A tutorial on how to use mal-toolbox and associated tools. This tutorial is written to work for mal-toolbox 0.3.*.
A language to create cyber threat modeling systems for specific domains.
Read more about MAL at: https://mal-lang.org
For maltoolbox api docs, visit: https://mal-lang.org/mal-toolbox/
A MAL language defines a domain to work within.
Each MAL language consists of assets with defense steps, attack steps and associations.
- A very simple example of a MAL language: https://github.com/mal-lang/exampleLang
- A more complex MAL language: https://github.com/mal-lang/coreLang
More documentation on MAL syntax: https://github.com/mal-lang/mal-documentation/wiki/MAL-Code-Examples.
Guide on how to compile a MAL language.
A model is a description of a specific infrastructure in your MAL languages terminology. A model contains assets and relations between assets.
Guide on how to create a MAL model for the MAL toolbox.
Guide on how to visualize a model.
An attack graph is a granular representation of the infrastructure defined in the model from an 'action' perspective. All the attacks and defenses will be generated for each asset according to how they were defined in the MAL language. The MAL Toolbox can be used to generate an attack graph from a model and language.
Guide on how to generate an attack graph.
Guide on how to visualize an attack graph.
You now have a language, a model and an attack graph. A probable next step is to run analysis, traversal or simulations. If you want to run simulations or traverse the graph using different types of agents, use the MAL simulator (https://github.com/mal-lang/mal-simulator/).
TODO: provide guide on how to run simulations in MAL Simulator. For now we refer to the MAL-simulator README on github.