generated from adobe/aem-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Runtime & Compute] PCSUP-24360, CWP-61990 (#954)
- Loading branch information
Showing
6 changed files
with
77 additions
and
61 deletions.
There are no files selected for viewing
24 changes: 13 additions & 11 deletions
24
...en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,16 @@ | ||
| == Other incident types | ||
|
|
||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |
23 changes: 13 additions & 10 deletions
23
docs/en/compute-edition/30/admin-guide/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,17 @@ | ||
| == Other incident types | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |
23 changes: 13 additions & 10 deletions
23
docs/en/compute-edition/31/admin-guide/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,17 @@ | ||
| == Other incident types | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |
24 changes: 13 additions & 11 deletions
24
docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,16 @@ | ||
| == Other incident types | ||
|
|
||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |
23 changes: 13 additions & 10 deletions
23
docs/en/compute-edition/33/admin-guide/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,17 @@ | ||
| == Other incident types | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |
21 changes: 12 additions & 9 deletions
21
...content-collections/runtime-security/runtime-defense/incident-types/others.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,18 @@ | ||
| [#others] | ||
| == Other Incident Types | ||
|
|
||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| + | ||
| For example: Container `A` queried provider API at `<IP_ADDRESS>`. | ||
| * *Data Exfiltration:* | ||
| Indicates a potential compromise on a container because of a modified binary listening on a port. This typically leads with a DNS suspicious activity. | ||
| + | ||
| For example: Container process `/bin/bash` is listening on unexpected port `50000`. | ||
| * *Hijacked Process:* | ||
| Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. | ||
| This type of incident could be a sign that a process has been used to compromise a container. | ||
| Indicates that an allowed process was used in a way that is inconsistent with its expected behavior. This can be a sign that a process has been used to compromise a container. | ||
| * *Data exfiltration:* | ||
| Indicates the unauthorized transfer of data from one system to another. | ||
| These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. | ||
| For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). | ||
| * *Cloud Provider:* | ||
| Indicates attempts to abuse a provider's service to extract sensitive information. | ||
| For example: Container A queried provider API at <IP_ADDRESS>. | ||
| //revised previous description on 10/21/2024 CWP-61990/PCSUP-24360 - Data Exfiltration: Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com). |