhued added the adapter label

shivaccuknox added the tactic: initialAccess label

shivaccuknox mentioned this issue

DNS Logging: DNS Manipulation Intent #115

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment