This project served as the semester project for CS668
In this project, we aim to analyze a system of different components like PCs, routers, switches, servers, databases etc. to come up with a system risk score and a possible list of controls. We then simulate applying these controls on assets to come up with a reduced risk score.
We analyze the assets according to there CPE names and fetch the corresponding CVEs from the NIST database using public APIs. Each asset can have multiple CVEs and based on the CVEs, we find the threats for those assets, the corresponding mitigations and list them in the most effective manner which can reduce the overall system risk score.
This project contains 3 parts
- Backend
- Frontend
- Assesment model and datasets
NodeJS and MongoDB have been used in the backend. To run,
git clone <repo>
cd backend
npm i
npm start
Frontend is designed using ReactJS. After starting the backend server, to run the application,
cd frontend
npm i
npm start
You should see the running application in your browser.
Documentation for the project APIs is available on
https://documenter.getpostman.com/view/2804921/2s8YmSrfT5
We are using the MongoDb Database that is currently hosted on remote linux machine.
Current Database is structured in the following format
All the assests that are being saved in the collection are in the following format.
Datasets contains the mappings for CVE and MITRE ATT&CK (tactics and techniques), threats and probabilities, threats and mitigations.
For formulae related to risk calculation, please refer to Risk Assessment Model.pdf