Cloud Security Use Cases Knowledge Base
In this project, security experts from CCoE conducted a study of OpenShift and Kubernetes common vulnerabilities and exposures (CVEs) as well as various cloud attack tactics, such as those described by the MITRE ATT&CK framework, and identified over 90 cloud security attack use cases. More than 300 symptoms have been listed and attached to one or more of those security use cases. The symptoms are categorized by several ontologies, including the layer of compromise (e.g., storage, network, OS, virtualization, application, etc.) and requirements for detection (e.g., rules vs. baselining vs. AI). Overall, this study provides a comprehensive cloud security knowledge base which has been well received by our development community.
One of the outcomes of this project was a new set of rules for IBM QRadar SIEM available as a Cloud content pack. This set of rules can serve as a starting pointing for future research across different IBM labs.