MITRE Caldera
Overview
The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.
MITRE Caldera
- Details
- Content
- Dependencies
- Version History
Interact with MITRE Caldera via the v2 API.
MITRE Caldera
Overview
The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.
Automations
| Name | Description |
|---|---|
CalderaPopulateSourceIDField | Populates the Source ID Field with Sources from the MITRE Caldera |
CalderaStartOperation | This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually. |
CalderaPopulateAgents | Populates the agents with agents from the MITRE Caldera. |
CalderaPopulatePlannerIDField | Populates the Planner ID Field with Planners from the MITRE Caldera |
CalderaOperationPostProcessing | Post processing script for MITRE Caldera incidents. |
CalderaPopulateObjectiveIDField | Populates the Objective ID Field with Objectives from the MITRE Caldera |
CalderaGetOperationReport | Populates the Operation Facts with Facts from the MITRE Caldera |
CalderaReadOnlyFields | Prevents specific fields from being set manually. |
CalderaPopulateEventLogs | Populates the Event Logs with Event Logs from the MITRE Caldera |
CalderaPopulateAdversaryIDField | Populates the Adversary ID Field with Adversaries from the MITRE Caldera |
Incident Fields
| Name | Description |
|---|---|
MITRE Caldera Operation Source ID | |
MITRE Caldera Operation Group | Which collection of agents to run against. |
MITRE Caldera Schedule Date Time | |
MITRE Caldera Operation Jitter | Jitter is defined as a fraction (default is '2/8') |
MITRE Caldera Operation Name | |
MITRE Caldera Operation Host Group | Which Host Group to run against. |
MITRE Caldera Operation Auto Close | |
MITRE Caldera Operation ID | |
MITRE Caldera Operation Autonomy | |
MITRE Caldera Delete Operation | |
MITRE Caldera Operation Visbility | How visible should the operation be to the defense (1-100), default is 51 |
MITRE Caldera Operation Use Learning Parsers | Whether learning parsers are used. |
MITRE Caldera Operation Planner ID | |
MITRE Caldera Operation Adversary ID | |
MITRE Caldera Schedule Operation | |
MITRE Caldera Operation Objective ID | |
MITRE Caldera Schedule Date Time SLA | |
MITRE Caldera Operation Obfuscator | |
MITRE Caldera Operation State | State of the operation |
Incident Types
| Name | Description |
|---|---|
Caldera Operation |
Integrations
| Name | Description |
|---|---|
| MitreCaldera (Community Contribution) | Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring. |
Layouts
| Name | Description |
|---|---|
Caldera Operation |
Playbooks
| Name | Description |
|---|---|
| Caldera Operation | This playbook is used to create a new Operation in Mitre Caldera. |
Automations
| Name | Description |
|---|---|
CalderaReadOnlyFields | Prevents specific fields from being set manually. |
CalderaPopulateEventLogs | Populates the Event Logs with Event Logs from the MITRE Caldera |
CalderaStartOperation | This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually. |
CalderaOperationPostProcessing | Post processing script for MITRE Caldera incidents. |
CalderaPopulatePlannerIDField | Populates the Planner ID Field with Planners from the MITRE Caldera |
CalderaPopulateAgents | Populates the agents with agents from the MITRE Caldera. |
CalderaPopulateObjectiveIDField | Populates the Objective ID Field with Objectives from the MITRE Caldera |
CalderaPopulateSourceIDField | Populates the Source ID Field with Sources from the MITRE Caldera |
CalderaPopulateAdversaryIDField | Populates the Adversary ID Field with Adversaries from the MITRE Caldera |
CalderaGetOperationReport | Populates the Operation Facts with Facts from the MITRE Caldera |
Incident Fields
| Name | Description |
|---|---|
MITRE Caldera Schedule Operation | |
MITRE Caldera Operation Planner ID | |
MITRE Caldera Operation Objective ID | |
MITRE Caldera Operation Adversary ID | |
MITRE Caldera Operation Group | Which collection of agents to run against. |
MITRE Caldera Schedule Date Time SLA | |
MITRE Caldera Operation Visbility | How visible should the operation be to the defense (1-100), default is 51 |
MITRE Caldera Operation ID | |
MITRE Caldera Operation State | State of the operation |
MITRE Caldera Operation Auto Close | |
MITRE Caldera Operation Jitter | Jitter is defined as a fraction (default is '2/8') |
MITRE Caldera Delete Operation | |
MITRE Caldera Operation Source ID | |
MITRE Caldera Operation Name | |
MITRE Caldera Schedule Date Time | |
MITRE Caldera Operation Autonomy | |
MITRE Caldera Operation Use Learning Parsers | Whether learning parsers are used. |
MITRE Caldera Operation Obfuscator | |
MITRE Caldera Operation Host Group | Which Host Group to run against. |
Incident Types
| Name | Description |
|---|---|
Caldera Operation |
Integrations
| Name | Description |
|---|---|
| MitreCaldera (Community Contribution) | Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring. |
Playbooks
| Name | Description |
|---|---|
| Caldera Operation | This playbook is used to create a new Operation in Mitre Caldera. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Filters And Transformers | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (2)
| Pack Name | Pack By |
|---|---|
| Filters And Transformers | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.0.9 - R3414854 (May 15, 2025)
- 39225
Download
Integrations
MitreCaldera
- Metadata and documentation improvements.
