Tag a Node

Workflow

You can tag nodes within the Business Impact Matrix (BIM). These tags can be used for calculations by components within Epiphany or as a handy way to search for nodes. The Dashboard contains specifically designed to look for objects in the BIM. For the Epiphany-specific process we'll use following workflow:

1. Go to Attack Path Tools -> Impact Matrix.

2. Determine what to tag.

3. Add a Tag.

The Business Impact Matrix (BIM)

The Business Impact Matrix (BIM) is an interactive user-driven prioritization system within Epiphany that allows for grouping of devices, applications, and users into logical collections. The BIM is unique in that it will show you what nodes are potentially in attack paths for both those that are grouped and those that haven't been grouped, as well as identify cross-group relationships. To access the BIM, go to Attack Path Tools -> Impact Matrix.

The BIM is unique to the user using it, meaning each user creates and maintains their own impact matrix. Epiphany will track all the tags and all the relationships between criticalities, groups, and nodes.

Tagging

Tagging is supported at the node level and at the group level. Right-clicking on a group or an individual node shows you the action menu associated with the node or group. Tags are associated at the node level or the group level. Removing a tag at the group level will not remove a tag at the node level and the reverse is true as well.

The Group menu is unique in that is allows you to apply or remove criticality (Group Setting) as well as tags (Group Tags) for every node within the group simultaneously.

The Tag Interface

The Tag Setting form displays currently applied tags, allows you to manipulate tags, and create custom tags. Each tag type gets a unique color to more easily identify a tag applied to a node within the BIM.

On the Current Tags tab, you can see the Tag Name, Tag Type, Tag Color, current value for the node (Tag Value), the level the tag is applied at (Node/Group), the date when it was applied (Created), and actions available to edit the tag or remove it.

On the Select Tag tab, you can choose which tag to apply as well as what value you'd like the tag to have. The value is dependent on the tag's type, such as text or numeric. The default tags in Epiphany are:

• Importance. This tag allows you to specify a specific criticality to a group or node that applies only to them. The values are Critical, High, Medium, and Low.

• Financial. This tag allows you to assign a financial value to a group or node. This indicates to Epiphany that if there is a value (expressed in $USD) associated with the group or node, that is the potential business impact if that node--or any node in that group--is compromised.

• Uptime. This tag allows you to specify an uptime requirement for a device. This is expressed in the format ##.#### and indicates to Epiphany there is an uptime criticality associated with the device or group.

• Process. This tag allows you to specify a process label for a group or node. This label can be used in searching to find anything associated with the group or node.

• Safety System. This tag is either true or false and allows you to specify if the group or node is a safety system. This can be used in searching to find anything associated with the group or node.

• Medical Device - This tag is either true or false and allows you to specify if the group or node is a medical device. This can be used in searching to find anything associated with the group or node.

You can create your own custom tag for your own use or to be shared with any user of your Epiphany instance. You do this on the Custom Tag tab. You need to specify the Tag Name, the input value expected (Tag Type), the Owner (which will default to the logged in user), the Tag Color, and who has rights to see or use the tag (View). Once the tag is created, it Creating the added on the Select Tag tab.