CYBER LAB & THREAT RANGE
NODE INTEL REPORT
Select any network node on the topology grid map to query active syslog payloads, host classifications, and detection rule triggers.
Waiting for node telemetry link selection...
LOG INGESTION & PIPELINE STAGES
Audit events generated via Windows Sysmon (Event ID 1: Process Creation, ID 11: File Creation) and Linux Auditd/Syslogs.
Lightweight agents forward compressed events securely to central logging cluster indices over SSL port 9997.
Indices parse RAW payloads, normalise headers into consistent mappings, and extract key fields (IP, User, Hashes).
Alerting engines monitor index activities. Correlated patterns (e.g. Brute force followed by admin login) trigger Slack/Jira notifications.
MITRE ATT&CK ALIGNED PROTECTION MATRIX
Tactical detection rules implemented in Sanjay's laboratory to identify known threat actor techniques.
| Initial Access | Execution | Persistence | Credential Access | Lateral Movement | Command & Control |
|---|---|---|---|---|---|
| T1190 Exploit Public App |
T1059 Command Shells |
T1543 Create System Service |
T1110 Brute Force |
T1021 Remote Services |
T1071 Application Protocol |
| T1566 Phishing Ingress |
T1204 User Execution |
T1098 Account Manipulation |
T1003 LSASS Dumping |
T1550 Use Alternate Token |
T1573 Encrypted Channel |