diff --git a/src/primaite/config/_package_data/uc7_config.yaml b/src/primaite/config/_package_data/uc7_config.yaml index 9e051fa5..2af492cf 100644 --- a/src/primaite/config/_package_data/uc7_config.yaml +++ b/src/primaite/config/_package_data/uc7_config.yaml @@ -268,7 +268,7 @@ simulation: external_inbound_acl: 1: action: PERMIT - external_inbound_acl: + external_outbound_acl: 1: action: PERMIT @@ -347,7 +347,7 @@ simulation: external_inbound_acl: 5: action: PERMIT - external_inbound_acl: + external_outbound_acl: 5: action: PERMIT routes: @@ -995,7 +995,7 @@ PROBABILISTIC_CONFIG_40_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_40 1: 0.4 # Probabilistic Green Agent | 60% NODE_APPLICATION_EXECUTE | 40% do-nothing # -PROBABILISTIC_CONFIG_20_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 +PROBABILISTIC_CONFIG_60_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 action_probabilities: 0: 0.4 1: 0.6 @@ -1062,7 +1062,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["HOME-PUB-PC-1"] target_application: "database-client" @@ -1156,7 +1155,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-1"] target_application: "database-client" @@ -1199,7 +1197,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-2"] target_application: "database-client" @@ -1254,7 +1251,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-1"] target_application: "database-client" @@ -1297,7 +1293,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-2"] target_application: "database-client" @@ -1340,7 +1335,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-3"] target_application: "database-client" @@ -1394,7 +1388,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-B-PRV-PC-1"] target_application: "database-client" @@ -1532,7 +1525,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-1"] target_application: "database-client" @@ -1617,7 +1609,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-3"] target_application: "database-client" diff --git a/src/primaite/config/_package_data/uc7_config_tap003.yaml b/src/primaite/config/_package_data/uc7_config_tap003.yaml index 3bc24ea3..3f7aec14 100644 --- a/src/primaite/config/_package_data/uc7_config_tap003.yaml +++ b/src/primaite/config/_package_data/uc7_config_tap003.yaml @@ -14,7 +14,8 @@ io_settings: save_agent_actions: false save_step_metadata: false save_pcap_logs: false - save_sys_logs: True + save_sys_logs: false + save_agent_logs: false # save_sys_logs: true write_sys_log_to_terminal: false @@ -268,7 +269,7 @@ simulation: external_inbound_acl: 1: action: PERMIT - external_inbound_acl: + external_outbound_acl: 1: action: PERMIT @@ -347,7 +348,7 @@ simulation: external_inbound_acl: 5: action: PERMIT - external_inbound_acl: + external_outbound_acl: 5: action: PERMIT routes: @@ -995,7 +996,7 @@ PROBABILISTIC_CONFIG_40_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_40 1: 0.4 # Probabilistic Green Agent | 60% NODE_APPLICATION_EXECUTE | 40% do-nothing # -PROBABILISTIC_CONFIG_20_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 +PROBABILISTIC_CONFIG_60_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 action_probabilities: 0: 0.4 1: 0.6 @@ -1062,7 +1063,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["HOME-PUB-PC-1"] target_application: "database-client" @@ -1156,7 +1156,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-1"] target_application: "database-client" @@ -1199,7 +1198,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-2"] target_application: "database-client" @@ -1254,7 +1252,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-1"] target_application: "database-client" @@ -1297,7 +1294,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-2"] target_application: "database-client" @@ -1340,7 +1336,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-3"] target_application: "database-client" @@ -1394,7 +1389,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-B-PRV-PC-1"] target_application: "database-client" @@ -1532,7 +1526,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-1"] target_application: "database-client" @@ -1617,7 +1610,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-3"] target_application: "database-client" @@ -1946,6 +1938,7 @@ agents: - service_name: ftp-client applications: - application_name: ransomware-script + - application_name: database-client folders: - folder_name: downloads files: @@ -1959,6 +1952,7 @@ agents: - service_name: ftp-client applications: - application_name: ransomware-script + - application_name: database-client folders: - folder_name: downloads files: diff --git a/src/primaite/config/_package_data/uc7_multiple_attack_variants/uc7_config_no_red.yaml