Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating a Topology Model

SUMMARY You can create a network model based on a series of modifications that can be combined and configured. By creating a network model, you can determine the effect of configuration changes on your network by using a simulation.

  1. Click the Risks tab.
  2. On the navigation menu, click Simulation > Topology Models
  3. From the Actions menu, select New.
  4. In the What do you want to name this model field, type a name for the model definition.
  5. In the Which modifications do you want to apply to your model pane, select the modifications that you want to apply to the topology to create your model.
  6. Configure the tests added to the Configure model as follows pane.

    The following table describes the test names and parameters that you can configure.

    Table 1: Configuring Topology Tests
    Test Name Parameters
    A rule is added to the selected devices that allows connections from source CIDRs to destination CIDRs on protocols, ports

    Configure the following parameters:

    devices - Specify the devices that you want to add to this rule. In the Customize Parameter window, select the All checkbox to include all devices, or you can search devices by using one of the following search criteria:

    IP/CIDR - Select the IP/CIDR option and specify the IP address or CIDR that you want to add this rule to.

    Hostname - Select the Hostname option and specify the hostname that you want to filter. To search for multiple hostnames, use a wildcard character (*) at the beginning or end of the string.

    Adapter - Select the Adapter option and use the menu to filter the device list by adapter.

    Vendor - Select the Vendor option and use the menu to filter the device list by vendor. You can also specify a model for the vendor. To search for multiple models, use a wildcard character (*) at the beginning or end of the string.

    allows | denies - Select the condition (accept or denied) for connections that you want this test to apply.

    CIDRs - Select any source IP addresses or CIDR ranges that you want to add to this rule.

    CIDRs - Select any destination IP addresses or CIDR ranges that you want to add to this rule.

    protocols - Specify the protocols that you want to add to this rule. To include all protocols, select the All checkbox.

    ports - Specify the ports that you want to add to this rule. To include all ports, select the All checkbox.
    A rule is added to the selected IPS devices that allows connections from source CIDRs to destination CIDRs with vulnerabilities

    Configure the following parameters:

    IPS devices - Specify the IPS devices that you want this topology model to include. To include all IPS devices, select the All checkbox.

    allows | denies - Specify the condition (accept or denied) for connections that you want this test to apply.

    CIDRs - Specify any source IP addresses or CIDR ranges that you want this topology model to include.

    CIDRs - Specify any destination IP addresses or CIDR ranges that you want this topology model to include.

    vulnerabilities - Specify the vulnerabilities that you want to apply to the topology model. You can search for vulnerabilities by using the Bugtraq ID, OSVDB ID, CVE ID, or title.
    The following assets allow connections to the selected ports

    Configure the following parameters:

    Assets - Specify the assets that you want this topology model to include.

    allow | deny - Specify the condition (allow or deny) for connections that you want this topology model to apply. The default is allow.

    ports - Specify the ports that you want this topology model to include. To include all ports, select the All checkbox.
    Assets in the following asset building blocks allow connections to ports

    Configure the following parameters:

    Assets building blocks - Specify the building blocks that you want this topology model to include.

    allow | deny - Specify the condition (allow or deny) that you want this topology model to apply. The default is allow.

    ports - Specify the ports that you want this topology model to include. To include all ports, select the All checkbox.
  7. When the test is displayed in the pane, the configurable parameters are underlined. Click each parameter to further configure this modification for your model. In the groups area, select the checkbox to assign groups to this question.
  8. Click Save Model.
You can edit, duplicate, and delete a topology model from the Actions menu.

Related Documentation