Removing the segmentation queries for now

JupiterOne · Nov 13, 2024 · e0417b7 · e0417b7
1 parent 7795793
commit e0417b7
Showing 1 changed file with 0 additions and 36 deletions.
diff --git a/rule-packs/mitre-attck-lateral-movement-attack-paths.json b/rule-packs/mitre-attck-lateral-movement-attack-paths.json
@@ -1,40 +1,4 @@
 [
-      {
-        "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-aws",
-        "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in Google Cloud. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.",
-        "queries": [
-          {
-            "name": "query0",
-            "query": "FIND aws_instance THAT !HAS Finding",
-            "version": "v1"
-          }
-        ],
-        "alertLevel": "MEDIUM"
-      },  
-      {
-        "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-gcp",
-        "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in Google Cloud. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.",
-        "queries": [
-          {
-            "name": "query0",
-            "query": "FIND google_compute_instance THAT !HAS Finding",
-            "version": "v1"
-          }
-        ],
-        "alertLevel": "MEDIUM"
-      },
-      {
-        "name": "lateral-movement-exploitation-of-remote-services-patch-vulnerabilities-azure",
-        "description": "M1048 - Application Isolation and Sandboxing - Make it difficult for adversaries to advance their operation through exploitation of undiscovered or unpatched vulnerabilities by using sandboxing in Azure. Other types of virtualization and application microsegmentation may also mitigate the impact of some types of exploitation. Risks of additional exploits and weaknesses in these systems may still exist.",
-        "queries": [
-          {
-            "name": "query0",
-            "query": "FIND azure_vm THAT !HAS Finding",
-            "version": "v1"
-          }
-        ],
-        "alertLevel": "MEDIUM"
-      },
       {
         "name": "lateral-movement-exploitation-of-remote-services-minimize-service-account-permissions",
         "description": "M1048 - Application Isolation and Sandboxing - Minimize permissions and access for service accounts to limit impact of exploitation.",