-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathnotification.mustache
210 lines (177 loc) · 11.2 KB
/
notification.mustache
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
{{=<< >>=}} % Mustache bracket substitution
\documentclass[twoside]{article}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% LaTeX Packages
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage{booktabs} % nice book tables (needed for toprule, etc.)
\usepackage{datetime} % format dates
\usepackage{fontspec} % provides font selecting commands
\usepackage{geometry} % full page
\usepackage{graphicx} % graphics support
\usepackage{longtable} % allows tables to span multiple pages
\usepackage{pdflscape} % rotation of pdf paper (landscape mode)
\usepackage[table,cymk]{xcolor} % add color to tables and page background
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% PDF Metadata
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\definecolor{darkcerulean}{rgb}{0.03, 0.27, 0.49}
\usepackage[pdfauthor={Cybersecurity and Infrastructure Security Agency},
pdftitle={Cyber Hygiene Alert for <<&owner_acronym>>},
pdfsubject={Notification},
pdfkeywords={cyhy, cyber, hygiene, security, cybersecurity, assessments, notification, cisa, <<&owner_acronym>>},
pdfcreator={XeTeX with hyperref},
colorlinks=true, linkcolor=black, urlcolor=darkcerulean]{hyperref}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% URL and Link Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage{url} % support for in-document urls
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Geometry Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\geometry{
top=0.75in,
inner=0.3in,
outer=0.3in,
bottom=0.75in,
headheight=3ex,
headsep=2ex,
}
%\geometry{showframe=true} % useful for debugging
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Header/Footer Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage{fancyhdr}
\pagestyle{fancy}
\fancyhead{}
\fancyfoot{}
\fancyhead[CO]{FOR OFFICIAL USE ONLY (FOUO)}
\fancyfoot[CO]{FOR OFFICIAL USE ONLY (FOUO)}
\newfontfamily{\FranklinGothicDemiFont}{Franklin Gothic Demi}
\newcommand\TLPFont{\FranklinGothicDemiFont\fontsize{11pt}{11pt}\selectfont}
\definecolor{tlp-amber}{cmyk}{0.0,0.25,1.0,0.0}
\fancyhead[RO]{\colorbox{black}{\textcolor{tlp-amber}{\TLPFont{TLP:AMBER}}}}
\fancyfoot[RO]{\colorbox{black}{\textcolor{tlp-amber}{\TLPFont{TLP:AMBER}}}}
\renewcommand{\headrulewidth}{0.0pt}
\renewcommand{\footrulewidth}{0.0pt}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Draft Watermark
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
<<#draft>>
\usepackage{draftwatermark}
\SetWatermarkLightness{0.9}
\SetWatermarkText{DRAFT}
<</draft>>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Date Format Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\newdateformat{usvardate}{\monthname[\THEMONTH] \THEDAY, \THEYEAR}
\newdateformat{isodate}{\THEYEAR-\twodigit{\THEMONTH}-\twodigit{\THEDAY}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Color Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Primary Palette
\definecolor{cisa-blue}{cmyk}{1.0,0.45,0.0,0.37}
\definecolor{cisa-light-blue}{cmyk}{1.0,0.16,0.0,0.27}
\definecolor{cisa-gray}{cmyk}{0.0,0.0,0.0,0.28}
\definecolor{cisa-dark-gray}{cmyk}{0.0,0.0,0.0,0.79}
\definecolor{cisa-blue-gray}{cmyk}{0.77,0.51,0.34,0.25}
\definecolor{cisa-white}{cmyk}{0.0,0.0,0.0,0.0}
%%% Support Palette
\definecolor{cisa-red}{cmyk}{0.0,1.0,0.79,0.20}
\definecolor{cisa-green}{cmyk}{0.56,0.0,1.0,0.27}
%%% Table Colors
\definecolor{row-gray}{cmyk}{0.0,0.0,0.0,0.15}
%%% TLP Colors - see https://www.us-cert.gov/tlp
\definecolor{tlp-red}{cmyk}{0.0,1.0,0.79,0.0}
\definecolor{tlp-amber}{cmyk}{0.0,0.25,1.0,0.0}
\definecolor{tlp-green}{cmyk}{0.79,0.0,1.0,0.0}
\definecolor{tlp-white}{cmyk}{0.0,0.0,0.0,0.0}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Attachments Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage{attachfile2} % enable attachments to pdfs generated by xelatex
\attachfilesetup{color = cisa-blue}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Font Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\defaultfontfeatures{Scale=MatchLowercase}
\setmainfont[Mapping=tex-text]{Arial}
% CISA Standard Fonts
\newfontfamily{\FranklinGothicMediumFont}{Franklin Gothic Medium}
\newcommand\CISACoverTitle{\FranklinGothicMediumFont\fontsize{24pt}{24pt}\selectfont}
\newcommand\CISATitle{\FranklinGothicMediumFont\fontsize{16pt}{16pt}\selectfont}
\newcommand\CISAHeadingOne{\FranklinGothicMediumFont\fontsize{16pt}{16pt}\selectfont}
\newcommand\CISAHeadingTwo{\FranklinGothicMediumFont\fontsize{14pt}{14pt}\selectfont}
\newcommand\CISAHeadingThree{\FranklinGothicMediumFont\fontsize{13pt}{13pt}\slshape\selectfont} % \slshape gives italics (slanted type)
\newcommand\CISAHeadingFour{\FranklinGothicMediumFont\fontsize{11pt}{11pt}\slshape\selectfont}
\newcommand\CISACaption{\FranklinGothicMediumFont\fontsize{11pt}{11pt}\slshape\selectfont}
\newfontfamily{\FranklinGothicBookFont}{Franklin Gothic Book}
\newcommand\CISATitleCoverNumberDate{\FranklinGothicBookFont\fontsize{10pt}{10pt}\selectfont}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Graphics Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\DeclareGraphicsExtensions{.pdf, .jpg, .tif, .png}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Paragraph Setup
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% By default the first paragraph of a section is not indented but the remainder are.
% in this document we want more uniformity.
% so we could indent the first paragraph using the following line:
%\usepackage{indentfirst}
% or we could supress all paragraph indentations and add a line between paragraphs
\setlength{\parindent}{0pt}
\addtolength{\parskip}{\baselineskip}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%% Content Start
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{document}
{\textcolor{cisa-blue}{\CISAHeadingTwo{<<&owner_acronym>> - Cyber Hygiene Alert - \usvardate\formatdate<<¬ification_date_tex>>}}}
<<#detected_urgent_vulns>>
{\CISAHeadingThree{Urgent Vulnerabilities Detected}}
\vspace*{-0.35cm} % Next line must be blank for proper vertical spacing
Cyber Hygiene scans of your host(s) conducted in the past day have detected new vulnerabilities requiring <<#is_federal>>immediate<</is_federal>><<^is_federal>>urgent<</is_federal>> attention. These vulnerabilities may be critical or high in severity and/or \href{https://www.cisa.gov/known-exploited-vulnerabilities-catalog}{\underline{known to be exploited}}<<#is_federal>> and present an unacceptable risk to the federal enterprise<</is_federal>>.
<<#is_federal>>As part of \href{https://www.cisa.gov/news-events/directives/binding-operational-directive-22-01/}{\underline{BOD 22-01}}, certain "known exploited" findings need to be remediated within two weeks.\\
As part of \href{https://www.cisa.gov/news-events/directives/binding-operational-directive-19-02/}{\underline{BOD 19-02}}, critical-severity findings need to be remediated within <<&days_until_criticals_overdue>> days and high-severity findings remediated within <<&days_until_highs_overdue>> days.<</is_federal>><<^is_federal>>CISA recommends remediating known exploited vulnerabilities within two weeks, and otherwise remediating critical findings within <<&days_until_criticals_overdue>> days and high findings within <<&days_until_highs_overdue>> days.<</is_federal>>
\rowcolors{3}{white}{row-gray}
\begin{longtable}{<<#display_owner>>p{0.7in}<</display_owner>>p{2.75in}rrrrrr}
\toprule
<<#display_owner>>Owner & <</display_owner>>Vulnerability & Known & Ransomware & Severity & Host & Port & Initial\\
<<#display_owner>> & <</display_owner>> & Exploited? & Exploited? & & & & Detection (UTC)\\
\midrule \endhead
<<#tickets>><<#based_on_vulnscan>><<#display_owner>><<&owner>> & <</display_owner>><<#kev>>\color{cisa-red}\textbf{<</kev>><<&name>><<#kev>>}<</kev>> & <<#kev>>\color{cisa-red}\textbf{Yes}<</kev>><<^kev>>No<</kev>> & <<#kev_ransomware>>\color{cisa-red}\textbf{Yes}<</kev_ransomware>><<^kev_ransomware>>No<</kev_ransomware>> & <<&severity>> & <<&ip>> & <<&port>> & \isodate\formatdate<<&time_opened_date_tex>> \ \formattime<<&time_opened_time_tex>> \\
<</based_on_vulnscan>><</tickets>>
\bottomrule
\end{longtable}
To further help prioritize remediation decisions, please take note of any ``ransomware exploited" vulnerabilities, which are vulnerabilities that are known to be used in ransomware campaigns.
