Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Simulations

 

View the simulations that are created by users and the simulation results on the simulations page.

The Simulations window provides the following information:

Table 1: Simulation Definitions Parameters

Parameter

Description

Simulation Name

The name of the simulation, as defined by the creator of the simulation.

Model

The model type. Simulations can be modeled from the current topology or another topology model. The options are:

  • Current Topology

  • The name of the topology model

Groups

The groups that the simulation is associated with.

Created By

The user who created the simulation.

Creation Date

The date and time that the simulation was created.

Last Modified

The date and time that the simulation was last modified.

Schedule

The frequency the simulation is scheduled to run. The options include:

Manual—The simulation runs when it is manually executed.

Once—Specify the date and time the simulation is scheduled to run.

Daily—Specify the time of day the simulation is scheduled to run.

Weekly—Specify the day of the week and the time the simulation is scheduled to run.

Monthly—Specify the day of the month and time the simulation is scheduled to run.

Last Run

The last date and time that the simulation was run.

Next Run

The date and time that the next simulation will be run.

Results

If the simulation is run, this parameter includes a list of dates for the results of your simulations. You can select a date and view the results.

Creating a Simulation

You can create simulations that are based on a series of rules that can be combined and configured.

Parameters that can be configured for simulation tests are underlined. The following table describes the simulation tests that you can configure.

Table 2: Simulation Tests

Test Name

Description

Parameters

Attack targets one of the following IP addresses

Simulates attacks against specific IP addresses or CIDR ranges.

Configure the IP addresses parameter to specify the IP address or CIDR ranges to which you want this simulation to apply.

Attack targets one of the following networks

Simulates attacks targeting networks that are a member of one or more defined network locations.

Configure the networks parameter to specify the networks to which you want this simulation to apply.

Attack targets one of the following asset building blocks

Simulates attacks that target one or more defined asset building blocks.

Configure the asset building blocks parameters to specify the asset building blocks to which you want this simulation to apply.

Attack targets one of the following reference sets

Simulates attacks that target one or defined reference sets.

Configure the reference sets parameters to specify the reference sets to which you want this simulation to apply.

Attack targets a vulnerability on one of the following ports using protocols

Simulates attacks that target a vulnerability on one or more defined ports.

Configure the following parameters:

Open Ports—Specify the ports that you want this simulation to consider.

Protocols— Specify the protocol that you want this simulation to consider.

Attack targets assets susceptible to one of the following vulnerabilities

Simulates attacks that target assets that are susceptible to one or more defined vulnerabilities.

Configure the vulnerabilities parameter to identify the vulnerabilities that want this test to apply. You can search for vulnerabilities in OSVDB ID, Bugtraq ID, CVE ID, or title.

Attack targets assets susceptible to vulnerabilities with one of the following classifications

Allows you to simulate attacks targeting an asset that is susceptible to vulnerabilities for one or more defined classifications.

Configure the classifications parameter to identify the vulnerability classifications. For example, a vulnerability classification might be Input Manipulation or Denial of Service.

Attack targets assets susceptible to vulnerabilities with CVSS score greater than 5

A Common Vulnerability Scoring System (CVSS) value is an industry standard for assessing the severity of vulnerabilities. This simulation filters assets in your network that include the configured CVSS value.

Allows you to simulate attacks targeting an asset that is susceptible to vulnerabilities with a CVSS score greater than 5.

Click Greater Than 5, and then select an operator. The default operator is greater than 5

Attack targets assets susceptible to vulnerabilities disclosed after this date

Allows you to simulate attacks targeting an asset that is susceptible to vulnerabilities discovered before, after, or on the configured date.

Configure the following parameters:

before | after | on–Specify whether you want the simulation to consider the disclosed vulnerabilities to be after, before, or on the configured date on assets. The default is before.

this date—Specify the date that you want this simulation to consider.

