Added the scenarios page, and finished the Security Report page

This commit is contained in:
Shay Nehmad 2020-07-09 18:31:17 +03:00
parent 94540b9c18
commit 896c60fcdb
15 changed files with 88 additions and 5 deletions

View File

@ -4,6 +4,10 @@ date: 2020-06-24T21:17:18+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
Watch an overview video:

View File

@ -4,22 +4,94 @@ date: 2020-06-24T21:16:10+03:00
draft: false
---
The report is split into 3 categories:
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Monkey's Security Report is built to provide you with actionable recommendations and insight to the Attacker's view of your network. You can download a PDF of this example report:
{{%attachments title="Download the PDF" pattern=".*(pdf)"/%}}
The report is split into 3 main categories: "Overview", "Recommendations" and "The network from the Monkey's eyes".
- [Overview](#overview)
- [High level information](#high-level-information)
- [Used Credentials](#used-credentials)
- [Exploits and targets](#exploits-and-targets)
- [Security Findings](#security-findings)
- [Recommendations](#recommendations)
- [Machine related recommendations relating to specific CVEs](#machine-related-recommendations-relating-to-specific-cves)
- [Machine related recommendations relating to network security and segmentation](#machine-related-recommendations-relating-to-network-security-and-segmentation)
- [The network from the Monkey's eyes](#the-network-from-the-monkeys-eyes)
- [Network infection map](#network-infection-map)
- [Scanned servers](#scanned-servers)
- [Exploits and post-breach actions](#exploits-and-post-breach-actions)
- [Stolen Credentials](#stolen-credentials)
## Overview
The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
- [ ] TODO add screenshot
### High level information
The report starts with information about the execution, including how long the simulation took and from which machine the infection started from.
![Overview](/images/usage/reports/sec_report_1_overview.png "Overview")
### Used Credentials
The report will show which credentials were used for brute-forcing.
![Used Credentials](/images/usage/reports/sec_report_2_users_passwords.png "Used Credentials")
### Exploits and targets
The report shows which exploits were attempted in this simulation and which targets the Monkey scanned and tried to exploit.
![Exploits and Targets](/images/usage/reports/sec_report_3_exploits_ips.png "Exploits and Targets")
### Security Findings
The report highlights the most important security threats and issues the Monkey discovered during the attack.
![Threats and issues](/images/usage/reports/sec_report_4_threats_and_issues.png "Threats and issues")
## Recommendations
This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
- [ ] TODO add screenshot
### Machine related recommendations relating to specific CVEs
![Machine related recommendations](/images/usage/reports/sec_report_5_machine_related.png "Machine related recommendations")
### Machine related recommendations relating to network security and segmentation
![Machine related recommendations](/images/usage/reports/sec_report_6_machine_related_network.png "Machine related recommendations")
## The network from the Monkey's eyes
This section contains the Infection Map and some summary tables on servers the Monkey has found.
- [ ] TODO add screenshot
### Network infection map
This part shows the network map and a breakdown of how many machines were breached.
![Network map](/images/usage/reports/sec_report_7_network_map.png "Network map")
### Scanned servers
This part shows the attack surface the Monkey has found.
![Scanned servers](/images/usage/reports/sec_report_8_network_services.png "Scanned servers")
### Exploits and post-breach actions
This part shows which exploits and Post Breach Actions the Monkey has performed in this simulation.
![Exploits and PBAs](/images/usage/reports/sec_report_9_exploits_pbas.png "Exploits and PBAs")
### Stolen Credentials
This part shows which credentials the Monkey was able to steal from breached machines in this simulation.
![Stolen creds](/images/usage/reports/sec_report_10_stolen_credentials.png "Stolen creds")

View File

@ -4,6 +4,10 @@ date: 2020-06-24T21:16:18+03:00
draft: false
---
{{% notice info %}}
Check out [the documentation for the other reports as well](../).
{{% /notice %}}
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
## Summary

View File

@ -1,9 +1,10 @@
---
title: "Scenarios"
date: 2020-05-26T21:01:19+03:00
draft: true
draft: false
weight: 2
tags: ["usage"]
pre: "<i class='fas fa-map-marked-alt'></i> "
---
In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.
@ -52,6 +53,8 @@ To simulate the damage from a successful phishing attack using the Infection Mon
- You can configure these credentials for the Monkey as follows:
From the **“Basic - Credentials”** tab of the Islands configuration, under the **“Exploit password list”** press the + button and add the passwords you would like the Monkey to use. Do the same with usernames in the **“Exploit user list”**.
![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
After supplying the Monkey with the passwords and usernames, execute the Monkey from the simulated “victim” machines. To do this, click “**2. Run Monkey**” from the left sidebar menu and choose “**Run on machine of your choice**”.
## You want to test your network segmentation

Binary file not shown.

After

Width:  |  Height:  |  Size: 135 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 114 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 122 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 99 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 73 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 147 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 138 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 115 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 144 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 137 KiB