Events execution

List of attacks behaviors executed. This table provides an overview of all the events executed for the selected simulation with their main technical characteristics.




Simulation events list

The table presents all the events executed for the simulation with the following information:
  • Execution status
  • Event number and name
  • Date and time of execution
  • Severity (red = high, yellow = low)
  • Availability of IOC, Sigma rule, comments or evidence associated with the event
  • Event type (network, windows, linux or macos)
  • MITRE ATT&CK tactic associated with the event
  • Event execution source
  • Event targets
  • Event detection status
  • Event detection
  • Reaction following the event
  • Time to Detect (TTD)
  • Time to React (TTR)

It is possible to choose the columns to display using the button located at the top right:

Hint: The area at the bottom of the screen indicates the total number of events and allows you to choose how many events are displayed per screen.


Selecting and filtering

To facilitate the operation of the simulations list, several features are available:
  • Choice of event display order: by date or event ID
  • Application of filters: event start time, severity, type, comments, proofs, Sigma rule, IOC, MITRE ATT&CK Tactic, detection status, detection source, reaction
  • Search field


Campaign data export

All data related to the campaign can be exported:
  • A .csv file contains all the technical information of the events
  • A zip archive contains all the evidence added to the events.


Qualify events status

The events list allows for quickly informing the detection status of the events. The default status is Unqualified. Three other statuses are possible: Undetected, Logged, Alerted.

The number of unqualified events is directly displayed at the top left under the name of the simulation. Qualifying all events allows for having complete results and thus better evaluating the effectiveness of defense means. The status is the criterion with the most impact on the score calculation.

Hint: Refer to the following section for an explanation of possible statuses for events