MITRE Caldera.

An open-source adversary emulation platform from MITRE that automates the execution of ATT&CK techniques against a target environment via lightweight agents, supporting red-team operations and detection-engineering exercises. It belongs to the Defense & Operations category of cybersecurity.

An open-source adversary emulation platform from MITRE that automates the execution of ATT&CK techniques against a target environment via lightweight agents, supporting red-team operations and detection-engineering exercises.

MITRE Caldera is an open-source automated adversary emulation framework first released by MITRE in 2017. It pairs lightweight agents (Sandcat for Windows/macOS/Linux, plus protocol-specific implants) with a central server that schedules and orchestrates ATT&CK-mapped techniques as 'abilities' grouped into 'adversaries' (playbooks). Operators can launch a known threat profile — for example an APT29 emulation, a ransomware-precursor chain, or a custom plan — and watch ATT&CK techniques execute against agents in a lab or production environment, with results scored and exported. Caldera plug-ins extend it with Atomic Red Team integration, training plug-ins, and specific-OS modules. Compared to commercial breach-and-attack-simulation platforms, Caldera is free, ATT&CK-native, and scriptable, making it the default open-source choice for purple-team exercises, SIEM detection validation, and EDR coverage testing. The project ships ready-made adversary profiles that map to specific ATT&CK techniques and procedures, so defenders can verify detections against a documented threat model.

Defences for MITRE Caldera typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: MITRE Caldera, Caldera framework.