MITRE Caldera

Details
Content
Dependencies
Version History

Interact with MITRE Caldera via the v2 API.

MITRE Caldera

Overview

The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.

Pack Contributors:

Adam Burt
James Holland

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

MITRE Caldera

Overview

The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.

Pack Contributors:

Adam Burt
James Holland

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera.
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaReadOnlyFields	Prevents specific fields from being set manually.
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera

Incident Fields

Name	Description
MITRE Caldera Operation Source ID
MITRE Caldera Schedule Operation
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Operation Obfuscator
MITRE Caldera Operation Auto Close
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation ID
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Group	Which collection of agents to run against.
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation Objective ID
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Operation Name
MITRE Caldera Delete Operation
MITRE Caldera Operation Planner ID
MITRE Caldera Operation Autonomy
MITRE Caldera Schedule Date Time
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Operation State	State of the operation

Incident Types

Name	Description
Caldera Operation

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Layouts

Name	Description
Caldera Operation

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Automations

Name	Description
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera.
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaReadOnlyFields	Prevents specific fields from being set manually.
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera

Incident Fields

Name	Description
MITRE Caldera Operation ID
MITRE Caldera Operation Group	Which collection of agents to run against.
MITRE Caldera Operation Auto Close
MITRE Caldera Operation Autonomy
MITRE Caldera Operation Objective ID
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Planner ID
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation State	State of the operation
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Schedule Date Time
MITRE Caldera Operation Source ID
MITRE Caldera Operation Name
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation Obfuscator
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Schedule Operation
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Delete Operation

Incident Types

Name	Description
Caldera Operation

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.0.12 - 7101393 (February 10, 2026)

Integrations

MitreCaldera

Fixed a mismatch in the atomic_ordering argument name in the caldera-create-adversary command.

Related pull requests:
- 42947
- 43021

Download

1.0.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.0.10 - 4847835 (September 11, 2025)

Integrations

MitreCaldera

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Scripts

CalderaPopulateAdversaryIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaReadOnlyFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateObjectiveIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaGetOperationReport

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaOperationPostProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulatePlannerIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateSourceIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaStartOperation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateAgents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateEventLogs

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.0.9 - R3414854 (May 15, 2025)

Integrations

MitreCaldera

Metadata and documentation improvements.

Scripts

CalderaPopulateAdversaryIDField

Metadata and documentation improvements.

CalderaPopulateSourceIDField

Metadata and documentation improvements.

CalderaStartOperation

Metadata and documentation improvements.

CalderaOperationPostProcessing

Metadata and documentation improvements.

CalderaReadOnlyFields

Metadata and documentation improvements.

CalderaPopulatePlannerIDField

Metadata and documentation improvements.

CalderaPopulateEventLogs

Metadata and documentation improvements.

CalderaPopulateObjectiveIDField

Metadata and documentation improvements.

CalderaGetOperationReport

Metadata and documentation improvements.

CalderaPopulateAgents

Metadata and documentation improvements.

Related pull requests:
- 39225

Download

1.0.8 - R2989425 (March 26, 2025)

Scripts

CalderaPopulateAgents

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38061

Download

1.0.12 - 7101393 (February 10, 2026)

Integrations

MitreCaldera

Fixed a mismatch in the atomic_ordering argument name in the caldera-create-adversary command.

Related pull requests:
- 42947
- 43021

Download

1.0.11 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.0.10 - 4847835 (September 11, 2025)

Integrations

MitreCaldera

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Scripts

CalderaPopulateAdversaryIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaReadOnlyFields

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateObjectiveIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaGetOperationReport

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaOperationPostProcessing

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulatePlannerIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateSourceIDField

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaStartOperation

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateAgents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

CalderaPopulateEventLogs

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41193

Download

1.0.9 - R3414854 (May 15, 2025)

Integrations

MitreCaldera

Metadata and documentation improvements.

Scripts

CalderaPopulateAdversaryIDField

Metadata and documentation improvements.

CalderaPopulateSourceIDField

Metadata and documentation improvements.

CalderaStartOperation

Metadata and documentation improvements.

CalderaOperationPostProcessing

Metadata and documentation improvements.

CalderaReadOnlyFields

Metadata and documentation improvements.

CalderaPopulatePlannerIDField

Metadata and documentation improvements.

CalderaPopulateEventLogs

Metadata and documentation improvements.

CalderaPopulateObjectiveIDField

Metadata and documentation improvements.

CalderaGetOperationReport

Metadata and documentation improvements.

CalderaPopulateAgents

Metadata and documentation improvements.

Related pull requests:
- 39225

Download

1.0.8 - R2989425 (March 26, 2025)

Scripts

CalderaPopulateAgents

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38061

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	July 21, 2022
Last Release	February 10, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.