Invisible link to canonical for Microformats
 

Reporting and Tracking

Introduction

In Part III of the book, we focus on organizing exercises and establishing a purple teaming function in your organization. In this first chapter we consider effective methods for reporting and tracking your emulation activities, whether that be via spreadsheet, ticketing system or a purpose-built platform like SRA’s VECTR.

Chapter Content

This section provides reproductions of the key figures and code snippets seen in this chapter.

Ticketing Systems

Kanban Boards
Figure 11-1: A kanban board with test cases transitioning through states
Ticket Comments and Attachments
Figure 11-1: A kanban board with test cases transitioning through states

VECTR

Deployment

Commands to fetch and unarchive a VECTR release to the /opt directory.

ubuntu@agpt:~$ mkdir -p /opt/vectr
ubuntu@agpt:~$ cd /opt/vectr
ubuntu@agpt:/opt/vectr$ curl -L -O https://github.com/SecurityRiskAdvisors/VECTR/releases/download/ce-X.X.X/sra-vectr-runtime-X.X.X-ce.zip
ubuntu@agpt:/opt/vectr$ unzip sra-vectr-runtime-X.X.X-ce.zip

An example of VECTR’s .env file.

# .env file
APP_NAME=VECTR
VECTR_HOSTNAME=localhost
VECTR_PORT=8081

# defaults to warn, debug useful for development
VECTR_CONTAINER_LOG_LEVEL=WARN

# PLEASE change this and store it in a safe place.  Encrypted data like passwords
# to integrate with external systems (like TAXII) use this key
VECTR_DATA_KEY=A_STRONG_PASSWORD

# JWT signing (JWS) and encryption (JWE) keys
# Do not use the same value for both signing and encryption!
# It is recommended to use at least 16 characters. You may use any printable unicode character
# PLEASE change these example values!
JWS_KEY=A_STRONG_PASSWORD
JWE_KEY= A_STRONG_PASSWORD

# This sets the name of your project.  Will show up in the name of your containers.
COMPOSE_PROJECT_NAME=vectr

# This is where the mongodb mounts.
VECTR_DATA_DIR=/var/data/

POSTGRES_PASSWORD=A_STRONG_PASSWORD
POSTGRES_USER=vectr
POSTGRES_DB=vectr

A command to launch VECTR and run it in the background, as well as the resulting output.

ubuntu@agpt:/opt/vectr$ sudo docker compose up -d

[+] Building 0.0s (0/0)                         docker:desktop-linux
[+] Running 7/7
 ✔ Container vectr-vectr-postgres-1       Started              0.0s 
 ✔ Container vectr-vectr-rta-redis-1      Started              0.0s 
 ✔ Container vectr-vectr-rta-webserver-1  Started              0.0s 
 ✔ Container vectr-vectr-tomcat-1         Started              0.0s 
 ✔ Container vectr-vectr-rta-builder-1    Started              0.0s 
 ✔ Container vectr-vectr-webui-1          Started              0.0s 
 ✔ Container vectr-vectr-caddy-gateway-1  Started              0.0s
Environments
Figure 11-4: The nested structure of VECTR environments
Test Cases

Red and blue data input areas in VECTR.

Figure 11-8: An attack chain plotted based on VECTR test case input

Resources

The following resources expand on topics covered in this chapter.

Choosing an Exercise Tracking Solution

Outflank's open-source RedELK project, highlighting the potential for red team log collection

"RedELK," accessed October 2, 2024

Read More

Ticketing Systems

A Python library for interacting with JIRA via its REST APIs

"jira," accessed October 2, 2024

Read More

Spreadsheets

The scoring system for DeTT&CT, providing a means to objectively assess completeness and fidelity of logs and alerting

"scoring_table," accessed October 2, 2024

Read More

VECTR

The latest releases of VECTR can be found on GitHub

"Releases," accessed November 10, 2024

Read More
VECTR has a GraphQL API to programmatically interact with assessments, campaigns and test cases. SRA provides an example application using this API

"vectr-tools," accessed November 10, 2024

Read More
An example of a third-party tool that enables the automated import of email gateway testing into VECTR

"Importing delivr.to Results into VECTR," accessed October 2, 2024

Read More
<< Chapter 10
Chapter 12 >>