This repository has been archived by the owner on Apr 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 64
/
VMManager.yaml
95 lines (93 loc) · 4.4 KB
/
VMManager.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
version: 1
ATT&CK version: 10
creation date: 03/07/2022
name: VMManager
contact: ctid@mitre-engenuity.org
organization: Center for Threat Informed Defense (CTID)
platform: GCP
tags:
- Patch Management
- Vulnerability Management
- Configuration Management
- Credentials
description: >-
VM Manager is a suite of tools that can be used to manage operating systems for large virtual
machine (VM) fleets running Windows and Linux on Compute Engine.
VM Manager helps drive efficiency through automation and reduces the operational burden of
maintaining these VM fleets.
techniques:
- id: T1068
name: Exploitation for Privilege Escalation
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1190
name: Exploit Public-Facing Application
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1203
name: Exploitation for Client Execution
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1210
name: Exploitation of Remote Services
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1211
name: Exploitation for Defense Evasion
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1212
name: Exploitation for Credential Access
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
- id: T1072
name: Software Deployment Tools
technique-scores:
- category: Protect
value: Partial
comments: >-
VM Manager can apply on-demand and scheduled patches via automated patch deployment. This
can remediate OS and software vulnerabilities that could otherwise be exploited. Since VM
Manager doesn't directly prevent exploitation of active vulnerabilities (including zero
day vulnerabilities) this control has resulted in a score of Partial.
comments: >-
This mapping was scored as Partial due to the medium threat protection coverage to specific (sub-)
techniques of MITRE’s ATT&CK framework.
references:
- 'https://cloud.google.com/compute/docs/vm-manager'