Forum Discussion

Laurie_Rhodes's avatar
Laurie_Rhodes
Brass Contributor
Dec 14, 2024

GITHUB - AI Sentinel attack simulation

The recent support for Model Context Protocol (MCP) with Claude Desktop has opened the door for some really useful testing capability with Sentinel and emerging threats.

I'm happy to share with the community a GitHub project that demonstrates the use of MCP against current exploits to generate simulated attack data that can be used with testing migrated ASIM alert rules.  MCP allows for up-to-date exploits to be queried...

... and with AI prompting, simulated attack events can be created against our Sentinel test environments.

AI Prompting

Which results in a simulated attack based on the exploit being referenced.

This is really useful for testing the migration of our Sentinel alert rules to ASIM!

The full code and details about the project are available here:
https://laurierhodes.info/node/175

 

 

Alerts
siem
Solutions
what's new
No RepliesBe the first to reply

Resources