GreenLocalWork
Bases: LocalAction
An action for Green agents to do 'local work' on the host.
Consists of 3 parts:
-
Create a new process to represent user activity.
-
A low probability the work creates a false positive for Blue - fp_detection_rate
-
A low probability the work is from a phishing email, creating a red session - phishing_error_rate
Attributes:
| Name | Type | Description |
|---|---|---|
ip_address |
IPv4Address
|
the ip address of the host which the local work is happening on |
fp_detection_rate |
float
|
the decimal probability that a false positive is created for blue (0.0 <= value <= 1.0) |
phishing_error_rate |
float
|
the decimal probability that a PhishingEmail action is performed as a subaction (0.0 <= value <= 1.0) |
Functions
__init__
__init__(agent: str, session_id: int, ip_address: IPv4Address, fp_detection_rate: IPv4Address = 0.01, phishing_error_rate: IPv4Address = 0.01)
Initialisation of GreenLocalWork by setting class attributes.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
agent |
str
|
name of agent performing action |
required |
session_id |
int
|
State session id on the host |
required |
ip_address |
IPv4Address
|
ip address of the host |
required |
fp_detection_rate |
float
|
decimal probability that a false positive is created for blue (0.0 <= value <= 1.0, default = 0.01) |
0.01
|
phishing_error_rate |
float
|
decimal probability that a PhishingEmail action is performed as a subaction (0.0 <= value <= 1.0, default = 0.01) |
0.01
|
Raises:
| Type | Description |
|---|---|
ValueError
|
decimal probability value is not between 0.0 and 1.0 (inclusive) |
execute
Executes the functionality of the action on the state and produces a resulting observation.
The action execution consists of 3 parts:
-
User trys to access local service
- User attempts to access a service local to the host, that may have had its reliability degraded by red.
- If no services exist on host, action also fails
-
False alert
- There is a small chance (1% by default) that the process will create a false positive alert for a Velociraptor Client from Blues agents action.
-
User error
- low probability the local work is malicious by accident, causing a sub action PhishingEmail.
- if <1% by default, then this will add a session for the red agent
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
state |
State
|
state of simulation at current step |
required |
Returns:
| Name | Type | Description |
|---|---|---|
obs |
Observation
|
the observation produced by the action, with the success or failure of the action set within the object. |