Skip to content

AgenticOps & Automation Security

10. AGENTICOPS & AUTOMATION SECURITY ← NEW in v2.0

10.1 AgenticOps Architecture & Threat Model

Abhavtech's AI-driven automation workflows (WF-001 through WF-008) represent a new attack surface requiring specialized penetration testing. These workflows can autonomously modify network configurations, quarantine devices, and optimize RF parameters—making them high-value targets for attackers seeking to weaponize automation.

AgenticOps Workflows Deployed:

Workflow Function Automated Actions Risk Level
WF-001 Webex-Branch-Optimize SD-WAN QoS changes, path rerouting MEDIUM
WF-002 Malware-Containment Endpoint isolation, VLAN quarantine HIGH
WF-003 Wireless-Roaming-Optimize Client steering, AP association LOW
WF-004 Path-Failover SD-WAN circuit switchover HIGH
WF-005 Config-Drift-Remediation Configuration rollback MEDIUM
WF-006 RF-Optimize Wireless power/channel changes MEDIUM
WF-007 Capacity-Scale Bandwidth provisioning MEDIUM
WF-008 Insider-Threat-Response Account suspension, access revocation HIGH

Guardrails (Protected SGTs - NEVER Auto-Modified): - SGT 11: Executive/Management devices - SGT 60: OT/Medical critical infrastructure - SGT 80-83: Server infrastructure (DC, Finance, HR, Compliance)

Attack Surface Analysis:

Attack Surface Threat Scenario Impact
Metric Injection Attacker injects false ThousandEyes data → WF-001 triggers unnecessary path changes Network instability, $50K/hour productivity loss
Guardrail Bypass Attacker tricks WF-002 into quarantining Executive device (SGT 11) C-level disruption, $500K+ reputational damage
Workflow Hijacking Attacker modifies WF-006 to set all APs to max power RF interference, wireless DoS, FCC compliance violation
Privilege Escalation Read-only user escalates to workflow execution permissions Unauthorized automation, audit violation
Workflow DoS Attacker floods workflow engine with 10,000 requests System resource exhaustion, legitimate automation fails

10.2 AgenticOps Test Cases

Test Case 1: Malicious Metric Injection (WF-001 Trigger)

Objective: Test if cross-platform correlation prevents single-source metric manipulation from triggering workflows.

MITRE ATT&CK: T1565.001 (Data Manipulation), T1499 (Endpoint DoS)

Test Methodology:

  1. Inject False ThousandEyes MOS Data:
  2. Compromise ThousandEyes agent (simulated)
  3. Modify voice test results: MOS 4.2 → 3.5 (trigger threshold)
  4. Upload manipulated results

  5. Workflow Trigger Evaluation:

    # WF-001 expects MOS <4.0 to trigger
    # But also checks:
    # - DNAC client health (should correlate)
    # - vManage tunnel status (should show issues)
    # - Splunk error logs (should show Webex errors)
    

  6. Cross-Platform Correlation Check:

  7. ThousandEyes MOS: 3.5 (suspicious - only source claiming issue)
  8. DNAC client health: 95% (contradicts ThousandEyes)
  9. vManage tunnel: Green (no SD-WAN issues)
  10. Splunk errors: 0 (no application errors)

Success Criteria: - ✅ WF-001 does NOT trigger (correlation failed) - ✅ Security alert generated: "Metric inconsistency detected" - ✅ ServiceNow incident created for investigation

Detection Validation: - Splunk: "AgenticOps metric validation failure - WF-001" - DNAC: No workflow execution logged - ThousandEyes agent flagged for investigation

Detailed Test Procedure: See Appendix R


Test Case 2: Guardrail Bypass Attempt (Protected SGT)

Objective: Verify that guardrails prevent automation from affecting critical infrastructure (SGT 11, 60, 80-83).

