After the connection with the target host(s) was established, the purpose of MutableSecurity is now to execute operations on each target host. An operation is used to manipulate a cybersecurity solution (hereafter referenced as solution) that is installed or needs to be installed. The process could vary from effective installation all the way to testing. By executing the operations in an established order, the solution is managed through its entire lifecycle.
The part of MutableSecurity's codebase that deals with automating a specific solution is referenced as module.
A great majority of automation's logic inside a module is divided in bundles:
- Actions: An action is an on-demand behavior that can be performed by the security solution. For example, an on-demand scan of a file, with an antivirus program, is considered an action.
- Information: An information is a fact/detail about the solution. We name an information either configuration, if it is writable, or metric, if it is read-only. A valid sequence of ports used in a port-knock server or the number of alerts generated in the current day by a network intrusion detection system are both categorized in MutableSecurity as information. More precisely, the first is a configuration and the second a metric.
- Logs: Logging messages are generated by the solution, being relevant to understand its functioning. For instance, a web intrusion detection system may log its alerts in a file, besides reporting them in a web-based administration platform.
- Tests: A test is an operation with an expected result. If the test has a different result, then it fails. As an example, tests are useful for verifying if an identity and access management (IAM) system: an unprivileged user is created and used to access a privileged resource. If the access is not blocked, then the system is not correctly functioning and the test should fail.
Beside the effective automation code, each module contains more information describing the security benefits of the solution and its usage in MutableSecurity's context:
- Identifier: The identifier is a short-sized string uniquely identifying the solution. It is usually obtained by transforming (for example, replacing spaces with underscored) the full name.
- Full name: It is the name under which the solution is presented in the cybersecurity solutions market.
- Description: Text offering miscellaneous information about the solution, such as vendors and security benefits
- References: Useful links redirecting to presentation pages, documentations, etc.
- Maturity level: This level indicates in which stage the module's implementation resides. It can vary from under development, when the maintainers are working on it, to production, when the implementation is tested and pushed into the official package. The possible values are presented in the index.
- Categories: The solution is introduced in consecrated security solutions categories (for example, firewalls and antivirus programs). The valid values are presented in the index.