Revise MAL workflow and add diagram

[Esantos93]

Updated the workflow section to enhance clarity and added a diagram created with mermaid to illustrate the intended use of the MAL toolchain

Closes #4

[mathiasekstedt]

I dont quite understand the logic in the figure.

• the branches are "inside" step 2 as I understand it. could that be clarified?
• what you do in both branches are the same things. and really the only difference is the creation of the asset model. either you do that with the GUI or programmatically. To create attack graphs you need to use the toolbox regardless.

[Esantos93]

hello @mathiasekstedt!

Thanks for the valuable feedback. I now see that what I had in my mind was not transferred in the best way to the diagram. Answering your questions:

1. "the branches are "inside" step 2 as I understand it. could that be clarified?" My intention with this was to show that an user can use either one of the 2 methods indistinctly to get ready in order to run simulations. But it wasn't my plan for the reader to think that the 2 brances are within step 2. It is more like "To reach step 3 you can use 2 different paths with the same final destination". In fact, the reason for using a dotted line was precisely to indicate that this was an ‘OR’ situation, where the user can choose either of the two paths.

2. "what you do in both branches are the same things. and really the only difference is the creation of the asset model. either you do that with the GUI or programmatically. To create attack graphs you need to use the toolbox regardless." It is my understanding that the users have 2 options:

A. They create programatically (via Toolbox) this chain of elements: Model --> Attack Graph (which contains a model and a malLang embedded) --> Agent Settings. Then they pass all of these programmatic objects to the Simulator to run the simulations.

B. They use the GUI to create a model and a scenario file (.yml). Then they pass the scenario file (which holds embedded a malLang, a model and a agent settings) to the Simulator to run the simulations. If this path is chosen, the simulator creates an attack graph in the background using the mal-toolbox.

A little note on option B. The purpose of this graphic representation is for the users to get a first impression of what they, as users, can do with the MAL tools. Since the creation of the attack graph via toolbox is done in the background by the simulator, I think this should be omitted in this particular graph.

Please, let me know if my information is correct and I will try to create a graph that reflects it in a much better and clearer way than the first version.

[mathiasekstedt]

Looks good to me.