nl-kat-coordination icon indicating copy to clipboard operation
nl-kat-coordination copied to clipboard

Published 20 hours ago verified publisher icon minvws

Add recommendations to compliance findings

Open zcrt opened this issue 11 months ago • 5 comments

Is your feature request related to a problem? Please describe. Items such as "The firewall may be configured in a riskful manner." are too vague.

image

Describe the solution you'd like The kat_finding_types.json already includes recommendations. These could be included in the findings. Alternatively, the appendix could contain detailed information in how a conclusion was drawn.

zcrt avatar Feb 27 '24 13:02 zcrt

https://github.com/minvws/nl-kat-coordination/pull/2569 this PR adds more details around our own findings. If you have a specific list of findings that still need more recomendations or sources, let us know.

underdarknl avatar Feb 29 '24 13:02 underdarknl

The issue here is not only the recommendations from the database (great to see those being improved :D). The example from the image about the firewall, actually has already a recommendation, it is just not available in the report

zcrt avatar Feb 29 '24 14:02 zcrt

To make it more clear what we are talking about I've included the updated findings database for the firewall finding below. @zcrt If I understand you correctly what you would like to see an additional column added to the table as shown in your screenshot, with contains the contents of the value 'recommendation' as shown below. Is that correct?

If we were to add this column, that would raise the question 'What ports were identified to be open', so personally I'd expect those to be available somewhere too. @noamblitz any idea how feasible it is to add a 'proof'-like column inthere as well? I can expect the report will become either messy, or it is technically difficult to currently add this data.

   "KAT-UNCOMMON-OPEN-PORT": {
        "description": "The firewall may be configured in a riskful manner.",
        "source": "https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers",
        "risk": "medium",
        "impact": "Uncommon ports are sometimes overlooked and may become unwanted entry points for attackers into an organisations network.",
        "recommendation": "Manually validate whether this port should be open."
    },

stephanie0x00 avatar Mar 12 '24 09:03 stephanie0x00

You can already add "proof": "..." (some finding types already have it)! It is not hard to add that to the report!

noamblitz avatar Mar 12 '24 09:03 noamblitz

In general: the vulnerabilities in the report take the approach of unfolding a vulnerability for more details. I can imagine that could be a solution here to, to incorporate the extra available data.

In the case of the open port; I do not think these kind of findings should exist in this chapter, since it is also clear from the Open Ports report, where it is explicitly defined which port we are talking about.

zcrt avatar Apr 03 '24 16:04 zcrt