3CX DLL-Sideloading attack: What you need to know
This document covers the use of the new IaC template scanning API endpoint of Sophos Cloud Optix. This is documented here: https://optix.sophos.com/apiDocumentation (In the "APIs for IaC Integration" section)
a. Go to https://optix.sophos.com/ and sign in with your credentials
b. Go to Settings → Integrations → Sophos Cloud Optix
c. Select the expiry time (6 months, 1 year or Never), then click on "Generate new key"
d. The API Key will be generated. Click on "Save"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit → Add Artifacts"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit"
b. Click on the stage that you want to add the IaC template security/compliance validation task to
c. Click on "+" to add a new task, search for "bash", then select the "Bash" task
d. Select the task and edit the following
any high severity security and compliance issues
"Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx"
any critical severity security and compliance issues
# Stop the pipeline
there are any high or critical security or compliance issues detected
# Also print out the issues detected
[[ $highalerts ==
]] && [[ $criticalalerts ==
"No critical/high severity security or compliance issues was detected"
"Critical/high severity security or compliance issues detected"
curl -X GET
'Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx'
e. Ensure that the task is dragged above the main deployment tasks
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Create release"
b. Look in the release logs for the output