January 28, 2025
Rule ID | Rule Name | Description | Severity | Platform |
|---|---|---|---|---|
CGN-SecurityGraph-103 | Virtual Machine infected with cryptomining malware | This virtual machine (VM) is infected with a cryptomining malware. This poses a significant security risk, it is crucial to address and fix this issue promptly to prevent a potential performance degradation and data breach. | medium | azure,aws |
CGN-SecurityGraph-104 | VM infected with a virus | This virtual machine (VM) is infected with a virus. This finding poses a risk that should be addressed immediately. | high | aws,azure |
CGN-SecurityGraph-114 | Function infected with a virus | This serverless function is infected with a virus. This finding poses a significant security risk, it is crucial to address and fix this issue promptly to prevent a potential data breach. | medium | azure |
CGN-SecurityGraph-117 | A Virtual Machine with access to a database containing sensitive data has communicated with a malicious IP | This virtual machine (VM) has communicated with a malicious IP while having access to a sensitive database, creating a critical security risk that demands immediate action to prevent a data breach. | critical | aws |
CGN-SecurityGraph-118 | Virtual Machine with suspected CNC communication and access to sensitive database | This virtual machine was detected communicating with Command and Control (CNC) server, indicating potential unauthorized access or malware activity.The machine has access to database containing sensitive data, making it a high-value target for attackers.If CNC communication was detected, it could mean that data was exfiltrated or further compromise of the system is ongoing.Immediate action is required to investigate and mitigate this threat to prevent potential data breaches and ensure the security of sensitive information. | critical | aws |
January 22, 2025
Rule ID | Rule Name | Description | Severity | Platform |
|---|---|---|---|---|
CGN-SecurityGraph-112 | VM infected with infostealer | This virtual machine (VM) is infected with an infostealer, i.e. information stealing malware. This finding poses a risk that should be addressed immediately. | High | azure,aws |
CGN-SecurityGraph-113 | VM infected with a virus | This virtual machine (VM) is infected with a virus. This finding poses a risk that should be addressed immediately. | High | azure,aws |
CGN-SecurityGraph-109 | Function with CVE can connect to Database with sensitive data | This serverless function has an exploitable CVE and can connect to a database with sensitive data resulting in a potential severe data compromise. | Critical | aws |
CGN-SecurityGraph-110 | Workload with CVE can connect to Database with sensitive data | This container workload has an exploitable CVE and can connect to a database with sensitive data resulting in a potential severe data compromise. | Critical | aws |
CGN-SecurityGraph-111 | Serverless function infected with infostealer | This serverless function is infected with an infostealer, i.e. information stealing malware. This finding poses a risk that should be addressed immediately. | High | azure |
January 15, 2025
Rule ID | Rule Name | Description | Severity | Platform |
|---|---|---|---|---|
CGN-SecurityGraph-102 | VM with CVE can connect to Database with sensitive data | This VM has an exploitable CVE and can connect to a Database with sensitive data resulting in a potential severe data compromise. | critical | aws |
CGN-SecurityGraph-105 | Serverless function critically infected with a hacking tool | This serverless function is infected with a hacking tool. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach. | high | azure |
CGN-SecurityGraph-106 | VM critically infected with a hacking tool | This virtual machine (VM) is infected with a hacking tool. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach. | high | aws,azure |
CGN-SecurityGraph-107 | Serverless function infected with critical ransomware | This serverless function is infected with ransomware. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach. | critical | azure |
CGN-SecurityGraph-108 | VM infected with critical ransomware | This virtual machine (VM) is infected with ransomware. This combination poses a significant security risk, so it is crucial to address and fix this issue promptly to prevent a potential data breach. | critical | aws,azure |