oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#915 - Synced with dev to bring in changes from #898

Browse Source
This commit is contained in:
Chris McCarthy
2023-06-09 13:11:14 +01:00
parent 9b4ed1199b
commit af4e71db9b
14 changed files with 510 additions and 504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/primaite/__init__.py
View File

@@ -64,8 +64,8 @@ _FILE_HANDLER: Final[RotatingFileHandler] = RotatingFileHandler(
backupCount=9, # Max 100MB of logs
encoding="utf8",
)
_STREAM_HANDLER.setLevel(logging.INFO)
_FILE_HANDLER.setLevel(logging.INFO)
_STREAM_HANDLER.setLevel(logging.DEBUG)
_FILE_HANDLER.setLevel(logging.DEBUG)
_LOG_FORMAT_STR: Final[
str
@@ -88,7 +88,7 @@ def getLogger(name: str) -> Logger:
logging config.
"""
logger = logging.getLogger(name)
logger.setLevel(logging.INFO)
logger.setLevel(logging.DEBUG)
return logger

66
src/primaite/config/_package_data/lay_down/lay_down_config_1_DDOS_basic.yaml
View File

@@ -1,14 +1,14 @@
- itemType: ACTIONS
- item_type: ACTIONS
type: NODE
- itemType: STEPS
- item_type: STEPS
steps: 128
- itemType: PORTS
portsList:
- item_type: PORTS
ports_list:
- port: '80'
- itemType: SERVICES
serviceList:
- item_type: SERVICES
service_list:
- name: TCP
- itemType: NODE
- item_type: NODE
node_id: '1'
name: PC1
node_class: SERVICE
@@ -22,7 +22,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '2'
name: SERVER
node_class: SERVICE
@@ -36,7 +36,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '3'
name: PC2
node_class: SERVICE
@@ -50,7 +50,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '4'
name: SWITCH1
node_class: ACTIVE
@@ -60,7 +60,7 @@
ip_address: 192.168.1.5
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '5'
name: SWITCH2
node_class: ACTIVE
@@ -70,7 +70,7 @@
ip_address: 192.168.1.6
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '6'
name: SWITCH3
node_class: ACTIVE
@@ -80,56 +80,56 @@
ip_address: 192.168.1.7
software_state: GOOD
file_system_state: GOOD
- itemType: LINK
- item_type: LINK
id: '7'
name: link1
bandwidth: 1000000000
source: '1'
destination: '4'
- itemType: LINK
- item_type: LINK
id: '8'
name: link2
bandwidth: 1000000000
source: '4'
destination: '2'
- itemType: LINK
- item_type: LINK
id: '9'
name: link3
bandwidth: 1000000000
source: '2'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '10'
name: link4
bandwidth: 1000000000
source: '2'
destination: '6'
- itemType: LINK
- item_type: LINK
id: '11'
name: link5
bandwidth: 1000000000
source: '5'
destination: '3'
- itemType: LINK
- item_type: LINK
id: '12'
name: link6
bandwidth: 1000000000
source: '6'
destination: '3'
- itemType: GREEN_IER
- item_type: GREEN_IER
id: '13'
startStep: 1
endStep: 128
start_step: 1
end_step: 128
load: 100000
protocol: TCP
port: '80'
source: '3'
destination: '2'
missionCriticality: 5
- itemType: RED_POL
mission_criticality: 5
- item_type: RED_POL
id: '14'
startStep: 50
endStep: 50
start_step: 50
end_step: 50
targetNodeId: '1'
initiator: DIRECT
type: SERVICE
@@ -138,20 +138,20 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_IER
- item_type: RED_IER
id: '15'
startStep: 60
endStep: 100
start_step: 60
end_step: 100
load: 1000000
protocol: TCP
port: '80'
source: '1'
destination: '2'
missionCriticality: 0
- itemType: RED_POL
mission_criticality: 0
- item_type: RED_POL
id: '16'
startStep: 80
endStep: 80
start_step: 80
end_step: 80
targetNodeId: '2'
initiator: IER
type: SERVICE
@@ -160,7 +160,7 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '17'
permission: ALLOW
source: ANY

136
src/primaite/config/_package_data/lay_down/lay_down_config_2_DDOS_basic.yaml
View File

@@ -1,14 +1,14 @@
- itemType: ACTIONS
- item_type: ACTIONS
type: NODE
- itemType: STEPS
- item_type: STEPS
steps: 128
- itemType: PORTS
portsList:
- item_type: PORTS
ports_list:
- port: '80'
- itemType: SERVICES
serviceList:
- item_type: SERVICES
service_list:
- name: TCP
- itemType: NODE
- item_type: NODE
node_id: '1'
name: PC1
node_class: SERVICE
@@ -22,7 +22,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '2'
