# MITRE-ATT\&CK

### What is MITRE-ATT\&CK

MITRE ATT\&CK compliance framework is a standardized set of regulations or requirements that organizations must adhere to. However, MITRE ATT\&CK is widely used as a reference and a framework for improving cybersecurity defences, threat detection, and incident response. Organizations often leverage MITRE ATT\&CK as a tool within broader security and compliance initiatives.

This framework, when integrated in SSD, gets converted to code format. The policies created based on this framework prompts an alert or prevents the deployment if the rule fails.&#x20;

### Example of MITRE-ATT\&CK policies in Delivery Shield

* **C-0067 - MITRE - Audit logs enabled** - Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events that happened in Kubernetes.
* **C-0068 - MITRE - PSP enabled** - Pod Security Policies enable fine-grained authorization of pod creation and updates and it extends authorization beyond RBAC. It is important to use PSP to control the creation of sensitive pods in your cluster.
* **C-0069 - MITRE- Disable anonymous access to Kubelet service** - By default, requests to the kubelets HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.
* **C-0070 - MITRE - Enforce Kubelet client TLS authentication** - Kubelets are the node level orchestrator in Kubernetes control plane. They are publishing service port 10250 where they accept commands from API servers. Operator must make sure that only the API server is allowed to submit commands to Kubelet. This is done through client certificate verification, and must configure Kubelet with a client CA file to use for this purpose.
* **C-0035 - MITRE - Cluster admin binding** - Role-based access control (RBAC) is a key security feature in Kubernetes. RBAC can restrict the allowed actions of the various identities in the cluster. Cluster-admin is a built-in highly privileged role in Kubernetes. Attackers who have permissions to create bindings and cluster-bindings in the cluster can create a binding to the cluster-admin ClusterRole or to other high privileges roles.&#x20;

Refer [MITRE-ATT\&CK](https://attack.mitre.org/) for more information.&#x20;

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-1/opsmx-delivery-shield-platform/user-guide/compliance-automation/mitre-att-and-ck.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.