Combined multi-vector test (combined_id)
Engarde can run multiple attack types in one coordinated test window — reports roll up under combined_id for multi-vector resilience validation.
How it works
- Platform supports combined attack reports grouping sub-attacks (TCP + HTTP + DNS, etc.).
- TCPM/UDPM/TCP-UDPM are native multi-source types; combined_id extends this to heterogeneous vectors.
- Each sub-attack appears in Attack Monitor; summary report aggregates impact.
- Use to mimic real incidents where L4 and L7 vectors arrive together.
Packet flow (illustrative)
Engarde node Target
→TCP SYN / ACK flows
→UDP datagram burst
Dual-protocol load on target
Illustrative flow — not a live capture.
Report key combined_id
Examples SYN + GET + DNS
Goal Multi-layer playbook
What to watch in Engarde
- Which vector triggers mitigation first — may differ from single-vector tests.
- Scrubbing center policy when multiple protocols spike simultaneously.
- Target Monitor degradation order: connections vs. RPS vs. DNS latency.
Running this simulation
Work with Engarde operator to schedule combined test on staging; define sub-attacks, duration, and rollback criteria before start.
Mitigation perspective
Maintain playbooks per vector and a merged playbook for concurrent events; validate with combined simulation quarterly.