About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Cloud Security Use Cases Knowledge Base
In this project, security experts from CCoE conducted a study of OpenShift and Kubernetes common vulnerabilities and exposures (CVEs) as well as various cloud attack tactics, such as those described by the MITRE ATT&CK framework, and identified over 90 cloud security attack use cases. More than 300 symptoms have been listed and attached to one or more of those security use cases. The symptoms are categorized by several ontologies, including the layer of compromise (e.g., storage, network, OS, virtualization, application, etc.) and requirements for detection (e.g., rules vs. baselining vs. AI). Overall, this study provides a comprehensive cloud security knowledge base which has been well received by our development community.
One of the outcomes of this project was a new set of rules for IBM QRadar SIEM available as a Cloud content pack. This set of rules can serve as a starting pointing for future research across different IBM labs.