Skip to content

Commit

Permalink
Merge pull request #144 from Spyderisk/107-user-interactions-with-dat…
Browse files Browse the repository at this point in the history 
…a-inference-patterns-are-too-conservative

107 user interactions with data inference patterns are too conservative
  • Loading branch information
@samuelsenior
samuelsenior authored Jun 21, 2024
2 parents 57a5799 + fd72d86 commit 98f31fc
Show file tree
Hide file tree
Showing 15 changed files with 204 additions and 167 deletions.
5 changes: 3 additions & 2 deletions csv/ComplianceSetThreats.csv
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
package,URI,requiresTreatmentOf
domain#000000,domain#000000,domain#H.E.CScGcCS.9
package#5G,domain#Anomalies,domain#H.E.CScGcCS.9
package#Application,domain#Anomalies,domain#D.E.HuaD-P.9
package#Application,domain#Anomalies,domain#D.E.Hui-vD-P.9
package#Application,domain#Anomalies,domain#D.E.HuaID.9
package#Application,domain#Anomalies,domain#D.E.HuaUD.9
package#Application,domain#Anomalies,domain#D.E.HuaVD.9
package#Application,domain#Anomalies,domain#D.E.Huv-iD-P.9
package#Application,domain#Anomalies,domain#P.E.HIP-Hu.9
package#Application,domain#Anomalies,domain#P.E.HuirIPp-xD.9
Expand Down
55 changes: 31 additions & 24 deletions csv/ConstructionPattern.csv
View file

Large diffs are not rendered by default.

