Attack Generation and Simulation
(Completed project)
In this project, CCoE researchers created a tool called Attack Simulator/Generator (AS/G) that injects simulated security events into a SIEM* system. Two key applications of AS/G are (a) testing the adequacy of SIEM installations and (b) testing and improving the readiness of SoC operators. AS/G was developed as an application on top of the Qradar App Framework.
*SIEM - Security Information and Event Management - is a core component of security operation centers, where security-related data is collected, correlated monitored and ultimately used to identify security risks.