-
Notifications
You must be signed in to change notification settings - Fork 12
/
Attack_Path_Analysis.json
1 lines (1 loc) · 15.8 KB
/
Attack_Path_Analysis.json
1
{"categories":[{"id":2,"name":"Asset","labels":["Computer","Domain","GPO","Group","OU"],"properties":[{"name":"objectid","exclude":false,"dataType":"string"},{"name":"name","exclude":false,"dataType":"string"},{"name":"highvalue","exclude":false,"dataType":"boolean"},{"name":"operatingsystem","exclude":false,"dataType":"string"},{"name":"enabled","exclude":false,"dataType":"boolean"},{"name":"betweenness","exclude":false,"dataType":"number"},{"name":"betweennessCalibrated","exclude":false,"dataType":"bigint"},{"name":"owned","exclude":false,"dataType":"boolean"},{"name":"domain","exclude":false,"dataType":"string"},{"name":"lastlogon","exclude":false,"dataType":"bigint"},{"name":"displayname","exclude":false,"dataType":"string"},{"name":"pwdlastset","exclude":false,"dataType":"bigint"},{"name":"blocksInheritance","exclude":false,"dataType":"boolean"},{"name":"betweennessScore","exclude":false,"dataType":"number"}],"createdAt":1616098890659,"lastEditedAt":1616100101305,"color":"#99938b","size":1,"icon":"87DF58D5-9392-4685-A174-5612E8ECE450","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","name"],"styleRules":[{"type":"single","size":1,"minSize":1,"maxSize":2,"minColor":"#D5EEE2","midColor":"#81CCA8","maxColor":"#428C6A","minPoint":"unprocessed","maxPoint":"unprocessed","color":"#F16667","basedOn":"highvalue_boolean","valuesMapper":[],"existingValues":[],"applyColor":true,"applySize":false,"condition":"is-true","id":"rule:1643824357246"},{"type":"range","size":0.25,"minSize":0.25,"maxSize":4,"minColor":"#D5EEE2","midColor":"#81CCA8","maxColor":"#428C6A","minPoint":"2","maxPoint":"336.11764705882354","color":"#FFE081","basedOn":"betweennessScore_number","valuesMapper":[],"existingValues":[],"maxSizeValue":"336.11764705882354","maxColorValue":"336.11764705882354","minSizeValue":"1","minColorValue":"2","applyColor":false,"applySize":true,"id":"rule:1643824351900"}]},{"id":1,"name":"User","labels":["User"],"properties":[{"name":"objectid","exclude":false,"dataType":"string"},{"name":"name","exclude":false,"dataType":"string"},{"name":"enabled","exclude":false,"dataType":"boolean"},{"name":"lastlogon","exclude":false,"dataType":"bigint"},{"name":"displayname","exclude":false,"dataType":"string"},{"name":"pwdlastset","exclude":false,"dataType":"bigint"},{"name":"betweenness","exclude":false,"dataType":"number"},{"name":"hasspn","exclude":false,"dataType":"boolean"},{"name":"betweennessCalibrated","exclude":false,"dataType":"bigint"},{"name":"owned","exclude":false,"dataType":"boolean"},{"name":"domain","exclude":false,"dataType":"string"},{"name":"betweennessScore","exclude":false,"dataType":"number"}],"createdAt":1616098873162,"lastEditedAt":1616100223895,"color":"#57C7E3","size":1,"icon":"DB188874-D25F-4B34-A296-E5E950072319","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","name"],"styleRules":[{"type":"range","size":0.25,"minSize":0.25,"maxSize":4,"minColor":"#D5EEE2","midColor":"#81CCA8","maxColor":"#428C6A","minPoint":"3","maxPoint":"128.88235294117646","color":"#FFE081","basedOn":"betweennessScore_number","valuesMapper":[],"existingValues":[],"maxSizeValue":"128.88235294117646","maxColorValue":"128.88235294117646","minSizeValue":"3","minColorValue":"3","applyColor":false,"applySize":true,"id":"rule:1643824353099"}]}],"name":"Attack Path Analysis","id":"560bfb60-8827-11eb-8ddb-9356377b75d1","labels":{"Group":[{"propertyKey":"objectid","type":"Group","dataType":"string"},{"propertyKey":"name","type":"Group","dataType":"string"},{"propertyKey":"highvalue","type":"Group","dataType":"boolean"},{"propertyKey":"betweenness","type":"Group","dataType":"number"},{"propertyKey":"betweennessCalibrated","type":"Group","dataType":"bigint"},{"propertyKey":"domain","type":"Group","dataType":"string"},{"propertyKey":"betweennessScore","type":"Group","dataType":"number"},{"propertyKey":"enabled","type":"Group","dataType":"boolean"},{"propertyKey":"lastlogon","type":"Group","dataType":"bigint"},{"propertyKey":"displayname","type":"Group","dataType":"string"},{"propertyKey":"pwdlastset","type":"Group","dataType":"bigint"},{"propertyKey":"owned","type":"Group","dataType":"boolean"}],"Domain":[{"propertyKey":"name","type":"Domain","dataType":"string"},{"propertyKey":"highvalue","type":"Domain","dataType":"boolean"},{"propertyKey":"betweenness","type":"Domain","dataType":"number"},{"propertyKey":"betweennessCalibrated","type":"Domain","dataType":"bigint"},{"propertyKey":"domain","type":"Domain","dataType":"string"},{"propertyKey":"betweennessScore","type":"Domain","dataType":"number"}],"GPO":[{"propertyKey":"objectid","type":"GPO","dataType":"string"},{"propertyKey":"name","type":"GPO","dataType":"string"},{"propertyKey":"betweennessCalibrated","type":"GPO","dataType":"bigint"},{"propertyKey":"betweenness","type":"GPO","dataType":"number"},{"propertyKey":"domain","type":"GPO","dataType":"string"},{"propertyKey":