Auto Modeling Guide

The automation functionality is part of the Enterprise version of securiCAD.

securiCAD models or fractions of models can be generated via built-in parsers in the securiCAD Enterprise interface or generated programmatically using the securiCAD Model Builder SDK. This guide will show how to use the securiCAD Model Builder SDK by using a few pieces of python example code that will introduce the essential SDK functions needed for making your own parser.

The examples are located in the securiCADautomation package available upon request from foreseeti. Please contact us via support@foreseeti.com if you want to try it out yourself.

Testing connection

The helloWorld python script is mainly a connection test to the Model Builder SDK to make sure that the client certificate files are found by the script and that the login credentials (username, password and organization) are correct.

Enter the securiCADautomation/modeling directory and run the following command to check that all is in place.

PS C:\tmp2\securiCADautomation\modeling> python .\helloWorld.py -u givenUserName -p givenPassword -o givenOrganization -c ..\config\conf.ini
Supported Object Types: ['User', 'FContainer', 'Service', 'PhysicalZone', 'ZoneManagement', 'Protocol', 'VulnerabilityScanner', 'Host', 'Router', 'Attacker', 'Container', 'WebApplicationFirewall', 'Keystore', 'IDS', 'AccessControl', 'IPS', 'Firewall', 'SoftwareProduct', 'WebApplication', 'Datastore', 'Client', 'UserAccount', 'Dataflow', 'Network']
PS C:\tmp2\securiCADautomation\modeling>

The above script does not create a model but will authenticate to and use the Model Builder Service to fetch a list of supported object types.

If you see the above output, you are all set to start developing your own parser. (If not, please contact support@foreseeti.com.)

Getting started

We will first look at what the helloWorld.py test code looks like and then extend it to create our first modeling objects and connections.

helloWorld.py

The following code is the helloWorld test we were using for testing installation and connectivity.

#!/usr/bin/python
import lib.model as model_lib
import sys
sys.path.append('../config')
from commandLine import commandLineVariables
commandLine = commandLineVariables()

if __name__ == '__main__':
try:
currentModel = model_lib.Model(model_name=commandLine.model_name,
username=commandLine.username,
password=commandLine.password,
organization=commandLine.organization,
cacert=commandLine.cacert,
outputpath=commandLine.output,
configpath=commandLine.config)

# get_metaclasses returns all object types which can be instantiated
# e.g. Host, Network, Client etc
meta_classes = currentModel.builder_service.get_metaclasses()
print ("Supported Object Types: ",meta_classes)

except Exception as why:
print(why)
sys.exit(why)

Most of the above code shall not be touched when developing a parser since this is the minimum code required for communicating with the Model Builder Service.

The pink lines in the code is where we shall do our actual model creation operations and this is where the parser developer is expected to “do stuff”.

As you can see, the currentModel variable is declared early in the main routine. This is the object you will run subroutines/operations on when working with and populating your model. In the example above, the first pink line says currentModel.builder_service.get_metaclasses() where get_metaclasses is an operation available in builder_service which in turn is available via currentModel.

We will introduce more operations like this in this guide but they are all operations that you run on the resultingModel object.

Available object types

In the initial helloWorld.py test code, we already saw how to fetch a list of available object types from the Model Builder Service. They are as follows;

Network
Router
Firewall

Host
Client
Service
WebApplication
WebApplicationFirewall
SoftwareProduct

Dataflow
Protocol

Datastore
Keystore

AccessControl
UserAccount
User

VulnerabilityScanner
IDS
IPS
ZoneManagement

PhysicalZone
Container
FContainer

Attacker

Creating and connecting objects

Now, when we have confirmed that we have communication and authentication in place, it is time to create and connect our first modeling objects.

The following helloModel.py example is showing how to manually create a Network object, a Host object and then connect them. This is of course not something you often do when processing input data from an information source, but we start here for introducing the model creation and connection routines.

Running the example

To run this example, we need to provide some extra command line perameters; model name with the -m parameter and the output path with the -O parameter.

