Default Credentials Usage

calendar Jan 29, 2024 · attack.initial_access  ·
Share on: linkedin copy

Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts. Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.

Sigma rule (View on GitHub)

  1title: Default Credentials Usage
  2id: 1a395cbc-a84a-463a-9086-ed8a70e573c7
  3status: stable
  4description: |
  5    Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.
  6    Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.    
  7references:
  8    - https://www.cisecurity.org/controls/cis-controls-list/
  9    - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
 10    - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
 11    - https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists
 12author: Alexandr Yampolskyi, SOC Prime
 13date: 2019/03/26
 14tags:
 15    - attack.initial_access
 16    # - CSC4
 17    # - CSC4.2
 18    # - NIST CSF 1.1 PR.AC-4
 19    # - NIST CSF 1.1 PR.AT-2
 20    # - NIST CSF 1.1 PR.MA-2
 21    # - NIST CSF 1.1 PR.PT-3
 22    # - ISO 27002-2013 A.9.1.1
 23    # - ISO 27002-2013 A.9.2.2
 24    # - ISO 27002-2013 A.9.2.3
 25    # - ISO 27002-2013 A.9.2.4
 26    # - ISO 27002-2013 A.9.2.5
 27    # - ISO 27002-2013 A.9.2.6
 28    # - ISO 27002-2013 A.9.3.1
 29    # - ISO 27002-2013 A.9.4.1
 30    # - ISO 27002-2013 A.9.4.2
 31    # - ISO 27002-2013 A.9.4.3
 32    # - ISO 27002-2013 A.9.4.4
 33    # - PCI DSS 3.2 2.1
 34    # - PCI DSS 3.2 7.1
 35    # - PCI DSS 3.2 7.2
 36    # - PCI DSS 3.2 7.3
 37    # - PCI DSS 3.2 8.1
 38    # - PCI DSS 3.2 8.2
 39    # - PCI DSS 3.2 8.3
 40    # - PCI DSS 3.2 8.7
 41logsource:
 42    product: qualys
 43detection:
 44    selection:
 45        host.scan.vuln:
 46            - 10693
 47            - 11507
 48            - 11633
 49            - 11804
 50            - 11821
 51            - 11847
 52            - 11867
 53            - 11931
 54            - 11935
 55            - 11950
 56            - 12541
 57            - 12558
 58            - 12559
 59            - 12560
 60            - 12562
 61            - 12563
 62            - 12565
 63            - 12587
 64            - 12590
 65            - 12599
 66            - 12702
 67            - 12705
 68            - 12706
 69            - 12907
 70            - 12928
 71            - 12929
 72            - 13053
 73            - 13178
 74            - 13200
 75            - 13218
 76            - 13241
 77            - 13253
 78            - 13274
 79            - 13296
 80            - 13301
 81            - 13327
 82            - 13373
 83            - 13374
 84            - 13409
 85            - 13530
 86            - 13532
 87            - 20065
 88            - 20073
 89            - 20081
 90            - 27202
 91            - 27358
 92            - 38702
 93            - 38719
 94            - 42045
 95            - 42417
 96            - 43029
 97            - 43220
 98            - 43221
 99            - 43222
100            - 43223
101            - 43225
102            - 43246
103            - 43431
104            - 43484
105            - 86857
106            - 87098
107            - 87106
108    condition: selection
109falsepositives:
110    - Unknown
111level: medium

References

Related rules

to-top