Skip to main content
Adversary EmulationAdversary Emulation

Adversary Emulation

Ready-to-go labs to strengthen your defense

Getting startedFeaturesContact us

Case Studies

Customizing nodes of a lab

This tutorial aims at customizing nodes of a running lab by installing softwares or uploading data.

Testing DFIR artifact collection tooling

This case study focuses on testing forensic tools and procedures for DFIR (Digital Forensics and Incident Response) activities.

SOC analyst training with M&NTIS Platform

This tutorial outlines the process for implementing Labs to train SOC analysts using the M&NTIS Platform.

Monitoring and Integrations

Auditbeat

Auditbeat is the Elastic's agent for monitoring audit logs on Linux.

Filebeat

Filebeat is an agent conceived by Elastic in order to generate application logs.

Winlogbeat

Winlogbeat is an agent conceived by Elastic in order to transfer Windows Events logs.

Sysmon

Sysmon is a Windows system service that remains resident between system reboots to monitor and log system activity to the Windows event log.

Microsoft Azure

Azure Cloud is the Microsoft's SIEM for log gathering and analysis where the Azure Monitor Agent sends its logs.

Harfanglab

This EDR works on both Windows and Linux. Agents communicate with a external pre-configured Hurukai SIEM.

SentinelOne

This EDR works on both Windows and Linux. Agents communicate only with a external proprietary management console.

Wazuh

This Open Source EDR works on both Windows And Linux. Agents communicate with a proprietary management console embedded in the lab.

Suricata

The Suricata network probe is integrated in the M&NTIS platform. It aims at detecting network attacks based on signatures.

Elastic Cloud

Elastic Cloud is a SIEM accessible in the Cloud. It is able to retrieve logs from the Logstash component.

Logstash

Logstash is a log collector used to transform, store or pass the logs it recveives.

Sekoia

This SIEM receives logs from configured log collectors inside the lab, and can triggers alerts depending on a catalog of detection rules.

Splunk

This SIEM receives logs from the Logstash component.

Collaborative embedded tools

Grist

Grist is a flexible tool that blends spreadsheets and databases for custom data management.

Etherpad

Etherpad is an open-source web-based tool for real-time collaborative text editing.

MISP

MISP is an open-source platform for sharing, storing, and correlating threat intelligence.

Openfire

Openfire is an open-source XMPP server for real-time messaging and group chat.

Copyright © 2025 AMOSSYS