From 53add56c75c3f075a5ff6ec16c234aeeb48d0bc0 Mon Sep 17 00:00:00 2001
From: Shiv Bhagavatula <shiv@accuknox.com>
Date: Thu, 28 Dec 2023 19:02:00 +0530
Subject: [PATCH 1/2]  - Update the threatTemplate

---
 .../execution/threatPackageInstallation.yaml  | 14 +++++++++
 threats/threatTemplate.yaml                   | 30 +++++++++++++++----
 2 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 threats/execution/threatPackageInstallation.yaml

diff --git a/threats/execution/threatPackageInstallation.yaml b/threats/execution/threatPackageInstallation.yaml
new file mode 100644
index 0000000..3c4d7c0
--- /dev/null
+++ b/threats/execution/threatPackageInstallation.yaml
@@ -0,0 +1,14 @@
+title: Package installation
+description: An adversary may use package management to deploy lateral movement tools
+severity: high
+oranThreadId: 
+detectionMethods: [ mitre/DS0015, accuknox/xxxx ] # application log
+mitigationMethods: [ mitre/M1030, accuknox/yyyy ] # network segmentation
+securityIntents:
+  - blockPort
+    - params         # We use this field to replace the values in template
+  - sample-si-2.yaml
+    - params
+securityIntentBinding: sample-si-binding.yaml
+preDeploymentConsiderations: #Anything that can be done in CI/CD pipelines that can alleviate this threat
+references: [ref1, ref2]
diff --git a/threats/threatTemplate.yaml b/threats/threatTemplate.yaml
index 79fc2f9..3446ec3 100644
--- a/threats/threatTemplate.yaml
+++ b/threats/threatTemplate.yaml
@@ -1,14 +1,32 @@
 title:        # Scenario-title
 description:  # Detailed description of the scenario
 severity:     # High/Medium/Low
-oranThreadId: # mapping to Threat IDs defined in O-RAN WG11 Threat Model document
+tags: [oran, 5gcore, generic, oranThreatId]
 detectionMethods: #Mechanisms to detect the threat - https://fight.mitre.org/data%20sources
+   - name: applicationlog
+     tag: [mitre, ds0015]
+     description: desc
+     url: https://fight.mitre.org/data%20sources/DS0015
+   - name: myapplicationlog
+     tag: [accuknox, ax0015]
+     description: desc
+     url: https://...
 mitigationMethods: #Mechanisms to mitigate the threat - https://fight.mitre.org/mitigations
+   - name: applicationlog
+     tag: [mitre, ds0015]
+     description: desc
+     url: https://fight.mitre.org/data%20sources/DS0015
+   - name: myapplicationlog
+     tag: [accuknox, ax0015]
+     description: desc
+     url: https://...
 securityIntents:
-  - sample-si-1.yaml
-    - params         # We use this field to replace the values in template
-  - sample-si-2.yaml
-    - params
+  - sample-si-1   # no params for now
+  - sample-si-2
 securityIntentBinding: sample-si-binding.yaml
 preDeploymentConsiderations: #Anything that can be done in CI/CD pipelines that can alleviate this threat
-references: [ref1, ref2]
+references:
+  - name: ref1 
+    url:
+  - name: ref2
+    url: 

From 667bd5bf26feb252e1e7c6c512b6cb2a9b00ecd1 Mon Sep 17 00:00:00 2001
From: Shiv Bhagavatula <shiv@accuknox.com>
Date: Thu, 28 Dec 2023 19:03:03 +0530
Subject: [PATCH 2/2]  - Updated readme

---
 README.md | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 013c739..36593a5 100644
--- a/README.md
+++ b/README.md
@@ -18,20 +18,39 @@ Repository to hold Security Intents in standard template format.
 title:        # Scenario-title
 description:  # Detailed description of the scenario
 severity:     # High/Medium/Low
-oranThreadId: # mapping to Threat IDs defined in O-RAN WG11 Threat Model document
+tags: [oran, 5gcore, generic, oranThreatId]
 detectionMethods: #Mechanisms to detect the threat - https://fight.mitre.org/data%20sources
+   - name: applicationlog
+     tag: [mitre, ds0015]
+     description: desc
+     url: https://fight.mitre.org/data%20sources/DS0015
+   - name: myapplicationlog
+     tag: [accuknox, ax0015]
+     description: desc
+     url: https://...
 mitigationMethods: #Mechanisms to mitigate the threat - https://fight.mitre.org/mitigations
+   - name: applicationlog
+     tag: [mitre, ds0015]
+     description: desc
+     url: https://fight.mitre.org/data%20sources/DS0015
+   - name: myapplicationlog
+     tag: [accuknox, ax0015]
+     description: desc
+     url: https://...
 securityIntents:
-  - sample-si-1.yaml
-    - params         # We use this field to replace the values in template
-  - sample-si-2.yaml
-    - params
+  - sample-si-1   # no params for now
+  - sample-si-2
 securityIntentBinding: sample-si-binding.yaml
 preDeploymentConsiderations: #Anything that can be done in CI/CD pipelines that can alleviate this threat
-references: [ref1, ref2]
+references:
+  - name: ref1 
+    url:
+  - name: ref2
+    url: 
 ```
 
 ## Security Threats
+  - [threatPackageInstallation](threats/execution/threatPackageInstallation.yaml)
   - [threatTemplate](threats/threatTemplate.yaml)
 
 ## Contributions welcome...