From 0e2c010bbb2287c105f757553f6bbf0cbc528a50 Mon Sep 17 00:00:00 2001
From: Shiv Bhagavatula <shiv@accuknox.com>
Date: Wed, 10 Jan 2024 16:40:46 +0530
Subject: [PATCH]  - Added network traffic

---
 actions/mitre/integrityProtection.yaml | 9 +++++++++
 res/actionTemplate.yaml                | 9 +++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 actions/mitre/integrityProtection.yaml
 create mode 100644 res/actionTemplate.yaml

diff --git a/actions/mitre/integrityProtection.yaml b/actions/mitre/integrityProtection.yaml
new file mode 100644
index 0000000..5164d31
--- /dev/null
+++ b/actions/mitre/integrityProtection.yaml
@@ -0,0 +1,9 @@
+title: networkTraffic
+description: Malware uses DNS as a transport to communicate with the command-and-control servers [infloBlox]. Hence the packets contents need to be checked for data exfiltration. Basic checks can be implemented by the security engines on the DNS packets
+severity: high
+tags: [5gcore, edge, mitre]
+references:
+  - name: mitre
+    url: https://fight.mitre.org/data%20sources/DS0029
+  - name: infoBlox 
+    url: https://www.infoblox.com/dns-security-resource-center/dns-security-faq/what-is-dns-protection/
diff --git a/res/actionTemplate.yaml b/res/actionTemplate.yaml
new file mode 100644
index 0000000..c993cee
--- /dev/null
+++ b/res/actionTemplate.yaml
@@ -0,0 +1,9 @@
+title: xxx
+description: 
+severity: high
+tags: [5gcore, edge, accuknox]
+references:
+  - name:
+    url: 
+  - name: 
+    url: