• Provide a detailed description for the Attack Simulator.
  • Why did Securonix create the Attack Simulator?
  • Provide details on the data flow within the Attack Simulator
  • Provide some details on the usage of the Attack Simulator
  • Provide some details on the architecture of the Attack Simulator

asked 10 Dec '14, 13:55

Tanuj's gravatar image

Tanuj ♦♦
accept rate: 0%

edited 10 Dec '14, 16:43

What is Attack Simulator? Attack Simulator is a simulation tool created by Securonix to aid in the simulation of log feeds and attacks.

What are the capabilities of AttackSimulator?

  1. Allow user to specify their own environment (users within company and their desktops, DMZ devices, External Customers)
  2. Allow user to specify destination for generated logs (via syslog)
  3. Allow user to specify the devices whose logs must be forwarded
  4. Control (Start/Stop) individual event feeds
  5. Control type of attack and attacker to be used during attack
  6. Launch simulated attack

Why did Securonix create the AttackSimulator application?

The Securonix application is a advanced threat detection technology that uses specialized techniques to detect threats. Our engineering staff wanted an automated testing process to test our features. We evaluated a number of feed generation technologies but were never able to figure out a way to synchronize multiple feeds across devices to have the same attacker or date/time intervals that is normally seen in real life attacks.

We felt it was easier to create our own simulator then perform manual generation of feeds.

Who can use the AttackSimulator?

We would like the Attack Simulator to be utilized by researchers, students and organizations that are working towards the common good. We will host this application on the cloud and make it accessible on the web. However, since this can be used towards generating unnecessary web traffic and as a nuisance, we will control who can use it.

What do you need to use the AttackSimulator?

  1. You will need to register on the site http://attacksimulator.securonix.com
  2. You should have a syslog server set up in your environment to receive the generated logs

What is the architecture for AttackSimulator?

The AttackSimulator is a Java application running on Tomcat and uses MySQL as the database. It uses GRAILS as the MVC framework.

Can you request features and updates to the AttackSimulator?

The AttackSimulator was created for our internal use. We will appreciate and be supportive of a larger community driven effort to develop it and participate in making it better. We are hosting the application, these forums and a bug tracking system.

This answer is marked "community wiki".

answered 10 Dec '14, 17:31

Tanuj's gravatar image

Tanuj ♦♦
accept rate: 0%

wikified 11 Dec '14, 13:04

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 10 Dec '14, 13:55

Seen: 624 times

Last updated: 11 Dec '14, 13:04