This process is a series of steps that you can take if there is a possible attack on your system.
The example procedure does the following:
Asks the user to decide if a preliminary look indicates that the network has been attacked. This leads to a decision step.
NOTE:All decision steps provide different execution paths, depending on the value of the variable defined in the previous step.
The Collect Data step reviews the data to make a better determination if there has been an attack.
If there has been an attack, iTRAC takes measures to prevent another attack and sends an e-mail to the supervisor indicating that proper measures have been taken. If there is no attack, iTRAC sends an e-mail to the supervisor indicating that there is not an attack.
Figure 3 iTRAC Process
To create this iTRAC process:
Click the
tab.In the navigation pane, click
.In the Template Manager window, click
.The iTRAC Process Builder displays with a Process Details window.
Use the name iTRAC Tutorial. Optionally, add a description.
From the Step Palette pane, drag and drop three manual steps, two mail steps, and two Decision Steps. Rename and the attributes to the steps as follows by right-clicking and selecting Edit Step.
Manual Step-0 to Decide If Hacked.
Set the Role to Analyst.
Click Associate, then click
.Specify Hacked in the Name field.
In the Process Variables window, select the
as .Set the
to .(Optional) Under the Description tab, specify Initial evaluation of events to determine if there has been an attack.
Click
.Select the newly created association, then click OK until the step is renamed.
Manual Step-1 to Collect Data:
Set the
to .Click
.Select
, then click .(Optional) Under the Description tab, specify To further evaluate after collecting of events to determine if there has been an attack.
Click
to rename the step.Manual Step-2 to Prevent Future Attacks:
Set
to .(Optional) Under the
tab, specify Take measures to stop the attack. (firewall, router or other intrusion protection method). Also, if possible, determine how the attacked was done.Click
to rename the step.Mail Step-3 to Not Hacked:
In the
field (because this is for a tutorial), provide your e-mail address. When this step finishes, sends you an e-mail.In the
field, provide a made up address such as me@nowhere.com.In the Subject field, specify
.(Optional) Under the
tab, specify This e-mail is generated from a tutorial (simulation) iTRAC process.Click
.Mail Step-4 to Prevent Future Attacks:
In the
field, specify your e-mail address.In the
field, specify a made up e-mail address.In the Subject field, specify
.(Optional) Under the
tab, specify This e-mail is generated from a tutorial (simulation) iTRAC process.(Optional) Decision Step-5 to Hacked:
Under the Description tab, provide a description such as Preliminary decision if there has been an attack or not.
(Optional) Decision Step-6 to Hacked or Not:
Under the Description tab, provide a description such as Decision if there has been an attack or not.
Right-click
and select . Select as the destination.Right-click
and select . Specify the following:Name: Specify Decision.
Type: Select Unconditional.
Destination: Hacked.
Click
Right-click
and select . Specify the following:Name: Not Hacked.
Type: Select else.
Destination: Not Hacked.
Click
.Right-click
and select .Right-click
and select . Specify the following:Name: Specify Hacked.
Type: Select Conditional.
Destination: Collect Data.
Click
.Select
and .Select
.Select
.Specify a value of yes.
Click
until the transition is complete.Right-click
and select . Select and specify the following:Name: Hacked or Not?
Type: Unconditional
Destination: Hacked or Not
Right-click
and select . Specify the following:Name: Not Hacked.
Type: Else.
Destination: Not Hacked.
Right-click
and select . Specify the following:Name: Hack Happened.
Type: Conditional.
Destination: Prevent Future Attacks.
Click
.Select
and .Select
.Select
.Specify Value of yes.
Click
until the transition is complete.Right-click
and select . Specify the following:Name: Proper Measures Taken.
Type: Unconditional.
Destination: Measures Taken.
Right-click
and select .Click
. Your new process should appear in the Template Manager.For trademark and copyright information, see Legal Notices.