Skip to content

Commit

Permalink
Revert "Add rule to alert on known cryptomining ports in VPC flow log…
Browse files Browse the repository at this point in the history 
…s" (#978)

This reverts commit 28e3bd7.
  • Loading branch information
Evan Gibler authored Nov 28, 2023
1 parent 28e3bd7 commit 137d2a8
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 122 deletions.
37 changes: 0 additions & 37 deletions global_helpers/panther_iocs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,43 +348,6 @@
"zer0day.ru",
}

# https://github.com/falcosecurity/rules/blob/64e2adb309b7e07953691eeb53347d28e361b0e3/rules/falco-sandbox_rules.yaml#L1367-L1374
CRYPTO_MINING_PORTS = {
3333,
3334,
3335,
3336,
3357,
4444,
5555,
5556,
5588,
5730,
6099,
6641,
6642,
6666,
7777,
7778,
8000,
8001,
8008,
8080,
8118,
8333,
8888,
8899,
9332,
9999,
10300, # stratum
10343, # stratum ssl
14433,
14444,
18080, # monero p2p mainnet
18081, # monero rpc mainnet
45560,
45700,
}

# IOC Helper functions:
def ioc_match(indicators: list, known_iocs: set) -> list:
Expand Down
1 change: 0 additions & 1 deletion packs/aws.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,6 @@ PackDefinition:
- AWS.Redshift.Cluster.Logging
- AWS.Redshift.Cluster.SnapshotRetention
- AWS.Redshift.Cluster.VersionUpgrade
- AWS.VPC.CryptoPorts
- AWS.VPC.FlowLogs
# AWS DataModels
- Standard.AWS.ALB
Expand Down
31 changes: 0 additions & 31 deletions rules/aws_vpc_flow_rules/aws_vpc_crypto_ports.py
View file

This file was deleted.

53 changes: 0 additions & 53 deletions rules/aws_vpc_flow_rules/aws_vpc_crypto_ports.yml
View file

This file was deleted.

0 comments on commit 137d2a8

Please sign in to comment.