Organization
| Ref |
Feature Name |
Description |
| B1 |
Ability |
The tool offers a list of pre-defined abilities that can be run on one or multiple target
systems |
| B2 |
Ability Configuration |
The tool permits personalizing an ability by changing pre-defined parameters |
| B3 |
Custom Ability |
The tool permits creating and executing on-fly an ability; this ability can be built from
scratch or by modifying an existing one |
| B4 |
Custom Ability Saving |
he tool permits permanently saving and reusing a custom ability. |
| B5 |
Import Ability |
The tool permits importing an ability |
| B6 |
Operation |
The tool can run a set of abilities to perform an operation on one or multiple target
systems |
| B7 |
Operation Configuration |
The tool permits personalizing an operation by changing pre-defined parameters or
performing other operations |
| B8 |
Custom Operation |
The tool permits creating and running an operation on the fly by pipelining different
abilities or modifying an existing one |
| B9 |
Custom Operation Saving |
The tool permits permanently saving and reusing a custom operation |
| B10 |
Import Operation |
The tool permits importing an operation |
The Breach and Attack Simulation Tools available on the market offer different simulation capabilities
that can be distinguished not only by their objectives but also by how they are structured. Many solu-
tions subdivide the general simulation concept into smaller elements that can be grouped or chained to
perform a simulation. There are different possibilities for performing this subdivision; this framework
provides a two-element subdivision compatible with the solutions adopted by the various tools. These
two elements are named Ability and Operation. An Ability has a basic and straightforward objective,
achievable by running a few commands; multiple abilities can be grouped into an Operation to reach
a more complex goal. A Simulation involves one or many operations. Therefore, the features of this
section permit the reader to verify if the tool offers a logical structure similar to this, how much it is
customizable, and the benefits of having multiple fine-grain elements rather than a whole “simulation
object”. It is essential to consider that it may not be possible to directly compare these features with
the ones in BAS solutions due to a different simulation subdivision, and an adjustment may be needed.
Attack >
< Architecture