SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in best practices for information management and protective tools. Its gamification system makes learning engaging, ensuring users acquire essential technical skills and adhere to industry standards.
To get started with SkillAegis, follow these steps:
git clone https://github.com/MISP/SkillAegis.git
git submodule update --init --recursive
cp config.json.sample config.json
# Editor pushd SkillAegis-Editor python3 -m venv venv source venv/bin/activate pip3 install -r requirements.txt cp config.py.sample config.py # [recommended] Update the configuration's MISP part deactivate popd # Dashboard pushd SkillAegis-Dashboard python3 -m venv venv source venv/bin/activate pip3 install -r requirements.txt cp config.py.sample config.py # [recommended] Update the configuration deactivate popd
To update the project, follow these steps:
git submodule update --recursive
You can alternatively run it in Docker, following those steps :
Build the image
Copy and update the config
cp template.env .env vim .env
[optional] Allow the application to reach services on the host
# Create a docker override file and add the host as extra_hosts
tee docker-compose.override.yml > /dev/null <<EOF
services:
skillaegis-dashboard:
extra_hosts:
- "host.docker.internal:host-gateway"
EOFRun the application
The project is composed of three applications:
SkillAegis is the primary application that configures, launches the two other projects, and houses the scenarios. While not essential for the overall project to function, it significantly simplifies the process.
The Editor can be used to design or edit scenario.
List of all available scenarios
While designing a scenario, you can create multiple injects, specify their execution order, outline any requirements for each, and define the criteria for evaluating and marking them as complete.
Writing evaluations for injects can be challenging, so the inject tester is provided to streamline this process.
The Dashboard can be used to run a training session and visualize the progress of participants in real-time.
Short demo of SkillAegis-Dashboard: Once the application starts, the user selects an exercise. From that point, the application tracks the real-time progression of each players.
On the dashboard main page, you can monitor the progress of all participants for the selected exercise and view real-time logs of their activity feed.
The fullscreen view provides an overview of the status of all users in a single, easily accessible display.
The format used to describe the scenarios is the Common Exercise Format (CEXF).
The format description outlines the JSON format including its overall structure and the semantics for each key. While scenarios can be written manually, we strongly recommend using the SkillAegis-Editor to simplify this process.
Sample exercise
{
"exercise": {
"description": "Simple Spear Phishing e-mail example, mimicing a fraud case",
"expanded": "# Simple Spear Phishing e-mail example, mimicing a fraud case",
"meta": {
"author": "MISP Project",
"level": "beginner"
},
"name": "Phishing e-mail",
"namespace": "phishing",
"tags": [
"exercise:software-scope=\"misp\"",
"state:production"
],
"total_duration": "7200",
"uuid": "75d7460-af9d-4098-8ad1-754457076b32",
"valid_until": "20310611",
"version": "20210611"
},
"inject_flow": [...],
"injects": [...],
}
We welcome contributions from the community. To contribute:
git checkout -b feature/your-feature-name
git commit -m 'Add some feature'
git push origin feature/your-feature-name
This software is licensed under GNU Affero General Public License version 3
Copyright (c) 2024 Sami Mokaddem
Copyright (c) 2024 CIRCL - Computer Incident Response Center Luxembourg
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4