MITRE Caldera

Details
Content
Dependencies
Version History

Interact with MITRE Caldera via the v2 API.

MITRE Caldera

Overview

The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.

MITRE Caldera

Overview

The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.

Automations

Name	Description
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaReadOnlyFields	Prevents specific fields from being set manually.

Incident Fields

Name	Description
MITRE Caldera Operation ID
MITRE Caldera Operation Name
MITRE Caldera Operation State	State of the operation
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Group	Which collection of agents to run against.
MITRE Caldera Operation Source ID
MITRE Caldera Schedule Operation
MITRE Caldera Schedule Date Time
MITRE Caldera Operation Obfuscator
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Operation Autonomy
MITRE Caldera Operation Objective ID
MITRE Caldera Delete Operation
MITRE Caldera Operation Planner ID
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation Auto Close

Incident Types

Name	Description
Caldera Operation

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Layouts

Name	Description
Caldera Operation

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Automations

Name	Description
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera
CalderaReadOnlyFields	Prevents specific fields from being set manually.
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera

Incident Fields

Name	Description
MITRE Caldera Operation Name
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Source ID
MITRE Caldera Operation ID
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Operation Obfuscator
MITRE Caldera Operation State	State of the operation
MITRE Caldera Schedule Date Time
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Operation Autonomy
MITRE Caldera Operation Objective ID
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Schedule Operation
MITRE Caldera Operation Planner ID
MITRE Caldera Operation Auto Close
MITRE Caldera Delete Operation
MITRE Caldera Operation Group	Which collection of agents to run against.

Incident Types

Name	Description
Caldera Operation

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.0.6 - 1403239 (September 18, 2024)

Integrations

MitreCaldera

Added fetching mechanism for operations

Related pull requests:
- 36308
- 36383

Download

1.0.5 - 1162940 (July 9, 2024)

Integrations

MitreCaldera

Updated the Docker image to: demisto/python3:3.10.14.100715.

Scripts

CalderaStartOperation

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulateAgents

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulateObjectiveIDField

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaGetOperationReport

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaOperationPostProcessing

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaReadOnlyFields

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulateAdversaryIDField

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulateSourceIDField

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulateEventLogs

Updated the Docker image to: demisto/python3:3.10.14.100715.

CalderaPopulatePlannerIDField

Updated the Docker image to: demisto/python3:3.10.14.100715.

Related pull requests:
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251

Download

1.0.4 - R5866730 (July 25, 2023)

Scripts

CalderaPopulateEventLogs

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaGetOperationReport

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaPopulatePlannerIDField

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaPopulateAdversaryIDField

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaStartOperation

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaOperationPostProcessing

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaPopulateAgents

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaReadOnlyFields

Updated the Docker image to: demisto/python3:3.10.12.63474.

CalderaPopulateObjectiveIDField

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28182

Download

1.0.3 - 5760561 (July 13, 2023)

Scripts

CalderaPopulateSourceIDField

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28130

Download

1.0.2 - R5692327 (July 5, 2023)

Integrations

MitreCaldera

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	July 21, 2022
Last Release	September 18, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.