This repository has been archived by the owner on Apr 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 63
/
AzureAutomationUpdateMGT.yaml
142 lines (142 loc) · 5.85 KB
/
AzureAutomationUpdateMGT.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
version: 1
ATT&CK version: 8.2
creation date: 04/02/2021
name: Azure Automation Update Management
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: Azure
tags:
- Linux
- Windows
description: >-
"Use Azure Automation Update Management or a third-party solution to ensure that the most recent
security updates are installed on your Windows and Linux VMs. "
techniques:
- id: T1195
name: Supply Chain Compromise
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides coverage of some aspects of software supply chain compromise since
it enables automated updates of software and rapid configuration change management.
sub-techniques-scores:
- sub-techniques:
- id: T1195.002
name: Compromise Software Supply Chain
- id: T1195.001
name: Compromise Software Dependencies and Development Tools
scores:
- category: Protect
value: Partial
comments: >-
This control provides coverage of some aspects of software supply chain compromise
since it enables automated updates of software and rapid configuration change
management.
- id: T1072
name: Software Deployment Tools
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides partial coverage of attacks that leverage software flaws in
unpatched deployment tools since it enables automated updates of software and rapid
configuration change management.
- id: T1210
name: Exploitation of Remote Services
technique-scores:
- category: Protect
value: Significant
comments: >-
This control provides significant coverage of techniques that leverage vulnerabilities in
unpatched remote services since it enables automated updates of software and rapid
configuration change management.
- id: T1211
name: Exploitation for Defense Evasion
technique-scores:
- category: Protect
value: Significant
comments: >-
This control provides significant coverage of defensive evasion methods that exploit
unpatched vulnerabilities in software/systems since it enables automated updates of
software and rapid configuration change management.
- id: T1068
name: Exploitation for Privilege Escalation
technique-scores:
- category: Protect
value: Significant
comments: >-
This control provides significant coverage of methods that leverage vulnerabilities in
unpatched software since it enables automated updates of software and rapid configuration
change management
- id: T1190
name: Exploit Public-Facing Application
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides partial coverage for techniques that exploit vulnerabilities in
(common) unpatched software since it enables automated updates of software and rapid
configuration change management.
- id: T1212
name: Exploitation for Credential Access
technique-scores:
- category: Protect
value: Significant
comments: >-
This control provides significant coverage of credential access techniques that leverage
unpatched software vulnerabilities since it enables automated updates of software and
rapid configuration change management.
- id: T1203
name: Exploitation for Client Execution
technique-scores:
- category: Protect
value: Significant
comments: >-
This control provides significant coverage for Exploitation for client execution methods
that leverage unpatched vulnerabilities since it enables automated updates of software
and rapid configuration change management.
- id: T1499
name: Endpoint Denial of Service
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides protection against the subset of Denial of Service (DOS) attacks
that leverage system/application vulnerabilities as opposed to volumetric attacks since
it enables automated updates of software and rapid configuration change management.
sub-techniques-scores:
- sub-techniques:
- id: T1499.004
name: Application or System Exploitation
scores:
- category: Protect
value: Significant
comments: >-
This control provides significant protection against Denial of Service (DOS) attacks
that leverage system/application vulnerabilities as opposed to volumetric attacks
since it enables automated updates of software and rapid configuration change
management.
- id: T1554
name: Compromise Client Software Binary
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides partial protection against compromised client software binaries
since it can provide a baseline to compare with potentially compromised/modified software
binaries.
- id: T1189
name: Drive-by Compromise
technique-scores:
- category: Protect
value: Partial
comments: >-
This control protects against a subset of drive-by methods that leverage unpatched client
software since it enables automated updates of software and rapid configuration change
management
comments: >-
This control generally applies to techniques that leverage vulnerabilities in unpatched software,
which can be specific techniques sub-techniques.
references:
- 'https://docs.microsoft.com/en-us/azure/automation/update-management/overview'