diff --git a/CHANGELOG.md b/CHANGELOG.md index 48998d57..8064a18e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -112,6 +112,7 @@ SessionManager. - **ACLRule Wildcard Masking**: Updated the `ACLRule` class to support IP ranges using wildcard masking. This enhancement allows for more flexible and granular control over traffic filtering, enabling the specification of broader or more specific IP address ranges in ACL rules. - Updated `NetworkInterface` documentation to reflect the new NMNE capturing features and how to use them. - Integration of NMNE capturing functionality within the `NicObservation` class. +- Changed blue action set to enable applying node scan, reset, start, and shutdown to every host in data manipulation scenario ### Removed - Removed legacy simulation modules: `acl`, `common`, `environment`, `links`, `nodes`, `pol` diff --git a/src/primaite/config/_package_data/example_config.yaml b/src/primaite/config/_package_data/example_config.yaml index 77296529..80250c7c 100644 --- a/src/primaite/config/_package_data/example_config.yaml +++ b/src/primaite/config/_package_data/example_config.yaml @@ -275,99 +275,196 @@ agents: 3: action: "NODE_SERVICE_START" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 4: action: "NODE_SERVICE_PAUSE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 5: action: "NODE_SERVICE_RESUME" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 6: action: "NODE_SERVICE_RESTART" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 7: action: "NODE_SERVICE_DISABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 8: action: "NODE_SERVICE_ENABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 9: # check database.db file action: "NODE_FILE_SCAN" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 10: action: "NODE_FILE_CHECKHASH" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 11: action: "NODE_FILE_DELETE" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 12: action: "NODE_FILE_REPAIR" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 13: action: "NODE_SERVICE_PATCH" options: - node_id: 2 - service_id: 0 + node_id: 2 + service_id: 0 14: action: "NODE_FOLDER_SCAN" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 15: action: "NODE_FOLDER_CHECKHASH" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 16: action: "NODE_FOLDER_REPAIR" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 17: action: "NODE_FOLDER_RESTORE" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 18: action: "NODE_OS_SCAN" options: - node_id: 2 - 19: # shutdown client 1 + node_id: 0 + 19: action: "NODE_SHUTDOWN" options: - node_id: 5 + node_id: 0 20: - action: "NODE_STARTUP" + action: NODE_STARTUP options: - node_id: 5 + node_id: 0 21: - action: "NODE_RESET" + action: NODE_RESET options: - node_id: 5 - 22: # "ACL: ADDRULE - Block outgoing traffic from client 1" + node_id: 0 + 22: + action: "NODE_OS_SCAN" + options: + node_id: 1 + 23: + action: "NODE_SHUTDOWN" + options: + node_id: 1 + 24: + action: NODE_STARTUP + options: + node_id: 1 + 25: + action: NODE_RESET + options: + node_id: 1 + 26: # old action num: 18 + action: "NODE_OS_SCAN" + options: + node_id: 2 + 27: + action: "NODE_SHUTDOWN" + options: + node_id: 2 + 28: + action: NODE_STARTUP + options: + node_id: 2 + 29: + action: NODE_RESET + options: + node_id: 2 + 30: + action: "NODE_OS_SCAN" + options: + node_id: 3 + 31: + action: "NODE_SHUTDOWN" + options: + node_id: 3 + 32: + action: NODE_STARTUP + options: + node_id: 3 + 33: + action: NODE_RESET + options: + node_id: 3 + 34: + action: "NODE_OS_SCAN" + options: + node_id: 4 + 35: + action: "NODE_SHUTDOWN" + options: + node_id: 4 + 36: + action: NODE_STARTUP + options: + node_id: 4 + 37: + action: NODE_RESET + options: + node_id: 4 + 38: + action: "NODE_OS_SCAN" + options: + node_id: 5 + 39: # old action num: 19 # shutdown client 1 + action: "NODE_SHUTDOWN" + options: + node_id: 5 + 40: # old action num: 20 + action: NODE_STARTUP + options: + node_id: 5 + 41: # old action num: 21 + action: NODE_RESET + options: + node_id: 5 + 42: + action: "NODE_OS_SCAN" + options: + node_id: 6 + 43: + action: "NODE_SHUTDOWN" + options: + node_id: 6 + 44: + action: NODE_STARTUP + options: + node_id: 6 + 45: + action: NODE_RESET + options: + node_id: 6 + + 46: # old action num: 22 # "ACL: ADDRULE - Block outgoing traffic from client 1" action: "NETWORK_ACL_ADDRULE" options: position: 1 @@ -377,7 +474,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 23: # "ACL: ADDRULE - Block outgoing traffic from client 2" + 47: # old action num: 23 # "ACL: ADDRULE - Block outgoing traffic from client 2" action: "NETWORK_ACL_ADDRULE" options: position: 2 @@ -387,7 +484,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 24: # block tcp traffic from client 1 to web app + 48: # old action num: 24 # block tcp traffic from client 1 to web app action: "NETWORK_ACL_ADDRULE" options: position: 3 @@ -397,7 +494,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 25: # block tcp traffic from client 2 to web app + 49: # old action num: 25 # block tcp traffic from client 2 to web app action: "NETWORK_ACL_ADDRULE" options: position: 4 @@ -407,7 +504,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 26: + 50: # old action num: 26 action: "NETWORK_ACL_ADDRULE" options: position: 5 @@ -417,7 +514,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 27: + 51: # old action num: 27 action: "NETWORK_ACL_ADDRULE" options: position: 6 @@ -427,128 +524,129 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 28: + 52: # old action num: 28 action: "NETWORK_ACL_REMOVERULE" options: position: 0 - 29: + 53: # old action num: 29 action: "NETWORK_ACL_REMOVERULE" options: position: 1 - 30: + 54: # old action num: 30 action: "NETWORK_ACL_REMOVERULE" options: position: 2 - 31: + 55: # old action num: 31 action: "NETWORK_ACL_REMOVERULE" options: position: 3 - 32: + 56: # old action num: 32 action: "NETWORK_ACL_REMOVERULE" options: position: 4 - 33: + 57: # old action num: 33 action: "NETWORK_ACL_REMOVERULE" options: position: 5 - 34: + 58: # old action num: 34 action: "NETWORK_ACL_REMOVERULE" options: position: 6 - 35: + 59: # old action num: 35 action: "NETWORK_ACL_REMOVERULE" options: position: 7 - 36: + 60: # old action num: 36 action: "NETWORK_ACL_REMOVERULE" options: position: 8 - 37: + 61: # old action num: 37 action: "NETWORK_ACL_REMOVERULE" options: position: 9 - 38: + 62: # old action num: 38 action: "NETWORK_NIC_DISABLE" options: node_id: 0 nic_id: 0 - 39: + 63: # old action num: 39 action: "NETWORK_NIC_ENABLE" options: node_id: 0 nic_id: 0 - 40: + 64: # old action num: 40 action: "NETWORK_NIC_DISABLE" options: node_id: 1 nic_id: 0 - 41: + 65: # old action num: 41 action: "NETWORK_NIC_ENABLE" options: node_id: 1 nic_id: 0 - 42: + 66: # old action num: 42 action: "NETWORK_NIC_DISABLE" options: node_id: 2 nic_id: 0 - 43: + 67: # old action num: 43 action: "NETWORK_NIC_ENABLE" options: node_id: 2 nic_id: 0 - 44: + 68: # old action num: 44 action: "NETWORK_NIC_DISABLE" options: node_id: 3 nic_id: 0 - 45: + 69: # old action num: 45 action: "NETWORK_NIC_ENABLE" options: node_id: 3 nic_id: 0 - 46: + 70: # old action num: 46 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 0 - 47: + 71: # old action num: 47 