The legacy San top 20 feature was a set of pre made attacks (actually more than 20) using the old and no longer supported capture replay function. We have now moved all attacks into the Attack function with the database of over 8000 attack elements (and now supporting both ipv4 and ipv6) that can be used in the test. As an example we could do a subnet of the SANs top twenty test by setting up a test that uses the following attacks from the database. AppleTerminalURI.xml backupexec.xml badblueBof.xml cisco_firewall_bof.xml ciscoMalSNMP.xml coderedII.xml FirefoxFavIconInjec.xml firefox_hyphen.xml firefoxPluginsInjection.xml InternetExplorerHijackClick.xml javaprxy.xml jnlp_injection.xml microsoftNNTPHeap.xml ms05002_ani.xml ms05-005.xml