NSA - 5 Security Vulnerabilities Under Active Nation-State Attack Deprecated

Deprecated. No available replacement. Russian Foreign Intelligence Service (SVR) actors (also known as APT29, Cozy Bear, and The Dukes) frequently use publicly known vulnerabilities to conduct widespread scanning and exploitation. This playbook should be trigger manually and includes the following tasks: - Enrich related known CVEs reported in the US agencies alert. - Search for unpatched endpoints vulnerable to the exploits. - Search for vulnerable assets facing the internet using Expanse. Note: This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve. More information: [Cyber Security Advisory] (https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF)

Cortex Xpanse by Palo Alto Networks (Deprecated) · 22 tasks · 1 input · 0 outputs

Inputs

  • Related_CVEs — Known related CVEs to hunt

Commands used

expanse-get-issues extractIndicators linkIncidents

Flowchart

yes yes yes yes yes yes yes Start Start Enrich CVE's Enrich CVE's Extract CVEs from playbook inputs - extractIndicators Extract CVEs from playboo... extractIndicators Hunt Indicators Hunt Indicators Is Expanse enabled? Is Expanse enabled? Expanse search for Pulse Secure PCS - expanse-get-issues Expanse search for Pulse ... expanse-get-issues Expanse search for FortiOS SSL VPN - expanse-get-issues Expanse search for FortiO... expanse-get-issues Expanse search for Synacor Zimbra Collaboration Suite - expanse-get-issues Expanse search for Synaco... expanse-get-issues Expanse search for VMware Workspace One Access Server - expanse-get-issues Expanse search for VMware... expanse-get-issues Expanse search for Citrix Application Delivery Controller - expanse-get-issues Expanse search for Citrix... expanse-get-issues Search Endpoint by CVE - Generic - Search Endpoint by CVE - Generic Search Endpoint by CVE - ... Search Endpoint by CVE - Generic Link XSOAR Incidents Link XSOAR Incidents Are there any affected assets? Are there any affected as... Install related patch on affected assets Install related patch on ... Done Done Expanse Search Related Issues Expanse Search Related Is... Search related Expanse incident - SearchIncidentsV2 Search related Expanse in... SearchIncidentsV2 Link related incidents - linkIncidents Link related incidents linkIncidents Mitigation Mitigation Found related Expanse issues in XSOAR? Found related Expanse iss... Review Expanse incident Review Expanse incident CVE Enrichment - Generic v2 - CVE Enrichment - Generic v2 CVE Enrichment - Generic v2 CVE Enrichment - Generic v2