name: PC2
node_class: SERVICE
@@ -36,7 +36,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '3'
name: PC3
node_class: SERVICE
@@ -50,7 +50,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '4'
name: PC4
node_class: SERVICE
@@ -64,7 +64,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '5'
name: SWITCH1
node_class: ACTIVE
@@ -74,7 +74,7 @@
ip_address: 192.168.1.2
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '6'
name: IDS
node_class: SERVICE
@@ -88,7 +88,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '7'
name: SWITCH2
node_class: ACTIVE
@@ -98,7 +98,7 @@
ip_address: 192.168.1.3
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '8'
name: LOP1
node_class: SERVICE
@@ -112,7 +112,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '9'
name: SERVER1
node_class: SERVICE
@@ -126,7 +126,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '10'
name: SERVER2
node_class: SERVICE
@@ -140,173 +140,173 @@
- name: TCP
port: '80'
state: GOOD
- itemType: LINK
- item_type: LINK
id: '11'
name: link1
bandwidth: 1000000000
source: '1'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '12'
name: link2
bandwidth: 1000000000
source: '2'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '13'
name: link3
bandwidth: 1000000000
source: '3'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '14'
name: link4
bandwidth: 1000000000
source: '4'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '15'
name: link5
bandwidth: 1000000000
source: '5'
destination: '6'
- itemType: LINK
- item_type: LINK
id: '16'
name: link6
bandwidth: 1000000000
source: '5'
destination: '8'
- itemType: LINK
- item_type: LINK
id: '17'
name: link7
bandwidth: 1000000000
source: '6'
destination: '7'
- itemType: LINK
- item_type: LINK
id: '18'
name: link8
bandwidth: 1000000000
source: '8'
destination: '7'
- itemType: LINK
- item_type: LINK
id: '19'
name: link9
bandwidth: 1000000000
source: '7'
destination: '9'
- itemType: LINK
- item_type: LINK
id: '20'
name: link10
bandwidth: 1000000000
source: '7'
destination: '10'
- itemType: GREEN_IER
- item_type: GREEN_IER
id: '21'
startStep: 1
endStep: 128
start_step: 1
end_step: 128
load: 100000
protocol: TCP
port: '80'
source: '1'
destination: '9'
missionCriticality: 2
- itemType: GREEN_IER
mission_criticality: 2
- item_type: GREEN_IER
id: '22'
startStep: 1
endStep: 128
start_step: 1
end_step: 128
load: 100000
protocol: TCP
port: '80'
source: '2'
destination: '9'
missionCriticality: 2
- itemType: GREEN_IER
mission_criticality: 2
- item_type: GREEN_IER
id: '23'
startStep: 1
endStep: 128
start_step: 1
end_step: 128
load: 100000
protocol: TCP
port: '80'
source: '9'
destination: '3'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '24'
startStep: 1
endStep: 128
start_step: 1
end_step: 128
load: 100000
protocol: TCP
port: '80'
source: '4'
destination: '10'
missionCriticality: 2
- itemType: ACL_RULE
mission_criticality: 2
- item_type: ACL_RULE
id: '25'
permission: ALLOW
source: 192.168.10.11
destination: 192.168.10.14
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '26'
permission: ALLOW
source: 192.168.10.12
destination: 192.168.10.14
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '27'
permission: ALLOW
source: 192.168.10.13
destination: 192.168.10.14
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '28'
permission: ALLOW
source: 192.168.20.14
destination: 192.168.20.15
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '29'
permission: ALLOW
source: 192.168.10.14
destination: 192.168.10.13
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '30'
permission: DENY
source: 192.168.10.11
destination: 192.168.20.15
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '31'
permission: DENY
source: 192.168.10.12
destination: 192.168.20.15
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '32'
permission: DENY
source: 192.168.10.13
destination: 192.168.20.15
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '33'
permission: DENY
source: 192.168.20.14
destination: 192.168.10.14
protocol: TCP
port: 80
- itemType: RED_POL
- item_type: RED_POL
id: '34'
startStep: 20
endStep: 20
start_step: 20
end_step: 20
targetNodeId: '1'
initiator: DIRECT
type: SERVICE
@@ -315,10 +315,10 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_POL
- item_type: RED_POL
id: '35'
startStep: 20
endStep: 20
start_step: 20
end_step: 20
targetNodeId: '2'
initiator: DIRECT
type: SERVICE
@@ -327,30 +327,30 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_IER
- item_type: RED_IER
id: '36'
startStep: 30
endStep: 128
start_step: 30
end_step: 128
load: 440000000
protocol: TCP
port: '80'
source: '1'
destination: '9'
missionCriticality: 0
- itemType: RED_IER
mission_criticality: 0
- item_type: RED_IER
id: '37'
startStep: 30
endStep: 128
start_step: 30
end_step: 128
load: 440000000
protocol: TCP
port: '80'
source: '2'
destination: '9'
missionCriticality: 0
- itemType: RED_POL
mission_criticality: 0
- item_type: RED_POL
id: '38'
startStep: 30
endStep: 30
start_step: 30
end_step: 30
targetNodeId: '9'
initiator: IER
type: SERVICE

76
src/primaite/config/_package_data/lay_down/lay_down_config_3_DOS_very_basic.yaml
View File

@@ -1,14 +1,14 @@
- itemType: ACTIONS
- item_type: ACTIONS
type: NODE
- itemType: STEPS
- item_type: STEPS
steps: 256
- itemType: PORTS
portsList:
- item_type: PORTS
ports_list:
- port: '80'
- itemType: SERVICES
serviceList:
- item_type: SERVICES
service_list:
- name: TCP
- itemType: NODE
- item_type: NODE
node_id: '1'
name: PC1
node_class: SERVICE
@@ -22,7 +22,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '2'
name: PC2
node_class: SERVICE
@@ -36,7 +36,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '3'
name: SWITCH1
node_class: ACTIVE
@@ -46,7 +46,7 @@
ip_address: 192.168.1.1
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '4'
name: SERVER1
node_class: SERVICE
@@ -60,79 +60,79 @@
- name: TCP
port: '80'
state: GOOD
- itemType: LINK
- item_type: LINK
id: '5'
name: link1
bandwidth: 1000000000
source: '1'
destination: '3'
- itemType: LINK
- item_type: LINK
id: '6'
name: link2
bandwidth: 1000000000
source: '2'
destination: '3'
- itemType: LINK
- item_type: LINK
id: '7'
name: link3
bandwidth: 1000000000
source: '3'
destination: '4'
- itemType: GREEN_IER
- item_type: GREEN_IER
id: '8'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '1'
destination: '4'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '9'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '2'
destination: '4'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '10'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '4'
destination: '2'
missionCriticality: 5
- itemType: ACL_RULE
mission_criticality: 5
- item_type: ACL_RULE
id: '11'
permission: ALLOW
source: 192.168.1.2
destination: 192.168.1.4
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '12'
permission: ALLOW
source: 192.168.1.3
destination: 192.168.1.4
protocol: TCP
port: 80
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '13'
permission: ALLOW
source: 192.168.1.4
destination: 192.168.1.3
protocol: TCP
port: 80
- itemType: RED_POL
- item_type: RED_POL
id: '14'
startStep: 20
endStep: 20
start_step: 20
end_step: 20
targetNodeId: '1'
initiator: DIRECT
type: SERVICE
@@ -141,20 +141,20 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_IER
- item_type: RED_IER
id: '15'
startStep: 30
endStep: 256
start_step: 30
end_step: 256
load: 10000000
protocol: TCP
port: '80'
source: '1'
destination: '4'
missionCriticality: 0
- itemType: RED_POL
mission_criticality: 0
- item_type: RED_POL
id: '16'
startStep: 40
endStep: 40
start_step: 40
end_step: 40
targetNodeId: '4'
initiator: IER
type: SERVICE

229
src/primaite/config/_package_data/lay_down/lay_down_config_5_data_manipulation.yaml
View File

@@ -1,15 +1,14 @@
- itemType: PORTS
portsList:
- item_type: PORTS
ports_list:
- port: '80'
- port: '1433'
- port: '53'
- itemType: SERVICES
serviceList:
- item_type: SERVICES
service_list:
- name: TCP
- name: TCP_SQL
- name: UDP
- itemType: NODE
- item_type: NODE
node_id: '1'
name: CLIENT_1
node_class: SERVICE