PS C:\tmp2\securiCADautomation\modeling> python .\helloModel.py -u  givenUserName -p givenPassword -o givenOrganization  -c ..\config\conf.ini -m helloModel -O .
PS C:\tmp2\securiCADautomation\modeling>

After running this example, we shall have a new file in the current directory; helloModel.sCAD containing objects and connections according to what we specified in our python script.

helloModel.py

#!/usr/bin/python
import lib.model as model_lib
import sys
sys.path.append('../config')
from commandLine import commandLineVariables
commandLine = commandLineVariables()

if __name__ == '__main__':
    try:
        currentModel = model_lib.Model(model_name=commandLine.model_name,
                                        username=commandLine.username,
                                        password=commandLine.password,
                                        organization=commandLine.organization,
                                        cacert=commandLine.cacert,
                                        outputpath=commandLine.output,
                                        configpath=commandLine.config)

        # Start with a network object.
        network_name = "172.17.1.0"
        network_object = currentModel.create_object(class_name='Network',
		                                     object_name=network_name)

        # Then add a host object.
        host_name = "Host A"
        host_object = currentModel.create_object(class_name='Host',
		                                  object_name=host_name)
		
        # Then connect the Host object to the Network object.
        currentModel.connect(network_object, host_object)

        # Finally, we need to save currentModel to an sCAD file.
        # This is also where the outputpath and name
        # command line parameters.
        currentModel.generate_model_file()

    except Exception as why:
        print(why)
        sys.exit(why)

Comments

Some comments on the highlighted lines in the above code;

  • The pink lines are the operations for creating modeling objects, or, actually adding objects to the currentModel model.
  • The dark pink words Network and Host are class names from the Available Object Types section above.
  • The yellow variables network_object and host_object are storing references to the newly created objects when the create_object operations are run in order to use them later on for connecting the objects.
  • The light blue line adds a connection between the network_object and host_object objects (actually references).
  • Finally, the green line stores the currentModel structure to disk in an sCAD file. Here, the location of the sCAD le is determined by the outputpath and the name command line parameters when running helloModel.py. Using outputpath=”.” works fine.

Output

For checking the model we just created, just open it in securiCAD Professional or Community Edition.

The model we just created doesn’t have any views in it yet. Therefore, begin with adding a new blank view and then pick the Network object from the Object Explorer list and drop it onto the canvas. Then, Show all connected objects shall present the Host object with name Host A’.

Our first model

Selecting connection types

For each of the objects above, there are object-specic connections depending on what other object you try to connect it to.

For instance, a Service object connects to a Host object using one of four connection types;

  • Non-Root Application execution
  • Root Application execution
  • Non-Root Shell execution
  • Root Shell execution

When connecting the Host to the Network in the helloModel.py example, we did not specify the connection type since there is only one type of connection between a Host and a Network.

Running the example

PS C:\tmp2\securiCADautomation\modeling> python .\helloService.py -u  givenUserName -p givenPassword -o givenOrganization  -c ..\config\conf.ini -m helloService -O .
PS C:\tmp2\securiCADautomation\modeling>

helloService.py

#!/usr/bin/python
import lib.model as model_lib
import sys
sys.path.append('../config')
from commandLine import commandLineVariables
commandLine = commandLineVariables()

if __name__ == '__main__':
    try:
        currentModel = model_lib.Model(model_name=commandLine.model_name,
										username=commandLine.username,
										password=commandLine.password,
										organization=commandLine.organization,
										cacert=commandLine.cacert,
										outputpath=commandLine.output,
										configpath=commandLine.config)

        # Start with the operations from helloModel.py.
        network_name = "172.17.1.0"
        network_object = currentModel.create_object(class_name='Network',
		                                            object_name=network_name)
        host_name = "Host A"
        host_object = currentModel.create_object(class_name="Host",
		                                         object_name=host_name)
        currentModel.connect(network_object, host_object)

