Results
| Ref | Feature Name | Description |
|---|---|---|
| X1 | Name | The tool assigns a name to the activity |
| Y1 | Name Filtering | The tool permits filtering results based on the activities' names |
| Z1 | Name Results | The tool permits filtering results based on their names. |
| X2 | Source Code | The tool provides the source code of the related activity |
| X3 | Explanation | The tool associates the activity with a textual explanation |
| X4 | Objective | The tool describes the activity's objective |
| X5 | History | The tool provides the history of the activity's executions |
| X6 | Number of Runs | The tool provides the number of times that the activity has been used |
| Y6 | Number of Runs Filtering | The tool permits filtering and running activities based on how many times they have been tested |
| Z6 | Number of Run Results | The tool permits filtering results based on how many times the activities have been tested |
| X7 | Framework/CTI Reference | The tool provides an external reference to a framework or CTI report that has discov- ered, presented or described the vulnerability associated with the activity |
| Y7 | Framework/CTI Filtering | The tool permits filtering and running activities based on frameworks or CTI informa- tion they are related to |
| Z7 | Framework/CTI Results | The tool permits filtering results based on the activities' framework or CTI mapping |
| X8 | Target OS | The tool indicates which operating systems the activity supports |
| Y8 | Target OS Filtering | The tool permits filtering and running activities based on the operating systems they support |
| Z8 | Target OS Results | The tool permits filtering and running activities based on the operating systems they support |
| X9 | Creation Date | The tool reports the activity's creation date |
| Y9 | Creation Date Filtering | The tool reports the activity's creation date |
| Z9 | Creation Date Results | The tool permits filtering results based on the activities' creation date |
| X10 | Creator | The tool reports the activity's creator |
| Y10 | Creator Filtering | The tool permits filtering and running activities based on their creator |
| Z10 | Creator Results | The tool permits filtering results based on the activities' creator |
| X11 | Update | The tool reports the activity's last update date |
| Y11 | Update Filtering | The tool permits filtering and running activities based on their last update |
| Z11 | Update Results | The tool permits filtering results based on the activities' last update |
| X12 | Requirements | The tool reports the activity's requirements |
| Y12 | Requirements Filtering | The tool permits filtering and running activities based on the requirements they need |
| Z12 | Requirements Results | The tool permits filtering results based on the activities' requirements |
| X13 | APT Correlation | The tool provides a list of APTs that applied that activity |
| Y13 | APT Correlation Filtering | The tool permits filtering and running activities based on their association with an APT |
| Z13 | APT Correlation Results | The tool permits filtering results based on the activities' possible mapping to APTs |
| X14 | Sector Correlation | The tool offers a list of industry sectors that have been victims of that activity |
| Y14 | Sector Correlation Filtering | The tool permits filtering and running activities based on their possible association with a specific industry sector |
| Z14 | Sector Correlation Results | The tool permits filtering results based on the activities' possible association with a specific industry sector |
| X15 | Nation/Region Correlation | The tool offers a list of nations or regions that have been victims of that activity |
| Y15 | Nation/Region Correlation Filtering | The tool permits filtering and running activities based on their association with a specific target nation or region |
| X16 | Nation/Region Attacker Correlation | The tool provides a list of countries or regions where the specific activity has been conducted |
| Y16 | Nation/Region Attacker Filtering | The tool provides a list of countries or regions where the specific activity has been conducted |
| X17 | Tag | The tool offers a list of tags associated with the activity or permits the user to create ones |
| Y17 | Tag Filtering | The tool permits filtering and running activities based on their tags |
| Z17 | Tag Results | The tool permits filtering results based on the activities' tags |
| X18 | System's Vulnerability | The tool permits filtering results based on the activities' tags |
| Y18 | System's Vulnerability Filtering | The tool permits filtering and running activities based on their associated system's vulnerability level |
| X19 | Targets' Vulnerability | The tool reports for each activity the associated vulnerability level of all system's targets based on their last evaluation |
| Y19 | Target's Vulnerability Filtering | The tool permits filtering and running activities based on their associated targets' vulnerability levels |
| X20 | System's Risk | The tool reports for each activity their related system's risk level based on its last evaluation |
| Y20 | System's Risk Filtering | The tool permits filtering and running activities based on their associated system's risk level |
| X21 | Targets' Risk | The tool reports for each activity the associated risk level of all target systems based on their last evaluation |
| Y21 | Targets' Risk Filtering | The tool permits filtering and running activities based on their associated targets' risk levels |
| X22 | Rollback | The tool reports if the activities offer a rollback that restores the system status as before the operation has been performed |
| Y22 | Rollback Filtering | The tool permits filtering and running activities based on whether they support roll- back |
Information and Filtering is a subcategory of both Attack and Results categories. As described in
section 3.2, the essence of BAS is to simulate the attacker's actions. To enhance the tool's capabilities,
it is fundamental to provide the users with information about these actions, permitting operators to have a broader view of the simulation.
In the Organization category, it has been presented the
difference between Action and Operation; in this section, the term Activity will be used to comprehend
both to simplify the descriptions.
The activity's information can be used principally in three different ways:
The picture above shows the logical connection between the information and how it can be used in order to
filter activities before launching a simulation or to sort out the results.
Simulation >
< Results
- To give more detail of the activity to the user,
- To filter activities before performing an attack simulations,
- To filter the simulation report to analyze the results in further detail.
- The first one, with reference starting with “X”, describes what is the specific information it's referring to.
- The second one, with reference starting with “Y”, checks if it's possible to filter between all the activities offered by the tool based on the information described in the “X” feature and tests if this subset can be used to run a simulation. In particular, the “Activities Filtering” feature in the Organization section is used to verify if the tool offers this filtering capability.
- The third one, with reference starting with “Z”, checks if it's possible to analyse the simulation results by filtering them based on the information described in “X” or to generate a report including only the activities that match that specific “X” feature. In particular, two features in the Results section respectively “Analytics” and “Result Filtering” are used to verify if and how the tool offers this filtering capability.
- “Update” [X11] -> The tool reports the date of the last activity's update,
- “Update Filtering” [Y11] -> The tool permits filtering among all possible activities only the ones updated in a certain range of time.
- "Update Results” [Z11] -> The tool permits filtering the simulation results based on the activities' last update to analyse the results only of that particular range.