@@ -26,7 +25,7 @@
- name: UDP
port: '53'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '2'
name: CLIENT_2
node_class: SERVICE
@@ -40,7 +39,7 @@
- name: TCP
port: '80'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '3'
name: SWITCH_1
node_class: ACTIVE
@@ -50,7 +49,7 @@
ip_address: 192.168.10.1
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '4'
name: SECURITY_SUITE
node_class: SERVICE
@@ -67,7 +66,7 @@
- name: UDP
port: '53'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '5'
name: MANAGEMENT_CONSOLE
node_class: SERVICE
@@ -84,7 +83,7 @@
- name: UDP
port: '53'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '6'
name: SWITCH_2
node_class: ACTIVE
@@ -94,7 +93,7 @@
ip_address: 192.168.2.1
software_state: GOOD
file_system_state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '7'
name: WEB_SERVER
node_class: SERVICE
@@ -111,7 +110,7 @@
- name: TCP_SQL
port: '1433'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '8'
name: DATABASE_SERVER
node_class: SERVICE
@@ -131,7 +130,7 @@
- name: UDP
port: '53'
state: GOOD
- itemType: NODE
- item_type: NODE
node_id: '9'
name: BACKUP_SERVER
node_class: SERVICE
@@ -145,323 +144,323 @@
- name: TCP
port: '80'
state: GOOD
- itemType: LINK
- item_type: LINK
id: '10'
name: LINK_1
bandwidth: 1000000000
source: '1'
destination: '3'
- itemType: LINK
- item_type: LINK
id: '11'
name: LINK_2
bandwidth: 1000000000
source: '2'
destination: '3'
- itemType: LINK
- item_type: LINK
id: '12'
name: LINK_3
bandwidth: 1000000000
source: '3'
destination: '4'
- itemType: LINK
- item_type: LINK
id: '13'
name: LINK_4
bandwidth: 1000000000
source: '3'
destination: '5'
- itemType: LINK
- item_type: LINK
id: '14'
name: LINK_5
bandwidth: 1000000000
source: '4'
destination: '6'
- itemType: LINK
- item_type: LINK
id: '15'
name: LINK_6
bandwidth: 1000000000
source: '5'
destination: '6'
- itemType: LINK
- item_type: LINK
id: '16'
name: LINK_7
bandwidth: 1000000000
source: '6'
destination: '7'
- itemType: LINK
- item_type: LINK
id: '17'
name: LINK_8
bandwidth: 1000000000
source: '6'
destination: '8'
- itemType: LINK
- item_type: LINK
id: '18'
name: LINK_9
bandwidth: 1000000000
source: '6'
destination: '9'
- itemType: GREEN_IER
- item_type: GREEN_IER
id: '19'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '1'
destination: '7'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '20'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '7'
destination: '1'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '21'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '2'
destination: '7'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '22'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 10000
protocol: TCP
port: '80'
source: '7'
destination: '2'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '23'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP_SQL
port: '1433'
source: '7'
destination: '8'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '24'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 100000
protocol: TCP_SQL
port: '1433'
source: '8'
destination: '7'
missionCriticality: 5
- itemType: GREEN_IER
mission_criticality: 5
- item_type: GREEN_IER
id: '25'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 50000
protocol: TCP
port: '80'
source: '1'
destination: '9'
missionCriticality: 2
- itemType: GREEN_IER
mission_criticality: 2
- item_type: GREEN_IER
id: '26'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 50000
protocol: TCP
port: '80'
source: '2'
destination: '9'
missionCriticality: 2
- itemType: GREEN_IER
mission_criticality: 2
- item_type: GREEN_IER
id: '27'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '5'
destination: '7'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '28'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '7'
destination: '5'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '29'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '5'
destination: '8'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '30'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '8'