Scripts
CalderaPopulateAdversaryIDField
- Metadata and documentation improvements.
CalderaPopulateSourceIDField
- Metadata and documentation improvements.
CalderaStartOperation
- Metadata and documentation improvements.
CalderaOperationPostProcessing
- Metadata and documentation improvements.
CalderaReadOnlyFields
- Metadata and documentation improvements.
CalderaPopulatePlannerIDField
- Metadata and documentation improvements.
CalderaPopulateEventLogs
- Metadata and documentation improvements.
CalderaPopulateObjectiveIDField
- Metadata and documentation improvements.
CalderaGetOperationReport
- Metadata and documentation improvements.
CalderaPopulateAgents
- Metadata and documentation improvements.
- 39225
Download
1.0.7 - 1809308 (December 15, 2024)
- 37567
- 37564
- 37565
Download
Integrations
MitreCaldera
- Updated the Docker image to: demisto/python3:3.11.10.115186.
Scripts
CalderaOperationPostProcessing
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulatePlannerIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaGetOperationReport
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateObjectiveIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateEventLogs
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaStartOperation
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateAgents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateAdversaryIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaReadOnlyFields
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateSourceIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37567
- 37564
- 37565
Download
1.0.5 - 1162940 (July 9, 2024)
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251
Download
Integrations
MitreCaldera
- Updated the Docker image to: demisto/python3:3.10.14.100715.
Scripts
CalderaStartOperation
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateAgents
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateObjectiveIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaGetOperationReport
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaOperationPostProcessing
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaReadOnlyFields
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateAdversaryIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateSourceIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateEventLogs
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulatePlannerIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251
Download
1.0.9 - R3414854 (May 15, 2025)
- 39225
Download
Integrations
MitreCaldera
- Metadata and documentation improvements.
Scripts
CalderaPopulateAdversaryIDField
- Metadata and documentation improvements.
CalderaPopulateSourceIDField
- Metadata and documentation improvements.
CalderaStartOperation
- Metadata and documentation improvements.
CalderaOperationPostProcessing
- Metadata and documentation improvements.
CalderaReadOnlyFields
- Metadata and documentation improvements.
CalderaPopulatePlannerIDField
- Metadata and documentation improvements.
CalderaPopulateEventLogs
- Metadata and documentation improvements.
CalderaPopulateObjectiveIDField
- Metadata and documentation improvements.
CalderaGetOperationReport
- Metadata and documentation improvements.
CalderaPopulateAgents
- Metadata and documentation improvements.
- 39225
Download
1.0.7 - 1809308 (December 15, 2024)
- 37567
- 37564
- 37565
Download
Integrations
MitreCaldera
- Updated the Docker image to: demisto/python3:3.11.10.115186.
Scripts
CalderaOperationPostProcessing
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulatePlannerIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaGetOperationReport
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateObjectiveIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateEventLogs
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaStartOperation
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateAgents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateAdversaryIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaReadOnlyFields
- Updated the Docker image to: demisto/python3:3.11.10.115186.
CalderaPopulateSourceIDField
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37567
- 37564
- 37565
Download
1.0.5 - 1162940 (July 9, 2024)
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251
Download
Integrations
MitreCaldera
- Updated the Docker image to: demisto/python3:3.10.14.100715.
Scripts
CalderaStartOperation
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateAgents
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateObjectiveIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaGetOperationReport
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaOperationPostProcessing
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaReadOnlyFields
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateAdversaryIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateSourceIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulateEventLogs
- Updated the Docker image to: demisto/python3:3.10.14.100715.
CalderaPopulatePlannerIDField
- Updated the Docker image to: demisto/python3:3.10.14.100715.
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | July 21, 2022 | |
| Last Release | May 15, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
