training_config: rl_framework: SB3 rl_algo: PPO n_learn_steps: 128 n_learn_episodes: 1000 game_config: ports: - ARP - DNS - POSTGRES_SERVER protocols: - ICMP - TCP agents: - ref: client_1_green_user team: GREEN type: GreenWebBrowsingAgent observation_space: null action_space: action_list: - type: DONOTHING # - type: NODE_LOGON # - type: NODE_LOGOFF # - type: NODE_APPLICATION_EXECUTE # options: # execution_definition: # target_address: arcd.com options: nodes: - node_ref: client_2 max_folders_per_node: 2 max_files_per_folder: 2 max_services_per_node: 2 max_nics_per_node: 8 max_acl_rules: 10 reward_function: reward_components: - type: DUMMY agent_settings: start_step: 5 frequency: 4 variance: 3 - ref: client_1_data_manipulation_red_bot team: RED type: RedDatabaseCorruptingAgent observation_space: type: UC2RedObservation options: nodes: - node_ref: client_1 observations: - logon_status - operating_status services: - service_ref: data_manipulation_bot observations: - operating_status - health_status folders: {} action_space: action_list: - type: DONOTHING # - type: NODE_APPLICATION_EXECUTE # options: # execution_definition: # server_ip: 192.168.1.14 # payload: "DROP TABLE IF EXISTS user;" # success_rate: 80% - type: NODE_FILE_DELETE - type: NODE_FILE_CORRUPT # - type: NODE_FOLDER_DELETE # - type: NODE_FOLDER_CORRUPT - type: NODE_OS_SCAN # - type: NODE_LOGON # - type: NODE_LOGOFF options: nodes: - node_ref: client_1 max_folders_per_node: 2 max_files_per_folder: 2 max_services_per_node: 2 # max_nics_per_node: 8 # max_acl_rules: 10 # actions: # - type: DO_NOTHING # network: # nodes: # - node_ref: client_1 # actions: # - type: SCAN # - type: LOGON # - type: LOGOFF # services: # - service_ref: data_manipulation_bot # actions: # - type: COMPROMISE # execution_definition: # server_ip: 192.168.1.14 # payload: "DROP TABLE IF EXISTS user;" # success_rate: 80% # folders: # files: {} reward_function: reward_components: - type: DUMMY agent_settings: # options specific to this particular agent type, basically args of __init__(self) start_step: 25 frequency: 20 variance: 5 - ref: defender team: BLUE type: GATERLAgent observation_space: type: UC2BlueObservation options: nodes: - node_ref: router_1 #TODO: more sub-options here - node_ref: switch_1 - node_ref: switch_2 - node_ref: domain_controller services: - service_ref: domain_controller_dns_server - node_ref: web_server services: - service_ref: web_server_database_client - node_ref: database_server services: - service_ref: database_service folders: - folder_name: database files: - file_name: database.db - node_ref: backup_server # services: # - service_ref: backup_service - node_ref: security_suite - node_ref: client_1 - node_ref: client_2 links: - link_ref: router_1___switch_1 - link_ref: router_1___switch_2 - link_ref: switch_1___domain_controller - link_ref: switch_1___web_server - link_ref: switch_1___database_server - link_ref: switch_1___backup_server - link_ref: switch_1___security_suite - link_ref: switch_2___client_1 - link_ref: switch_2___client_2 - link_ref: switch_2___security_suite acl: router_node_ref: router_1 ics: null action_space: action_list: - type: DONOTHING - type: NODE_SERVICE_SCAN - type: NODE_SERVICE_STOP - type: NODE_SERVICE_START - type: NODE_SERVICE_PAUSE - type: NODE_SERVICE_RESUME - type: NODE_SERVICE_RESTART - type: NODE_SERVICE_DISABLE - type: NODE_SERVICE_ENABLE - type: NODE_FILE_SCAN - type: NODE_FILE_CHECKHASH - type: NODE_FILE_DELETE - type: NODE_FILE_REPAIR - type: NODE_FILE_RESTORE - type: NODE_FOLDER_SCAN - type: NODE_FOLDER_CHECKHASH - type: NODE_FOLDER_REPAIR - type: NODE_FOLDER_RESTORE - type: NODE_OS_SCAN - type: NODE_SHUTDOWN - type: NODE_STARTUP - type: NODE_RESET - type: NETWORK_ACL_ADDRULE options: target_router_ref: router_1 - type: NETWORK_ACL_REMOVERULE options: target_router_ref: router_1 - type: NETWORK_NIC_ENABLE - type: NETWORK_NIC_DISABLE action_map: 0: action: DONOTHING options: {} # scan webapp service 1: action: NODE_SERVICE_SCAN options: - node_id: 2 - service_id: 1 # stop webapp service 2: action: NODE_SERVICE_STOP options: - node_id: 2 - service_id: 1 # start webapp service 3: action: "NODE_SERVICE_START" options: - node_id: 2 - service_id: 1 4: action: "NODE_SERVICE_PAUSE" options: - node_id: 2 - service_id: 1 5: action: "NODE_SERVICE_RESUME" options: - node_id: 2 - service_id: 1 6: action: "NODE_SERVICE_RESTART" options: - node_id: 2 - service_id: 1 7: action: "NODE_SERVICE_DISABLE" options: - node_id: 2 - service_id: 1 8: action: "NODE_SERVICE_ENABLE" options: - node_id: 2 - service_id: 1 9: action: "NODE_FILE_SCAN" options: - node_id: 3 - folder_id: 1 - file_id: 1 10: action: "NODE_FILE_CHECKHASH" options: - node_id: 3 - folder_id: 1 - file_id: 1 11: action: "NODE_FILE_DELETE" options: - node_id: 3 - folder_id: 1 - file_id: 1 12: action: "NODE_FILE_REPAIR" options: - node_id: 3 - folder_id: 1 - file_id: 1 13: action: "NODE_FILE_RESTORE" options: - node_id: 3 - folder_id: 1 - file_id: 1 14: action: "NODE_FOLDER_SCAN" options: - node_id: 3 - folder_id: 1 15: action: "NODE_FOLDER_CHECKHASH" options: - node_id: 3 - folder_id: 1 16: action: "NODE_FOLDER_REPAIR" options: - node_id: 3 - folder_id: 1 17: action: "NODE_FOLDER_RESTORE" options: - node_id: 3 - folder_id: 1 18: action: "NODE_OS_SCAN" options: - node_id: 3 19: action: "NODE_SHUTDOWN" options: - node_id: 6 20: action: "NODE_STARTUP" options: - node_id: 6 21: action: "NODE_RESET" options: - node_id: 6 22: action: "NETWORK_ACL_ADDRULE" options: - position: 6 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 23: action: "NETWORK_ACL_ADDRULE" options: - position: 5 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 24: action: "NETWORK_ACL_ADDRULE" options: - position: 4 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 25: action: "NETWORK_ACL_ADDRULE" options: - position: 3 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 26: action: "NETWORK_ACL_ADDRULE" options: - position: 2 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 27: action: "NETWORK_ACL_ADDRULE" options: - position: 1 - permission: 2 - source_node_id: ... - dest_node_id: ... - source_port_id: ... - dest_port_id: ... - protocol_id: ... 28: action: "NETWORK_ACL_REMOVERULE" options: - position: 0 29: action: "NETWORK_ACL_REMOVERULE" options: - position: 1 30: action: "NETWORK_ACL_REMOVERULE" options: - position: 2 31: action: "NETWORK_ACL_REMOVERULE" options: - position: 3 32: action: "NETWORK_ACL_REMOVERULE" options: - position: 4 33: action: "NETWORK_ACL_REMOVERULE" options: - position: 5 34: action: "NETWORK_ACL_REMOVERULE" options: - position: 6 35: action: "NETWORK_ACL_REMOVERULE" options: - position: 7 36: action: "NETWORK_ACL_REMOVERULE" options: - position: 8 37: action: "NETWORK_ACL_REMOVERULE" options: - position: 9 38: action: "NETWORK_NIC_DISABLE" options: - node_id: 6 - nic_index: 1 39: action: "NETWORK_NIC_ENABLE" options: - node_id: 6 - nic_index: 1 options: nodes: - node_ref: router_1 - node_ref: switch_1 - node_ref: switch_2 - node_ref: domain_controller - node_ref: web_server - node_ref: database_server - node_ref: backup_server - node_ref: security_suite - node_ref: client_1 - node_ref: client_2 max_folders_per_node: 2 max_files_per_folder: 2 max_services_per_node: 2 max_nics_per_node: 8 max_acl_rules: 