3CX DLL-Sideloading attack: What you need to know
This document covers the use of the new IaC template scanning API endpoint of Sophos Cloud Optix. This is documented here: https://optix.sophos.com/apiDocumentation (In the "APIs for IaC Integration" section)
a. Go to https://optix.sophos.com/ and sign in with your credentials
b. Go to Settings → Integrations → Sophos Cloud Optix
c. Select the expiry time (6 months, 1 year or Never), then click on "Generate new key"
d. The API Key will be generated. Click on "Save"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit → Add Artifacts"
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Edit"
b. Click on the stage that you want to add the IaC template security/compliance validation task to
c. Click on "+" to add a new task, search for "bash", then select the "Bash" task
d. Select the task and edit the following
# Scan
for
any high severity security and compliance issues
highalerts=$(curl
"https://optix.sophos.com/api/v1/iac/scan"
-H
"Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx"
-F
"repo_url=https://david0620@dev.azure.com/david0620/DevSecOps-Test/_git/DevSecOps-Test"
"committer_name=DavidOkeyode"
"committer_email=optixworkshop0919@outlook.com"
"branch=master"
'-F files=@_AzureDeployment-Prod/cloud-optix-demo.json'
"async=false"
| jq
'.summary.num_high_alerts'
);
any critical severity security and compliance issues
criticalalerts=$(curl
'.summary.num_critical_alerts'
# Stop the pipeline
if
there are any high or critical security or compliance issues detected
# Also print out the issues detected
any
[[ $highalerts ==
0
]] && [[ $criticalalerts ==
]]; then
echo
"No critical/high severity security or compliance issues was detected"
else
"Critical/high severity security or compliance issues detected"
curl -X GET
'https://optix.sophos.com/api/v1/alerts?page=1&size=1%27&severity=HIGH&alertType=Dev&accountName=_git/DevSecOps-Test'
'Authorization: ApiKey c95ed269-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx'
'https://optix.sophos.com/api/v1/alerts?page=1&size=1%27&severity=CRITICAL&alertType=Dev&accountName=_git/DevSecOps-Test'
exit1
fi
e. Ensure that the task is dragged above the main deployment tasks
a. In Azure DevOps, go to "Azure DevOps → Pipelines → Releases → Select Pipeline → Create release"
b. Look in the release logs for the output