Kuberentes security via MITRE ATT&CK for Containers Abstract: MITRE ATT&CK is a popular framework for understanding and evaluating adversary tactics. Recently it has been adapted to the cloud native landscape by the introduction of the Attack Framework for Containers. In this session we will introduce the concept of MITRE ATT&CK and discuss why it's so useful and how it is being used by both end-users, developers, and vendors. We'll specifically cover the Attack framework for Containers and it's applicability to Kubernetes by demonstrating the techniques as used by attackers on Kubernetes. Benefits: The Attack framework is the industry reference for security risks categorization, however outside the security domain not many are familiar with it. As information-security is becoming more center and important to kubernetes and cloud native applications in general, frameworks such as the Attack framework should become popular basic knowledge. We (Aqua Security) have collaborated with MITRE on producing the new Attack for Containers framework, and we are incorporating it into our products, content, and open source projects. With Attack, users can improve their threat-modeling processes, educate and explore, and better communicate about security risks.

Older changes <=0.5.0 Retiered CIS 1.3 (k8s 1.11) 1.4 (k8s 1.13) JSON Change reason: - test technical failure - manual test

Policy Metadata Each rego file will have a rule like the following: __rego_metadata__ := { "id": "XYZ-1234" "title": "My rule", "version": "v1.0.0", "severity": "HIGH", "type": "Kubernetes Security Check", }

An enhancement proposal for Open Policy Agent / Rego. Authors: Itay Shakury, Aqua Security <itay@itaysk.com> Reviewers: Timeline: 2020-09-26: First draft 2020-09-27: Revise the "notes" field into "custom" field which is more flexible 2020-09-28: Limit the metadoc to be static JSON 2020-09-30: Make entrypoint into a list