		# Now we shall add a Service object to currentModel.
        service_name = "Service A.s01"
        service_type = "Non-Root Application execution"
        service_object = currentModel.create_object(class_name="Service",
                                                    object_name=service_name)
		
        # Then we connect it to the Host, selecting the service_type
        # type of connection.
        currentModel.connect(host_object, service_object, service_type)
													
        # Finally, we need to save currentModel to an sCAD file.
        currentModel.generate_model_file()

    except Exception as why:
        print(why)
        sys.exit(why)

Comments

The new parts in helloService.py compared to helloModel.py are related to selecting the connection type to use when connecting. This is in turn defining what type of service this is and how it is run, which in turn defines how useful it would be for an attacker to compromise it.

The currentModel.connect has in this case got a third parameter passed to it; service_type, which has a few lines earlier been set to Non-Root Application execution.

Output

Opening the resulting helloService.sCAD in securiCAD Professional or Community edition shall, after adding a new view, dropping the Network object to it and using Show All Connected Objects result in the following.

A Service connected as Non-Root Application execution

Available connection types

In the previous section, we were using Non-Root Authentication execution. This is a link name that needs to match a link name in securiLang.

When making connections between objects there are sometimes several types of connections to choose from and sometimes only one depending on what objects are about to be connected. If there is only one possible connection alternative, we don’t need to specify it. (Like when connecting the Network and the Host objects in the helloModel.py example.)

This, in addition to the fact that connections (provided that there are several to choose from) must be provided with their exact names, calls for a tool for looking up connection names while developing parsers.

Looking up connection types

The tool for looking up connection types is called connectionTypes.py and is run as follows.

PS C:\tmp2\securiCADautomation\modeling> python .\connectionTypes.py -u demoUser4711 -p givenPassword -o Demo -c ..\config\conf.ini --object Host
Showing connections for Host
Host connects to AccessControl via 'Authorization'
Host connects to Network via 'Connection'
Host connects to Service via 'Root Shell execution'
Host connects to Service via 'Root Application execution'
Host connects to Service via 'Non-Root Shell execution'
Host connects to Service via 'Non-Root Application execution'
Host connects to IDS via 'HIDS execution'
Host connects to PhysicalZone via 'Physical access'
Host connects to Client via 'Root Client execution'
Host connects to Client via 'Non-Root Client execution'
Host connects to VulnerabilityScanner via 'Authenticated scan'
Host connects to VulnerabilityScanner via 'Unauthenticated scan'
Host connects to VulnerabilityScanner via 'Excluded from scan'
Host connects to SoftwareProduct via 'Software properties'
Host connects to UnknownService via 'Unknown service execution'
Host connects to Keystore via 'Keystore execution'
Host connects to Datastore via 'Non-root user access'
Host connects to Datastore via 'Root user access'
PS C:\tmp2\securiCADautomation\modeling>

The connectionTypes.py tool takes one extra argument as input; the –object parameter. We will not dig in to how this is implemented, but it is very similar to helloWorld.py.

Setting defenses

Like when selecting connection what connection type to use, we can also set defense values to objects. This is useful when personalizing objects. For instance, all open source based hosts, services and clients shall be connected to SoftwareProduct objects where the defense SourceCodeSecret shall be set to 0. Any other defense can be adjusted.

Running the example

PS C:\tmp2\securiCADautomation\modeling> python .\helloDefenses.py -u  givenUserName -p givenPassword -o givenOrganization  -c ..\config\conf.ini -m helloDefenses -O .
PS C:\tmp2\securiCADautomation\modeling>

helloDefenses.py

#!/usr/bin/python
import lib.model as model_lib
import sys
sys.path.append('../config')
from commandLine import commandLineVariables
commandLine = commandLineVariables()

if __name__ == '__main__':
    try:
        currentModel = model_lib.Model(model_name=commandLine.model_name,
										username=commandLine.username,
										password=commandLine.password,
										organization=commandLine.organization,
										cacert=commandLine.cacert,
										outputpath=commandLine.output,
										configpath=commandLine.config)

