This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Docsy Blog

This is the blog section. It has two categories: News and Releases.

Files in these directories will be listed in reverse chronological order.

News about Attack Flow

Welcome to Flow Manager

A quick introduction to Flow Manager

Hi! You’re here early! We’ve only just made Flow Manager public as we start enrolling folks in the beta!

Still, since you’re here, stick around. We’d like to share a bit. Honestly, we’re a bit proud. Flow Manager is something we’ve been thinking about for a while. But let’s back up.

We’ve been thinking about how to bring graphs to infosec for a while now. The first thoughts date back about a decade when Information Security Analytics was founded. In 2013, we received our first patent.

Since then we’ve spent a lot of time thinking about how to best represent security data using graphs. We’ve tried various things (many documented in our blog). Some have worked, others did not.

The work culminated in the Attack Flow project in 2021. In it we build a standard based on decades of experience across multiple organizations and is truly well thought out standard.

But while the project produced a schema and an ability to create a flow, it turns out a flow is not necessarily useful, flows are useful. To that end we’ve introducing Flow Manager. Flow Manager lets you store your flows in a single place and extract them in aggregate for analysis.

At this point, it’s just in beta. Its not quite ready for prime time. We’re working to improve the documentation, hunt any bugs that have so far remained hidden, get feedback from early adopters, and overall prepare it for general availability.

Still, follow this site as we get closer to that 1.0 version. And if you’re interested in participating in the beta, get in touch!!

New Releases

Initial Beta Release

This page documents the release of the initial beta release of the Flow Manager API.

FEATURES

  • ‘/flows’ POST API endpoint for uploading flows
    • Accepts flow manager V1 flows
    • Corrects defaults inherent in Flow Builder 1
    • Validates the json-schema against the Attack Flow 1 schema, converts it to a RDF graph, validates it against the Attack Flow SCHACL schema, and stores it in a private named graph.
    • Also accepts RDF attack Flow graphs and SPARQL queries which result in valid attack flow graphs
  • ‘/flows’ GET API endpoint for querying flows
    • Accepts a valid SPARQL read query
    • Returns the query results as JSON (NOTE: sparql queries do not necessarily return an RDF graph and so the results must be parsed dependent on the query used)
  • Documentation of the API can be found at the Flow Manager API Reference