feat(compliance): add MITRE D3FEND Azure compliance mapping#10810
Open
s1ns3nz0 wants to merge 1 commit intoprowler-cloud:masterfrom
Open
feat(compliance): add MITRE D3FEND Azure compliance mapping#10810s1ns3nz0 wants to merge 1 commit intoprowler-cloud:masterfrom
s1ns3nz0 wants to merge 1 commit intoprowler-cloud:masterfrom
Conversation
Add MITRE D3FEND defensive countermeasure framework mapping for Azure with 18 techniques across 5 tactics (Harden, Detect, Isolate, Model, Restore), covering 164 of 167 Azure checks (98.2%). Included D3FEND techniques: - Harden: MFA, Credential Rotation, Disk/File/Message Encryption, Software Update, Application Configuration Hardening - Detect: Platform Monitoring, Network Traffic Analysis, OS Monitoring, User Behavior Analysis - Isolate: Inbound Traffic Filtering, Network Isolation, User Account Permissions, Executable Allowlisting, Encrypted Tunnels - Model: Asset Vulnerability Enumeration - Restore: Restore Object Tests adapted from Shin-723's MVP (PR prowler-cloud#10801) and expanded for full 18-technique coverage. Co-authored-by: Shin-723 <72019064+Shin-723@users.noreply.github.com>
github-actions
Bot
added
compliance
Contributor
|
✅ Conflict Markers Resolved All conflict markers have been successfully resolved in this pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
MITRE D3FEND is a knowledge graph of cybersecurity countermeasure techniques — the defensive counterpart to MITRE ATT&CK. While Prowler already maps ATT&CK offensive techniques, this PR adds D3FEND to map Azure checks to defensive countermeasures.
Related to #10801 (Shin-723's D3FEND MVP with 4 techniques). This PR expands coverage to 18 techniques across 5 D3FEND tactics, mapping 164 of 167 Azure checks (98.2%).
Co-authored with @Shin-723.
Description
Adds
prowler/compliance/azure/mitre_d3fend_azure.jsonwith 18 D3FEND techniques:All technique IDs and descriptions validated against the official D3FEND ontology at https://d3fend.mitre.org/.
Uses
Generic_Compliance_Requirement_Attributemodel — no code changes needed beyond the JSON file and tests.Tests adapted from #10801:
test_load_mitre_d3fend_azure_framework— validates framework loading with 18 techniquestest_get_check_compliance_azure_mitre_d3fend— validates compliance output engineSteps to review
prowler/compliance/azure/mitre_d3fend_azure.jsonfor technique-to-check mapping accuracypython3 -m pytest tests/lib/check/compliance_check_test.py tests/lib/outputs/compliance/compliance_test.py -vpython3 -m prowler azure --az-cli-auth --compliance mitre_d3fend_azure --verboseChecklist
SDK/CLI
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.