        # Start with the operations from helloModel.py.
        network_name = "172.17.1.0"
        network_object = currentModel.create_object(class_name='Network',
		                                            object_name=network_name)
        host_name = "Host A"
        host_object = currentModel.create_object(class_name="Host",
		                                         object_name=host_name)
        currentModel.connect(network_object, host_object)

        service_name = "Service A.s01"
        service_type = "Non-Root Application execution"
        service_object = currentModel.create_object(class_name="Service",
                                                    object_name=service_name)
        currentModel.connect(host_object, service_object, service_type)

        software_name = "Linux Debian"
        software_object = currentModel.create_object(class_name="SoftwareProduct",
                                                     object_name=software_name)
        currentModel.connect(host_object, software_object)
		
		# Since we are considering an open source based software,
		# we shall set SecretSource to 0.
        currentModel.set_defense_evidence(software_object, 'SecretSource', 0.0)
		
        # Finally, we need to save currentModel to an sCAD file.
        currentModel.generate_model_file()

    except Exception as why:
        print(why)
        sys.exit(why)

Comments

The set_defense_evidence operation takes three parameters; the object name that shall be personalized, the defense that shall be adjusted and the defense value. The defense value can be set from zero to one where zero is false/0/disabled. Values in between are set with one decimal and using a . as comma sign, not a regular comma.

Output

When we open the helloDefenses.sCAD file and look at the defense properties of the SoftwareProduct we labeled Linux Debian, we will see that the value of SecretSource is not the default one but instead set to 0.0.

The SecretSource defense has been set to 0.0

Available defenses

The defenses must, like with available connections, match the securiLang defense names. They can all be set to values between 0.0 and 1.0.

The tool for looking up defense names is called defenseNames.py and is run as follows.

PS C:\tmp2\securiCADautomation\modeling> python .\defenseNames.py -u  givenUserName -p givenPassword -o givenOrganization  -c ..\config\conf.ini --object Host
Defenses for object type Host are;
ASLR with the default value of 1.0.
AntiMalware with the default value of 0.0.
DEP with the default value of 1.0.
Hardened with the default value of 0.0.
HostFirewall with the default value of 0.0.
Patched with the default value of 0.5.
ProperlyConfigured with the default value of 1.0.
StaticARPTables with the default value of 0.0.
PS C:\tmp2\securiCADautomation\modeling>

The defenseNames.py tool takes one extra argument as input; the –object parameter. We will not dig in to how this is implemented, but it is very similar to helloWorld.py.

XML parsing

So far our examples have been adding hard coded objects to create models. This is of course not very common when making parsers to create models based on dierent input sources. Data coming from scanners, inventory systems and similar sources is very often structured in XML format. Therefore, we want to include a short XML parsing section here even though it is not, strictly speaking, model building.

This section covers how to create a model from a very small XML le dening a simple architecture with some network zones, a couple of hosts and some services.

The model building operations, creating and connecting objects, have already been covered so this part of this guide is mainly about how to use XML as input.

helloXMLinput.xml

The helloXMLinput.xml le holds the XML data used as input.

<?xml version="1.0"?>
<architecture>
    <network name="Office">
		<host name="Work Station 1" ip="">
			<service name="ssh" port="22"/>
		</host>
    </network>
    <network name="Staging">
		<host name="Staging Server 1" ip="">
			<service name="ssh" port="22"/>
			<service name="bind" port="53"/>
			<service name="nginx" port="443"/>
		</host>
    </network>
    <network name="Prod">
		<host name="Prod Server 1" ip="">
			<service name="ssh" port="22"/>
			<service name="mysql" port="3306"/>
		</host>
		<host name="Prod Server 2" ip="">
			<service name="ssh" port="22"/>
			<service name="http" port="80"/>
		</host>
    </network>
</architecture>

helloXML.py

The helloXML.py script does not create any model but instead only contain a nested structure for accessing the data in the helloXMLinput.xml example. In other words, on each line where there is a print operation, a modeling object should most probably be created and connected.