b/src/primaite/config/_package_data/uc7_multiple_attack_variants/uc7_config_no_red.yaml index 49ed614e..b5a2a3f5 100644 --- a/src/primaite/config/_package_data/uc7_multiple_attack_variants/uc7_config_no_red.yaml +++ b/src/primaite/config/_package_data/uc7_multiple_attack_variants/uc7_config_no_red.yaml @@ -268,7 +268,7 @@ simulation: external_inbound_acl: 1: action: PERMIT - external_inbound_acl: + external_outbound_acl: 1: action: PERMIT @@ -347,7 +347,7 @@ simulation: external_inbound_acl: 5: action: PERMIT - external_inbound_acl: + external_outbound_acl: 5: action: PERMIT routes: @@ -994,7 +994,7 @@ PROBABILISTIC_CONFIG_40_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_40 1: 0.4 # Probabilistic Green Agent | 60% NODE_APPLICATION_EXECUTE | 40% do-nothing # -PROBABILISTIC_CONFIG_20_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 +PROBABILISTIC_CONFIG_60_PERCENTAGE_PROBABILITY: &GREEN_PROBABILISTIC_60 action_probabilities: 0: 0.4 1: 0.6 @@ -1061,7 +1061,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["HOME-PUB-PC-1"] target_application: "database-client" @@ -1155,7 +1154,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-1"] target_application: "database-client" @@ -1198,7 +1196,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["REM-PUB-PC-2"] target_application: "database-client" @@ -1253,7 +1250,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-1"] target_application: "database-client" @@ -1296,7 +1292,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-2"] target_application: "database-client" @@ -1339,7 +1334,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-A-PRV-PC-3"] target_application: "database-client" @@ -1393,7 +1387,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-B-PRV-PC-1"] target_application: "database-client" @@ -1531,7 +1524,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-1"] target_application: "database-client" @@ -1616,7 +1608,6 @@ agents: team: GREEN type: periodic-agent observation_space: {} - observation_space: {} agent_settings: possible_start_nodes: ["ST_PROJ-C-PRV-PC-3"] target_application: "database-client" @@ -1852,6 +1843,7 @@ agents: - service_name: ftp-client applications: - application_name: ransomware-script + - application_name: database-client folders: - folder_name: downloads files: @@ -1865,6 +1857,7 @@ agents: - service_name: ftp-client applications: - application_name: ransomware-script + - application_name: database-client folders: - folder_name: downloads files: diff --git a/src/primaite/notebooks/UC7-E2E-Demo.ipynb b/src/primaite/notebooks/UC7-E2E-Demo.ipynb index 3ed8a281..a1cbdd22 100644 --- a/src/primaite/notebooks/UC7-E2E-Demo.ipynb +++ b/src/primaite/notebooks/UC7-E2E-Demo.ipynb @@ -63,7 +63,6 @@ "with open(file=_EXAMPLE_CFG/\"uc7_config.yaml\", mode=\"r\") as uc7_config:\n", " cfg = yaml.safe_load(uc7_config)\n", " cfg['io_settings']['save_sys_logs'] = True # Saving syslogs\n", - " cfg['io_settings']['save_agent_actions'] = True # Saving agent actions\n", " cfg['io_settings']['save_agent_logs'] = True # Save agent logs\n", "env = PrimaiteGymEnv(env_config=use_case_7_config)" ] @@ -1326,8 +1325,6 @@ "source": [ "`1: NODE_OS_SCAN`:\n", "\n", - "### TODO: Currently bugged OBS - Return after migration\n", - "\n", "The first actual action that the blue agent can perform is scanning action. A variety of different scanning type actions (such as `NODE_APPLICATION_SCAN` or `NODE_FILE/FOLDER_SCAN`) which can be used to by the blue agent to gain a deeper understanding of the simulation state. Specifically, these actions will cause the blue agent's observations to update to the \"true\" `HEALTH_STATUS` of a simulation component. The `NODE_OS_SCAN` acts a combined version of all these scan type actions.\n", "\n", "For example, if a red agent corrupts and alters the health status of a file, the blue agent's observation space will not reflect this until the agent performs a `NODE_FILE_SCAN` on the newly corrupted file. It's worth noting that blue agents can be configured to see the true `HEALTH_STATUS` of software and files without needing to scan in the yaml. Although this may make it easier for an train and create an effective blue agent it could be seen as reducing the fidelity of the simulation.\n", @@ -1372,9 +1369,10 @@ "metadata": {}, "outputs": [], "source": [ + "print(f'Node OS Scan time step duration: {cfg[\"simulation\"][\"defaults\"][\"node_scan_duration\"]}')\n", "env.step(1)\n", "print(defender.history[2])\n", - "for _ in range(7):\n", + "for _ in range(9):\n", " obs, reward, term, trunc, info = env.step(0)\n", "\n", "print(f\"Current Simulation Time Step: {env.game.step_counter}\")\n",