WsfCyberEngagement

Navigation: Cyber Overview

WsfCyberEngagement

Overview

WsfCyberEngagement objects provide information about an active cyber engagement. Objects of this type are provided as an argument to various script methods within the cyber framework.

Warning

WsfCyberEngagement objects contain data about the most recent attack and scan against the victim by an attacker using a particular named attack. Subsequent attacks or scans will invalidate any data regarding previous attacks or scans with the exception of developed immunity of the victim platform. In addition, WsfCyberEngagement objects are destroyed if the victim platform is removed from the simulation.

General Methods

string Attacker()

Returns the name of the attacking platform.

WsfPlatform AttackerPlatform()

Returns a reference to the attacking platform.

string AttackType()

Returns the name of the cyber_attack type employed in the attack.

string Victim()

Returns the name of the victim platform.

WsfPlatform VictimPlatform()

Returns a reference to the victim platform.

Cancel Methods

To cancel a pending scan/attack see WsfSimulation.CyberScanCancel.

Attack Status Methods

These methods return detailed information about the engagement.

double TimeAttackInitiated()

Returns the time when the attack was initiated, or a large positive value (>1.0E+30) if an attack has not been initiated (e.g.: only a scan has been initiated.)

bool AttackStatus()

Returns true if the attack initiation was successful or false if not.

int ReportedAttackStatus()

TODO_CYBER

double AttackSuccessThreshold()

Returns the probability threshold for determining if an attack is successful.

double AttackSuccessDraw()

The random draw used for determining if an attack is successful.

These methods return detailed information about the engagement.

double StatusReportThreshold()

Returns the probability threshold for determining if a status report is successful.

double StatusReportDraw()

The random draw used for determining if a status report is successful.

double TimeAttackDiscovered()

The simulation time when the attack will be detected by the victim, or a very large value (> 1.0E+30) if the attack will not be detected.

double AttackDetectionThreshold()

Returns the probability threshold for determining if the victim can detect the attack.

double AttackDetectionDraw()

The random draw used for determining if the victim can detect the attack.

double TimeAttackRecovery()

The simulation time when the victim will recover from the attack, or a very large value (> 1.0E+30) if the victim will not recover from the attack.

double AttackRecoveryThreshold()

Returns the probability threshold for determining if the victim can recover from the attack.

double AttackRecoveryReportDraw()

The random draw used for determining if the victim can recover from the attack.

bool Recovery()

Returns if the victim platform will attempt to recover from an attack.

double AttackDeliveryDelayTime()

Returns the time required to simulate the delivery of a payload to the victim.

double AttackDetectionDelayTime()

Returns the time required for the victim to determine that is has been attacked.

double AttackRecoveryDelayTime()

Returns the time required for the victim to recover from an attack.

bool AttackSuccess()

Returns the success of the current attack against the victim. Will return false if an attack has not been initiated or is not completed.

bool AttackInProgress()

Returns true if an attack is currently in progress.

bool AttackInProgress()

Returns true if an attack is currently in progress.

int AttackFailureReason()

Returns an integer that indicates the reason for attack failure. These values are:

  • 0 for a random draw

  • 1 for victim immunity

  • 2 for an attack blocked by the victim detecting a previous scan

  • 3 for failing the user defined vulnerability script

  • 4 for no failure due never being attacked, or an attack still in progress