10 reward_function: reward_components: - type: DUMMY agent_settings: # ... simulation: network: nodes: - ref: router_1 type: router hostname: router_1 num_ports: 5 ports: 1: ip_address: 192.168.1.1 subnet_mask: 255.255.255.0 2: ip_address: 192.168.1.1 subnet_mask: 255.255.255.0 acl: 0: action: PERMIT src_port: POSTGRES_SERVER dst_port: POSTGRES_SERVER 1: action: PERMIT src_port: DNS dst_port: DNS 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP - ref: switch_1 type: switch hostname: switch_1 num_ports: 8 - ref: switch_2 type: switch hostname: switch_2 num_ports: 8 - ref: domain_controller type: server hostname: domain_controller ip_address: 192.168.1.10 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.1 services: - ref: domain_controller_dns_server type: DNSServer options: domain_mapping: arcd.com: 192.168.1.12 # web server - ref: web_server type: server hostname: web_server ip_address: 192.168.1.12 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.10 dns_server: 192.168.1.10 services: - ref: web_server_database_client type: DatabaseClient options: db_server_ip: 192.168.1.14 - ref: database_server type: server hostname: database_server ip_address: 192.168.1.14 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.1 dns_server: 192.168.1.10 services: - ref: database_service type: DatabaseService - ref: backup_server type: server hostname: backup_server ip_address: 192.168.1.16 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.1 dns_server: 192.168.1.10 services: - ref: backup_service type: DatabaseBackup - ref: security_suite type: server hostname: security_suite ip_address: 192.168.1.110 subnet_mask: 255.255.255.0 default_gateway: 192.168.1.1 dns_server: 192.168.1.10 nics: 2: # unfortunately this number is currently meaningless, they're just added in order and take up the next available slot ip_address: 192.168.10.110 subnet_mask: 255.255.255.0 - ref: client_1 type: computer hostname: client_1 ip_address: 192.168.10.21 subnet_mask: 255.255.255.0 default_gateway: 192.168.10.1 dns_server: 192.168.1.10 services: - ref: data_manipulation_bot type: DataManipulationBot - ref: client_1_dns_client type: DNSClient - ref: client_2 type: computer hostname: client_2 ip_address: 192.168.10.22 subnet_mask: 255.255.255.0 default_gateway: 192.168.10.1 dns_server: 192.168.1.10 services: - ref: client_2_web_browser type: WebBrowser - ref: client_2_dns_client type: DNSClient links: - ref: router_1___switch_1 endpoint_a_ref: router_1 endpoint_a_port: 1 endpoint_b_ref: switch_1 endpoint_b_port: 8 - ref: router_1___switch_2 endpoint_a_ref: router_1 endpoint_a_port: 2 endpoint_b_ref: switch_2 endpoint_b_port: 8 - ref: switch_1___domain_controller endpoint_a_ref: switch_1 endpoint_a_port: 1 endpoint_b_ref: domain_controller endpoint_b_port: 1 - ref: switch_1___web_server endpoint_a_ref: switch_1 endpoint_a_port: 2 endpoint_b_ref: web_server endpoint_b_port: 1 - ref: switch_1___database_server endpoint_a_ref: switch_1 endpoint_a_port: 3 endpoint_b_ref: database_server endpoint_b_port: 1 - ref: switch_1___backup_server endpoint_a_ref: switch_1 endpoint_a_port: 4 endpoint_b_ref: backup_server endpoint_b_port: 1 - ref: switch_1___security_suite endpoint_a_ref: switch_1 endpoint_a_port: 7 endpoint_b_ref: security_suite endpoint_b_port: 1 - ref: switch_2___client_1 endpoint_a_ref: switch_2 endpoint_a_port: 1 endpoint_b_ref: client_1 endpoint_b_port: 1 - ref: switch_2___client_2 endpoint_a_ref: switch_2 endpoint_a_port: 2 endpoint_b_ref: client_2 endpoint_b_port: 1 - ref: switch_2___security_suite endpoint_a_ref: switch_2 endpoint_a_port: 7 endpoint_b_ref: security_suite endpoint_b_port: 2