<</detected_urgent_vulns>>
<<#detected_risky_services>>
{\CISAHeadingThree{New Potentially Risky Services Detected}}
\vspace*{-0.35cm} % Next line must be blank for proper vertical spacing
Cyber Hygiene scans of your host(s) conducted in the past day have detected new potentially risky services.
These services warrant your attention. All services are potentially at risk of attack, but some can be more risky when open to the public (e.g. RDP, Telnet, etc.), especially if they are open as Networked Management Interfaces. CISA recommends validating that each service below is intended to be available to the public and, where applicable, the service is up-to-date on the latest version, correctly configured, and uses strong authentication. A red asterisk (\textbf{\color{cisa-red} *} \color{black}) denotes the possibility of a networked management interface.
<<#is_federal>>As part of \href{https://www.cisa.gov/news-events/directives/binding-operational-directive-23-02/}{\underline{BOD 23-02}}, within 14 days of notification, Networked Management Interfaces exposed to the public internet must either be removed from the public internet or protected by capabilities that enforce access control to the interface through a policy enforcement point separate from the interface itself as part of a Zero Trust Architecture.<</is_federal>>
\rowcolors{3}{white}{row-gray}
\begin{longtable}{<<#display_owner>>p{0.7in}<</display_owner>>rrrrrr}
\toprule
<<#display_owner>>Owner & <</display_owner>>Host & Port & Service & Category & Initial Detection (UTC) \\
\midrule \endhead
<<#tickets>><<#based_on_portscan>><<#display_owner>><<&owner>> & <</display_owner>><<&ip>> & <<&port>> & <<#possible_nmi>>\color{cisa-red}\textbf{<</possible_nmi>><<&service>><<#possible_nmi>>}<</possible_nmi>> & <<#possible_nmi>>\color{cisa-red}\textbf{<</possible_nmi>><<&category>><<#possible_nmi>>*}<</possible_nmi>> & \isodate\formatdate<<&time_opened_date_tex>> \ \formattime<<&time_opened_time_tex>> \\
<</based_on_portscan>><</tickets>>
\bottomrule
\end{longtable}
<</detected_risky_services>>
{\CISAHeadingThree{Attachments}}
\vspace*{-0.35cm} % Next line must be blank for proper vertical spacing
Findings details are attached in CSV (comma-separated values) format; if your viewer supports embedded attachments you will see a paperclip icon below.
\vspace*{-0.6cm}
\begin{itemize}
<<#detected_urgent_vulns>>
\item \attachfile[appearance=false,mimetype=text/csv,icon=Paperclip,ucfilespec=findings.csv]{findings.csv} \textit{findings.csv} - Detailed list of all new known exploited, critical, and high vulnerability findings from the past day
<</detected_urgent_vulns>>
<<#detected_risky_services>>
\item \attachfile[appearance=false,mimetype=text/csv,icon=Paperclip,ucfilespec=potentially-risky-services.csv]{potentially-risky-services.csv} \textit{potentially-risky-services.csv} - Detailed list of all new potentially risky services from the past day
<</detected_risky_services>>
\end{itemize}
If you have any questions, please contact our office: \href{mailto:vulnerability@cisa.dhs.gov}{\underline{vulnerability@cisa.dhs.gov}}
\includegraphics[height=1.0in]{assets/cisa-logo} % CISA logo
\end{document}