MITRE ATT&CK: T1078 (Valid Accounts), T1484 (Domain Policy Modification)

Test Methodology:

  1. Inject Fake Malware Alert for Executive Device:

    {
      "device": "ABHAV-LAPTOP-CEO-01",
      "sgt": 11,  // Executive SGT (PROTECTED)
      "user": "ceo@abhavtech.com",
      "threat": "WannaCry.Ransomware",
      "recommendation": "ISOLATE_ENDPOINT"
    }
    

  2. WF-002 Guardrail Logic:

    PROTECTED_SGTS = [11, 60, 80, 81, 82, 83]
    
    if device_sgt in PROTECTED_SGTS:
        # BLOCK automation
        create_servicenow_ticket("Manual Review Required")
        send_webex_alert("#security-alerts", "Guardrail Protection")
        return "BLOCKED_BY_GUARDRAIL"
    

  3. Verify CEO Laptop NOT Quarantined:

  4. Check ISE for CoA (Change of Authorization) events
  5. Confirm device remains in normal VLAN (not VLAN 999 quarantine)
  6. Verify user can still access resources

Success Criteria: - ✅ WF-002 BLOCKED by guardrail - ✅ Manual review ticket created (ServiceNow INC-XXXX) - ✅ Executive device remains operational - ✅ Security team notified via Webex

Detection Validation: - Splunk: "Guardrail protection activated - SGT 11" - ISE: No CoA events for CEO laptop - ServiceNow: Manual review ticket created

Detailed Test Procedure: See Appendix R


Test Case 3: Workflow RBAC & Privilege Escalation

Objective: Test if read-only accounts can escalate to workflow execution permissions.

MITRE ATT&CK: T1078.003 (Valid Accounts: Local Accounts), T1548 (Abuse Elevation Control)

Test Methodology:

  1. Attempt Workflow Execution with Read-Only Account:

    # Login as monitoring@abhavtech.com (read-only)
    curl -X POST https://dnac/api/v1/template/execute \
        -H "X-Auth-Token: [READ_ONLY_TOKEN]" \
        -d '{"workflow_id": "WF-001"}'
    
    # Expected: 403 Forbidden
    # Message: "User does not have WORKFLOW_EXECUTE permission"
    

  2. Attempt Self-Permission Escalation:

    curl -X PUT https://dnac/api/v1/roles/monitoring@abhavtech.com \
        -d '{"add_permissions": ["WORKFLOW_EXECUTE"]}'
    
    # Expected: 403 Forbidden
    # Message: "Privilege escalation attempt detected"
    # Action: Attempt logged, security team alerted
    

Success Criteria: - ✅ Read-only account CANNOT execute workflows - ✅ Self-permission modification BLOCKED - ✅ Escalation attempt logged and alerted - ✅ RBAC enforcement validated

Detection Validation: - Splunk: "Privilege escalation attempt - monitoring@abhavtech.com" - ServiceNow: Security incident auto-created - DNAC audit log: Failed permission modification

Detailed Test Procedure: See Appendix R


10.3 AgenticOps Security Best Practices

Workflow Design Security:

Best Practice Implementation Priority
Multi-Source Validation Workflows require correlation from 2+ platforms before triggering CRITICAL
Guardrails Protected SGTs (11, 60, 80-83) NEVER modified by automation CRITICAL
Rate Limiting Max 10 workflows/min per user, 20/hour per workflow HIGH
Audit Logging All workflow actions logged to Splunk with user attribution HIGH
Rollback Mechanism Auto-rollback after 30 minutes (workflows WF-001, WF-004, WF-006) MEDIUM

Monitoring & Detection:

Metric Threshold Alert Action
Workflow Failures >3 failures in 1 hour Splunk alert, disable workflow
Guardrail Violations Any attempt to modify protected SGTs P1 incident, security team notification
Privilege Escalation Any self-permission modification P2 incident, account investigation
Metric Inconsistency Cross-platform correlation <70% Flag data source for investigation