Base Rule Set Compliance Matrix



Rule Sets Overview

Threat Stack provides a Base Rule Set to help you get started on your security journey. We recognize that the Base Rule Set may not meet your organizations' specific needs and so we created alternate compliance rule sets based on:

  • SOC2
  • PCI

Rule Sets

To help clarify how these other compliance rule sets compare to the Base Rule Set, we created comparison charts for each compliance rule set.

Additionally, we have a collection of miscellaneous rules at the end of this article.

Base Rule Set HIPAA Rule Set
Application: Services running as root  
Exploits : Kernel Module Activity HIPAA Compliance 164.308(a)(5)(ii)(B)
Exploits : Process Activity from /tmp HIPAA Compliance 164.308(a)(5)(ii)(B)
Exploits : Services running Shell HIPAA Compliance 164.308(a)(5)(ii)(B)
Files : Configuration File Changes HIPAA Compliance 164.312(b) Integrity
Files : System File Changes HIPAA Compliance 164.312(b) Integrity
Files: Secret File Opens  
Host : New user added HIPAA Compliance 164.308(a)(3)(ii)(A)
Network:LAN-WAN Access HIPAA Compliance 164.312(b)
Threat Intelligence: Outbound HIPAA Compliance 164.312(b)
Users : File Transfers HIPAA Compliance 164.312(b)
Users : Login Failures HIPAA Compliance 164.308(a)(5)(ii)(C)
Users : Logins HIPAA Compliance 164.308(a)(5)(ii)(C)
Users : Privilege Escalations HIPAA Compliance 164.308 (a)(4)(i)
Users : Root Logins from WAN HIPAA Compliance 164.308(a)(5)(ii)(C) & 164.312(a)(2)(i)
Users: File Permission Changes HIPAA Compliance 164.312(b)
Users: Manual Package Installs HIPAA Compliance 164.308(a)(5)(ii)(B)
Users: Security Tool Usage HIPAA Compliance 164.308(a)(5)(ii)(B)
Users: Manual File Edits HIPAA Compliance 164.312(b)
Application: Cassandra Config File Access  
Application: ES Admin port access  
Files: Application Directory  
Files: Audit Logs HIPAA Compliance 164.312(b)
Files: Canary File Opens  
Files: Code Execution  
Host : Insecure Port Usage  
Network : Connection Accepts  
Network : Connection Binds  
Users : Logins from non Jump Host  
Users : Logins from WAN  
Users: Ex-Employee Activity  

No Specified Rule Set

No Specified Base Rule
HIPAA Compliance 164.308(a)(5)(ii)(B): Exploits - Service Account Command Running As Root
HIPAA Compliance: 164.312(b): Patient File Opens
SOC-2 Common Criteria CC 3.1, 3.3, 4.1 , 5.6, 6.1, 6.2 & C 1.3: Inbound Threat Intelligence Communication
SOC-2 Common Criteria CC CC 4.1, 5.1, 6.1, 6.2 & 7.4: Customer File Opens
PCI Compliance 10.4: System Clock Changed
PCI Compliance 11.4: Inbound Threat Intelligence Communication
PCI Compliance 11.5: Customer File Opens
FFIEC Compliance II.A, II.B, II.C & II.D: Customer File Opens
FFIEC Compliance II.A, II.B, II.C & II.D: Inbound Threat Intelligence Communication from {{ip}} on {{threatintel_reason}}
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.