#!/usr/bin/python

import xml.etree.ElementTree as ET
tree = ET.parse('helloXML.xml')
root = tree.getroot()

for network in root.findall('network'):
    networkName = network.get('name')
    print ("Found NW:",networkName)
    for host in network.findall('host'):
        hostName = host.get('name')
        hostIP = host.get('ip')
        print (hostName,"belongs to",networkName)
        for service in host.findall('service'):
            serviceName = service.get('name')
            servicePort = service.get('port')
            print ("The service",serviceName,"running on port",servicePort,"is run by",hostName)

The expected output is;

PS C:\tmp2\securiCADautomation\modeling> python .\helloXML.py
Found NW: Office
Work Station 1 belongs to Office
The service ssh running on port 22 is run by Work Station 1
Found NW: Staging
Staging Server 1 belongs to Staging
The service ssh running on port 22 is run by Staging Server 1
The service bind running on port 53 is run by Staging Server 1
The service nginx running on port 443 is run by Staging Server 1
Found NW: Prod
Prod Server 1 belongs to Prod
The service ssh running on port 22 is run by Prod Server 1
The service mysql running on port 3306 is run by Prod Server 1
Prod Server 2 belongs to Prod
The service ssh running on port 22 is run by Prod Server 2
The service http running on port 80 is run by Prod Server 2
PS C:\tmp2\securiCADautomation\modeling>

helloXMLmodel.py

This script is mainly a combination of our previous example scripts and the above XML example.

#!/usr/bin/python
import lib.model as model_lib
import sys
sys.path.append('../config')
from commandLine import commandLineVariables
commandLine = commandLineVariables()

import xml.etree.ElementTree as ET
tree = ET.parse('helloXML.xml')
root = tree.getroot()

if __name__ == '__main__':
    try:
        currentModel = model_lib.Model(model_name=commandLine.model_name,
										username=commandLine.username,
										password=commandLine.password,
										organization=commandLine.organization,
										cacert=commandLine.cacert,
										outputpath=commandLine.output,
										configpath=commandLine.config)

        # Start reading the XML input.
        for network in root.findall('network'):
            networkName = network.get('name')
            print ("Found NW:",networkName)
            networkObject = currentModel.create_object(class_name='Network',
                                                       object_name=networkName)
            for host in network.findall('host'):
                hostName = host.get('name')
                hostIP = host.get('ip')
                print (hostName,"belongs to",networkName)
                hostObject = currentModel.create_object(class_name="Host",
                                                        object_name=hostName)
                currentModel.connect(networkObject, hostObject)
                for service in host.findall('service'):
                    serviceName = service.get('name')
                    servicePort = service.get('port')
                    print ("The service",serviceName,
                           "running on port",servicePort,
                           "is run by",hostName)
                    serviceObject = currentModel.create_object(class_name="Service",
                                                               object_name=serviceName)
                    serviceType = "Non-Root Application execution"
                    currentModel.connect(hostObject, serviceObject, serviceType)

        # Finally, we need to save currentModel to an sCAD file.
		# This is also where the outputpath and name
		# command line parameters.
        currentModel.generate_model_file()

    except Exception as why:
        print(why)
        sys.exit(why)

		
for network in root.findall('network'):
    networkName = network.get('name')
    print ("Found NW:",networkName)
    for host in network.findall('host'):
        hostName = host.get('name')
        hostIP = host.get('ip')
        print (hostName,"belongs to",networkName)
        for service in host.findall('service'):
            serviceName = service.get('name')
            servicePort = service.get('port')
            print ("The service",serviceName,"running on port",servicePort,"is run by",hostName)

