kubescape · YiscahLevySilas1 · Sep 10, 2023 · Sep 10, 2023
diff --git a/attack-tracks/service-destruction.json b/attack-tracks/service-destruction.json
@@ -7,10 +7,12 @@
     "spec": {
         "version": "1.0",
         "data": {
-            "name": "Workload Exposure",
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
             "subSteps": [
                 {
-                    "name": "Service Destruction"
+                    "name": "Denial of service",
+                    "description": "An attacker can overload the workload, making it unavailable."
                 }
             ]
         }

diff --git a/attack-tracks/workload-external-track.json b/attack-tracks/workload-external-track.json
@@ -7,29 +7,37 @@
     "spec": {
         "version": "1.0",
         "data": {
-            "name": "Workload Exposure",
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
             "subSteps": [
                 {
-                    "name": "Vulnerable Image",
+                    "name": "Execution (Vulnerable Image)",
+                    "description": "An attacker can execute malicious code by exploiting vulnerable images.",
                     "checksVulnerabilities": true,
                     "subSteps": [
                         {
-                            "name": "Data Access"
+                            "name": "Data Collection",
+                            "description": "An attacker can gather data."
                         },
                         {
-                            "name": "Secret Access"
+                            "name": "Secret Access",
+                            "description": "An attacker can steal secrets."
                         },
                         {
-                            "name": "Credential access"
+                            "name": "Credential access",
+                            "description": "An attacker can steal account names and passwords."
                         },
                         {
-                            "name": "Potential Node exposure"
+                            "name": "Privilege Escalation (Node)",
+                            "description": "An attacker can gain permissions and access node resources."
                         },
                         {
-                            "name": "Persistence"
+                            "name": "Persistence",
+                            "description": "An attacker can create a foothold."
                         },
                         {
-                            "name": "Network"
+                            "name": "Lateral Movement (Network)",
+                            "description": "An attacker can move through the network."
                         }
                     ]
                 }

diff --git a/controls/C-0009-resourcelimits.json b/controls/C-0009-resourcelimits.json
@@ -9,7 +9,7 @@
             {
                 "attackTrack": "service-destruction",
                 "categories": [
-                    "Service Destruction"
+                    "Denial of service"
                 ]
             }
         ]

diff --git a/controls/C-0041-hostnetworkaccess.json b/controls/C-0041-hostnetworkaccess.json
@@ -10,7 +10,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Network"
+                    "Lateral Movement (Network)"
                 ]
             }
         ]

diff --git a/controls/C-0044-containerhostport.json b/controls/C-0044-containerhostport.json
@@ -11,13 +11,13 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Workload Exposure"
+                    "Initial Access"
                 ]
             },
             {
                 "attackTrack": "service-destruction",
                 "categories": [
-                    "Workload Exposure"
+                    "Initial Access"
                 ]
             }
         ]

diff --git a/controls/C-0045-writablehostpathmount.json b/controls/C-0045-writablehostpathmount.json
@@ -16,7 +16,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Potential Node exposure"
+                    "Privilege Escalation (Node)"
                 ]
             }
         ]

diff --git a/controls/C-0046-insecurecapabilities.json b/controls/C-0046-insecurecapabilities.json
@@ -11,7 +11,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Potential Node exposure"
+                    "Privilege Escalation (Node)"
                 ]
             }
         ]

diff --git a/controls/C-0048-hostpathmount.json b/controls/C-0048-hostpathmount.json
@@ -13,7 +13,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Potential Node exposure"
+                    "Privilege Escalation (Node)"
                 ]
             }
         ]

diff --git a/controls/C-0211-applysecuritycontexttoyourpodsandcontainers.json b/controls/C-0211-applysecuritycontexttoyourpodsandcontainers.json
@@ -19,7 +19,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Potential Node exposure"
+                    "Privilege Escalation (Node)"
                 ]
             }
         ]

diff --git a/controls/C-0256-exposuretointernet.json b/controls/C-0256-exposuretointernet.json
@@ -9,13 +9,13 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Workload Exposure"
+                    "Initial Access"
                 ]
             },
             {
                 "attackTrack": "service-destruction",
                 "categories": [
-                    "Workload Exposure"
+                    "Initial Access"
                 ]
             }
         ]

diff --git a/controls/C-0257-pvcaccess.json b/controls/C-0257-pvcaccess.json
@@ -9,7 +9,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Data Access"
+                    "Data Collection"
                 ]
             }
         ]

diff --git a/controls/C-0258-configmapaccess.json b/controls/C-0258-configmapaccess.json
@@ -9,7 +9,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Data Access"
+                    "Data Collection"
                 ]
             }
         ]

diff --git a/controls/C-0260-missingnetworkpolicy.json b/controls/C-0260-missingnetworkpolicy.json
@@ -9,7 +9,7 @@
             {
                 "attackTrack": "workload-external-track",
                 "categories": [
-                    "Network"
+                    "Lateral Movement (Network)"
                 ]
             }
         ]