LinkedIn
Twitter
Table of Contents
Below you'll find a table of contents for the Security Content journey.
To better support the Security Validation user community and to enhance the platform's capabilities, users can create new Actions, Sequences, and Evaluations. You can create File Transfer and Email Actions from the File Library, but other Action types must be created from the Action Library. Sequences and Evaluations are often created by selecting Actions from the Action Library and adding them to the Action Queue. However, you can also clone existing security content and create Sequences & Evaluations from a file.
Prerequisites
- Administrative access to MSV Director.
Actions
Actions
Actions are the building blocks of Mandiant Security Validation. They are the individual tests that are run against your security controls to ensure they are working as expected. In this section, we will walk through the process of creating an example TCP Port Scan action, to simulate typical reconnaissance activities like full port scans and services fingerprinting.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
Steps
-
In the MSV Director Console, navigate to Library > Actions.
-
Click Add Action and select TCP Port Scan.
-
Fill out the required fields as described in the linked documentation.
-
Click Save Port Scan.
Relevant Links
Sequences
Sequences are a collection of Actions that are run in a specific order. In this section, we will walk through the process of creating an example Sequence that will run a TCP Port Scan (created in the last step). If you have other Actions that you would like to include in the Sequence, you can add them as well.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
Steps
-
In the MSV Director Console, navigate to Library > Actions.
-
Select Two or more Actions to add to the Queue, follow the instructions in the linked documentation for more selection criteria.
-
Click Queue and select New Sequence from All.
-
Fill out the required fields as described in the linked documentation.
Relevant Links
Evaluations
Similar to Sequences, Evaluations are a collection of Actions that are run in a specific order. In this section, we will walk through the process of creating an example Evaluation that will run a TCP Port Scan (created in the first step). If you have other Actions that you would like to include in the Evaluation, you can add them as well.
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
Steps
-
In the MSV Director Console, navigate to Library > Actions.
-
Select Two or more Actions to add to the Queue, follow the instructions in the linked documentation for more selection criteria.
-
Click Queue and select New Evaluation from All.
-
Fill out the required fields as described in the linked documentation.
Relevant Links
Jobs
Jobs are the resulting act from running an Action. You can manually run Actions, Sequences, and Evaluations, or you can schedule them to run at a specific time. In this section, we will walk through the process of creating an example Job that will run an Evaluation (created in the last step).
Show More
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Administrative access to MSV Director.
Steps
-
In the MSV Director Console, navigate to Library > Actions. You can use filters to find the actions you want to run.
-
Select the Action you want to run, then click Run.
-
Select a Source Actor, then select or accept the Destination Actor.
-
Click Run Now or Schedule to run the Job.