You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md
+17-14Lines changed: 17 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,31 +7,35 @@ ms.topic: how-to
7
7
8
8
# Create attack vector reports
9
9
10
-
Attack vector reports provide a graphical representation of a vulnerability chain of exploitable devices. These vulnerabilities can give an attacker access to key network devices. The Attack Vector Simulator calculates attack vectors in real time and analyzes all attack vectors for a specific target.
10
+
Attack vector reports show a chain of vulnerable devices in a specified attack path. Simulate an attack on a specific target in your network to discover vulnerable devices and analyze attack vectors in real time.
11
+
12
+
Attack vector reports can also help evaluate mitigation activities to ensure that you're taking all required steps to reduce the risk to your network. For example, use an attack vector report to understand whether a system upgrade would disrupt the attacker's path, or if an alternate attack path still remains.
11
13
12
14
## Prerequisites
13
15
14
16
You must be an **Admin** or **Security Analyst** user to create an attack vector report.
15
17
16
18
## Generate an attack vector simulation
17
19
20
+
21
+
Generate an attack vector simulation so that you can view the resulting report.
22
+
18
23
**To generate an attack vector simulation:**
19
24
20
-
1. Select **Attack vector** from the sensor side menu.
21
-
1. Select **Add simulation**.
22
-
1. Enter simulation properties:
25
+
1. Sign into the sensor console and select **Attack vector** on the left.
26
+
1. Select **Add simulation** and enter the following values:
23
27
24
28
| Property | Description |
25
29
|---------|---------|
26
30
|**Name**| Simulation name |
27
-
|**Maximum vectors**| The maximum number of vectors in a single simulation. |
28
-
|**Show in Device map**|Show the attack vector as a group in the Device map. |
29
-
|**All Source devices**|The attack vector will consider all devices as an attack source. |
30
-
|**Attack Source**|The attack vector will consider only the specified devices as an attack source.|
31
-
|**All Target devices**|The attack vector will consider all devices as an attack target. |
32
-
|**Attack Target**|The attack vector will consider only the specified devices as an attack target.|
33
-
|**Exclude devices**|Specified devices will be excluded from the attack vector simulation.|
34
-
|**Exclude Subnets**|Specified subnets will be excluded from the attack vector simulation.|
31
+
|**Maximum Vectors**| The maximum number of attack vectors you want to include in the simulation. |
32
+
|**Show in Device Map**|Select to show the attack vector as a group in the **Device map**. |
33
+
|**Show All Source Devices**|Select to consider all devices as a possible attack source. |
34
+
|**Attack Source**|Shown only, and required, if the **Show All Source Devices** option is toggled off. Select one or more devices to consider as the attack source.|
35
+
|**Show All Target Devices**|Select to consider all devices as possible attack targets.|
36
+
|**Attack Target**|Shown only, and required, if the **Show All Target Devices** option is toggled off. Select one or more devices to consider as the attack target.|
37
+
|**Exclude Devices**|Select one or more devices to exclude from the attack vector simulation.|
38
+
|**Exclude Subnets**|Select one or more subnets to exclude from the attack vector simulation.|
35
39
36
40
1. Select **Save**.
37
41
@@ -48,9 +52,8 @@ You can use the report that is saved from the Attack vector page to review:
48
52
49
53
## Next steps
50
54
51
-
Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can now determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities.
52
55
53
-
For more information, see:
56
+
Continue creating other reports for more security data from your OT sensor. For more information, see:
0 commit comments