Custom Attack Auto Tagging

As a result of the Prancer CSPM engine, we have some understanding of the hosting environment of the application. Based on that information, we should be able to auto-tag PAC files to auto-load custom attacks down the line to provide full automation to end users.

Auto-tags

Tag	Values	Description
cloud	azure, aws, gcp, onpremise	Tags related to the cloud hosting environment
type	all, web, openAPI, GraphQL, Soap	Tags related to the type of application
os	windows, linux	Tags related to the operating system
programming	dotnet, java, PHP, python	Tags related to the programming languages
service	http, FTP, ssh, rdp	Tags related to the type of service
Compliance	CIS, CSA-CCM, HIPAA, ISO 27001, PCI-DSS, NIST 800, HITRUST, SOC 2, GDPR, Best Practice	Tags related to compliance standards
MITRE	MITRE ID	Tags related to MITRE
CVE	CVE ID	Tags related to CVE (Common Vulnerabilities and Exposures)

Integration in Prancer

In PAC Management, navigate to your PAC file and select PAC Configuration

Add the tags section based on the mentioned tages setup in your repository.

Here is an example of how to add tags in PAC Config file


Collection: prancercspm
AppCodeAnalysis:
  SASTScan: true
  SCAScan: true
  IncrementalScan: true
  GitConnector: git_sca_java
ConnectionName: prancercspm_connector
CloudType: azure
ApplicationName: AzureAppCode
RiskLevel: standard
RiskProfit: Medium
Compliance:
- CIS
- CSA-CCM
ApplicationType: WebScan
Schedule: onetime
Target: https://pixi.prancer.cloud
Tags:
  Cloud: azure
  Compliance: CIS,CSA-CCM
  Service: ssh,http,https,microsoft-ds,postgresql,http-alt,http,http-proxy,sun-answerbook
  Type: WebScan
WebScan:
  AjaxSpider: false
CVE:
- Path:
    Include:
    - Log4j_Addon
    - Fuzzing
    Exclude: []
  TagAutoLoad: false
  Connector: git_connector
  Metadata: ""
  Parameters: {}
  Secrets: {}
Scanner:
  Cloud:
    Platform:
      Azure:
        ContainerInstance:
          AfterRun: delete
          NewContainerInstance:
            External:
              SubscriptionId: a6941677-4c37-42fb-960c-dad8f25060a3
              ResourceGp: DefaultResourceGroup-WUS2
              Region: westus2
              ContainerGroupName: prancer-scanner-group
              ContainerName: prancer-pentest-instance
              ResourceName: prancer-instances
AuthenticationMethod: noAuthentication
AddOns:
- ascanrulesBeta

Based on the tags for your custom attack, we are generating results as follows

Tagging