#
Operations
Operations are the core of the Breach and Attack Simulation platform. Each operation can have a number of procedures selected, and based on that selection, the user can run these procedures and then view the results.
The Operations table contains a full list of all the available operations. By clicking on the row of an Operation, you will be brought to the Workspace for that Operation. By clicking on the play button on the right-hand side you will be brought to the Run page for that Operation.
#
All Procedures Operation
Be default, an operation called All Procedures is created. This operation contains all current, as well as future, procedures. This procedure will be utilized in the initial assessment by NetSPI to provide a baseline.
#
Creating an Operation
There are several places where you can navigate to the Create Operation page. For instance, on the Homepage if you click on the Create Operation button, you will be brought to the Create Operations Page.
To create an operation:
- Enter a name for your operation
- Select the operation type, either Interactive or Scheduled
- Interactive Operations are run ad-hoc at the user's discretion. Interactive Operations will not run at any set interval and provide you with the ability to continually run and re-run your Playbooks and Procedures wherever appropriate.
- Scheduled Operations enable you to run Playbooks at consistent intervals. You are able to configure the recurrence of the schedule including "Daily, Monthly, or Yearly" at a specific time.
- Select the procedures you would like the Operation to be scoped to
- You can search for procedures or group the tree view by Tactics, Tags, or Playbooks; making it easy to select the Procedures that are most suited for your Operation.
- By clicking on a Procedure you can see the details and settings on the right and modify them as needed.
#
Editing an Operation
Editing an Operation is just as easy as creating one. Simply go to the Run page of an Operation and click on the edit icon in the upper right-hand corner.
From here you can:
- Change the name of the Operation
- Delete the Operation
- Select or deselect Procedures
#
Operation Centered Navigation
Once you have selected an Operation, you will be brough to an Operation centered Workspace. At the top of the screen in the left-hand corner you can see what Operation is currently selected. By clicking on the arrow next to the Operation you can:
- Switch to another Operation
- Create a new Operation
- View Operations grid
While in your selected Operation you have a couple of pages that are specifically scoped to the operation (you can find more detail on each of these pages in their specific help pages):
- Workspace: The Workspace is designed to provide insights in to your current detective control coverage. It helps you learn about, test, measure, and track all the tactics, techniques, and procedures associated with your Operation.
- Run: The Run page is where you can configure and run Operations, dig into Procedure output, and review Procedure history.
- Timeline: The Timeline Dashboard is designed to help you track your detective control coverage for an Operation over time. Here you can see where you have gotten better and worse.
- Heatmap: The Heatmap Dashboard is designed to present the tactics, techniques, and procedures associated with your Operation in the context of a more traditional MITRE ATT&CK heatmap format.
You can visit these pages by either navigating to them through the left menu or the top menu.