List of BlackNoise scenarios that can be used to create an attack campaign.
A scenario is a sequence of events that emulates a series of actions carried out by an attacker. A scenario can replicate a complete Attack Pattern or a limited set of adversary behaviors (APT, data breach, ransomware, etc.).
This sketch cannot currently be displayed in exports
Each scenario is by default represented as a card with the following information:
Name of the scenario
Number of events included in the scenario
Description
Prerequisites
Scenario last update and version
At the top of the cards, a status indicates whether the scenario has been created (New) or updated (Updated) recently. Icons also specify the environments covered by the scenario (network, windows, linux or macos).
A pill also specifies the format of the scenario:
full: The scenario reproduces all or part of a Kill Chain, with a sequence of events associated with different Tactics from MITRE ATT&CK
focused: The scenario has fewer events, centered on a common tactic or approach, but allows for more varied technical implementations.
The Create attack campaign button allows you to create a simulation based on the chosen scenario.
By clicking on the name of a scenario or the "i" button, you can view all details including the full description ("Details" tab) and the list of the events that make up the scenario ("Events" tab), as shown in the example below:
This sketch cannot currently be displayed in exports
Hovering over an event will also display its description. The description clearly states the technical requirements needed to carry out the scenario. This includes the types of accounts and the right targets.
To facilitate the operation of the scenarios list, several features are available:
Application of filters: format (full / focused), environment (network, windows, linux or macos), MITRE ATT&CK Tactic, state, last update, risk category
Search field
Shortcut to filter by technical environment (with network, windows, linux, macos icons)
Display of events in card or table form
Please be aware that the number of events executed in a campaign is determined by the number of Target Systems defined in the campaign perimeter. Each system event will be executed for each Target System.