DETECTION ACTIONS
1. Communication and system monitoring:
the traffic within the network is monitored by the use of different monitoring tools, that include communication, system status, device monitoring status, policy update and firmware updates. Data from AMORA will be used to identify potential threats and it will enable the vision from connected system to connected hardware/device level.
2. Vulnerability intelligence:
a runtime exploits-vulnerabilities search engine is envisioned for the identification of vulnerabilities and exploits so that measures could be deployed to mitigate a potential or an ongoing attack. This discovery will come with a prioritization based on Building Block 2 information.
3. Source code analysis:
this microservice will deal with the code analysis, license checking, security level, software license violation, known vulnerable versions. For example, OpenSCAP, open-source code, will be used in AMORA tool along with the help of FOSSolgy.
4. Human in the loop:
detection of human misuse or actions.