{"id":30215590,"url":"https://github.com/5gsec/security-intents","last_synced_at":"2025-08-14T02:13:37.104Z","repository":{"id":214310760,"uuid":"725856401","full_name":"5GSEC/security-intents","owner":"5GSEC","description":"Repository to hold security intents in standard template format.","archived":false,"fork":false,"pushed_at":"2024-03-17T09:49:08.000Z","size":620,"stargazers_count":4,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-07T18:10:13.176Z","etag":null,"topics":["5g","blueprints","intents","k8s","kubernetes","o-ran","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/5GSEC.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-12-01T02:26:54.000Z","updated_at":"2024-03-18T06:55:41.000Z","dependencies_parsed_at":"2024-01-08T06:26:22.462Z","dependency_job_id":"c93bdb58-8d97-45c2-9697-5053099869f9","html_url":"https://github.com/5GSEC/security-intents","commit_stats":null,"previous_names":["5gsec/security-intents"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/5GSEC/security-intents","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5GSEC%2Fsecurity-intents","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5GSEC%2Fsecurity-intents/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5GSEC%2Fsecurity-intents/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5GSEC%2Fsecurity-intents/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/5GSEC","download_url":"https://codeload.github.com/5GSEC/security-intents/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5GSEC%2Fsecurity-intents/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270347825,"owners_count":24568605,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-14T02:00:10.309Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["5g","blueprints","intents","k8s","kubernetes","o-ran","security"],"created_at":"2025-08-14T02:13:30.728Z","updated_at":"2025-08-14T02:13:37.060Z","avatar_url":"https://github.com/5GSEC.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- THIS IS AN AUTO-GENERATED FILE by ./scripts/gendoc.sh. DO NOT EDIT MANUALLY --\u003e\n\n# Security Intents for Intent Driven Security\n\n![CI status](https://github.com/5GSEC/security-intents/actions/workflows/ci-verify.yml/badge.svg)\n\nRepository to hold Security Intents in standard template format.\n\n![](res/nimbus.png)\n\n## Security Threat Template\n```yaml\ntitle: Scenario-title\ndescription: Detailed description of the scenario\nseverity: High/Medium/Low\ntags:\n  - oran\n  - 5gcore\n  - generic\ndetectionMethods: # Mechanisms to detect the threat\n  - name: Application log\n    tag:\n      - mitre/ds0015\n    description: Description # Optional\n    url: https://...\n  - name: Process\n    tag:\n      - accuknox/ax0015\n    description: Description # Optional\n    url: https://...\nmitigationMethods: # Mechanisms to mitigate the threat\n  - name: Update Software\n    tag:\n      - mitre/ds0015\n    description: desc\n    url: https://...\n  - name: User Account Management\n    tag:\n      - accuknox/ax0015\n    description: desc\n    url: https://...\nsecurityActions:\n  - sample-sa-1.yaml\n  - sample-sa-2.yaml\nsecurityIntentBinding: # Set of labels, annotations describing workloads who would be impacted by this threat\n  - sample-si-binding.yaml\npreDeploymentConsiderations: [ ] # Anything that can be done in CI/CD pipelines that can alleviate this threat\nreferences:\n  - name: ref1\n    url: https://...\n  - name: ref2\n    url: https://...\n```\n\n## Security Threats\n\n| Title | Description | Severity | Security Actions | References |\n|:-----:|-------------|----------|------------|------------|\n   | [DNS Manipulation](threats/mitre/dnsManipulation.yaml) | An adversary can manipulate DNS requests to redirect network traffic and potentially reveal end user activity. | high | [accuknox/preventLocalDNSHijack](actions/accuknox/preventLocalDNSHijack), [mitre/integrityProtection](actions/mitre/integrityProtection), [mitre/networkTraffic](actions/mitre/networkTraffic) |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5006) |\n   | [Exploit Public-Facing Application](threats/mitre/exploitPublicFacingApplication.yaml) |  | High |  |[FGT1190](https://fight.mitre.org/techniques/FGT1190) |\n   | [Exploit Semi-public Facing Application](threats/mitre/exploitSemiPublicFacingApplication.yaml) |  | High | [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT5029](https://fight.mitre.org/techniques/FGT5029) |\n   | [gNodeB Component Manipulation](threats/mitre/gNodeBComponentManipulation.yaml) | An adversary may compromise a component of gNodeB to affect radio network configuration | high |  |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5032) |\n   | [Protocol Tunneling](threats/mitre/protocolTunnelling.yaml) | Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. | High | [mitre/encryptSensitiveInformation](actions/mitre/encryptSensitiveInformation), [mitre/networkTraffic](actions/mitre/networkTraffic) |[FGT1572.501](https://fight.mitre.org/techniques/FGT1572.501) |\n   | [Regitration of Malicious Network Functions](threats/mitre/registrationMaliciousNetworkFunctions.yaml) | An adversary, such as an insider to the MNO or vendor, could install a malicious NF into the core network, in order to launch other attacks or get access to information. | high | [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[MITRE FiGHT](https://fight.mitre.org/techniques/FGT5006) |\n   | [Rogue xApps unauthorized access](threats/mitre/rogueXappsUnauthAccess.yaml) | Malicious xApps may gain unauthorized access to near-RT RIC and E2 nodes | High | [mitre/credentialAccessProtection](actions/mitre/credentialAccessProtection), [mitre/networkSegmentation](actions/mitre/networkSegmentation) |[FGT5034](https://fight.mitre.org/techniques/FGT5034) |\n   | [Software Deployment Tools](threats/mitre/softwareDeploymentTools.yaml) | Adversaries may gain access to and use third-party software suites installed within an enterprise network, such as administration, monitoring, and deployment systems, to move laterally through the network. | High | [accuknox/preventPkgInstall](actions/accuknox/preventPkgInstall) |[FGT1072](https://fight.mitre.org/techniques/FGT1072) |\n   | [SupplyChainCompromise](threats/mitre/supplyChainCompromise.yaml) | Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. | High |  |[FGT1195](https://fight.mitre.org/techniques/FGT51195) |\n   | [Unauthorized access to Network Exposure Function (NEF) via token fraud](threats/mitre/unAuthAccessNEFTokenFraud.yaml) | An adversary controlling an (external) Application Function (AF) presents a fraudulent OAuth access token to access Network Exposure Function (NEF) services | High |  |[FGT5011](https://fight.mitre.org/techniques/FGT5011) |\n   | [Valid Accounts](threats/mitre/validAccounts.yaml) |  | High |  |[FGT1078](https://fight.mitre.org/techniques/FGT1078) |\n\n## Contributions welcome...\n\n### Adding a new Security Threat\n\n1. Fork and clone this repository\n2. Copy `res/threatTemplate.yaml` template file in [threats](threats)/`tactic` directory and edit the file's contents to\n   accurately reflect the specific threat information. For e.g., `execution` tactic from MITRE FiGHT.\n   ```shell\n   cp res/threatTemplate.yaml threats/execution/threat-name.yaml\n    ```\n3. Create the Security Actions file(s) you listed in the `.securityActions` field of the `threat-name.yaml` file, and\n   place them within the [actions](actions) directory. For e.g.,\n   ```yaml\n   ...\n   securityActions:\n    - sample-sa-1.yaml \n    - sample-sa-2.yaml \n   ...\n   ```\n4. Run `make`\n5. Raise a PR\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5gsec%2Fsecurity-intents","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F5gsec%2Fsecurity-intents","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5gsec%2Fsecurity-intents/lists"}