destination: '5'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '31'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '5'
destination: '9'
missionCriticality: 1
- itemType: GREEN_IER
mission_criticality: 1
- item_type: GREEN_IER
id: '32'
startStep: 1
endStep: 256
start_step: 1
end_step: 256
load: 5000
protocol: TCP
port: '80'
source: '9'
destination: '5'
missionCriticality: 1
- itemType: ACL_RULE
mission_criticality: 1
- item_type: ACL_RULE
id: '33'
permission: ALLOW
source: 192.168.10.11
destination: 192.168.2.10
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '34'
permission: ALLOW
source: 192.168.10.11
destination: 192.168.2.14
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '35'
permission: ALLOW
source: 192.168.10.12
destination: 192.168.2.14
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '36'
permission: ALLOW
source: 192.168.10.12
destination: 192.168.2.10
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '37'
permission: ALLOW
source: 192.168.2.10
destination: 192.168.10.11
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '38'
permission: ALLOW
source: 192.168.2.10
destination: 192.168.10.12
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '39'
permission: ALLOW
source: 192.168.2.10
destination: 192.168.2.14
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '40'
permission: ALLOW
source: 192.168.2.14
destination: 192.168.2.10
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '41'
permission: ALLOW
source: 192.168.10.11
destination: 192.168.2.16
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '42'
permission: ALLOW
source: 192.168.10.12
destination: 192.168.2.16
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '43'
permission: ALLOW
source: 192.168.1.12
destination: 192.168.2.10
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '44'
permission: ALLOW
source: 192.168.1.12
destination: 192.168.2.14
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '45'
permission: ALLOW
source: 192.168.1.12
destination: 192.168.2.16
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '46'
permission: ALLOW
source: 192.168.2.10
destination: 192.168.1.12
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '47'
permission: ALLOW
source: 192.168.2.14
destination: 192.168.1.12
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '48'
permission: ALLOW
source: 192.168.2.16
destination: 192.168.1.12
protocol: ANY
port: ANY
- itemType: ACL_RULE
- item_type: ACL_RULE
id: '49'
permission: DENY
source: ANY
destination: ANY
protocol: ANY
port: ANY
- itemType: RED_POL
- item_type: RED_POL
id: '50'
startStep: 50
endStep: 50
start_step: 50
end_step: 50
targetNodeId: '1'
initiator: DIRECT
type: SERVICE
@@ -470,20 +469,20 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_IER
- item_type: RED_IER
id: '51'
startStep: 75
endStep: 105
start_step: 75
end_step: 105
load: 10000
protocol: UDP
port: '53'
source: '1'
destination: '8'
missionCriticality: 0
- itemType: RED_POL
mission_criticality: 0
- item_type: RED_POL
id: '52'
startStep: 100
endStep: 100
start_step: 100
end_step: 100
targetNodeId: '8'
initiator: IER
type: SERVICE
@@ -492,10 +491,10 @@
sourceNodeId: NA
sourceNodeService: NA
sourceNodeServiceState: NA
- itemType: RED_POL
- item_type: RED_POL
id: '53'
startStep: 105
endStep: 105
start_step: 105
end_step: 105
targetNodeId: '8'
initiator: SERVICE
type: FILE
@@ -504,10 +503,10 @@
sourceNodeId: '8'
sourceNodeService: UDP
sourceNodeServiceState: COMPROMISED
- itemType: RED_POL
- item_type: RED_POL
id: '54'
startStep: 105
endStep: 105
start_step: 105
end_step: 105
targetNodeId: '8'
initiator: SERVICE
type: SERVICE
@@ -516,10 +515,10 @@
sourceNodeId: '8'
sourceNodeService: UDP
sourceNodeServiceState: COMPROMISED
- itemType: RED_POL
- item_type: RED_POL
id: '55'
startStep: 125
endStep: 125
start_step: 125
end_step: 125
targetNodeId: '7'
initiator: SERVICE
type: SERVICE

67
src/primaite/environment/primaite_env.py
View File

@@ -165,12 +165,10 @@ class Primaite(Env):
