Rules Contributing to OCI Insecure NFS Export Configuration Alert

This topic covers a feature that is not available for all customers yet. See Early Access Program Features and Topics Under Development.
The following rules are used to identify insecure NFS export configuration in OCI. Any one or more of these will trigger the OCI Insecure NFS Export Configuration Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
OCI Insecure NFS Export |
Identifies potentially insecure OCI NFS server export configuration. If the NFS server is poorly configured (e.g., no IP or read-only restrictions and no root squash), malicious hosts can mount the file systems and lead to subsequent data exfiltration. More details
![]() Rule IDQuery{'selection': {'eventName': ['createexport', 'updateexport']}, 'filter1': {'exportSource': '0.0.0.0/0'}, 'filter2': {'exportAccess': 'READ_ONLY'}, 'filter3': {'exportIdentitySquash': 'NONE'}, 'condition': 'selection and (filter1 or not filter2 or filter3)'} Log SourceStellar Cyber OCI configured. Rule SourceDeveloped internally by Stellar Cyber Tactics, Techniques, and ProceduresReferences
N/A
Severity25 Suppression Logic Based On
Additional Information
|