Testing and expected output

PS C:\tmp2\securiCADautomation\modeling> python .\helloXMLmodel.py -u givenUserName -p givenPassword -o givenOrganization -c ..\config\conf.ini -m helloXMLmodel -O .
Found NW: Office
Work Station 1 belongs to Office
The service ssh running on port 22 is run by Work Station 1
Found NW: Staging
Staging Server 1 belongs to Staging
The service ssh running on port 22 is run by Staging Server 1
The service bind running on port 53 is run by Staging Server 1
The service nginx running on port 443 is run by Staging Server 1
Found NW: Prod
Prod Server 1 belongs to Prod
The service ssh running on port 22 is run by Prod Server 1
The service mysql running on port 3306 is run by Prod Server 1
Prod Server 2 belongs to Prod
The service ssh running on port 22 is run by Prod Server 2
The service http running on port 80 is run by Prod Server 2
Found NW: Office
Work Station 1 belongs to Office
The service ssh running on port 22 is run by Work Station 1
Found NW: Staging
Staging Server 1 belongs to Staging
The service ssh running on port 22 is run by Staging Server 1
The service bind running on port 53 is run by Staging Server 1
The service nginx running on port 443 is run by Staging Server 1
Found NW: Prod
Prod Server 1 belongs to Prod
The service ssh running on port 22 is run by Prod Server 1
The service mysql running on port 3306 is run by Prod Server 1
Prod Server 2 belongs to Prod
The service ssh running on port 22 is run by Prod Server 2
The service http running on port 80 is run by Prod Server 2
PS C:\tmp2\securiCADautomation\modeling>

Output

A fraction of the resulting model;

A fraction of the helloXMLmodel

Book a Demo

Please don’t hesitate to request a personal demo if you have questions around this process, the scripts or how to use it.

Appendix: Objects, Connection Types and Defenses

Network

Connections

Network connects to Host via 'Connection'
Network connects to Router via 'Connection' 
Network connects to PhysicalZone via 'Physical access' 
Network connects to VulnerabilityScanner via 'Authenticated scan' 
Network connects to VulnerabilityScanner via 'Unauthenticated scan' 
Network connects to ZoneManagement via 'Management status' 
Network connects to Dataflow via 'Communication' 
Network connects to Router via 'Administration' 
Network connects to Service via 'Network exposure' 
Network connects to UnknownService via 'Network exposure (unknown service)'

Defenses

Defenses for object type Network are;
DNSSec with the default value of false.
PortSecurity with the default value of false.
StaticARPTables with the default value of false.

Router

Connections

Router connects to Network via 'Connection'
Router connects to Firewall via 'Firewall execution'
Router connects to IDS via 'NIDS execution'
Router connects to Dataflow via 'Communication'
Router connects to AccessControl via 'Authorization'
Router connects to Network via 'Administration'
Router connects to IPS via 'IPS execution'

Defenses

Router has no defenses.

Firewall

Connections

Firewall connects to Router via 'Firewall execution'
Firewall connects to Dataflow via 'Permission'

Defenses

Defenses for object type Firewall are;
Enabled with the default value of false.
KnownRuleSet with the default value of false.

Host

Connections

Host connects to AccessControl via 'Authorization'
Host connects to Network via 'Connection'
Host connects to Service via 'Root Shell execution'
Host connects to Service via 'Root Application execution'
Host connects to Service via 'Non-Root Shell execution'
Host connects to Service via 'Non-Root Application execution'
Host connects to IDS via 'HIDS execution'
Host connects to PhysicalZone via 'Physical access'
Host connects to Client via 'Root Client execution'
Host connects to Client via 'Non-Root Client execution'
Host connects to VulnerabilityScanner via 'Authenticated scan'
Host connects to VulnerabilityScanner via 'Unauthenticated scan'
Host connects to VulnerabilityScanner via 'Excluded from scan'
Host connects to SoftwareProduct via 'Software properties'
Host connects to UnknownService via 'Unknown service execution'
Host connects to Keystore via 'Keystore execution'
Host connects to Datastore via 'Non-root user access'
Host connects to Datastore via 'Root user access'

Defenses

Defenses for object type Host are;
ASLR with the default value of false.
AntiMalware with the default value of false.
DEP with the default value of false.
Hardened with the default value of false.
HostFirewall with the default value of false.
Patched with the default value of false.
StaticARPTables with the default value of false.

