MITRE Caldera.

An open-source adversary emulation platform from MITRE that automates the execution of ATT&CK techniques against a target environment via lightweight agents, supporting red-team operations and detection-engineering exercises. 它属于网络安全的 防御与运营 分类。

An open-source adversary emulation platform from MITRE that automates the execution of ATT&CK techniques against a target environment via lightweight agents, supporting red-team operations and detection-engineering exercises.

MITRE Caldera is an open-source automated adversary emulation framework first released by MITRE in 2017. It pairs lightweight agents (Sandcat for Windows/macOS/Linux, plus protocol-specific implants) with a central server that schedules and orchestrates ATT&CK-mapped techniques as 'abilities' grouped into 'adversaries' (playbooks). Operators can launch a known threat profile — for example an APT29 emulation, a ransomware-precursor chain, or a custom plan — and watch ATT&CK techniques execute against agents in a lab or production environment, with results scored and exported. Caldera plug-ins extend it with Atomic Red Team integration, training plug-ins, and specific-OS modules. Compared to commercial breach-and-attack-simulation platforms, Caldera is free, ATT&CK-native, and scriptable, making it the default open-source choice for purple-team exercises, SIEM detection validation, and EDR coverage testing. The project ships ready-made adversary profiles that map to specific ATT&CK techniques and procedures, so defenders can verify detections against a documented threat model.

针对 MITRE Caldera 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: MITRE Caldera, Caldera framework。