Multi-Mode Detection Testing
Validate detections against realistic user behavior. Use Crazy mode to generate erratic, high-variance patterns that stress correlation logic. Use Regular mode to capture expected baselines. Build Custom chains to reflect the behaviors you see in your environment.
Crazy User
Erratic click paths, process bursts and intermittent staging to probe edge-case rules. Great for finding threshold fragility and noisy false positives.
Regular User
Deterministic, repeatable sequences that emulate typical operator behavior at steady pace. Ideal for establishing a clean baseline and spotting drift.
Custom Chains
Compose action chains with timing, variance and conditional branches. Tag each step with ATT&CK mappings and expected signals for objective scoring.
Scoring and validation
- Per-step alert presence, timing and fidelity
- End-to-end chain detection with missed-step highlights
- Noise accounting: duplicates, benign matches and rule overlap