MITRE Caldera

Details
Content
Dependencies
Version History

Interact with MITRE Caldera via the v2 API.

Overview

The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.

Incident Types

Name	Description
Caldera Operation

Layouts

Name	Description
Caldera Operation

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Automations

Name	Description
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera
CalderaReadOnlyFields	Prevents specific fields from being set manually.
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera

Incident Fields

Name	Description
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Delete Operation
MITRE Caldera Operation ID
MITRE Caldera Schedule Date Time
MITRE Caldera Operation Obfuscator
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation Source ID
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Operation Name
MITRE Caldera Operation State	State of the operation
MITRE Caldera Operation Objective ID
MITRE Caldera Operation Group	Which collection of agents to run against.
MITRE Caldera Operation Auto Close
MITRE Caldera Operation Planner ID
MITRE Caldera Schedule Operation
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Autonomy

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Incident Types

Name	Description
Caldera Operation

Playbooks

Name	Description
Caldera Operation	This playbook is used to create a new Operation in Mitre Caldera.

Automations

Name	Description
CalderaStartOperation	This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually.
CalderaPopulateObjectiveIDField	Populates the Objective ID Field with Objectives from the MITRE Caldera
CalderaGetOperationReport	Populates the Operation Facts with Facts from the MITRE Caldera
CalderaPopulatePlannerIDField	Populates the Planner ID Field with Planners from the MITRE Caldera
CalderaPopulateEventLogs	Populates the Event Logs with Event Logs from the MITRE Caldera
CalderaPopulateSourceIDField	Populates the Source ID Field with Sources from the MITRE Caldera
CalderaReadOnlyFields	Prevents specific fields from being set manually.
CalderaOperationPostProcessing	Post processing script for MITRE Caldera incidents.
CalderaPopulateAgents	Populates the agents with agents from the MITRE Caldera
CalderaPopulateAdversaryIDField	Populates the Adversary ID Field with Adversaries from the MITRE Caldera

Incident Fields

Name	Description
MITRE Caldera Operation Use Learning Parsers	Whether learning parsers are used.
MITRE Caldera Delete Operation
MITRE Caldera Operation ID
MITRE Caldera Schedule Date Time
MITRE Caldera Operation Obfuscator
MITRE Caldera Schedule Date Time SLA
MITRE Caldera Operation Adversary ID
MITRE Caldera Operation Source ID
MITRE Caldera Operation Jitter	Jitter is defined as a fraction (default is '2/8')
MITRE Caldera Operation Name
MITRE Caldera Operation State	State of the operation
MITRE Caldera Operation Objective ID
MITRE Caldera Operation Group	Which collection of agents to run against.
MITRE Caldera Operation Auto Close
MITRE Caldera Operation Planner ID
MITRE Caldera Schedule Operation
MITRE Caldera Operation Host Group	Which Host Group to run against.
MITRE Caldera Operation Visbility	How visible should the operation be to the defense (1-100), default is 51
MITRE Caldera Operation Autonomy

Integrations

Name	Description
MitreCaldera (Community Contribution)	Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring.

Pack Name	Pack By
Base	By: Cortex XSOAR

PUBLISHER

Adam Burt

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	July 21, 2022
Last Release	July 21, 2022

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.