First, in case you missed it, Ridgeback Hunter version 1.3.0 has been posted in the early access forums. Now on to the topic of simulations…
During the two Ridgeback Acid Test Events in 2015, Ridgeback had a number of basic simulators behind the responders. That is, you could connect to a decoy on a TCP port and get some “interesting” data back. The thing that answers TCP is now called the TCP responder, and the things that answer specific application protocols are called protocol responders. Protocol responders are not included with Ridgeback Hunter 1.3. So, why not?
Even though the Ridgeback from 2015 supported plugins, the internal architecture was very monolithic. This was okay for a single product (the appliance), but people kept asking for a software-only version of Ridgeback. Well, people asked, an we delivered. In Spring 2016 we released Ridgeback Hunter, a software-only version. To make this happen, we had to refactor the internal architecture to support multiple form factors — appliance, software, and embedded. The protocol responders were pulled out of the monolithic architecture and are now slated for release as individual plugins.
The downside is that Ridgeback no longer comes with everything and the kitchen sink. However, that is also the upside. Individual protocol responders can be added as you need (or want) them, and the individual protocol responders can each be available in different forms. This is fantastic for customers who want a customized their active defense strategy. This also provides a fantastic opportunity for other developers to make (and sell) their own custom protocol responders.