-
Causation Extractor
- Runs at the creation of a new project
- The causation extractor groups together events from an ECELd project based on timing and salient artifacts
-
Builder
- The builder displays the relationships created by the causation extractor
- Relationships can be selected and moved over to the dependencies table
- The salient artifacts window allows users to add or remove salient artifacts, or change the color of salient artifacts
- By default, salient artifacts are highlighted in red color
- From the events in the dependencies table, the user can generate a script to be run by the runner
-
Runner
- Execute scripts generated by the user in the Builder and works in conjuction with ECELd to validate observation dependencies.
- Runner tab can be selected from the main window.
- Only python files generated by the Builder will be loaded onto the Runner when clicking "Load Script" button.
- Loaded Script will be displayed on the left side of the Runner GUI.
- User can set the time out feature by typing it or clicking increasing/decreasing arrows in the box in the right corner. (Value is in seconds)
- Right window in the Runner GUI will display actions executed by the script; the observations it checked for, the matches that the validator was able to validate, the stopping of a script, and any time outs that ocurred.
- The "Stop" button on the lower right corner will interrupt the sript, and kill the process.
- A new instance of a script after the user stops the current execution.
-
Packager
- Allows user to import/export all the elements of ABS including VM's.
- User can decide to include or exclude items from the packaged project by checking or unchecking the checking box.
- User can decide to exlude or include VM's by checking or unchecking the checking box.
- The packager retrieves the virtual machines recognized by VirtualBox
- The packager will create a zip file with all included files at the specified directory
- ABS can be installed in Kali Linux using the script install.sh
- Running install.sh installs ABS in the user's home directory
- The script creates a desktop shortcut for the user
- The script creates a new script: abs-gui, that the user can run manually if they wish
- The Packager can be ran on Windows as a standalone exe file
- Located under Packager/dist