Catalogue · MOD-PRP-01

Detection Engineering & Purple Teaming

Bridging the gap between attack and defence is the purpose of purple teaming. This expert module teaches you to emulate an adversary in a controlled way, write the missing detections, and continuously measure your coverage.

Purple Team Expert 5 bricks 9 labs ≈ 17.8 h 4 real cases

Objectives

• Emulate ATT&CK techniques in a controlled way • Build an emulation plan (Caldera) • Write and version detections • Measure coverage and run an AAR

Module bricks

BRQ-PRP-001 — Adversary emulation (ART/Caldera) (2 lab(s))
BRQ-PRP-002 — Detection-as-code & tracking (VECTR) (2 lab(s))
BRQ-PRP-003 — Actor emulation & validation (Caldera) (2 lab(s))
BRQ-PRP-004 — End-to-end purple team exercise (2 lab(s))
BRQ-PRP-005 — Continuous detection engineering (detection-as-code) (1 lab(s))

Order this module View full catalogue