# Number of ports - gets a value when config is loaded
self.num_ports = 0
# The action type
self.action_type = 0
# Observation type, by default box.
self.observation_type = ObservationType.BOX
# Open the config file and build the environment laydown
with open(self._lay_down_config_path, "r") as file:
# Open the config file and build the environment laydown
@@ -206,7 +204,7 @@ class Primaite(Env):
self.observation_space, self.env_obs = self.init_observations()
# Define Action Space - depends on action space type (Node or ACL)
if self.action_type == ActionType.NODE:
if self.training_config.action_type == ActionType.NODE:
_LOGGER.info("Action space type NODE selected")
# Terms (for node action space):
# [0, num nodes] - node ID (0 = nothing, node ID)
@@ -215,7 +213,7 @@ class Primaite(Env):
# [0, num services] - resolves to service ID (0 = nothing, resolves to service) # noqa
self.action_dict = self.create_node_action_dict()
self.action_space = spaces.Discrete(len(self.action_dict))
elif self.action_type == ActionType.ACL:
elif self.training_config.action_type == ActionType.ACL:
_LOGGER.info("Action space type ACL selected")
# Terms (for ACL action space):
# [0, 2] - Action (0 = do nothing, 1 = create rule, 2 = delete rule)
@@ -226,12 +224,12 @@ class Primaite(Env):
# [0, num ports] - Port (0 = any, then 1 -> x resolving to port)
self.action_dict = self.create_acl_action_dict()
self.action_space = spaces.Discrete(len(self.action_dict))
elif self.action_type == ActionType.ANY:
elif self.training_config.action_type == ActionType.ANY:
_LOGGER.info("Action space type ANY selected - Node + ACL")
self.action_dict = self.create_node_and_acl_action_dict()
self.action_space = spaces.Discrete(len(self.action_dict))
else:
_LOGGER.info("Invalid action type selected")
_LOGGER.info(f"Invalid action type selected")
# Set up a csv to store the results of the training
try:
header = ["Episode", "Average Reward"]
@@ -426,9 +424,12 @@ class Primaite(Env):
_action: The action space from the agent
"""
# At the moment, actions are only affecting nodes
if self.action_type == ActionType.NODE:
print("")
print(_action)
print(self.action_dict)
if self.training_config.action_type == ActionType.NODE:
self.apply_actions_to_nodes(_action)
elif self.action_type == ActionType.ACL:
elif self.training_config.action_type == ActionType.ACL:
self.apply_actions_to_acl(_action)
elif (
len(self.action_dict[_action]) == 6
@@ -901,34 +902,34 @@ class Primaite(Env):
def load_lay_down_config(self):
"""Loads config data in order to build the environment configuration."""
