Platform Software
The SOCCRATES Platform consists of multiple components. Each component provides a particular service within the security automation and decision support platform. On this webpage the software is listed for each component, including information on where to get the software and instructions for installation. The SOCCRATES Platform can be deployed as a whole, or individual SOCCRATES components can be integrated within your own security infrastructure. See deliverables D2.3 SOCCRATES platform System Architecture & Interface Specification and D6.4 Final version of the SOCCRATES Platform for more information.
Click on the SOCCRATES component in the figure below to get more information.
ADG Analyser
The ADG performs an analysis based on probabilistic attack simulations conducted on models of the infrastructure under assessment. The model is generated from data provided by the infrastructure modelling component (IMC) and can be further enriched with cyber threat information from the threat intelligence platform (TIP). Based on the analysis, ADG provides quantitative metrics on risk exposure and time to compromise (TTC), the most likely attack paths to high value assets as well as suggested mitigations. The attack defence graph analyser will use the attack simulation and automated threat modelling solution called securiCAD, which is a product of foreseeti.
securiCAD
securiCAD is a product of foreseeti. It uses Meta Attack Language (MAL), the open source platform for creation of cyber threat modeling systems.
For more information: https://foreseeti.com/
ADG Cortex Analyser
For the integration between OIE and securiCAD the ADG Cortext Analyser has been developed. It enables the OIE to request ADG analysis using securiCAD and provide the results back to the OIE. In addition, the ADG Cortext Analyser also collects data from other SOCCRATES components necessary to perform the requested ADG analysis.
For more information: https://foreseeti.com/
AI based Attack Detection
The AAD consists of multiple anomaly detection based Attack Detection tools, an evidential network called REASENS and software for integration of these tools. In the figure above this is visualized. Below all software components are referenced.
REASENS
REASENS Framework is a hierarchical REAsoning system that enables the collection of events from distributed and heterogeneous SENSors. REASENS provides among others alert correlation and system state inference (under attack, normal operation, erroneous operation). REASENS was developed by AIT.
REASENS will become available as open source. Contact for more information: Paul.Smith@ait.ac.at
AMiner
AMiner (logdata Anomaly Miner) is part of the ÆCID system, a log-based anomaly detection system operating on logs collected from the network layer (e.g., firewalls, switches, routers) and application layer (e.g., Web servers, DNS, application servers etc.). AMiner was developed by AIT. For more information see ÆCID.
AMiner is available on https://github.com/ait-aecid/logdata-anomaly-miner
ABC Tool
ABC Tool is a netflow-based anomaly detection system, developed by TNO, for internal host communication profiling to detect among others lateral movement and data exfiltration.
ABC Tool is part of an Anomaly Detection product of Sightlabs. Contact SightLabs for information.
L-ADS
L-ADS is a netflow-based anomaly detection tool developed by Atos.
Contact Atos for information on how to obtain L-ADS: rodrigo.diaz@atos.net