"betweennessScore","type":"GPO","dataType":"number"}],"OU":[{"propertyKey":"objectid","type":"OU","dataType":"string"},{"propertyKey":"name","type":"OU","dataType":"string"},{"propertyKey":"blocksInheritance","type":"OU","dataType":"boolean"},{"propertyKey":"betweennessCalibrated","type":"OU","dataType":"bigint"},{"propertyKey":"betweenness","type":"OU","dataType":"number"},{"propertyKey":"domain","type":"OU","dataType":"string"},{"propertyKey":"betweennessScore","type":"OU","dataType":"number"}],"Computer":[{"propertyKey":"objectid","type":"Computer","dataType":"string"},{"propertyKey":"name","type":"Computer","dataType":"string"},{"propertyKey":"highvalue","type":"Computer","dataType":"boolean"},{"propertyKey":"operatingsystem","type":"Computer","dataType":"string"},{"propertyKey":"enabled","type":"Computer","dataType":"boolean"},{"propertyKey":"betweenness","type":"Computer","dataType":"number"},{"propertyKey":"betweennessCalibrated","type":"Computer","dataType":"bigint"},{"propertyKey":"owned","type":"Computer","dataType":"boolean"},{"propertyKey":"domain","type":"Computer","dataType":"string"},{"propertyKey":"betweennessScore","type":"Computer","dataType":"number"}],"User":[{"propertyKey":"objectid","type":"User","dataType":"string"},{"propertyKey":"name","type":"User","dataType":"string"},{"propertyKey":"enabled","type":"User","dataType":"boolean"},{"propertyKey":"lastlogon","type":"User","dataType":"bigint"},{"propertyKey":"displayname","type":"User","dataType":"string"},{"propertyKey":"pwdlastset","type":"User","dataType":"bigint"},{"propertyKey":"betweenness","type":"User","dataType":"number"},{"propertyKey":"hasspn","type":"User","dataType":"boolean"},{"propertyKey":"betweennessCalibrated","type":"User","dataType":"bigint"},{"propertyKey":"owned","type":"User","dataType":"boolean"},{"propertyKey":"domain","type":"User","dataType":"string"},{"propertyKey":"betweennessScore","type":"User","dataType":"number"}],"Base":[]},"relationshipTypes":[{"id":"GpLink","name":"GpLink","properties":[{"propertyKey":"enforced","type":"GpLink","dataType":"boolean"},{"propertyKey":"isacl","type":"GpLink","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"Contains","name":"Contains","properties":[{"propertyKey":"isacl","type":"Contains","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"GenericAll","name":"GenericAll","properties":[{"propertyKey":"isacl","type":"GenericAll","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"Owns","name":"Owns","properties":[{"propertyKey":"isacl","type":"Owns","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"WriteOwner","name":"WriteOwner","properties":[{"propertyKey":"isacl","type":"WriteOwner","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"WriteDacl","name":"WriteDacl","properties":[{"propertyKey":"isacl","type":"WriteDacl","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"DCSync","name":"DCSync","properties":[{"propertyKey":"isacl","type":"DCSync","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"GetChanges","name":"GetChanges","properties":[{"propertyKey":"isacl","type":"GetChanges","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"GetChangesAll","name":"GetChangesAll","properties":[{"propertyKey":"isacl","type":"GetChangesAll","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"MemberOf","name":"MemberOf","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"AdminTo","name":"AdminTo","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"CanRDP","name":"CanRDP","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"ExecuteDCOM","name":"ExecuteDCOM","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"AllowedToDelegate","name":"AllowedToDelegate","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"HasSession","name":"HasSession","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"AddMember","name":"AddMember","properties":[{"propertyKey":"isacl","type":"AddMember","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"ForceChangePassword","name":"ForceChangePassword","properties":[{"propertyKey":"isacl","type":"ForceChangePassword","dataType":"boolean"}],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"PATH_0","name":"PATH_0","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]},{"id":"ATTACK_PATH","name":"ATTACK_PATH","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"],"styleRules":[]}],"palette":{"colors":["#FFE081","#C990C0","#F79767","#57C7E3","#F16667","#D9C8AE","#8DCC93","#ECB5C9","#4C8EDA","#FFC454","#DA7194","#569480","#848484","#D9D9D9"],"currentIndex":7},"createdAt":1643824361088,"lastEditedAt":1643824361088,"templates":[{"name":"attack path","id":"tmpl:1616098820800","createdAt":1616098820800,"text":"attack path","cypher":"MATCH p=()-[:ATTACK_PATH]->()\nRETURN