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 0 - 48: + 72: # old action num: 48 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 1 - 49: + 73: # old action num: 49 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 1 - 50: + 74: # old action num: 50 action: "NETWORK_NIC_DISABLE" options: node_id: 5 nic_id: 0 - 51: + 75: # old action num: 51 action: "NETWORK_NIC_ENABLE" options: node_id: 5 nic_id: 0 - 52: + 76: # old action num: 52 action: "NETWORK_NIC_DISABLE" options: node_id: 6 nic_id: 0 - 53: + 77: # old action num: 53 action: "NETWORK_NIC_ENABLE" options: node_id: 6 nic_id: 0 + options: nodes: - node_name: domain_controller diff --git a/src/primaite/config/_package_data/example_config_2_rl_agents.yaml b/src/primaite/config/_package_data/example_config_2_rl_agents.yaml index a5a1d08f..575182a8 100644 --- a/src/primaite/config/_package_data/example_config_2_rl_agents.yaml +++ b/src/primaite/config/_package_data/example_config_2_rl_agents.yaml @@ -123,6 +123,7 @@ agents: + - ref: data_manipulation_attacker team: RED type: RedDatabaseCorruptingAgent @@ -276,99 +277,196 @@ agents: 3: action: "NODE_SERVICE_START" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 4: action: "NODE_SERVICE_PAUSE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 5: action: "NODE_SERVICE_RESUME" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 6: action: "NODE_SERVICE_RESTART" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 7: action: "NODE_SERVICE_DISABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 8: action: "NODE_SERVICE_ENABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 9: # check database.db file action: "NODE_FILE_SCAN" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 10: action: "NODE_FILE_CHECKHASH" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 11: action: "NODE_FILE_DELETE" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 12: action: "NODE_FILE_REPAIR" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 13: action: "NODE_SERVICE_PATCH" options: - node_id: 2 - service_id: 0 + node_id: 2 + service_id: 0 14: action: "NODE_FOLDER_SCAN" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 15: action: "NODE_FOLDER_CHECKHASH" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 16: action: "NODE_FOLDER_REPAIR" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 17: action: "NODE_FOLDER_RESTORE" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 18: action: "NODE_OS_SCAN" options: - node_id: 2 - 19: # shutdown client 1 + node_id: 0 + 19: action: "NODE_SHUTDOWN" options: - node_id: 5 + node_id: 0 20: - action: "NODE_STARTUP" + action: NODE_STARTUP options: - node_id: 5 + node_id: 0 21: - action: "NODE_RESET" + action: NODE_RESET options: - node_id: 5 - 22: # "ACL: ADDRULE - Block outgoing traffic from client 1" + node_id: 0 + 22: + action: "NODE_OS_SCAN" + options: + node_id: 1 + 23: + action: "NODE_SHUTDOWN" + options: + node_id: 1 + 24: + action: NODE_STARTUP + options: + node_id: 1 + 25: + action: NODE_RESET + options: + node_id: 1 + 26: # old action num: 18 + action: "NODE_OS_SCAN" + options: + node_id: 2 + 27: + action: "NODE_SHUTDOWN" + options: + node_id: 2 + 28: + action: NODE_STARTUP + options: + node_id: 2 + 29: + action: NODE_RESET + options: + node_id: 2 + 30: + action: "NODE_OS_SCAN" + options: + node_id: 3 + 31: + action: "NODE_SHUTDOWN" + options: + node_id: 3 + 32: + action: NODE_STARTUP + options: + node_id: 3 + 33: + action: NODE_RESET + options: + node_id: 3 + 34: + action: "NODE_OS_SCAN" + options: + node_id: 4 + 35: + action: "NODE_SHUTDOWN" + options: + node_id: 4 + 36: + action: NODE_STARTUP + options: + node_id: 4 + 37: + action: NODE_RESET + options: + node_id: 4 + 38: + action: "NODE_OS_SCAN" + options: + node_id: 5 + 39: # old action num: 19 # shutdown client 1 + action: "NODE_SHUTDOWN" + options: + node_id: 5 + 40: # old action num: 20 + action: NODE_STARTUP + options: + node_id: 5 + 41: # old action num: 21 + action: NODE_RESET + options: + node_id: 5 + 42: + action: "NODE_OS_SCAN" + options: + node_id: 6 + 43: + action: "NODE_SHUTDOWN" + options: + node_id: 6 + 44: + action: NODE_STARTUP + options: + node_id: 6 + 45: + action: NODE_RESET + options: + node_id: 6 + + 46: # old action num: 22 # "ACL: ADDRULE - Block outgoing traffic from client 1" action: "NETWORK_ACL_ADDRULE" options: position: 1 @@ -378,7 +476,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 23: # "ACL: ADDRULE - Block outgoing traffic from client 2" + 47: # old action num: 23 # "ACL: ADDRULE - Block outgoing traffic from client 2" action: "NETWORK_ACL_ADDRULE" options: position: 2 @@ -388,7 +486,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 24: # block tcp traffic from client 1 to web app + 48: # old action num: 24 # block tcp traffic from client 1 to web app action: "NETWORK_ACL_ADDRULE" options: position: 3 @@ -398,7 +496,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 25: # block tcp traffic from client 2 to web app + 49: # old action num: 25 # block tcp traffic from client 2 to web app action: "NETWORK_ACL_ADDRULE" options: position: 4 @@ -408,7 +506,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 26: + 50: # old action num: 26 action: "NETWORK_ACL_ADDRULE" options: position: 5 @@ -418,7 +516,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 27: + 51: # old action num: 27 action: "NETWORK_ACL_ADDRULE" options: position: 6 @@ -428,122 +526,122 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 28: + 52: # old action num: 28 action: "NETWORK_ACL_REMOVERULE" options: position: 0 - 29: + 53: # old action num: 29 action: "NETWORK_ACL_REMOVERULE" options: position: 1 - 30: + 54: # old action num: 30 action: "NETWORK_ACL_REMOVERULE" options: position: 2 - 31: + 55: # old action num: 31 action: "NETWORK_ACL_REMOVERULE" options: position: 3 - 32: + 56: # old action num: 32 action: "NETWORK_ACL_REMOVERULE" options: position: 4 - 33: + 57: # old action num: 33 action: "NETWORK_ACL_REMOVERULE" options: position: 5 - 34: + 58: # old action num: 34 action: "NETWORK_ACL_REMOVERULE" options: position: 6 - 35: + 59: # old action num: 35 action: "NETWORK_ACL_REMOVERULE" options: position: 7 - 36: + 60: # old action num: 36 action: "NETWORK_ACL_REMOVERULE" options: position: 8 - 37: + 61: # old action num: 37 action: "NETWORK_ACL_REMOVERULE" options: position: 9 - 38: + 62: # old action num: 38 action: "NETWORK_NIC_DISABLE" options: node_id: 0 nic_id: 0 - 39: + 63: # old action num: 39 action: "NETWORK_NIC_ENABLE" options: node_id: 0 nic_id: 0 - 40: + 64: # old action num: 40 action: "NETWORK_NIC_DISABLE" options: node_id: 1 nic_id: 0 - 41: + 65: # old action num: 41 action: "NETWORK_NIC_ENABLE" options: node_id: 1 nic_id: 0 - 42: + 66: # old action num: 42 action: "NETWORK_NIC_DISABLE" options: node_id: 2 nic_id: 0 - 43: + 67: # old action num: 43 action: "NETWORK_NIC_ENABLE" options: node_id: 2 nic_id: 0 - 44: + 68: # old action num: 44 action: "NETWORK_NIC_DISABLE" options: node_id: 3 nic_id: 0 - 45: + 69: # old action num: 45 action: "NETWORK_NIC_ENABLE" options: node_id: 3 nic_id: 0 - 46: + 70: # old action num: 46 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 0 - 47: + 71: # old action num: 47 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 0 - 48: + 72: # old action num: 48 