From playbooks to simulator scenarios¶

When The Scarlet Semaphore executes an operation, they know exactly what they’re doing and why, or at least they think they do. They do have good visibility into their own actions. They understand their intent, their timing, their tooling. They know which actions are deliberate and which are accidents. They know when they’re succeeding and when they’re improvising.

Defenders have none of this.

Defenders see logs. They see alerts. They see traffic patterns. They see state changes in systems. They don’t see intent. They don’t know whether what they’re observing is attack, misconfiguration, automation failure,

or Tuesday.

The translation challenge
The time compression problem
The visibility problem
The simulation boundary
Creating scenario.yaml
Writing telemetry.py
Writing the scenario README
Red Lantern simulator repository @GitHub

Deploy Bridge-Building™