Client

Connections

Client connects to Dataflow via 'Communication'
Client connects to Host via 'Root Client execution'
Client connects to Host via 'Non-Root Client execution'
Client connects to SoftwareProduct via 'Software properties'
Client connects to Keystore via 'Keystore execution'
Client connects to Datastore via 'Non-root user access'
Client connects to Datastore via 'Root user access'

Defenses

Defenses for object type Client are;
Patched with the default value of false.

Service

Connections

Service connects to AccessControl via 'Authorization'
Service connects to Dataflow via 'Communication'
Service connects to Host via 'Root Shell execution'
Service connects to Host via 'Root Application execution'
Service connects to Host via 'Non-Root Shell execution'
Service connects to Host via 'Non-Root Application execution'
Service connects to WebApplication via 'Web service execution'
Service connects to SoftwareProduct via 'Software properties'
Service connects to Network via 'Network exposure'
Service connects to Keystore via 'Keystore execution'
Service connects to Datastore via 'Non-root user access'
Service connects to Datastore via 'Root user access'

Defenses

Defenses for object type Service are;
Patched with the default value of false.

WebApplication

Connections

WebApplication connects to Service via 'Web service execution'
WebApplication connects to Datastore via 'WebApplication'
WebApplication connects to WebApplicationFirewall via 'Firewall execution'
WebApplication connects to Keystore via 'Keystore execution'

Defenses

Defenses for object type WebApplication are;
BlackBoxTesting with the default value of false.
NoPublicCIVulnerabilities with the default value of false.
NoPublicRFIVulnerabilities with the default value of false.
NoPublicSQLIVulnerabilities with the default value of false.
NoPublicXSSVulnerabilities with the default value of false.
SecurityAwareDevelopers with the default value of false.
StaticCodeAnalysis with the default value of false.
TypeSafeAPI with the default value of false.

WebApplicationFirewall

Connections

WebApplicationFirewall connects to WebApplication via 'Firewall execution'

Defenses

Defenses for object type WebApplicationFirewall are;
BlackBoxTuned with the default value of false.
Enabled with the default value of false.
ExpertTuned with the default value of false.
Monitored with the default value of false.
TuningEffort with the default value of false.

SoftwareProduct

Connections

SoftwareProduct connects to Host via 'Software properties'
SoftwareProduct connects to Service via 'Software properties'
SoftwareProduct connects to Client via 'Software properties'

Defenses

Defenses for object type SoftwareProduct are;
HasVendorSupport with the default value of false.
NoPatchableVulnerability with the default value of false.
NoUnpatchableVulnerability with the default value of false.
SafeLanguages with the default value of false.
Scrutinized with the default value of false.
SecretBinary with the default value of false.
SecretSource with the default value of false.
StaticCodeAnalysis with the default value of false.

Dataflow

Connections

Dataflow connects to Client via 'Communication'
Dataflow connects to Service via 'Communication'
Dataflow connects to Router via 'Communication'
Dataflow connects to Protocol via 'Protocol status'
Dataflow connects to Network via 'Communication'
Dataflow connects to Datastore via 'Communication'
Dataflow connects to IPS via 'Protection'
Dataflow connects to IDS via 'Protection'
Dataflow connects to Firewall via 'Permission'
Dataflow connects to Keystore via 'Authentication'

Defenses

There are no defenses to a Dataflow. (They comes with the connected Protocol object instead.)

Protocol

Connections

Protocol connects to Dataflow via 'Protocol status'

Defenses

Defenses for object type Protocol are;
Authenticated with the default value of false.
Encrypted with the default value of false.
Nonce with the default value of false.

