We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Security-Monitoring: Scored Attack Paths Open API Specification - FIWARE Forge Wiki

Security-Monitoring: Scored Attack Paths Open API Specification

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Introduction to the Scored Attack Paths API

This API is deprecated.

Scored Attack Paths API Core

This document provides a description of the available interface and presents adapters used by the Scored Attack Paths Application


Scoring process


Scored Attack Paths the metrics provided by the MulVAL Attack Paths Engine, as well as business process impact metrics that may optionally be provided by the user. Based on the Attack Graph provided by the Mulval Attack Paths Engine, and the individual scores of each step, the objective is to yield the possible attack paths, along with a score associated to each one of the paths.

The considered attack paths that will be included in the list are selected based on the target node selected in the attack graph. The score of each path reflects the risk associated to the path as a whole, based on the individual scores of each step that have been previously calculated by the MulVAL Attack Paths Engine.

Additionally to the risk score metric, the score of each path will include a second scoring component that will account for the impact on the processes linked to the IT resource(s) being either (i) solely at the target node of the attack path, or (ii) on the attack path.

The main idea of scoring attack paths (Figure 4) is to consider paths independently from one another, as opposed to the approach of the MulVAL Attack Paths Engine, scores of individual scores, the latter being computed by taking into account all the connections existing in the attack graph.

Intended Audience

This document is addressed both software architects and developers, and the operators of the Scored Attack Paths Application.

API Change History

This version of the Scored Attack Paths API Guide replaces and makes obsolete all previous versions. The most recent changes are described in the table below:

Revision Date Changes Summary
June, 2013
  • V2.0, second release
April, 2013
  • V1.0, first release

How to Read This Document

Along the document, some special notations are applied to differentiate some special words or concepts. The following list summarizes these special notations:

  • A bold, mono-spaced font is used to represent a module.
  • An italic font is used to represent an example

Additional Resources

General Scored Attack Paths API Information

To interact with the Scored Attack Paths application, a REST API has also been created. Here is a description of the features provided by this API.

Loading of business impact metric data from an XML file

This function is necessary to load the business process impact metrics.

  • URL: /attack_paths/initialize
  • Return format: Http code 200 if the loading has been successful else return the errors


Loading of the attack graph

Function used to get the whole attack graph. It is imperative to launch successfully this function before all the functions below.

  • URL: /attack_paths/attack_graph/
  • Return format: XML : The Attack graph in MulVAL output format

List all attack paths

Function used to get a list of all the attack paths

  • URL: /attack_paths/list
  • Return format: XML : The list of attack paths in XML

Provide the score of the attack graph

Function used to provide the overall score for an attack graph.

  • URL: /attack_paths/{id}/
  • Return format: Displayed result: An attack graph, along with the displayed score.
Personal tools
Create a book