Cyber Attack Detection and Investigation

The Sternum Platform enables the detection and detailed investigation of logical and other types of attacks. This section provides 2 examples out of many threat detection use cases.

Firmware Update Anomaly Detection

To test the firmware update anomaly detection capability of the Sternum Platform, run the python script with remote_update as the command parameter:

python3 attack_utility.py -d <device_serial_number> -s remote_update

The script will trigger multiple Update Start events over a short period of time.
The serial debug output will print:

When the Sternum Platform detects an anomaly in the firmware update mechanism, it triggers the Update Anomaly Alert, as shown in the investigation window:

Multiple Reboots Detection

To test the the Sternum Platform's anomaly detection capability for multiple boot events, run the python script with the reboot as the command parameter:

python3 attack_utility.py -d <device_serial_number> -s reboot

The script will send multiple reboot commands over a short period of time.
The serial debug output will print:

The reboot events are detected by the Sternum Platform, which will generate an Excessive Reboots Alert, as can be seen in the investigation window:

Firmware Update Anomaly Detection​

Multiple Reboots Detection​

Firmware Update Anomaly Detection

Multiple Reboots Detection