Skip to content

Exporting

To support the widest array of interoperability and consumability of engagement data, PurpleOps supports the following import functions.

Note

All roles have access, however exports invoked from a blue user only include visible testcases.

Results as JSON

Downloads an assessment.json file contining all assessment testcase data, but lacks assessment metadata (e.g. name and description) and evidence files.

Results as CSV

Downloads an assessment.csv file contining all assessment testcase data, but lacks assessment metadata (e.g. name and description) and evidence files.

Campaign Template

Downloads a campaign.json file to export the current set of testcases as a template for future assessments, importable later via Import --> Campaign Template. Only limited fields are copied across:

[
    {
        "mitreid": "T1003.001",
        "tactic": "Credential Access",
        "name": "Extract LSASS memory using Mimikatz",
        "objective": "Obtain LSASS process memory for credential retrieval",
        "actions": "mimikatz \"privilege::debug\" \"sekurlsa::logonpasswords\" exit",
        "tools": [
            "mimikatz"
        ],
        "tags": [
            "Conti",
            "Local Admin"
        ]
    }
    ...
]

Testcase Templates

Downloads a testcases.json file to export the current set of testcases as templates to be made available via Import --> Testcase(s) from Template. See configuration. Similar to the Campaign Template output but adds a provider field for you to populate attribution for the Src field in the Import --> Testcase(s) from Template. E.g. all Atomic Red Team testcase templates (imported by default) have the provider field set to ART.

Mitre ATT&CK Navigator Layer

Downloads a navigator.json file to export the current set of testcases in a format compatible with MITRE ATT&CK Navigator (Open Existing Layer --> Import from local). Alternatively, use the in-built ATT&CK Navigator viewer via the ATT&CK Navigator button.

Generate Report

Populates testcase data into a JINJA2 .docx template file before downloading the generated .docx report. See reporting.

Entire Assessment

Downloads an assessment.zip file containing:

  • meta.json - Contains assessment metadata (name, description and created date)
  • export.json
  • export.csv
  • campaign.json
  • testcases.json
  • <TESTCASEID>/...
    • <evidence>.png...