Attack targets assets susceptible to vulnerabilities where the name, vendor, version or service contains one of the following text entries

Allows you to simulate attacks targeting an asset that is susceptible to vulnerabilities matching the asset name, vendor, version or service based one or more text entry.

Configure the text entries parameter to identify the asset name, vendor, version, or service you want this simulation to consider.

Attack targets assets susceptible to vulnerabilities where the name, vendor, version or service contains one of the following regular expressions

Allows you to simulate attacks targeting an asset that is susceptible to vulnerabilities matching the asset name, vendor, version or service based one or more regular expression.

Configure the regular expressions parameter to identify the asset name, vendor, version, or service you want this simulation to consider.

The following contributing tests are deprecated and hidden in the Policy Monitor:

  • attack targets a vulnerability on one of the following operating systems

  • attack targets assets susceptible to vulnerabilities from one of the following vendors

  • attack targets assets susceptible to vulnerabilities from one of the following products

The deprecated contributing tests are replaced by other tests.

  1. Click the Risks tab.
  2. On the navigation menu, select Simulation >Simulations.
  3. From the Actions menu, select New.
  4. Type a name for the simulation in the What do you want to name this simulation parameter.
  5. From the Which model do you want to base this on drop-down list, select the type of data you want to return. All existing topology models are listed. If you select Current Topology, then the simulation uses the current topology model.
  6. Choose one of the following options:

    Option

    Description

    Select Use Connection Data

    The simulation is based on connection and topology data.

    Clear Use Connection Data

    The simulation is only based on topology data.

    If your topology model does not include any data and you clear the Use Connection Data check box, the simulation does not return any results.

  7. From the Importance Factor list, select the level of importance you want to associate with this simulation.

    The Importance Factor is used to calculate the Risk Score. The range is 1 (low importance) to 10 (high importance). The default is 5.

  8. From the Where do you want the simulation to begin list, select an origin for the simulation.

    The chosen value determines the start point of the simulation. For example, the attack originates at a specific network. The selected simulation parameters are displayed in the Generate a simulation where window.

  9. Add simulation attack targets to the simulation test.
  10. Using the Which simulations do you want to include in the attack field, select the + sign beside the simulation you want to include.

    The simulation options are displayed in the Generate a simulation where window.

  11. From the Generate a simulation where window, click any underlined parameters to further configure simulation parameters.
  12. In the Run this simulation for menu, select the number of steps you want to run this simulation (1 - 5).
  13. In the steps menu, choose the schedule for running the simulation.
  14. In the groups area, select a check box for any group you want to assign this simulation.
  15. Click Save Simulation.

Editing a Simulation

You can edit simulations.

  1. Click the Risks tab.
  2. On the navigation menu, select Simulation >Simulations.
  3. Select the simulation definition you want to edit.
  4. From the Actions menu, select Edit.
  5. Update parameters, as necessary.

    For more information about the Simulation parameters, see Simulation testsYou can create simulations that are based on a series of rules that can be combined and configured..

  6. Click Save Simulation.

Duplicating a Simulation

You can duplicate simulations.

  1. Click the Risks tab.
  2. On the navigation menu, select Simulation >Simulations.
  3. Select the simulation you want to duplicate.
  4. From the Actions menu, select Duplicate.
  5. Type the name for the simulation.
  6. Click OK.

Deleting a Simulation

You can delete simulations.

  1. Click the Risks tab.
  2. On the navigation menu, select Simulation >Simulations.
  3. Select the simulation you want to delete.
  4. From the Actions menu, select Delete.
  5. Click OK.

Manually Running a Simulation

Use the Simulation Editor to manually run a simulation.

  1. Click the Risks tab.
  2. From the Actions menu, select Run Simulation.
  3. Click OK.

The simulation process can take an extended period of time. While the simulation is running, the Next Run column indicates the percentage complete. When complete, the Results column displays the simulation date and time.

If you run a simulation and then perform changes that affect the tests associated with the simulation, these changes might take up to an hour to display.