The primary goal of PurpleLABS is to generate offensive attack events/symptoms within systems and networks that later should be detected by Open Source SOC stack including Sigma Rules - the open standard event description rule set and the rest of dedicated, Open Source security solutions in use.
Detection as Code vs Adversary Simulations Use “Detection as Code vs Adversary Simulations” unique approach and increase your level of knowledge in Red / Blue / Purple scope
Attack events Generate offensive attack events/symptoms and detect them by using Open Source SOC stack including Sigma rules - a generic Signature Format for SIEM Systems
Flip mode Learn detection through the attack in an attractive, standardized format driven by the Open Source Security community
Improve detection Improve the detection capability of your SOC teams and achieve better visibility and resistance to attacks
Detection does not have to be boring and tedious!
Dedicated virtual infrastructure for conducting detection and analysis of modern adversary's tactics, techniques, and procedures.
Analytical interfaces for all-important host, network and application data sources useful during DFIR activities.
Allows for learning about current trends of offensive actions (red-teaming) vs detection points (blue-teaming).
Provides an alternative approach to dealing wich cyber-attacks by pro-active searching across security data in a standardized approach.
Hunting ELK (HELK) is an open source hunting platform with advanced data shipping, parsing, transforming and analytics capabilities.
Splunk is a software for searching, monitoring, and analyzing data. It captures, indexes, and correlates real-time data and can generate graphs, reports, alerts, dashboards, and visualizations.
Moloch is a large scale indexed packet capture and search system. It stores and indexes network traffic in PCAP format, providing fast access to data over ES.
ElastiFlow provides network flow data collection and visualization using the Elastic Stack. It supports Netflow v5/v9, sFlow and IPFIX flow types.
Wazuh is an Open Source Security HIDS Platform. It helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
Graylog is a free and open source log management that allows for collecting, indexing, and analyzing both structured and unstructured data from almost any source.
Kolide Fleet is a flexible control server for OSQuery fleets that allows for effective management of multi-node OSQuery infrastructure.
Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries. It's a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform.
MISP is a solution for collecting, storing, distributing and sharing cyber security indicators and threats about incidents analysis. TheHive is a security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs dealing with security incidents.
GET DEMO ACCESS
Get a 7 days FREE demo access and feel the power of PurpleLabs. No credit card required.
What you will get:
Live demonstration of key features of our platform
Information how you can train your security team
Understanding the capabilities and level of our skills
7 days of Free Demo Access to play with the PurpleLABS