-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathnetsecenv_conf_new_ips_1.yaml
More file actions
123 lines (119 loc) · 5.64 KB
/
netsecenv_conf_new_ips_1.yaml
File metadata and controls
123 lines (119 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Configuration file for the NetSecGame environment
coordinator:
# Define the conf for all the 'attacker' agents.
agents:
Attacker:
max_steps: 100
goal:
description: "Exfiltrate data to '54.123.53.21'"
is_any_part_of_goal_random: True
known_networks: []
#known_networks: [192.168.1.0/24, 192.168.3.0/24]
known_hosts: []
#known_hosts: [192.168.1.1, 192.168.1.2]
controlled_hosts: []
#controlled_hosts: [54.123.53.21, 192.168.1.3]
# Services are defined as a target host where the service must be, and then a description in the form 'name,type,version,is_local'
known_services: {}
#known_services: {192.168.1.3: [Local system, lanman server, 10.0.19041, False], 192.168.1.4: [Other system, SMB server, 21.2.39421, False]}
# In data, put the target host that must have the data and which data in format user,data
# Example to fix the data in one host
known_data: {54.123.53.21: [[User1,DataFromServer1]]}
# Example to fix two data in one host
#known_data: {54.123.53.21: [[User1,DataFromServer1], [User5,DataFromServer5]]}
# Example to fix the data in two host
#known_data: {54.123.53.21: [User1,DataFromServer1], 192.168.3.1: [User3,Data3FromServer3]}
# Example to ask a random data in a specific server. Putting 'random' in the data, forces the env to randomly choose where the goal data is
# known_data: {54.123.53.21: [random]}
known_blocks: {}
# Example of known blocks. In the host 192.168.2.2, block all connections coming or going to 192.168.1.3
# known_blocks: {192.168.2.2: {192.168.1.3}}
start_position:
known_networks: []
known_hosts: []
# The attacker must always at least control the CC if the goal is to exfiltrate there
# Example of fixing the starting point of the agent in a local host
controlled_hosts: [54.123.53.21, random]
# Example of asking a random position to start the agent
# controlled_hosts: [54.123.53.21, random]
# Services are defined as a target host where the service must be, and then a description in the form 'name,type,version,is_local'
known_services: {}
# known_services: {192.168.1.3: [Local system, lanman server, 10.0.19041, False], 192.168.1.4: [Other system, SMB server, 21.2.39421, False]}
# Same format as before
known_data: {}
known_blocks: {}
# Example of known blocks to start with. In the host 192.168.2.2, block all connections coming or going to 192.168.1.3
# known_blocks: {192.168.2.2: {192.168.1.3}}
Defender:
goal:
description: "Block all attackers"
is_any_part_of_goal_random: False
known_networks: []
# Example
#known_networks: [192.168.1.0/24, 192.168.3.0/24]
known_hosts: []
# Example
#known_hosts: [192.168.1.1, 192.168.1.2]
controlled_hosts: []
# Example
#controlled_hosts: [54.123.53.21, 192.168.1.3]
# Services are defined as a target host where the service must be, and then a description in the form 'name,type,version,is_local'
known_services: {}
# Example
#known_services: {192.168.1.3: [Local system, lanman server, 10.0.19041, False], 192.168.1.4: [Other system, SMB server, 21.2.39421, False]}
# In data, put the target host that must have the data and which data in format user,data
# Example to fix the data in one host
known_data: {}
# Example to fix two data in one host
#known_data: {54.123.53.21: [[User1,DataFromServer1], [User5,DataFromServer5]]}
# Example to fix the data in two host
#known_data: {54.123.53.21: [User1,DataFromServer1], 192.168.3.1: [User3,Data3FromServer3]}
# Example to ask a random data in a specific server. Putting 'random' in the data, forces the env to randomly choose where the goal data is
# known_data: {54.123.53.21: [random]}
known_blocks: {54.123.53.21: 'all_attackers'}
# Example of known blocks. In the host 192.168.2.2, block all connections coming or going to 192.168.1.3
# known_blocks: {192.168.2.2: {192.168.1.3}}
# You can also use the wildcard string 'all_routers', and 'all_attackers', to mean that all the controlled hosts of all the attackers should be in this list in order to win
start_position:
# should be empty for defender - will be extracted from controlled hosts
known_networks: []
# should be empty for defender - will be extracted from controlled hosts
known_hosts: []
# list of controlled hosts, wildard "all_local" can be used to include all local IPs
controlled_hosts: [all_local]
known_services: {}
known_data: {}
# Blocked IPs
blocked_ips: {}
known_blocks: {}
# Example of known blocks to start with. In the host 192.168.2.2, block all connections coming or going to 192.168.1.3
# known_blocks: {192.168.2.2: {192.168.1.3}}
env:
# random means to choose the seed in a random way, so it is not fixed
random_seed: 571
# Or you can fix the seed
# random_seed: 42
scenario: 'scenario1-1'
use_global_defender: False
use_dynamic_addresses: False
use_firewall: True
save_trajectories: False
required_players: 1
rewards:
success: 100
step: -1
fail: -10
false_positive: -5
actions:
scan_network:
prob_success: 1.0
find_services:
prob_success: 1.0
exploit_service:
prob_success: 1.0
find_data:
prob_success: 1.0
exfiltrate_data:
prob_success: 1.0
block_ip:
prob_success: 1.0