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 1 - 49: + 73: # old action num: 49 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 1 - 50: + 74: # old action num: 50 action: "NETWORK_NIC_DISABLE" options: node_id: 5 nic_id: 0 - 51: + 75: # old action num: 51 action: "NETWORK_NIC_ENABLE" options: node_id: 5 nic_id: 0 - 52: + 76: # old action num: 52 action: "NETWORK_NIC_DISABLE" options: node_id: 6 nic_id: 0 - 53: + 77: # old action num: 53 action: "NETWORK_NIC_ENABLE" options: node_id: 6 @@ -610,6 +708,14 @@ agents: weight: 0.33 options: node_hostname: client_2 + - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY + weight: 0.1 + options: + node_hostname: client_1 + - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY + weight: 0.1 + options: + node_hostname: client_2 agent_settings: @@ -730,99 +836,196 @@ agents: 3: action: "NODE_SERVICE_START" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 4: action: "NODE_SERVICE_PAUSE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 5: action: "NODE_SERVICE_RESUME" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 6: action: "NODE_SERVICE_RESTART" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 7: action: "NODE_SERVICE_DISABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 8: action: "NODE_SERVICE_ENABLE" options: - node_id: 1 - service_id: 0 + node_id: 1 + service_id: 0 9: # check database.db file action: "NODE_FILE_SCAN" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 10: action: "NODE_FILE_CHECKHASH" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 11: action: "NODE_FILE_DELETE" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 12: action: "NODE_FILE_REPAIR" options: - node_id: 2 - folder_id: 0 - file_id: 0 + node_id: 2 + folder_id: 0 + file_id: 0 13: action: "NODE_SERVICE_PATCH" options: - node_id: 2 - service_id: 0 + node_id: 2 + service_id: 0 14: action: "NODE_FOLDER_SCAN" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 15: action: "NODE_FOLDER_CHECKHASH" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 16: action: "NODE_FOLDER_REPAIR" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 17: action: "NODE_FOLDER_RESTORE" options: - node_id: 2 - folder_id: 0 + node_id: 2 + folder_id: 0 18: action: "NODE_OS_SCAN" options: - node_id: 2 - 19: # shutdown client 1 + node_id: 0 + 19: action: "NODE_SHUTDOWN" options: - node_id: 5 + node_id: 0 20: - action: "NODE_STARTUP" + action: NODE_STARTUP options: - node_id: 5 + node_id: 0 21: - action: "NODE_RESET" + action: NODE_RESET options: - node_id: 5 - 22: # "ACL: ADDRULE - Block outgoing traffic from client 1" + node_id: 0 + 22: + action: "NODE_OS_SCAN" + options: + node_id: 1 + 23: + action: "NODE_SHUTDOWN" + options: + node_id: 1 + 24: + action: NODE_STARTUP + options: + node_id: 1 + 25: + action: NODE_RESET + options: + node_id: 1 + 26: # old action num: 18 + action: "NODE_OS_SCAN" + options: + node_id: 2 + 27: + action: "NODE_SHUTDOWN" + options: + node_id: 2 + 28: + action: NODE_STARTUP + options: + node_id: 2 + 29: + action: NODE_RESET + options: + node_id: 2 + 30: + action: "NODE_OS_SCAN" + options: + node_id: 3 + 31: + action: "NODE_SHUTDOWN" + options: + node_id: 3 + 32: + action: NODE_STARTUP + options: + node_id: 3 + 33: + action: NODE_RESET + options: + node_id: 3 + 34: + action: "NODE_OS_SCAN" + options: + node_id: 4 + 35: + action: "NODE_SHUTDOWN" + options: + node_id: 4 + 36: + action: NODE_STARTUP + options: + node_id: 4 + 37: + action: NODE_RESET + options: + node_id: 4 + 38: + action: "NODE_OS_SCAN" + options: + node_id: 5 + 39: # old action num: 19 # shutdown client 1 + action: "NODE_SHUTDOWN" + options: + node_id: 5 + 40: # old action num: 20 + action: NODE_STARTUP + options: + node_id: 5 + 41: # old action num: 21 + action: NODE_RESET + options: + node_id: 5 + 42: + action: "NODE_OS_SCAN" + options: + node_id: 6 + 43: + action: "NODE_SHUTDOWN" + options: + node_id: 6 + 44: + action: NODE_STARTUP + options: + node_id: 6 + 45: + action: NODE_RESET + options: + node_id: 6 + + 46: # old action num: 22 # "ACL: ADDRULE - Block outgoing traffic from client 1" action: "NETWORK_ACL_ADDRULE" options: position: 1 @@ -832,7 +1035,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 23: # "ACL: ADDRULE - Block outgoing traffic from client 2" + 47: # old action num: 23 # "ACL: ADDRULE - Block outgoing traffic from client 2" action: "NETWORK_ACL_ADDRULE" options: position: 2 @@ -842,7 +1045,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 1 - 24: # block tcp traffic from client 1 to web app + 48: # old action num: 24 # block tcp traffic from client 1 to web app action: "NETWORK_ACL_ADDRULE" options: position: 3 @@ -852,7 +1055,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 25: # block tcp traffic from client 2 to web app + 49: # old action num: 25 # block tcp traffic from client 2 to web app action: "NETWORK_ACL_ADDRULE" options: position: 4 @@ -862,7 +1065,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 26: + 50: # old action num: 26 action: "NETWORK_ACL_ADDRULE" options: position: 5 @@ -872,7 +1075,7 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 27: + 51: # old action num: 27 action: "NETWORK_ACL_ADDRULE" options: position: 6 @@ -882,128 +1085,129 @@ agents: source_port_id: 1 dest_port_id: 1 protocol_id: 3 - 28: + 52: # old action num: 28 action: "NETWORK_ACL_REMOVERULE" options: position: 0 - 29: + 53: # old action num: 29 action: "NETWORK_ACL_REMOVERULE" options: position: 1 - 30: + 54: # old action num: 30 action: "NETWORK_ACL_REMOVERULE" options: position: 2 - 31: + 55: # old action num: 31 action: "NETWORK_ACL_REMOVERULE" options: position: 3 - 32: + 56: # old action num: 32 action: "NETWORK_ACL_REMOVERULE" options: position: 4 - 33: + 57: # old action num: 33 action: "NETWORK_ACL_REMOVERULE" options: position: 5 - 34: + 58: # old action num: 34 action: "NETWORK_ACL_REMOVERULE" options: position: 6 - 35: + 59: # old action num: 35 action: "NETWORK_ACL_REMOVERULE" options: position: 7 - 36: + 60: # old action num: 36 action: "NETWORK_ACL_REMOVERULE" options: position: 8 - 37: + 61: # old action num: 37 action: "NETWORK_ACL_REMOVERULE" options: position: 9 - 38: + 62: # old action num: 38 action: "NETWORK_NIC_DISABLE" options: node_id: 0 nic_id: 0 - 39: + 63: # old action num: 39 action: "NETWORK_NIC_ENABLE" options: node_id: 0 nic_id: 0 - 40: + 64: # old action num: 40 action: "NETWORK_NIC_DISABLE" options: node_id: 1 nic_id: 0 - 41: + 65: # old action num: 41 action: "NETWORK_NIC_ENABLE" options: node_id: 1 nic_id: 0 - 42: + 66: # old action num: 42 action: "NETWORK_NIC_DISABLE" options: node_id: 2 nic_id: 0 - 43: + 67: # old action num: 43 action: "NETWORK_NIC_ENABLE" options: node_id: 2 nic_id: 0 - 44: + 68: # old action num: 44 action: "NETWORK_NIC_DISABLE" options: node_id: 3 nic_id: 0 - 45: + 69: # old action num: 45 action: "NETWORK_NIC_ENABLE" options: node_id: 3 nic_id: 0 - 46: + 70: # old action num: 46 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 0 - 47: + 71: # old action num: 47 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 0 - 48: + 72: # old action num: 48 action: "NETWORK_NIC_DISABLE" options: node_id: 4 nic_id: 1 - 49: + 73: # old action num: 49 action: "NETWORK_NIC_ENABLE" options: node_id: 4 nic_id: 1 - 50: + 74: # old action num: 50 action: "NETWORK_NIC_DISABLE" options: node_id: 5 nic_id: 0 - 51: + 75: # old action num: 51 action: "NETWORK_NIC_ENABLE" options: node_id: 5 nic_id: 0 - 52: + 76: # old action num: 52 action: "NETWORK_NIC_DISABLE" options: node_id: 6 nic_id: 0 - 53: + 77: # old action num: 53 action: "NETWORK_NIC_ENABLE" options: node_id: 6 nic_id: 0 + options: nodes: - node_name: domain_controller @@ -1064,6 +1268,14 @@ agents: weight: 0.33 options: node_hostname: client_2 + - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY + weight: 0.1 + options: + node_hostname: client_1 + - type: GREEN_ADMIN_DATABASE_UNREACHABLE_PENALTY + weight: 0.1 + options: + node_hostname: client_2 agent_settings: diff --git a/src/primaite/notebooks/uc2_demo.ipynb b/src/primaite/notebooks/uc2_demo.ipynb index 94be8baa..85061b2b 100644 --- a/src/primaite/notebooks/uc2_demo.ipynb +++ b/src/primaite/notebooks/uc2_demo.ipynb @@ -307,17 +307,17 @@ "- `1`: Scan the web service - this refreshes the health status in the observation space\n", "- `9`: Scan the database file - this refreshes the health status of the database file\n", "- `13`: Patch the database service - This triggers the database to restore data from the backup server\n", - "- `19`: Shut down client 1\n", - "- `20`: Start up client 1\n", - "- `22`: Block outgoing traffic from client 1\n", - "- `23`: Block outgoing traffic from client 2\n", - "- `26`: Block TCP traffic from client 1 to the database node\n", - "- `27`: Block TCP traffic from client 2 to the database node\n", - "- `28-37`: Remove ACL rules 1-10\n", - "- `42`: Disconnect client 1 from the network\n", - "- `43`: Reconnect client 1 to the network\n", - "- `44`: Disconnect client 2 from the network\n", - "- `45`: Reconnect client 2 to the network\n", + "- `39`: Shut down client 1\n", + "- `40`: Start up client 1\n", + "- `46`: Block outgoing traffic from client 1\n", + "- `47`: Block outgoing traffic from client 2\n", + "- `50`: Block TCP traffic from client 1 to the database node\n", + "- `51`: Block TCP traffic from client 2 to the database node\n", + "- `52-61`: Remove ACL rules 1-10\n", + "- `66`: Disconnect client 1 from the network\n", + "- `67`: Reconnect client 1 to the network\n", + "- `68`: Disconnect client 2 from the network\n", + "- `69`: Reconnect client 2 to the network\n", "\n", "The other actions will either have no effect or will negatively impact the network, so the blue agent should avoid taking them." ] @@ -559,10 +559,10 @@ "env.step(13) # Patch the database\n", "print(f\"step: {env.game.step_counter}, Red action: {info['agent_actions']['data_manipulation_attacker'][0]}, Blue reward:{reward:.2f}\" )\n", "\n", - "env.step(26) # Block client 1\n", + "env.step(50) # Block client 1\n", "print(f\"step: {env.game.step_counter}, Red action: {info['agent_actions']['data_manipulation_attacker'][0]}, Blue reward:{reward:.2f}\" )\n", "\n", - "env.step(27) # Block client 2\n", + "env.step(51) # Block client 2\n", "print(f\"step: {env.game.step_counter}, Red action: {info['agent_actions']['data_manipulation_attacker'][0]}, Blue reward:{reward:.2f}\" )\n", "\n", "for step in range(30):\n", @@ -608,9 +608,9 @@ "source": [ "if obs['NODES'][6]['NETWORK_INTERFACES'][1]['nmne']['outbound'] == 1:\n", " # client 1 has NMNEs, let's unblock client 2\n", - " env.step(34) # remove ACL rule 6\n", + " env.step(58) # remove ACL rule 6\n", "elif obs['NODES'][7]['NETWORK_INTERFACES'][1]['nmne']['outbound'] == 1:\n", - " env.step(33) # remove ACL rule 5\n", + " env.step(57) # remove ACL rule 5\n", "else:\n", " print(\"something went wrong, neither client has NMNEs\")" ]