├── .github └── workflows │ └── run-tigera-scanner.yaml ├── .gitignore ├── README.md ├── apps ├── 00-namespaces.yaml ├── attacker.yaml ├── java-app.yaml ├── java-client.yaml └── jndi-exploit.yaml ├── doc ├── calicocloud.md ├── detection.md ├── exploitation.md ├── img │ ├── blackhat_felix.png │ ├── cc-activity-alerts.png │ ├── cc-add-exception.png │ ├── cc-cluster-connected.png │ ├── cc-configure-scanner.png │ ├── cc-connect-cluster.png │ ├── cc-copy-helm.png │ ├── cc-download-scanner.png │ ├── cc-dsg-alerts.png │ ├── cc-dsg-data-exfil.png │ ├── cc-dynamic-service-graph.png │ ├── cc-enable-treat-detection.png │ ├── cc-join-cluster.png │ ├── cc-packet-capture.png │ ├── cc-quarantine-attack.png │ ├── cc-recommend-secpol.png │ ├── cc-scan-result.png │ ├── cc-security-team-tier.png │ ├── cc-signup.png │ ├── log4j-exploit.png │ └── log4j_attack.png ├── incidentresponse.md ├── intro.md ├── k8s.md ├── mitigation.md └── prevention.md ├── misc ├── Dockerfile ├── values-aks-azure-cni.yaml ├── values-aks-calico-cni.yaml ├── values-eks-aws-cni.yaml └── values-eks-calico-cni.yaml └── workshop ├── alerts ├── dns.suspicious-dns-query-alert.yaml ├── flows.suspicious-connection-initiated-from-process-alert.yaml └── waf.cve-2021-44228-log4j-exploitation-attempt.yaml ├── dpi └── java-app-dpi.yaml ├── dsg └── application-layer.yaml ├── felix └── felix.yaml ├── iaac ├── tigera-image-assurance-admission-controller-deploy.yaml └── tigera-image-assurance-admission-controller-policy.yaml ├── secpols ├── 00-security-team.yaml ├── security-team.deny-threatfeed-matches.yaml ├── security-team.pass-to-next-tier.yaml ├── security-team.quarantine-namespaces.yaml └── security-team.quarantine-workloads.yaml ├── threatfeeds └── snort-ip-block-list.yaml └── waf ├── my-ruleset.yaml └── waf-rules ├── CVE-2021-44228-LOG4J-REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf ├── REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf ├── REQUEST-901-INITIALIZATION.conf ├── REQUEST-942-APPLICATION-ATTACK-SQLI.conf ├── REQUEST-949-BLOCKING-EVALUATION.conf ├── RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf ├── crs-setup.conf └── modsecdefault.conf /.github/workflows/run-tigera-scanner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/.github/workflows/run-tigera-scanner.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/README.md -------------------------------------------------------------------------------- /apps/00-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/apps/00-namespaces.yaml -------------------------------------------------------------------------------- /apps/attacker.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/apps/attacker.yaml -------------------------------------------------------------------------------- /apps/java-app.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/apps/java-app.yaml -------------------------------------------------------------------------------- /apps/java-client.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/apps/java-client.yaml -------------------------------------------------------------------------------- /apps/jndi-exploit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/apps/jndi-exploit.yaml -------------------------------------------------------------------------------- /doc/calicocloud.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/calicocloud.md -------------------------------------------------------------------------------- /doc/detection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/detection.md -------------------------------------------------------------------------------- /doc/exploitation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/exploitation.md -------------------------------------------------------------------------------- /doc/img/blackhat_felix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/blackhat_felix.png -------------------------------------------------------------------------------- /doc/img/cc-activity-alerts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-activity-alerts.png -------------------------------------------------------------------------------- /doc/img/cc-add-exception.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-add-exception.png -------------------------------------------------------------------------------- /doc/img/cc-cluster-connected.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-cluster-connected.png -------------------------------------------------------------------------------- /doc/img/cc-configure-scanner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-configure-scanner.png -------------------------------------------------------------------------------- /doc/img/cc-connect-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-connect-cluster.png -------------------------------------------------------------------------------- /doc/img/cc-copy-helm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-copy-helm.png -------------------------------------------------------------------------------- /doc/img/cc-download-scanner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-download-scanner.png -------------------------------------------------------------------------------- /doc/img/cc-dsg-alerts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-dsg-alerts.png -------------------------------------------------------------------------------- /doc/img/cc-dsg-data-exfil.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-dsg-data-exfil.png -------------------------------------------------------------------------------- /doc/img/cc-dynamic-service-graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-dynamic-service-graph.png -------------------------------------------------------------------------------- /doc/img/cc-enable-treat-detection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-enable-treat-detection.png -------------------------------------------------------------------------------- /doc/img/cc-join-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-join-cluster.png -------------------------------------------------------------------------------- /doc/img/cc-packet-capture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-packet-capture.png -------------------------------------------------------------------------------- /doc/img/cc-quarantine-attack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-quarantine-attack.png -------------------------------------------------------------------------------- /doc/img/cc-recommend-secpol.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-recommend-secpol.png -------------------------------------------------------------------------------- /doc/img/cc-scan-result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-scan-result.png -------------------------------------------------------------------------------- /doc/img/cc-security-team-tier.