If I want to generate my own transaction file for a new system feed, what variables are available for use in the transaction file?

asked 10 Dec '14, 13:37

Tanuj's gravatar image

Tanuj ♦♦
114
accept rate: 0%


  • Variables are used in transaction files and get populated dynamically at run time

Example: We want to generate a feed with the following format Date, AccountName, IPAddress, Port, Transaction

In the above example, the following values must be picked up when the feed is generated

  • The date should be in the format : dd/MM/yyyy HH:mm:ss
  • The AccountName should be randomly picked from a set of Users
  • The IP Address should belong to the countries USA and UK
  • The Port should be between 1 and 65535

To accomplish this, we have provided a number of variablegenerators. These variablegenerators are provided below:

Variable Generator Name Description Example
usermastertablegenerator Used to pick random users from the users table. Accepts one parameter for the filter query Example: department like '%Finance%'
tablevaluegenerator Used to pick random values from any column of any table. Accepts one parameter which is table name. Example: sec_user
datevaluegenerator Used to generate datetime stamp. Defaults to format yyyy-MM-dd HH:mm:ss.SSS. Accepts one parameter which is the format of the date. Example Parameter: dd/MMM/yy HH:mm:ss
randomvaluegenerator Used to generate a random value. Accepts two parameters - start value and end value Example: parameter1=1 and parameter2=255
dmztablegenerator used to pick random IP addresses from the dmzusermapping table. It picks a random IP Address associated with the logged in user. These values are populated when the logged in user chooses a set of DMZ devices. Accepts one parameter which is the logged in user id Example:

Parameters can be passed to these generators in order to restrict values.

  • For example randomvaluegenerator can be used to generate values for Port number with parameter startvalue=1 and endvalue=65535
  • We can even generate random IP Addresses by taking {{randomvalue1}}.{{randomvalue1}}.{{randomvalue1}}.{{randomvalue1}} and having a variable randomvalue1 be of type randomvaluegenerator with startvalue=1 and endvalue=255

Any Number Of Variables Can Be Added:

The attack simulator has the flexibility to allow users to add their own variables in the back end MySQL database. The table used to store the variables is variablemaster.

The user just needs to specify the name of the variable,what generator would be used, the parameters to be passed( These can be specified in columns param1 or/and param2 )

The out of the box variables available for generating a feed are : usermaster, sec_user, sysipusermapping, datetime, randomvalue, sequence, dmzaddress, randomvalue1, randomvalue2, randomvalue3, randomvalue4, randomvalue5, randomvalue6, randomvalue7, randomvalue8, randomvalue9, randomvalue10, randomvalue11, port1, port2, dmzaddress1, dmzaddress2.

randomvalue1 to randomvalue8 are meant for generating IP Addresses. The values will vary from 1-255 for each variable. Similarly port1 and port2 are meant for generating values for port numbers. The values vary from 1-65535 A transaction will consist of the combination of values. Take a look at the following sample Cisco ASA transaction.

{{datetime}} SECX-ASA : %ASA-6-302015: Built outbound UDP connection {{sequence}} for outside:{{randomvalue1}}.{{randomvalue2}}.{{randomvalue3}}.{{randomvalue4}}/{{port1}} ({{randomvalue5}}.{{randomvalue6}}.{{randomvalue7}}.{{randomvalue8}}/{{port1}}) to DMZ:{{dmzaddress1.dmzaddress}}/{{port2}} ({{dmzaddress2.dmzaddress}}/{{port2}}) || {{datetime}} SECX-ASA : %ASA-6-302016: Teardown UDP connection {{sequence}} for outside:{{randomvalue1}}.{{randomvalue2}}.{{randomvalue3}}.{{randomvalue4}}/{{port1}} to DMZ:{{dmzaddress1.dmzaddress}}/{{port2}} duration {{randomvalue9}}:{{randomvalue10}}:{{randomvalue11}} bytes {{randomvalue}} << 10

Pay attention to the the symbols || and << . The || symbol tells us that transaction after this symbol would follow the previous transaction. The << symbol decides the occurrence of the transactions( Both the transactions will occur 10 times in this case).

link

answered 10 Dec '14, 13:51

swadhwa's gravatar image

swadhwa
213
accept rate: 0%

edited 10 Dec '14, 16:42

Tanuj's gravatar image

Tanuj ♦♦
114

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×2
×1

Asked: 10 Dec '14, 13:37

Seen: 289 times

Last updated: 10 Dec '14, 16:42