Creating your first model

This quick start guide will go over the process of building your first model from scratch in the modeling tool.

Creating assets

Models are collections of connected objects that represents the environment you want to analyze. The Objects tab lists all available object types and can be added by drag and drop to the canvas.

1. Drag a Network object from the Objects tab to the canvas to add a Network to your model.
   All objects you have added to the model will be available in the Objects explorer tab.

2. Drag a Host object from the Objects tab to the canvas to add a Host object to the model.

Creating associations

You create associations between objects in the model to represent how objects relate to each other.

1. Hold the shift key, and drag a new association from the Network object to the Host object to create a new association. This will represent that the Host is connected to this Network.

2. The Host is now connected the Network, which will give the Attacker new attack opportunities. To remove the association, select it and hit Delete.

Setting defenses

1. Right-click on the Host and select Preferences to open the settings for the Host object. Under the Defenses tab, you can see available security controls for the Host object.

Set the probability of Hardened to 1 and select Save changes to say that the Host is Hardened.

Setting high value assets

To be able to start a simulation, you need to assign high value assets in the model i.e., the targets for the Attacker. This will also be basis of the simulation reports.

1. Right-click on the Host and select Preferences to open the settings for the Host object. Under the Attack steps tab, you can see available attack steps for the Host object.

Set the consequence of Compromise to 8 and select Save changes to say that the Host being compromised has a consequence of 8/10 to your organization. Where 10 is the worst thing that could happen.

You can set multiple high value assets on different objects.

2. Objects you have selected as high value assets will have a yellow background.

You can also see all your high value assets in the High value assets view under the Views tab

Adding an attacker

To be able to start a simulation, you need to add an attacker to the model. The attacker’s entry points are defined by connecting the attacker to existing objects in the model.

1. Drag and drop an Attacker object from the Objects tab to the canvas.

2. Hold the shift key and drag a new association from the Attacker object to the Network object to create a new association.

Once the association is created, you are given the option to select what attack step on the Network that should be the entry point for the Attacker.

Select Compromise to say that the Attacker has full access to the Network at the start of the simulation.

Issues and warnings

The Issues and warnings tab lists current problems with the model. All issues and warnings must be fixed before you can simulate attacks on the model. Typical issues include missing high values assets, no attacker connected or missing mandatory objects.

1. Select the Issues and warnings tab to reveal any issues with the model.

We have one issue with our model; the Host object is missing a SoftwareProduct. Until we add that to our Host, we will not be able to simulate.

2. If we create a SoftwareProduct and connect it to our Host, all issues are resolved and we have a valid model we can simulate.

Save the model to your project and it will be ready to simulate!