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-security-team-tier.png -------------------------------------------------------------------------------- /doc/img/cc-signup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/cc-signup.png -------------------------------------------------------------------------------- /doc/img/log4j-exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/log4j-exploit.png -------------------------------------------------------------------------------- /doc/img/log4j_attack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/img/log4j_attack.png -------------------------------------------------------------------------------- /doc/incidentresponse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/incidentresponse.md -------------------------------------------------------------------------------- /doc/intro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/intro.md -------------------------------------------------------------------------------- /doc/k8s.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/k8s.md -------------------------------------------------------------------------------- /doc/mitigation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/mitigation.md -------------------------------------------------------------------------------- /doc/prevention.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/doc/prevention.md -------------------------------------------------------------------------------- /misc/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/misc/Dockerfile -------------------------------------------------------------------------------- /misc/values-aks-azure-cni.yaml: -------------------------------------------------------------------------------- 1 | { installation: {kubernetesProvider: AKS }} 2 | -------------------------------------------------------------------------------- /misc/values-aks-calico-cni.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/misc/values-aks-calico-cni.yaml -------------------------------------------------------------------------------- /misc/values-eks-aws-cni.yaml: -------------------------------------------------------------------------------- 1 | { installation: {kubernetesProvider: EKS }} 2 | -------------------------------------------------------------------------------- /misc/values-eks-calico-cni.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/misc/values-eks-calico-cni.yaml -------------------------------------------------------------------------------- /workshop/alerts/dns.suspicious-dns-query-alert.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/alerts/dns.suspicious-dns-query-alert.yaml -------------------------------------------------------------------------------- /workshop/alerts/flows.suspicious-connection-initiated-from-process-alert.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/alerts/flows.suspicious-connection-initiated-from-process-alert.yaml -------------------------------------------------------------------------------- /workshop/alerts/waf.cve-2021-44228-log4j-exploitation-attempt.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/alerts/waf.cve-2021-44228-log4j-exploitation-attempt.yaml -------------------------------------------------------------------------------- /workshop/dpi/java-app-dpi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/dpi/java-app-dpi.yaml -------------------------------------------------------------------------------- /workshop/dsg/application-layer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/dsg/application-layer.yaml -------------------------------------------------------------------------------- /workshop/felix/felix.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/felix/felix.yaml -------------------------------------------------------------------------------- /workshop/iaac/tigera-image-assurance-admission-controller-deploy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/iaac/tigera-image-assurance-admission-controller-deploy.yaml -------------------------------------------------------------------------------- /workshop/iaac/tigera-image-assurance-admission-controller-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/iaac/tigera-image-assurance-admission-controller-policy.yaml -------------------------------------------------------------------------------- /workshop/secpols/00-security-team.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/secpols/00-security-team.yaml -------------------------------------------------------------------------------- /workshop/secpols/security-team.deny-threatfeed-matches.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/secpols/security-team.deny-threatfeed-matches.yaml -------------------------------------------------------------------------------- /workshop/secpols/security-team.pass-to-next-tier.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/secpols/security-team.pass-to-next-tier.yaml -------------------------------------------------------------------------------- /workshop/secpols/security-team.quarantine-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/secpols/security-team.quarantine-namespaces.yaml -------------------------------------------------------------------------------- /workshop/secpols/security-team.quarantine-workloads.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/secpols/security-team.quarantine-workloads.yaml -------------------------------------------------------------------------------- /workshop/threatfeeds/snort-ip-block-list.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/threatfeeds/snort-ip-block-list.yaml -------------------------------------------------------------------------------- /workshop/waf/my-ruleset.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/my-ruleset.yaml -------------------------------------------------------------------------------- /workshop/waf/waf-rules/CVE-2021-44228-LOG4J-REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/CVE-2021-44228-LOG4J-REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/REQUEST-901-INITIALIZATION.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/REQUEST-901-INITIALIZATION.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/REQUEST-949-BLOCKING-EVALUATION.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/REQUEST-949-BLOCKING-EVALUATION.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/crs-setup.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/crs-setup.conf -------------------------------------------------------------------------------- /workshop/waf/waf-rules/modsecdefault.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats/HEAD/workshop/waf/waf-rules/modsecdefault.conf --------------------------------------------------------------------------------