Exporting¶
To support the widest array of interoperability and consumability of engagement data, PurpleOps supports the following import functions.
Note
All roles have access, however exports invoked from a blue user only include visible testcases.
Results as JSON¶
Downloads an assessment.json file contining all assessment testcase data, but lacks assessment metadata (e.g. name and description) and evidence files.
Results as CSV¶
Downloads an assessment.csv file contining all assessment testcase data, but lacks assessment metadata (e.g. name and description) and evidence files.
Campaign Template¶
Downloads a campaign.json file to export the current set of testcases as a template for future assessments, importable later via Import --> Campaign Template. Only limited fields are copied across:
[
{
"mitreid": "T1003.001",
"tactic": "Credential Access",
"name": "Extract LSASS memory using Mimikatz",
"objective": "Obtain LSASS process memory for credential retrieval",
"actions": "mimikatz \"privilege::debug\" \"sekurlsa::logonpasswords\" exit",
"tools": [
"mimikatz"
],
"tags": [
"Conti",
"Local Admin"
]
}
...
]
Testcase Templates¶
Downloads a testcases.json file to export the current set of testcases as templates to be made available via Import --> Testcase(s) from Template. See configuration. Similar to the Campaign Template output but adds a provider field for you to populate attribution for the Src field in the Import --> Testcase(s) from Template. E.g. all Atomic Red Team testcase templates (imported by default) have the provider field set to ART.
Mitre ATT&CK Navigator Layer¶
Downloads a navigator.json file to export the current set of testcases in a format compatible with MITRE ATT&CK Navigator (Open Existing Layer --> Import from local). Alternatively, use the in-built ATT&CK Navigator viewer via the ATT&CK Navigator button.
Generate Report¶
Populates testcase data into a JINJA2 .docx template file before downloading the generated .docx report. See reporting.
Entire Assessment¶
Downloads an assessment.zip file containing:
meta.json- Contains assessment metadata (name,descriptionandcreateddate)export.jsonexport.csvcampaign.jsontestcases.json<TESTCASEID>/...<evidence>.png...