for item in self.lay_down_config:
if item["itemType"] == "NODE":
if item["item_type"] == "NODE":
# Create a node
self.create_node(item)
elif item["itemType"] == "LINK":
elif item["item_type"] == "LINK":
# Create a link
self.create_link(item)
elif item["itemType"] == "GREEN_IER":
elif item["item_type"] == "GREEN_IER":
# Create a Green IER
self.create_green_ier(item)
elif item["itemType"] == "GREEN_POL":
elif item["item_type"] == "GREEN_POL":
# Create a Green PoL
self.create_green_pol(item)
elif item["itemType"] == "RED_IER":
elif item["item_type"] == "RED_IER":
# Create a Red IER
self.create_red_ier(item)
elif item["itemType"] == "RED_POL":
elif item["item_type"] == "RED_POL":
# Create a Red PoL
self.create_red_pol(item)
elif item["itemType"] == "ACL_RULE":
elif item["item_type"] == "ACL_RULE":
# Create an ACL rule
self.create_acl_rule(item)
elif item["itemType"] == "SERVICES":
elif item["item_type"] == "SERVICES":
# Create the list of services
self.create_services_list(item)
elif item["itemType"] == "PORTS":
elif item["item_type"] == "PORTS":
# Create the list of ports
self.create_ports_list(item)
elif item["itemType"] == "OBSERVATIONS":
elif item["item_type"] == "OBSERVATIONS":
# Get the observation information
self.get_observation_info(item)
else:
@@ -1071,14 +1072,14 @@ class Primaite(Env):
item: A config data item
"""
ier_id = item["id"]
ier_start_step = item["startStep"]
ier_end_step = item["endStep"]
ier_start_step = item["start_step"]
ier_end_step = item["end_step"]
ier_load = item["load"]
ier_protocol = item["protocol"]
ier_port = item["port"]
ier_source = item["source"]
ier_destination = item["destination"]
ier_mission_criticality = item["missionCriticality"]
ier_mission_criticality = item["mission_criticality"]
# Create IER and add to green IER dictionary
self.green_iers[ier_id] = IER(
@@ -1101,14 +1102,14 @@ class Primaite(Env):
item: A config data item
"""
ier_id = item["id"]
ier_start_step = item["startStep"]
ier_end_step = item["endStep"]
ier_start_step = item["start_step"]
ier_end_step = item["end_step"]
ier_load = item["load"]
ier_protocol = item["protocol"]
ier_port = item["port"]
ier_source = item["source"]
ier_destination = item["destination"]
ier_mission_criticality = item["missionCriticality"]
ier_mission_criticality = item["mission_criticality"]
# Create IER and add to red IER dictionary
self.red_iers[ier_id] = IER(
@@ -1131,8 +1132,8 @@ class Primaite(Env):
item: A config data item
"""
pol_id = item["id"]
pol_start_step = item["startStep"]
pol_end_step = item["endStep"]
pol_start_step = item["start_step"]
pol_end_step = item["end_step"]
pol_node = item["nodeId"]
pol_type = NodePOLType[item["type"]]
@@ -1165,8 +1166,8 @@ class Primaite(Env):
item: A config data item
"""
pol_id = item["id"]
pol_start_step = item["startStep"]
pol_end_step = item["endStep"]
pol_start_step = item["start_step"]
pol_end_step = item["end_step"]
pol_target_node_id = item["targetNodeId"]
pol_initiator = NodePOLInitiator[item["initiator"]]
pol_type = NodePOLType[item["type"]]
@@ -1226,7 +1227,7 @@ class Primaite(Env):
Args:
item: A config data item representing the services
"""
service_list = services["serviceList"]
service_list = services["service_list"]
for service in service_list:
service_name = service["name"]
@@ -1242,7 +1243,7 @@ class Primaite(Env):
Args:
item: A config data item representing the ports
"""
ports_list = ports["portsList"]
ports_list = ports["ports_list"]
for port in ports_list:
port_value = port["port"]
@@ -1267,10 +1268,10 @@ class Primaite(Env):
configuration.
"""
for item in self.lay_down_config:
if item["itemType"] == "NODE":
if item["item_type"] == "NODE":
# Reset a node's state (normal and reference)
self.reset_node(item)
elif item["itemType"] == "ACL_RULE":
elif item["item_type"] == "ACL_RULE":
# Create an ACL rule (these are cleared on reset, so just need to recreate them)
self.create_acl_rule(item)
else: