From 03c21fe62fa1541beea66e51134c807e6637ac55 Mon Sep 17 00:00:00 2001 From: oriagmon Date: Wed, 24 Oct 2018 14:32:59 +0300 Subject: [PATCH] Minor: Forgot to add more accurate event categories --- src/modules/hunting/apiserver.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/modules/hunting/apiserver.py b/src/modules/hunting/apiserver.py index aa3cb5e..275057e 100644 --- a/src/modules/hunting/apiserver.py +++ b/src/modules/hunting/apiserver.py @@ -93,7 +93,7 @@ class CreateANamespace(Vulnerability, Event): """ def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Created a namespace", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -103,7 +103,7 @@ class DeleteANamespace(Vulnerability, Event): """ def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Delete a namespace", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -114,7 +114,7 @@ class CreateARole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Created a role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -125,7 +125,7 @@ class CreateAClusterRole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Created a cluster role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -136,7 +136,7 @@ class PatchARole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Patched a role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -147,7 +147,7 @@ class PatchAClusterRole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Patched a cluster role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -157,7 +157,7 @@ class DeleteARole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Deleted a role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -167,7 +167,7 @@ class DeleteAClusterRole(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Deleted a cluster role", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -176,7 +176,7 @@ class CreateAPod(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Created A Pod", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -185,7 +185,7 @@ class PatchAPod(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Patched A Pod", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence @@ -195,7 +195,7 @@ class DeleteAPod(Vulnerability, Event): def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Deleted A Pod", - category=InformationDisclosure) + category=AccessRisk) self.evidence = evidence