Skip to content

Importing

To support interoperability between PurpleOps instances and open-source frameworks, the following assessment import methods are supported.

Note

Only Admin and Red users can perform these functions.

Testcase(s) from Template

Opens a modal table populated with testcases from Atomic Red Team and any provided custom templates as specified in configuration.

Mitre ATT&CK Navigator Layer

Imports testcases from MITRE ATT&CK Navigator exports (layer controls --> download layer as json). This allows for the speedy creation of assessments based on e.g. a given threat actor. For instance, to create a PurpleOps assessment based off the Lazarus Group:

  1. Visit the MITRE ATT&CK Navigator
    1. Create New Layer --> Create a new empty layer --> Enterprise
    2. selection controls --> search & multiselect
    3. Threat Groups --> Lazarus Group --> select
    4. technique controls --> background color --> select color
    5. layer controls --> download layer as json
  2. In PurpleOps
    1. Import --> Mitre ATT&CK Navigator Layer --> Upload .json

Campaign Template

Import a suite of testcases generated using Export --> Campaign Template.

Entire Assessment

Imports an entire assessment generated using Export --> Entire Assessment, populating:

  • Assessment metadata (e.g. name and description)
  • Testcases
  • Testcase data
  • Evidence files

Allows for full portability between PurpleOps instances!