Update action masking to inlcude new actions
This commit is contained in:
Marek Wolan
@@ -9,6 +9,8 @@ about which actions are invalid based on the current environment state. For inst
|
||||
software on a node that is turned off. Therefore, if an agent has a NODE_SOFTWARE_INSTALL in it's action map for that node,
|
||||
the action mask will show `0` in the corresponding entry.
|
||||
|
||||
*Note: just because an action is available in the action mask does not mean it will be successful when executed. It just means it's possible to try to execute the action at this time.*
|
||||
|
||||
Configuration
|
||||
=============
|
||||
Action masking is supported for agents that use the `ProxyAgent` class (the class used for connecting to RL algorithms).
|
||||
@@ -23,95 +25,121 @@ The following logic is applied:
|
||||
+==========================================+=====================================================================+
|
||||
| **DONOTHING** | Always Possible. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_SCAN** | Node is on. Service is running. |
|
||||
| **NODE_SERVICE_SCAN** | Node is on. Service is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_STOP** | Node is on. Service is running. |
|
||||
| **NODE_SERVICE_STOP** | Node is on. Service is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_START** | Node is on. Service is stopped. |
|
||||
| **NODE_SERVICE_START** | Node is on. Service is stopped. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_PAUSE** | Node is on. Service is running. |
|
||||
| **NODE_SERVICE_PAUSE** | Node is on. Service is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_RESUME** | Node is on. Service is paused. |
|
||||
| **NODE_SERVICE_RESUME** | Node is on. Service is paused. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_RESTART** | Node is on. Service is running. |
|
||||
| **NODE_SERVICE_RESTART** | Node is on. Service is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_DISABLE** | Node is on. |
|
||||
| **NODE_SERVICE_DISABLE** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_ENABLE** | Node is on. Service is disabled. |
|
||||
| **NODE_SERVICE_ENABLE** | Node is on. Service is disabled. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SERVICE_FIX** | Node is on. Service is running. |
|
||||
| **NODE_SERVICE_FIX** | Node is on. Service is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_EXECUTE** | Node is on. |
|
||||
| **NODE_APPLICATION_EXECUTE** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_SCAN** | Node is on. Application is running. |
|
||||
| **NODE_APPLICATION_SCAN** | Node is on. Application is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_CLOSE** | Node is on. Application is running. |
|
||||
| **NODE_APPLICATION_CLOSE** | Node is on. Application is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_FIX** | Node is on. Application is running. |
|
||||
| **NODE_APPLICATION_FIX** | Node is on. Application is running. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_INSTALL** | Node is on. |
|
||||
| **NODE_APPLICATION_INSTALL** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_APPLICATION_REMOVE** | Node is on. |
|
||||
| **NODE_APPLICATION_REMOVE** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_SCAN** | Node is on. File exists. File not deleted. |
|
||||
| **NODE_FILE_SCAN** | Node is on. File exists. File not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_CREATE** | Node is on. |
|
||||
| **NODE_FILE_CREATE** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_CHECKHASH** | Node is on. File exists. File not deleted. |
|
||||
| **NODE_FILE_CHECKHASH** | Node is on. File exists. File not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_DELETE** | Node is on. File exists. |
|
||||
| **NODE_FILE_DELETE** | Node is on. File exists. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_REPAIR** | Node is on. File exists. File not deleted. |
|
||||
| **NODE_FILE_REPAIR** | Node is on. File exists. File not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_RESTORE** | Node is on. File exists. File is deleted. |
|
||||
| **NODE_FILE_RESTORE** | Node is on. File exists. File is deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_CORRUPT** | Node is on. File exists. File not deleted. |
|
||||
| **NODE_FILE_CORRUPT** | Node is on. File exists. File not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FILE_ACCESS** | Node is on. File exists. File not deleted. |
