Creating a model

Parsing using securiCAD Enterprise GUI

As with any domain specific language used in securiCAD Enterprise; the steps for creating a model are the same with a few tweaks.

With the files generated from the securiCAD Azure collector, to parse the data via the gui, you may upload an active_directory.json and an optional application_insights file directly to securiCAD Enteprise through the web interface.
Navigate to a project, click Add model > Generate model, select the parser Azure Parser, and name the model whatever you want. Upload path/to/securicad-azure-collector/environment_files/active_directory.json and select the parser azure-active-directory-parser and optionally, path/to/securicad-azure-collector/environment_files/application_insights.json, if it exists, with the parser azure-application-insights-parser . Now click Add model and the model should appear in the project.

Sending the data to enterprise locally

Prerequisites:

For enterprise parse the data, you need to provide a url to the enterprise worker and some credentials in a conf.ini file, in securicad-azure-collector/conf.ini with the data:

[URL]
authserviceurl = https://<ip>/api/v1/auth/login
serviceurl = https://<ip>/modelbuilder

[CERT]
cacert =
clientcert =
clientcertkey =

[AUTH]
username = admin8795
password = shaifu.t9theeTh1pooj
organization = 

If your user is a system administrator, you need to leave organization blank, as above. If your user belongs to an organization, you need to specify the name of the organization as well. Note that the credentials above are example credentials and will not work in your instance.

Uploading the files

make sure you have installed the securicad-enterprise package in the current python environment and run

  • for .sCAD files:
python3 path/to/azure-resource-parser/azure_parser/upload.py -s /path/to/model.sCAD [-t /path/to/tuningsfile.json] [-p projectname]
  • for .json files:
python3 path/to/azure-resource-parser/azure_parser/upload.py -e /path/to/active_directory.json [-i /path/to/application_insights.json] [-t /path/to/tuningsfile.json] [-p projectname]

And the model will be added to enterprise below projectname or the Default project if none is provided. Scenarios and simulations are also started automatically, depending on the contents of tuningsfile.json.

path/to/upload.py -h

tuning.json example

Similarly how you can set tunings in the labs section of securiCAD Enterprise, you may include -t tunings.json as a parameter for the upload.py script, and the defined tunings in the file will be applied on your model in a new scenario with the format: ScenarioOne-YYYY-MM-DD. The prefix varies depending on the name of your scenario key.

{
    "ScenarioOne": [
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "Account",
                "defense": "MFA"
            },
            "probability": 0.9
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "AKSCluster",
                "attackstep": "DeletePools",
                "object_name": "backend-cluster"
            },
            "consequence": 5
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "AKSCluster",
                "attackstep": "WriteDeployments"
            },
            "consequence": 7
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "AKSCluster",
                "attackstep": "DeleteVolumes"
            },
            "consequence": 5
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "Container",
                "attackstep": "HighPrivilegeAccess"
            },
            "consequence": 8
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "AKSPod",
                "attackstep": "Stop"
            },
            "consequence": 3
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "AKSPod",
                "attackstep": "Deny"
            },
            "consequence": 3
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "LinuxVM",
                "attackstep": "HighPrivilegeAccess"
            },
            "consequence": 10
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "SQLDatabase",
                "attackstep": "ReadData"
            },
            "consequence": 8
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "StorageAccount",
                "attackstep": "RootAccess"
            },
            "consequence": 10
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "Key",
                "attackstep": "SignHash"
            },
            "consequence": 7
        },
        {
            "tuning_type": "consequence",
            "op": "apply",
            "filterdict": {
                "metaconcept": "FunctionApp",
                "attackstep": "EditFunctionAppCode"
            },
            "consequence": 9
        }
    ],
    "ScenarioTwo": [],
    "ScenarioThree": []
}

Setting a defense tuning

{
    "tuning_type": "consequence",
    "op": "apply",
    "filterdict": {
      "metaconcept": "Account",
      "defense": "MFA"
    },
    "probability": 0.9
}

Setting a high value asset

Class level

{
    "tuning_type": "consequence",
    "op": "apply",
    "filterdict": {
    "metaconcept": "AKSCluster",
        "attackstep": "DeleteVolumes"
    },
    "consequence": 5
},

Object Level

{
    "tuning_type": "consequence",
    "op": "apply",
    "filterdict": {
        "metaconcept": "AKSCluster",
        "attackstep": "DeletePools",
        "object_name": "backend-cluster"
    },
    "consequence": 5
},

Setting a custom TTC value

{
    "tuning_type": "ttc",
    "op": "apply",
    "filterdict": {
        "metaconcept": "Account",
        "attackstep": "Access"
    },
    "ttc": "Infinity"
}

Working with the model in securiCAD Enterprise

For more information on how to upload the model into securiCAD enterprise and how to start simulating, please read the securiCAD Enterprise docs.