We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Security-Monitoring: Mulval Attack Path Engine Web Application Open API Specification - FIWARE Forge Wiki

Security-Monitoring: Mulval Attack Path Engine Web Application Open API Specification

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Introduction to the Mulval Attack Path Engine Web Application API

This API is deprecated.

Mulval Attack Path Engine Web Application API Core

This document provides a description of the available interface and presents adapters used by the MulVAL Attack Path Engine to import data files. The adapter transforms the data file to internal data in order to provide reporting and decision support in the context of the security monitoring G.E.

File:Mulval_api_principe.PNG‎

Figure 1: principle of Mulval API

As this part is based on the Mulval Attack path engine, you can relate to Mulval Attack Path Engine Open API Specification for more information about the core functions of this tool.

Here is the link to this topic Security-Monitoring:_Mulval_Attack_Path_Engine_Open_API_Specification


File:Attack path engine call mulval core function.PNG

Figure 2: principle of Mulval Attack path engine web application

The web application part is based on the core functions of Mulval. Then, we developped an intelligence which can connect directly to the powerful functions of Mulval. This capacity of the direct connection is called connector.

Intended Audience

This document is addressed both software architects and developers, and the operators of MulVAL Attack Path Engine.

API Change History

This version of the Mulval Attack Path API Guide replaces and obsoletes all previous versions. The most recent changes are described in the table below:

Revision Date Changes Summary
August, 2012
  • V1.0, first release
January, 2012
  • V1.1 release
  • Nessus scanner supported
  • Attack path generated from the file exported by the Nessus scanner.
January, 2013
  • V1.2 Thales release for FI-WARE
  • Attack Graph Generation on the Web
  • ...

How to Read This Document

Along the document, some special notations are applied to differentiate some special words or concepts. The following list summarizes these special notations:

  • A bold, mono-spaced font is used to represent a module.
  • An italic font is used to represent an example

Additional Resources

In term of architecture design, the connector takes place greatly inside it. Connector means that permits to connect with others in order to link them together. We can give some references which described the connector's principle.

Trilogy of connectors: Basis principles and connector design explanation, Hardcover, authors: Robert Mroczkowski, Romain Jugy, Alexander Gerfer

Concerning web application, it's now something best known from every body. We just give you a refence on which that we use to develop this additional application.

Application Developer's Guide [[1]]

General Mulval Attack Path Web Application API Information

As previously described, the web application part is based on the Mulval core function. Our objectif is to pull Mulval usage through a mainstream protocol. It means that all users can connect easily to our application via web browser and generate the graph directly from this place.

Here is an overview of the attack path engine web application.

File:Mulval attack path engine web application interaction with core function.PNG

Figure 3: Overview of Mulval attack path engine web application

The Mulval Attack Path engine core functions are already depited at:


It remains to define the web application functions. This web application is composed of four components:

  • 1. Connector'
  • 2. Web Application'
  • 3. Visualization of Attack Graph on the Web browser
  • 4. Analisis

Connector

The connector used for this web application is a technology solution for connecting web application server and core functions of Mulval attack path engine.

Web Application

A web application is an application that is accessed by users over a network such as the Internet or an intranet. This development will help the users to connect to the Mulval attack path engine directly from the web browser.

For more information, you can get it from the wikipedia : [[2]]

Visualization of Attack Graph on the Web browser

For this part, you can get details information directly on the user's guide at:

http://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Security_Monitoring_/_MulVAL_Attack_Paths_Engine_Web_Application_-_User_and_Programmers_Guide

Analysis

The Mulval core functions offer metrics analysis uses the CVSS scoring. This score is contained in each vulnerability definition. We have included a quantitative risk assessment algorithm.

Now we also offer new functions of analysis which are described at:

Scored Attack Paths Open API Specification [[Security-Monitoring:_Scored_Attack_Paths_Open_API_Specification_(PRELIMINARY)]

Personal tools
Create a book