Exploitation Visibility
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
Describe expected attack signals in YAML scenarios (e.g. what events should fire when a brute-force or privilege-escalation runs), feed in collected logs, and the tool reports which signals were covered and which are missing. Outputs include a coverage report, gap score per missing signal, and an analyst triage handoff prioritized by impact.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Rule Tuning LabSecurity project· Demo ready
Detection tuning lab — measures false-positive rate, precision, and noise grade per detection rule, then suggests tuning improvements based on labeled log samples.
- SOC Simulation LabSecurity project· Demo ready
End-to-end SOC workflow simulator — maps attack scenarios to collected logs, runs detections, identifies visibility gaps to practice analyst triage and detection engineering.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- Custom IDS ScriptSecurity project· Demo ready
Lightweight rule-based Linux intrusion detection — evaluates YAML rules against auth.log, syslog, and shell history to emit terminal, Markdown, and JSON alerts.
Want a heads-up when Exploitation Visibility releases?