Datastore

Connections

Datastore connects to Host via 'Root user access'
Datastore connects to Client via 'Root user access'
Datastore connects to Service via 'Root user access'
Datastore connects to Host via 'Non-root user access'
Datastore connects to Client via 'Non-root user access'
Datastore connects to Service via 'Non-root user access'
Datastore connects to Dataflow via 'Communication'
Datastore connects to WebApplication via 'WebApplication'
Datastore connects to Keystore via 'Authentication'

Defenses

Defenses for object type Datastore are;
Encrypted with the default value of false.

Keystore

Connections

Keystore connects to Host via 'Keystore execution'
Keystore connects to Client via 'Keystore execution'
Keystore connects to Service via 'Keystore execution'
Keystore connects to WebApplication via 'Keystore execution'
Keystore connects to Dataflow via 'Authentication'
Keystore connects to Datastore via 'Authentication'
Keystore connects to UserAccount via 'Authentication'
Keystore connects to User via 'Obtainable credentials'
Keystore connects to PhysicalZone via 'Credential storage'

Defenses

Defenses for object type Keystore are;
Encrypted with the default value of false.

AccessControl

Connections

AccessControl connects to Host via 'Authorization'
AccessControl connects to Router via 'Authorization'
AccessControl connects to UserAccount via 'Root Authorization'
AccessControl connects to Service via 'Authorization'
AccessControl connects to UserAccount via 'Non-Root Authorization'

Defenses

Defenses for object type AccessControl are;
Backoff with the default value of false.
Enabled with the default value of false.
HashedPasswordRepository with the default value of false.
NoDefaultPasswords with the default value of false.
PasswordPolicyEnforcement with the default value of false.
Salting with the default value of false.

UserAccount

Connections

UserAccount connects to AccessControl via 'Root Authorization'
UserAccount connects to AccessControl via 'Non-Root Authorization'
UserAccount connects to User via 'Authentication'
UserAccount connects to Keystore via 'Authentication'

Defenses

Defenses for object type UserAccount are;
MFA with the default value of false.

User

Connections

User connects to UserAccount via 'Authentication'
User connects to Keystore via 'Obtainable credentials'

Defenses

Defenses for object type User are;
SecurityAware with the default value of false.

VulnerabilityScanner

Connections

VulnerabilityScanner connects to Network via 'Unauthenticated scan'
VulnerabilityScanner connects to Network via 'Authenticated scan'
VulnerabilityScanner connects to Host via 'Authenticated scan'
VulnerabilityScanner connects to Host via 'Unauthenticated scan'
VulnerabilityScanner connects to Host via 'Excluded from scan'

Defenses

Defenses for object type VulnerabilityScanner are;
Enabled with the default value of false.

IDS

Connections

IDS connects to Host via 'HIDS execution'
IDS connects to Router via 'NIDS execution'
IDS connects to Dataflow via 'Protection'

Defenses

Defenses for object type IDS are;
Enabled with the default value of false.
Tuned with the default value of false.
Updated with the default value of false.

IPS

Connections

IPS connects to Router via 'IPS execution'
IPS connects to Dataflow via 'Protection'

Defenses

Defenses for object type IPS are;
Enabled with the default value of false.

ZoneManagement

Connections

ZoneManagement connects to Network via 'Management status'

Defenses

Defenses for object type ZoneManagement are;
AntiMalwarePolicy with the default value of false.
ChangeControl with the default value of false.
HostFirewall with the default value of false.
PatchManagement with the default value of false.

PhysicalZone

Connections

PhysicalZone connects to Host via 'Physical access'
PhysicalZone connects to Network via 'Physical access'
PhysicalZone connects to Keystore via 'Credential storage'

Defenses

There are no defenses to a PhysicalZone object.

Container and FContainer

The Container and FContainer objects are not securiLang/modeling objects with attack steps and defenses like with the others but are instead intended for model visibility in the securiCAD software.

Attacker

The Attacker object connects to any attack step in any modeling object, stating that this is the Attacker’s assumed starting/entry point.