Splunk Assessment Of Mitigation Implementations Save Abandoned

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

Project README

Splunk Assessment of Mitigation Implementations

Mitigation implementations have not traditionally been evaluated or prioritized. NSA Information Assurance recommends mitigation strategies but there are few methods to validate proper implementation and prioritize fixes. The SAMI application was developed to monitor the degree to which specific aspects of the NSA Information Assurance top 10 mitigation strategies have been deployed on Windows endpoints. It monitors data related to the implementation of specific mitigations and returns prioritized recommendations to more completely implement those recommendations. The application can be used to determine a network’s mitigation implementation status and can be monitored over time to demonstrate improvements and identify changes that negatively impact mitigations.

SAMI evaluates several metrics:

Modern Operating System (MOS)
Anti-Virus File Reputation Service (AVFRS)
Host Intrusion Prevention System (HIPS)
Application Whitelisting (AW)
Anti-Exploitation (AE)
Pass-the-Hash (PtH)

The application aims to make automated measurement of mitigations both common and understandable. More specifically, the goals for SAMI are to:

Establish the importance of measuring mitigations;
Jumpstart community discussion on the topic;
Motivate vendors to support and build upon the capabilities;
Establish the concept and process of scoring mitigations as part of vulnerability risk scoring

Components

There are two main components:

SAMI - Main application.
SAMI-TA - Addon for data collection pieces of the SAMI application.

These components are available as Splunk applications and can be downloaded from Splunkbase:

The source code for the binary components (ae.exe and av.exe) in SAMI-TA are available in the LOCKLEVEL repository.

Documentation

Documentation available for SAMI:

User instruction manual:
- Download PDF
- View PDF on GitHub
Business logic
- Download Excel file

A session about SAMI was given at Splunk .conf2015:

License

See LICENSE.

Disclaimer

See DISCLAIMER.

Open Source Agenda is not affiliated with "Splunk Assessment Of Mitigation Implementations" Project. README Source: nsacyber/Splunk-Assessment-of-Mitigation-Implementations

Stars

Open Issues

Last Commit

7 years ago

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/splunk-assessment-of-mitigation-implementations"><img src="https://www.opensourceagenda.com/projects/splunk-assessment-of-mitigation-implementations/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022