SkillAegis

SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in best practices for information management and protective tools. Its gamification system makes learning engaging, ensuring users acquire essential technical skills and adhere to industry standards.

Features

Create Exercise Scenarios: Design and customize various training exercises tailored to your needs.
Run Exercises: Deploy scenarios and run training sessions.
Live Dashboard: Monitor progress and performance with the live dashboard, providing realtime insights and analytics.

Installation

To get started with SkillAegis, follow these steps:

Ensure Python 3.10 or higher is installed.
```
 python -V
```

Clone the repository:

 git clone https://github.com/MISP/SkillAegis.git

Navigate to the project directory:
```
 cd SkillAegis
```

Initialize the submodules

 git submodule update --init --recursive

Clone the configuration file
```
 cp config.json.sample config.json
```
- [optional] Update the configuration

Install the submodule dependencies

# Editor
pushd SkillAegis-Editor
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
cp config.py.sample config.py
# [recommended] Update the configuration's MISP part
deactivate
popd

# Dashboard
pushd SkillAegis-Dashboard
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
cp config.py.sample config.py
# [recommended] Update the configuration
deactivate
popd

Start the project
```
bash SkillAegis.sh
```

Update

To update the project, follow these steps:

Pull the latest changes
```
 git pull
```
Pull the latest changes for all submodules
```
 git submodule update --recursive
```

Docker

Build the image
```
 docker compose build
```
Copy and update the config
```
 cp template.env .env
 vim .env
```

[optional] Allow the application to reach services on the host

 # Create a docker override file and add the host as extra_hosts
 tee docker-compose.override.yml > /dev/null <<EOF
 services:
   skillaegis-dashboard:
     extra_hosts:
       - "host.docker.internal:host-gateway"
 EOF

Run the application
```
 docker compose up
```

Project Structure

The project is composed of three applications:

SkillAegis: The main application that configures and starts the two other projects. It also contains all created scenarios.
SkillAegis Editor: The scenario builder to create new training exercises.
SkillAegis Dashboard: The application to start training sessions and track participants’ progress in real time.

SkillAegis

SkillAegis is the primary application that configures, launches the two other projects, and houses the scenarios. While not essential for the overall project to function, it significantly simplifies the process.

SkillAegis Main Application

SkillAegis Editor

The Editor can be used to design or edit scenario.

SkillAegis Editor Scenario Index List of all available scenarios

SkillAegis Editor Scenario Designer While designing a scenario, you can create multiple injects, specify their execution order, outline any requirements for each, and define the criteria for evaluating and marking them as complete.

SkillAegis Editor Inject Tester Writing evaluations for injects can be challenging, so the inject tester is provided to streamline this process.

SkillAegis Dashboard

The Dashboard can be used to run a training session and visualize the progress of participants in real-time.

SkillAegis Dashboard Active Exercises Short demo of SkillAegis-Dashboard: Once the application starts, the user selects an exercise. From that point, the application tracks the real-time progression of each players.

SkillAegis Dashboard Active Exercises On the dashboard main page, you can monitor the progress of all participants for the selected exercise and view real-time logs of their activity feed.

SkillAegis Dashboard Fullscreen The fullscreen view provides an overview of the status of all users in a single, easily accessible display.

Scenario format

The format used to describe the scenarios is the Common Exercise Format (CEXF).

The format description outlines the JSON format including its overall structure and the semantics for each key. While scenarios can be written manually, we strongly recommend using the SkillAegis-Editor to simplify this process.

Sample exercise

{
  "exercise": {
    "description": "Simple Spear Phishing e-mail example, mimicing a fraud case",
    "expanded": "# Simple Spear Phishing e-mail example, mimicing a fraud case",
    "meta": {
      "author": "MISP Project",
      "level": "beginner"
    },
    "name": "Phishing e-mail",
    "namespace": "phishing",
    "tags": [
      "exercise:software-scope=\"misp\"",
      "state:production"
    ],
    "total_duration": "7200",
    "uuid": "75d7460-af9d-4098-8ad1-754457076b32",
    "valid_until": "20310611",
    "version": "20210611"
  },
  "inject_flow": [...],
  "injects": [...],
}

Contributing

We welcome contributions from the community. To contribute:

Fork the repository.

Create a new branch:

 git checkout -b feature/your-feature-name

Make your changes and commit them:
```
 git commit -m 'Add some feature'
```

Push to the branch:

 git push origin feature/your-feature-name

Open a pull request. .

License

This software is licensed under GNU Affero General Public License version 3

Copyright (c) 2024 Sami Mokaddem
Copyright (c) 2024 CIRCL - Computer Incident Response Center Luxembourg

This site is open source. Improve this page.