MITRE Caldera
Overview
The MITRE Caldera Pack provides an integration for the v4.0.0 of the MITRE Caldera API and accompanying scripts and playbooks.
MITRE Caldera
- Details
- Content
- Dependencies
- Version History
- Download With Dependencies
Interact with MITRE Caldera via the v2 API.
PUBLISHER
Adam Burt
INFO
| Supported By | Community | |
| Created | July 21, 2022 | |
| Last Release | July 21, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.Integrations
| Name | Description |
|---|---|
| MitreCaldera (Community Contribution) | Mitre Caldera can be used to test endpoint security solutions and assess a network's security posture against the common post-compromise adversarial techniques contained in the ATT&CK model. CALDERA leverages the ATT&CK model to identify and replicate adversary behaviors as if a real intrusion is occurring. |
Automations
| Name | Description |
|---|---|
CalderaPopulateSourceIDField | Populates the Source ID Field with Sources from the MITRE Caldera |
CalderaOperationPostProcessing | Post processing script for MITRE Caldera incidents. |
CalderaPopulateAgents | Populates the agents with agents from the MITRE Caldera |
CalderaPopulateAdversaryIDField | Populates the Adversary ID Field with Adversaries from the MITRE Caldera |
CalderaPopulateObjectiveIDField | Populates the Objective ID Field with Objectives from the MITRE Caldera |
CalderaStartOperation | This script is used in the MITRE Caldera Operation playbook. It will auto-complete the task that waits for a specific date and time for the operation to start. It should not be used manually. |
CalderaPopulateEventLogs | Populates the Event Logs with Event Logs from the MITRE Caldera |
CalderaReadOnlyFields | Prevents specific fields from being set manually. |
CalderaGetOperationReport | Populates the Operation Facts with Facts from the MITRE Caldera |
CalderaPopulatePlannerIDField | Populates the Planner ID Field with Planners from the MITRE Caldera |
Incident Types
| Name | Description |
|---|---|
Caldera Operation |
Playbooks
| Name | Description |
|---|---|
| Caldera Operation | This playbook is used to create a new Operation in Mitre Caldera. |
Layouts
| Name | Description |
|---|---|
Caldera Operation |
Incident Fields
| Name | Description |
|---|---|
MITRE Caldera Operation Host Group | Which Host Group to run against. |
MITRE Caldera Operation State | State of the operation |
MITRE Caldera Operation Visbility | How visible should the operation be to the defense (1-100), default is 51 |
MITRE Caldera Operation Jitter | Jitter is defined as a fraction (default is '2/8') |
MITRE Caldera Operation Autonomy | |
MITRE Caldera Delete Operation | |
MITRE Caldera Operation Group | Which collection of agents to run against. |
MITRE Caldera Operation Name | |
MITRE Caldera Operation Use Learning Parsers | Whether learning parsers are used. |
MITRE Caldera Operation Obfuscator | |
MITRE Caldera Operation Source ID | |
MITRE Caldera Schedule Date Time | |
MITRE Caldera Operation Objective ID | |
MITRE Caldera Operation ID | |
MITRE Caldera Schedule Operation | |
MITRE Caldera Operation Auto Close | |
MITRE Caldera Schedule Date Time SLA | |
MITRE Caldera Operation Adversary ID | |
MITRE Caldera Operation Planner ID |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
1.0.0 - 3775849 (July 21, 2022)
Interact with MITRE Caldera via the v2 API.