34 changes: 20 additions & 14 deletions csv/ConstructionPatternLinks.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,9 @@ package#5G,domain#CP-RrBcC+NSg,domain#Link-LogicalSegment-from-FromSubnet
package#5G,domain#CP-RrBcC+NSg,domain#Link-LogicalSegment-to-ToSubnet
package#5G,domain#CP-RrBcC+NSg,domain#Link-LogicalSegment-via-Gateway
package#Application,domain#CP-CP+hCLI,domain#Link-Process-hasCLI-Process
package#Application,domain#CP-HuaDirPaD-P+eUU,domain#Link-Process-enablesUserUpdate-Data
package#Application,domain#CP-HuiCHDtS-AC+AC,domain#Link-ConsoleHost-hosts-RemoteDesktop
package#Application,domain#CP-HuiCHDtS-AC+AC,domain#Link-Human-interactsWith-RemoteDesktop
package#Application,domain#CP-HuiCHDtS-AC+AC,domain#Link-RemoteDesktop-uses-DesktopService
package#Application,domain#CP-HuiDirIPpD-P+eUI,domain#Link-InteractiveProcess-enablesUserInput-Data
package#Application,domain#CP-HuiDirPpD-P+eUI,domain#Link-Process-enablesUserInput-Data
package#Application,domain#CP-HuirEc-rD+iD,domain#Link-Editor-enablesUserInput-Data
package#Application,domain#CP-HuirEc-rD+iD,domain#Link-Human-inputsData-Data
package#Application,domain#CP-HuirEr-vD-cC-iHu-DS+iD,domain#Link-Human-inputsData-Data
Expand All @@ -47,13 +44,20 @@ package#Application,domain#CP-HuirPaD+eUI-O+vD,domain#Link-Human-viewsData-Data
package#Application,domain#CP-HuirPaD+eUI-O+vD,domain#Link-Process-enablesUserOutput-Data
package#Application,domain#CP-HuirPc-iD-rC-vHu-DS+vD,domain#Link-Human-viewsData-Data
package#Application,domain#CP-HuirPc-iD-rC-vHu-DS+vD,domain#Link-Process-enablesUserOutput-Data
package#Application,domain#CP-HuirPeID+iD,domain#Link-Human-inputsData-Data
package#Application,domain#CP-HuirPeI-OD-p+r,domain#Link-Process-receives-Data
package#Application,domain#CP-HuirPeI-OD-p-cC-iHu-DS+c,domain#Link-Process-creates-Data
package#Application,domain#CP-HuirPeOD+vD,domain#Link-Human-viewsData-Data
package#Application,domain#CP-HuirPeO-ID-p+r,domain#Link-Process-receives-Data
package#Application,domain#CP-HuirPeUD+aD,domain#Link-Human-amendsData-Data
package#Application,domain#CP-HuirPeUD-a+a,domain#Link-Process-amends-Data
package#Application,domain#CP-HuirPr-iD-cD+vD,domain#Link-Human-viewsData-Data
package#Application,domain#CP-HuirPr-iD-cD+vD,domain#Link-Process-enablesUserOutput-Data
package#Application,domain#CP-HuirPr-vD-cC-iHu-DS+iD,domain#Link-Human-inputsData-Data
package#Application,domain#CP-HuirPr-vD-cC-iHu-DS+iD,domain#Link-Process-enablesUserInput-Data
package#Application,domain#CP-HuRACuPD+pR,domain#Link-RemoteAccessClient-processesRemotely-Data
package#Application,domain#CP-HuvDirPcD-P+eUO,domain#Link-Process-enablesUserOutput-Data
package#Application,domain#CP-HuvDirPrD-P+eUO,domain#Link-Process-enablesUserOutput-Data
package#Application,domain#CP-Hui-uD+aID,domain#Link-Human-assertedInputsData-Data
package#Application,domain#CP-HuuD+aUD,domain#Link-Human-assertedAmendsData-Data
package#Application,domain#CP-Huv-uD+aVD,domain#Link-Human-assertedViewsData-Data
package#Application,domain#CP-HuWES+e,domain#Link-Human-hasEmail-Human
package#Application,domain#CP-RAC+noDU,domain#Link-RemoteAccessClient-noDU-RemoteAccessClient
package#Application,domain#CP-RAS+noDU,domain#Link-RemoteAccessService-noDU-RemoteAccessService
Expand Down Expand Up @@ -250,13 +254,11 @@ package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-DataFlow-flows-Data
package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-DataFlow-flowsFrom-MUA
package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-DataFlow-flowsTo-WebBrowser
package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-Data-isSpam-Data
package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-Human-viewsData-Data
package#DataLifecycleInference,domain#CP-HHuWE+D,domain#Link-MUA-enablesUserOutput-Data