|
||||
| **NODE_FILE_ACCESS** | Node is on. File exists. File not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FOLDER_CREATE** | Node is on. |
|
||||
| **NODE_FOLDER_CREATE** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FOLDER_SCAN** | Node is on. Folder exists. Folder not deleted. |
|
||||
| **NODE_FOLDER_SCAN** | Node is on. Folder exists. Folder not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FOLDER_CHECKHASH** | Node is on. Folder exists. Folder not deleted. |
|
||||
| **NODE_FOLDER_CHECKHASH** | Node is on. Folder exists. Folder not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FOLDER_REPAIR** | Node is on. Folder exists. Folder not deleted. |
|
||||
| **NODE_FOLDER_REPAIR** | Node is on. Folder exists. Folder not deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_FOLDER_RESTORE** | Node is on. Folder exists. Folder is deleted. |
|
||||
| **NODE_FOLDER_RESTORE** | Node is on. Folder exists. Folder is deleted. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_OS_SCAN** | Node is on. |
|
||||
| **NODE_OS_SCAN** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_NIC_ENABLE** | NIC is disabled. Node is on. |
|
||||
| **HOST_NIC_ENABLE** | NIC is disabled. Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_NIC_DISABLE** | NIC is enabled. Node is on. |
|
||||
| **HOST_NIC_DISABLE** | NIC is enabled. Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_SHUTDOWN** | Node is on. |
|
||||
| **NODE_SHUTDOWN** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_STARTUP** | Node is off. |
|
||||
| **NODE_STARTUP** | Node is off. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_RESET** | Node is on. |
|
||||
| **NODE_RESET** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_NMAP_PING_SCAN** | Node is on. |
|
||||
| **NODE_NMAP_PING_SCAN** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_NMAP_PORT_SCAN** | Node is on. |
|
||||
| **NODE_NMAP_PORT_SCAN** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_HOST_NMAP_NETWORK_SERVICE_RECON** | Node is on. |
|
||||
| **NODE_NMAP_NETWORK_SERVICE_RECON** | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_ROUTER_PORT_ENABLE** | Router is on. |
|
||||
| **NETWORK_PORT_ENABLE** | Node is on. Router is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_ROUTER_PORT_DISABLE** | Router is on. |
|
||||
| **NETWORK_PORT_DISABLE** | Router is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_ROUTER_ACL_ADDRULE** | Router is on. |
|
||||
| **ROUTER_ACL_ADDRULE** | Router is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_ROUTER_ACL_REMOVERULE** | Router is on. |
|
||||
| **ROUTER_ACL_REMOVERULE** | Router is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_FIREWALL_PORT_ENABLE** | Firewall is on. |
|
||||
| **FIREWALL_ACL_ADDRULE** | Firewall is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_FIREWALL_PORT_DISABLE** | Firewall is on. |
|
||||
| **FIREWALL_ACL_REMOVERULE** | Firewall is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_FIREWALL_ACL_ADDRULE** | Firewall is on. |
|
||||
| NODE_NMAP_PING_SCAN | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| **NODE_FIREWALL_ACL_REMOVERULE** | Firewall is on. |
|
||||
| NODE_NMAP_PORT_SCAN | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| NODE_NMAP_NETWORK_SERVICE_RECON | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| CONFIGURE_DATABASE_CLIENT | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| CONFIGURE_RANSOMWARE_SCRIPT | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| CONFIGURE_DOSBOT | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| CONFIGURE_C2_BEACON | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| C2_SERVER_RANSOMWARE_LAUNCH | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| C2_SERVER_RANSOMWARE_CONFIGURE | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| C2_SERVER_TERMINAL_COMMAND | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| C2_SERVER_DATA_EXFILTRATE | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| NODE_ACCOUNTS_CHANGE_PASSWORD | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| SSH_TO_REMOTE | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| SESSIONS_REMOTE_LOGOFF | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
| NODE_SEND_REMOTE_COMMAND | Node is on. |
|
||||
+------------------------------------------+---------------------------------------------------------------------+
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user