Example Scenario: Creating a Simple Two-Tiered iTRAC Process for a Possible Network Attack

This process is a series of steps that you can take if there is a possible attack on your system.

The example procedure does the following:

Figure 3 iTRAC Process

To create this iTRAC process:

  1. Click the iTRAC tab.

  2. In the navigation pane, click iTRAC Administration > Template Manager.

  3. In the Template Manager window, click Add.

    The iTRAC Process Builder displays with a Process Details window.

  4. Use the name iTRAC Tutorial. Optionally, add a description.

  5. From the Step Palette pane, drag and drop three manual steps, two mail steps, and two Decision Steps. Rename and the attributes to the steps as follows by right-clicking and selecting Edit Step.

    1. Manual Step-0 to Decide If Hacked.

      1. Set the Role to Analyst.

      2. Click Associate, then click Add.

      3. Specify Hacked in the Name field.

      4. In the Process Variables window, select the Variable Type as String.

      5. Set the Default Value to yes.

      6. (Optional) Under the Description tab, specify Initial evaluation of events to determine if there has been an attack.

      7. Click OK.

      8. Select the newly created association, then click OK until the step is renamed.

    2. Manual Step-1 to Collect Data:

      1. Set the Role to Analyst.

      2. Click Associate.

      3. Select Hacked, then click OK.

      4. (Optional) Under the Description tab, specify To further evaluate after collecting of events to determine if there has been an attack.

      5. Click OK to rename the step.

    3. Manual Step-2 to Prevent Future Attacks:

      1. Set Role to Analyst.

      2. (Optional) Under the Description tab, specify Take measures to stop the attack. (firewall, router or other intrusion protection method). Also, if possible, determine how the attacked was done.

      3. Click OK to rename the step.

    4. Mail Step-3 to Not Hacked:

      1. In the To field (because this is for a tutorial), provide your e-mail address. When this step finishes, sends you an e-mail.

      2. In the From field, provide a made up address such as me@nowhere.com.

      3. In the Subject field, specify We have not been hacked.

      4. (Optional) Under the Body tab, specify This e-mail is generated from a tutorial (simulation) iTRAC process.

      5. Click OK.

    5. Mail Step-4 to Prevent Future Attacks:

      1. In the To field, specify your e-mail address.

      2. In the From field, specify a made up e-mail address.

      3. In the Subject field, specify Proper Attack Measures Taken.

      4. (Optional) Under the Body tab, specify This e-mail is generated from a tutorial (simulation) iTRAC process.

    6. (Optional) Decision Step-5 to Hacked:

      Under the Description tab, provide a description such as Preliminary decision if there has been an attack or not.

    7. (Optional) Decision Step-6 to Hacked or Not:

      Under the Description tab, provide a description such as Decision if there has been an attack or not.

  6. Right-click Start and select Add Start Transition. Select Decide If Hacked as the destination.

  7. Right-click Decide If Hacked and select Add Transition. Specify the following:

    • Name: Specify Decision.

    • Type: Select Unconditional.

    • Destination: Hacked.

  8. Click OK

  9. Right-click Hacked? and select Add Transition. Specify the following:

    • Name: Not Hacked.

    • Type: Select else.

    • Destination: Not Hacked.

  10. Click OK.

  11. Right-click Not Hacked and select End Transition.

  12. Right-click Hacked? and select Add Transition. Specify the following:

    • Name: Specify Hacked.

    • Type: Select Conditional.

    • Destination: Collect Data.

  13. Click Set > EXP.

    1. Select Variables and Values.

    2. Select Attribute Hacked.

    3. Select Condition equals.

    4. Specify a value of yes.

    5. Click OK until the transition is complete.

  14. Right-click Collect Data and select Add Transition. Select and specify the following:

    • Name: Hacked or Not?

    • Type: Unconditional

    • Destination: Hacked or Not

  15. Right-click Hacked or Not and select Add Transition. Specify the following:

    • Name: Not Hacked.

    • Type: Else.

    • Destination: Not Hacked.

  16. Right-click Hacked or Not and select Add Transition. Specify the following:

    • Name: Hack Happened.

    • Type: Conditional.

    • Destination: Prevent Future Attacks.

  17. Click Set > EXP.

    1. Select Variables and Values.

    2. Select Attribute Hacked.

    3. Select Condition equals.

    4. Specify Value of yes.

    5. Click OK until the transition is complete.

  18. Right-click Prevent Future Attacks and select Add Transition. Specify the following:

    • Name: Proper Measures Taken.

    • Type: Unconditional.

    • Destination: Measures Taken.

  19. Right-click Measures Taken and select Add End Transition.

  20. Click Save. Your new process should appear in the Template Manager.

For trademark and copyright information, see Legal Notices.