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-DataFlow-flows-Data
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-DataFlow-flowsFrom-MUA
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-DataFlow-flowsTo-WebBrowser
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-Data-isSpam-Data
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-Human-viewsData-Data
package#DataLifecycleInference,domain#CP-HHuWSMS+D,domain#Link-MUA-enablesUserOutput-Data
package#DataLifecycleInference,domain#CP-HPDADS2dDO+crudu,domain#Link-Process-crudu-DataCopy
package#DataLifecycleInference,domain#CP-HPDADS-crudu+crudc,domain#Link-Process-crudc-DataCopy
Expand Down Expand Up @@ -328,7 +330,6 @@ package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-DataFlow-flows-Data
package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-DataFlow-flowsFrom-MUA
package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-DataFlow-flowsTo-WebBrowser
package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-Data-isSpam-Data
package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-Human-viewsData-Data
package#DataLifecycleInference,domain#CP-HuWES+D,domain#Link-WebBrowser-enablesUserOutput-Data
package#DataLifecycleInference,domain#CP-PaDH-DS-Hu-DA+DU,domain#Link-DataUpdate-usedBy-Process
package#DataLifecycleInference,domain#CP-PaDH-DS-Hu-DA+DU,domain#Link-DataUpdate-usedFor-Data
Expand Down Expand Up @@ -494,11 +495,10 @@ package#IoT,domain#CP-DcTh+DS,domain#Link-Thing-hosts-SimpleProcess
package#IoT,domain#CP-DcTh+s,domain#Link-Thing-stores-Data
package#IoT,domain#CP-HuiCo+UI,domain#Link-Controller-hosts-Process
package#IoT,domain#CP-HuiCo+UI,domain#Link-Human-interactsWith-Process
package#IoT,domain#CP-HuiCo+UI,domain#Link-Process-creates-Data
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Human-amendsData-Input
package#IoT,domain#CP-HuiCo+UI,domain#Link-Process-enablesUserInput-Data
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Human-interactsWith-Process
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Human-viewsData-Output
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Process-creates-Input
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Process-enablesUserOutput-Output
package#IoT,domain#CP-HuiSe+Rel,domain#Link-Process-enablesUserUpdate-Input
package#IoT,domain#CP-HumThP-m+m,domain#Link-Human-manages-Process
package#IoT,domain#CP-IoT-cD+cD,domain#Link-Data-controlsThing-Thing
package#IoT,domain#CP-Pa-uCo+Rel,domain#Link-Client-amends-Data
Expand Down Expand Up @@ -700,8 +700,8 @@ package#NetworkInference,domain#CP-PHLSS+aV,domain#Link-HostAccess-accessVia-Log
package#NetworkInference,domain#CP-PH-S+W,domain#Link-Host-locatedIn-World
package#NetworkInference,domain#CP-RACuHRASP-iPL+uR,domain#Link-RemoteAccessClient-usesRemotely-Process
package#NetworkInference,domain#CP-RACuHRASP-iPL+uR,domain#Link-RemoteAccessClient-usesRemotely-RemoteAccessService
package#NetworkInference,domain#CP-RACuHRASP-iPL+uR,domain#Link-RemoteAccessClient-usesViaRAS-Process
package#NetworkInference,domain#CP-RACuP-iP+uR,domain#Link-RemoteAccessClient-usesRemotely-Process
package#NetworkInference,domain#CP-RACuRHRASP-iPL+uRAS,domain#Link-RemoteAccessClient-usesViaRAS-Process
package#NetworkInference,domain#CP-RAS+iL,domain#Link-RemoteAccessService-isLnS-RemoteAccessService
package#NetworkInference,domain#CP-Rr+iR,domain#Link-Router-isRouter-Router
package#NetworkInference,domain#CP-Rr-LnS+LnS,domain#Link-LoginService-controls-Router
Expand Down Expand Up @@ -878,6 +878,11 @@ package#ProcessCommsInference,domain#CP-H-sDFcCaiAC+DS,domain#Link-DataCopy-fulf
package#ProcessCommsInference,domain#CP-H-sDFcCaiAC+DS,domain#Link-DataFlow-fulfils-DataCopy
package#ProcessCommsInference,domain#CP-H-sDFcCaiAC+DS,domain#Link-Host-storesCopy-DataCopy
package#ProcessCommsInference,domain#CP-H-sDFcCaiAC+DS,domain#Link-Host-stores-Data
