The primary goal of PurpleLABS is to generate offensive attack events/symptoms within systems and networks that later should be detected by Open Source SOC stack including Sigma Rules - the open standard event description rule set and the rest of dedicated, Open Source security solutions in use.

  • Detection as Code vs Adversary Simulations
    Use “Detection as Code vs Adversary Simulations” unique approach and increase your level of knowledge in Red / Blue / Purple scope
  • Attack events
    Generate offensive attack events/symptoms and detect them by using Open Source SOC stack including Sigma rules - a generic Signature Format for SIEM Systems
  • Flip mode
    Learn detection through the attack in an attractive, standardized format driven by the Open Source Security community 
  • Improve detection
    Improve the detection capability of your SOC teams and achieve better visibility and resistance to attacks
  • Break routine

    Detection does not have to be boring and tedious!

Key Features

Virtual infrastructure

Dedicated virtual infrastructure for conducting detection and analysis of modern adversary's tactics, techniques, and procedures.

Analytical interfaces

Analytical interfaces for all-important host, network and application data sources useful during DFIR activities.

Learning abilities

Allows for learning about current trends of offensive actions (red-teaming) vs detection points (blue-teaming).

Hunting friendly

Provides an alternative approach to dealing wich cyber-attacks by pro-active searching across security data in a standardized approach.

Hunting Components


Hunting ELK (HELK) is an open source hunting platform with advanced data shipping, parsing, transforming and analytics capabilities.


Splunk is a software for searching, monitoring, and analyzing data. It captures, indexes, and correlates real-time data and can generate graphs, reports, alerts, dashboards, and visualizations.

Moloch FPC

Moloch is a large scale indexed packet capture and search system. It stores and indexes network traffic in PCAP format, providing fast access to data over ES.


ElastiFlow provides network flow data collection and visualization using the Elastic Stack. It supports Netflow v5/v9, sFlow and IPFIX flow types.

Wazuh HIDS

Wazuh is an Open Source Security HIDS Platform. It helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.


Graylog is a free and open source log management that allows for collecting, indexing, and analyzing both structured and unstructured data from almost any source.


Kolide Fleet is a flexible control server for OSQuery fleets that allows for effective management of multi-node OSQuery infrastructure.

Velociraptor DFIR

Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. It's a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform.


MISP is a solution for collecting, storing, distributing and sharing cyber security indicators and threats about incidents analysis. TheHive is a security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs dealing with security incidents.


Get a 7 days FREE demo access and feel the power of PurpleLabs. No credit card required.


What you will get:

  • Live demonstration of key features of our platform
  • Information how you can train your security team
  • Understanding the capabilities and level of our skills
  • 7 days of Free Demo Access to play with the PurpleLABS
  • Set of 5 demo lab scenarios included
  • Q&A Session

Register for DEMO

Our Customers & Recommendations

Contact Us

If you have any question, please use the form below: