Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Simulation Tests

SUMMARY Simulation tests can be configured to ensure that JSA Risk Manager is functioning properly to detect risks.

Parameters that can be configured for simulation tests are underlined. The following table describes the simulation tests that you can configure.

Table 1: Simulation Tests
Test Name Description Parameters
Attack targets one of the following IP addresses Simulates attacks against specific IP addresses or CIDR ranges. Configure the IP addresses parameter to specify the IP address or CIDR ranges to which you want this simulation to apply.
Attack targets one of the following networks Simulates attacks that target networks that are a member of one or more defined network locations. Configure the networks parameter to specify the networks to which you want this simulation to apply.
Attack targets one of the following asset building blocks Simulates attacks that target one or more defined asset building blocks. Configure the asset building blocks parameters to specify the asset building blocks to which you want this simulation to apply.
Attack targets one of the following reference sets Simulates attacks that target one or defined reference sets. Configure the reference sets parameters to specify the reference sets to which you want this simulation to apply.
Attack targets a vulnerability on one of the following ports using protocols Simulates attacks that target a vulnerability on one or more defined ports.

Configure the following parameters:

Open Ports - Specify the ports that you want this simulation to consider.

Protocols - Specify the protocol that you want this simulation to consider.

Attack targets assets susceptible to one of the following vulnerabilities Simulates attacks that target assets that are susceptible to one or more defined vulnerabilities. Configure the vulnerabilities parameter to identify the vulnerabilities that want this test to apply. You can search for vulnerabilities in OSVDB ID, Bugtraq ID, CVE ID, or title.
Attack targets assets susceptible to vulnerabilities with one of the following classifications Simulates attacks that target an asset that is susceptible to vulnerabilities for one or more defined classifications. Configure the classifications parameter to identify the vulnerability classifications. For example, a vulnerability classification might be Input Manipulation or Denial of Service.
Attack targets assets susceptible to vulnerabilities with CVSS score greater than 5

A Common Vulnerability Scoring System (CVSS) value is an industry standard for assessing the severity of vulnerabilities. This simulation filters assets in your network that include the configured CVSS value.

Simulates attacks that target an asset that is susceptible to vulnerabilities with a CVSS score greater than 5.

Click Greater Than 5, and then select an operator. The default operator is greater than 5
Attack targets assets susceptible to vulnerabilities disclosed after this date Simulates attacks that target an asset that is susceptible to vulnerabilities discovered before, after, or on the configured date.

Configure the following parameters:

before | after | on - Specify whether you want the simulation to consider the disclosed vulnerabilities to be after, before, or on the configured date on assets. The default is before.

this date - Specify the date that you want this simulation to consider.

Attack targets assets susceptible to vulnerabilities where the name, vendor, version or service contains one of the following text entries Simulates attacks that target an asset that is susceptible to vulnerabilities that match the asset name, vendor, version, or service based one or more text entries. Configure the text entries parameter to identify the asset name, vendor, version, or service you want this simulation to consider.
Attack targets assets susceptible to vulnerabilities where the name, vendor, version or service contains one of the following regular expressions Simulates attacks that target an asset that is susceptible to vulnerabilities that match the asset name, vendor, version, or service, which is based one or more regular expressions. Configure the regular expressions parameter to identify the asset name, vendor, version, or service you want this simulation to consider.

The following contributing tests are deprecated and hidden in the Policy Monitor:

  • attack targets a vulnerability on one of the following operating systems
  • attack targets assets susceptible to vulnerabilities from one of the following vendors
  • attack targets assets susceptible to vulnerabilities from one of the following products

The deprecated contributing tests are replaced by other tests.