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Link-DataCopy-copyOf-Data
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Link-DataCopy-fulfils-DataFlow
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Link-DataFlow-fulfils-DataCopy
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Link-Host-storesCopy-DataCopy
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Link-Host-stores-Data
package#ProcessCommsInference,domain#CP-H-sDFCFdS-ACau+DS,domain#Link-DataCopy-copyOf-Data
package#ProcessCommsInference,domain#CP-H-sDFCFdS-ACau+DS,domain#Link-DataCopy-fulfils-DataFlow
package#ProcessCommsInference,domain#CP-H-sDFCFdS-ACau+DS,domain#Link-DataFlow-fulfils-DataCopy
Expand Down Expand Up @@ -909,6 +914,7 @@ package#ProcessCommsInference,domain#CP-H-sDFuSdC+DS,domain#Link-DataFlow-fulfil
package#ProcessCommsInference,domain#CP-H-sDFuSdC+DS,domain#Link-Host-storesCopy-DataCopy
package#ProcessCommsInference,domain#CP-H-sDFuSdC+DS,domain#Link-Host-stores-Data
package#ProcessCommsInference,domain#CP-HuRACP+i,domain#Link-Human-interactsRemotelyWith-Process
package#ProcessCommsInference,domain#CP-IDFfCCCftS-s+rI,domain#Link-Service-runsIn-ProcAccess
package#ProcessCommsInference,domain#CP-NP1CCAPSC+pT,domain#Link-NetworkPath-pathTo-ServiceChannel
package#ProcessCommsInference,domain#CP-NP2CCAPSC+pT,domain#Link-NetworkPath-pathTo-ServiceChannel
package#ProcessCommsInference,domain#CP-PCaFCSCCC+aFC,domain#Link-ProcAccess-accessFromClient-ClientChannel
Expand Down
1 change: 1 addition & 0 deletions csv/InferredNodeSetting.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ package#ProcessCommsInference,domain#CP-CS-SP+DX,domain#Node-DataExchange-DataEx
package#ProcessCommsInference,domain#CP-CuvS+CC,domain#Node-ClientChannel-ClientChannel,domain#INS-CuvS+CC-ClientChannel,TRUE,FALSE,domain#Node-Process-Process
package#ProcessCommsInference,domain#CP-CzS-CC+AC,domain#Node-AuthChannel-AuthChannel,domain#INS-CzS-CC+AC-AuthChannel,TRUE,FALSE,domain#Node-Service-Process
package#ProcessCommsInference,domain#CP-H-sDFcCaiAC+DS,domain#Node-DataCopy-DataCache,domain#INS-H-sDFcCaiAC+DS-DataCopy,TRUE,FALSE,domain#Node-Host-Host
package#ProcessCommsInference,domain#CP-H-sDFcCr-aAC+DS,domain#Node-DataCopy-DataCache,domain#INS-H-sDFcCr-aAC+DS-DataCopy,TRUE,FALSE,domain#Node-Host-Host
package#ProcessCommsInference,domain#CP-H-sDFCFdS-ACau+DS,domain#Node-DataCopy-DataCache,domain#INS-H-sDFCFdS-ACau+DS-DataCopy,TRUE,FALSE,domain#Node-Host-Host
package#ProcessCommsInference,domain#CP-H-sDFrSACdDFiaS+DS,domain#Node-DataCopy-DataCache,domain#INS-H-sDFrSACdDFiaS+DS-DataCopy,TRUE,FALSE,domain#Node-Host-Host
package#ProcessCommsInference,domain#CP-H-sDFSACaiFS+DS,domain#Node-DataCopy-DataCache,domain#INS-H-sDFSACaiFS+DS-DataCopy,TRUE,FALSE,domain#Node-Host-Host
Expand Down
2 changes: 2 additions & 0 deletions csv/InferredNodeSettingIncludes.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,8 @@ package#ProcessCommsInference,domain#INS-CzS-CC+AC-AuthChannel,domain#Node-Clien
package#ProcessCommsInference,domain#INS-CzS-CC+AC-AuthChannel,domain#Node-Service-Process
package#ProcessCommsInference,domain#INS-H-sDFcCaiAC+DS-DataCopy,domain#Node-Data-Data
package#ProcessCommsInference,domain#INS-H-sDFcCaiAC+DS-DataCopy,domain#Node-Host-Host
package#ProcessCommsInference,domain#INS-H-sDFcCr-aAC+DS-DataCopy,domain#Node-Data-Data
package#ProcessCommsInference,domain#INS-H-sDFcCr-aAC+DS-DataCopy,domain#Node-Host-Host
package#ProcessCommsInference,domain#INS-H-sDFCFdS-ACau+DS-DataCopy,domain#Node-Data-Data
package#ProcessCommsInference,domain#INS-H-sDFCFdS-ACau+DS-DataCopy,domain#Node-Host-Host
package#ProcessCommsInference,domain#INS-H-sDFrSACdDFiaS+DS-DataCopy,domain#Node-Data-Data
Expand Down
Loading

0 comments on commit 98f31fc

Please sign in to comment.