You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am going to replay a real penetration event to see if my SIEM can detect all the procedure and combine them into one intrusion.
To make it clear, in this event, attacker was at host A, he exploited host B and did C&C, then he moved laterally from host B to host C, finally he did exfiltration on host C.
I read the caldera document, i have the basic concept of agent/ability/adversary, i know one agent can conduct the abilities in specific adversary which referenced by operation. But in one operation, every agent will do all the abilities, so it is defferent with my demand.
A possible solution is to create a operation without adversary, so i can assign ability to specific agent manually. But i want to do this test repeatlly, I hope i can do this automatically.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am going to replay a real penetration event to see if my SIEM can detect all the procedure and combine them into one intrusion.
To make it clear, in this event, attacker was at host A, he exploited host B and did C&C, then he moved laterally from host B to host C, finally he did exfiltration on host C.
I read the caldera document, i have the basic concept of agent/ability/adversary, i know one agent can conduct the abilities in specific adversary which referenced by operation. But in one operation, every agent will do all the abilities, so it is defferent with my demand.
A possible solution is to create a operation without adversary, so i can assign ability to specific agent manually. But i want to do this test repeatlly, I hope i can do this automatically.
So what should i do?
Beta Was this translation helpful? Give feedback.
All reactions