We’ve released a new TeamSim scenario: Operation Vulpes.
Operation Vulpes is a defensive scenario and marks a return of using Splunk as the SIEM solution.
This scenario sees Orchid Corporation reeling from the aftermath of a ransomware attack. Defenders will need to determine the attacker's path to compromise and infect the network and use information provided by a law enforcement agency to attempt to recover files.
Users will need to use a variety of tools and defensive disciplines to solve the scenario – not just the SIEM solution.
This sim also utilizes our new user noise generation framework to simulate user web browsing activity on end-user devices. This spawns the Edge browser as a domain user and visits internal and external websites to add additional noise to logs collected by Splunk.
Why have we created this content?
This Team Sim adds a level of complexity and realism by introducing actual ransomware. So you and your teams can exercise and prepare for the worst-case scenario.
(Please be aware that Immersive Labs created the ransomware for exercise purposes only and includes failsafes to control its execution.)
In addition, the sim uses popular tools within security stacks, so the simulation is true to life.
What are we publishing?
A new Team Sim exercise, Operation Vulpes, which will be viewable in the Team Sim catalog for all Team Sim customers.
Who is this content for?
This Team Sim is primarily focused on testing the defensive and technical capabilities of the following roles:
- SOC analysts
- Incident responders
- Threat hunters
Check it out now!
Immerser