Host Without Firewall

calendar Oct 25, 2022  ·
Share on: linkedin copy

Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.

Sigma rule (View on GitHub)

 1title: Host Without Firewall
 2id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
 3status: stable
 4description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
 5references:
 6    - https://www.cisecurity.org/controls/cis-controls-list/
 7    - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
 8    - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
 9author: Alexandr Yampolskyi, SOC Prime
10date: 2019/03/19
11modified: 2022/10/05
12# tags:
13    # - CSC9
14    # - CSC9.4
15    # - NIST CSF 1.1 PR.AC-5
16    # - NIST CSF 1.1 PR.AC-6
17    # - NIST CSF 1.1 PR.AC-7
18    # - NIST CSF 1.1 DE.AE-1
19    # - ISO 27002-2013 A.9.1.2
20    # - ISO 27002-2013 A.13.2.1
21    # - ISO 27002-2013 A.13.2.2
22    # - ISO 27002-2013 A.14.1.2
23    # - PCI DSS 3.2 1.4
24logsource:
25    product: qualys
26detection:
27    selection:
28        event.category: 'Security Policy'
29        host.scan.vuln_name|contains: 'Firewall Product Not Detected'
30    condition: selection
31level: low

References

  • The 18 CIS Controls

    The 18 CIS Controls version 8 combines and consolidates the CIS Controls by activities, rather than by who manages the devices.


    Read More

  • Document Library

    A global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.


    Read More

  • %PDF-1.6 %âãÏÓ 3102 0 obj endobj 3108 0 obj /Filter/FlateDecode/ID[ ]/Index[3102 17]/Info 3101 0 R/Length 51/Prev 1061976/Root 3103 0 R/Size 3119/Type/XRef/W[1 2 1]>>stream hÞbbd``b`~$÷‚;÷9ˆ(...


    Read More
to-top