p","params":[],"hasCypherErrors":false}],"hiddenRelationshipTypes":[],"hiddenCategories":[],"hideUncategorisedData":false,"parentPerspectiveId":null,"metadata":{"pathSegments":[{"source":"Group","relationshipType":"AdminTo","target":"Computer"},{"source":"Group","relationshipType":"GetChanges","target":"Domain"},{"source":"Computer","relationshipType":"AllowedToDelegate","target":"Computer"},{"source":"User","relationshipType":"AllowedToDelegate","target":"Computer"},{"source":"Group","relationshipType":"Owns","target":"Domain"},{"source":"User","relationshipType":"ExecuteDCOM","target":"Computer"},{"source":"Group","relationshipType":"ExecuteDCOM","target":"Computer"},{"source":"Group","relationshipType":"GetChangesAll","target":"Domain"},{"source":"User","relationshipType":"CanRDP","target":"Computer"},{"source":"Group","relationshipType":"CanRDP","target":"Computer"},{"source":"Group","relationshipType":"WriteDacl","target":"Domain"},{"source":"Group","relationshipType":"WriteOwner","target":"Domain"},{"source":"GPO","relationshipType":"ATTACK_PATH","target":"User"},{"source":"Group","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"Computer","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"Domain","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"GPO","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"Domain","relationshipType":"ATTACK_PATH","target":"User"},{"source":"Computer","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"Computer","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"Group","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"Computer","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"User","relationshipType":"ATTACK_PATH","target":"User"},{"source":"User","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"GPO","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"Group","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"User","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"User","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"OU","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"GPO","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"User","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"Domain","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"OU","relationshipType":"ATTACK_PATH","target":"User"},{"source":"Group","relationshipType":"ATTACK_PATH","target":"User"},{"source":"GPO","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"Group","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"OU","relationshipType":"ATTACK_PATH","target":"Computer"},{"source":"Domain","relationshipType":"ATTACK_PATH","target":"Group"},{"source":"OU","relationshipType":"ATTACK_PATH","target":"OU"},{"source":"OU","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"Domain","relationshipType":"ATTACK_PATH","target":"Domain"},{"source":"Computer","relationshipType":"ATTACK_PATH","target":"User"},{"source":"Domain","relationshipType":"GpLink","target":"Domain"},{"source":"GPO","relationshipType":"GpLink","target":"Domain"},{"source":"Domain","relationshipType":"GpLink","target":"OU"},{"source":"GPO","relationshipType":"GpLink","target":"OU"},{"source":"User","relationshipType":"MemberOf","target":"Group"},{"source":"User","relationshipType":"MemberOf","target":"User"},{"source":"Computer","relationshipType":"MemberOf","target":"Group"},{"source":"Group","relationshipType":"MemberOf","target":"Group"},{"source":"Group","relationshipType":"MemberOf","target":"User"},{"source":"Computer","relationshipType":"MemberOf","target":"User"},{"source":"Group","relationshipType":"AddMember","target":"Group"},{"source":"Group","relationshipType":"ForceChangePassword","target":"User"},{"source":"Domain","relationshipType":"Contains","target":"Computer"},{"source":"OU","relationshipType":"Contains","target":"OU"},{"source":"Domain","relationshipType":"Contains","target":"OU"},{"source":"OU","relationshipType":"Contains","target":"Computer"},{"source":"Domain","relationshipType":"Contains","target":"User"},{"source":"OU","relationshipType":"Contains","target":"User"},{"source":"Group","relationshipType":"GenericAll","target":"Domain"},{"source":"Group","relationshipType":"GenericAll","target":"Computer"},{"source":"Group","relationshipType":"GenericAll","target":"User"},{"source":"Group","relationshipType":"GenericAll","target":"Group"},{"source":"Computer","relationshipType":"HasSession","target":"User"},{"source":"Group","relationshipType":"DCSync","target":"Domain"}],"indexes":[{"label":null,"type":"native","propertyKeys":[]},{"label":"Group","type":"native","propertyKeys":["name","objectid"]},{"label":"Domain","type":"native","propertyKeys":["name"]},{"label":"GPO","type":"native","propertyKeys":["objectid","name"]},{"label":"OU","type":"native","propertyKeys":["name","objectid"]},{"label":"User","type":"native","propertyKeys":["name","objectid"]},{"label":"Computer","type":"native","propertyKeys":["objectid","name"]}],"stats":{"labels":{},"relationshipTypes":{"ATTACK_PATH":196,"AddMember":3,"AdminTo":2278,"AllowedToDelegate":100,"CanRDP":100,"Contains":1022,"DCSync":2,"ExecuteDCOM":100,"ForceChangePassword":1,"GenericAll":1501,"GetChanges":4,"GetChangesAll":3,"GpLink":37,"HasSession":489,"MemberOf":2751,"Owns":1,"PATH_0":1,"WriteDacl":2,"WriteOwner":2}}},"version":"2.2.1","isAuto":false}