The primary goal of PurpleLABS is to show and teach you how to generate offensive attack events/symptoms that you will detect in the next phase by using Open Source SOC stack powered by Sigma Rules - the open standard event description ruleset - and the rest of the dedicated, Open Source security solutions in use.
Detection as Code vs Adversary Simulations Use “Detection as Code vs Adversary Simulations” unique approach and increase your level of knowledge in Red / Blue / Purple scope
Attack events Generate APT/offensive attack events and detect them by using Open Source SOC stack powered by Sigma rules - a generic Signature Format for SIEM Systems
Flip mode Learn detection through the attack in an attractive, standardized format driven by the Open Source Security community.
Visibility and accounting Improve the detection capability of your SOC teams and achieve better visibility, accounting, and resistance to attacks
Open Source for detection and hunting
Find how to use the greatest Open Source projects for your Security Operation Center by playing on the real network with Wazuh, Graylog, HELK, ElastAlert, Falco, OSQuery, Velociraptor, Zeek, Suricata, theHive, and MISP.
Dedicated virtual infrastructure for conducting detection and analysis of modern adversary's tactics, techniques, and procedures.
Analytical interfaces for all-important host, network and application data sources useful during DFIR activities.
Allows for learning about current trends of offensive actions (red-teaming) vs detection points (blue-teaming).
Provides an alternative approach to dealing wich cyber-attacks by pro-active searching across security data in a standardized approach.
Hunting ELK (HELK) is an open source hunting platform with advanced data shipping, parsing, transforming and analytics capabilities.
Splunk is a software for searching, monitoring, and analyzing data. It captures, indexes, and correlates real-time data and can generate graphs, reports, alerts, dashboards, and visualizations.
Moloch is a large scale indexed packet capture and search system. It stores and indexes network traffic in PCAP format, providing fast access to data over ES.
ElastiFlow provides network flow data collection and visualization using the Elastic Stack. It supports Netflow v5/v9, sFlow and IPFIX flow types.
Wazuh is an Open Source Security HIDS Platform. It helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
Graylog is a free and open source log management that allows for collecting, indexing, and analyzing both structured and unstructured data from almost any source.
Kolide Fleet is a flexible control server for OSQuery fleets that allows for effective management of multi-node OSQuery infrastructure.
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. It's a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform.
MISP is a solution for collecting, storing, distributing and sharing cyber security indicators and threats about incidents analysis. TheHive is a security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs dealing with security incidents.
Our Customers & Recommendations
If you have any question, please use the form below: