Security
AI Purple Team Scenario Creator
Generate comprehensive red-blue collaboration exercises that test detection, response, and remediation capabilities in realistic attack simulations.
#cybersecurity#purple-team#adversary-simulation#mitre-attack#security-training
P
Created by PromptLib Team
Published February 11, 2026
4,166 copies
4.6 rating
You are an elite cybersecurity exercise architect specializing in purple team operations. Create a comprehensive purple team scenario based on the following parameters: **TARGET ENVIRONMENT:** [INDUSTRY] sector organization with [INFRASTRUCTURE_TYPE] infrastructure **THREAT MODEL:** [THREAT_ACTOR_PROFILE] (e.g., APT29, Ransomware-as-a-Service, Insider Threat) **EXERCISE SCOPE:** [SCOPE] (e.g., Initial Access to Domain Compromise, Lateral Movement Detection, Data Exfiltration Prevention) **DIFFICULTY LEVEL:** [DIFFICULTY] (Beginner/Intermediate/Advanced) **COMPLIANCE CONTEXT:** [FRAMEWORK] (e.g., NIST 800-53, MITRE ATT&CK, ISO 27001) Generate a complete purple team exercise containing: ## 1. SCENARIO NARRATIVE - Business context and critical assets at risk - Threat actor motivation and TTPs (Tactics, Techniques, Procedures) - Assumed breach starting point ## 2. RED TEAM PLAYBOOK (Offensive Operations) - Phase-by-phase attack chain mapped to MITRE ATT&CK - Specific tools/commands to be used (simulated or actual safe versions) - Expected dwell time and stealth requirements - Success criteria for red team (flags to capture) ## 3. BLUE TEAM OBJECTIVES (Defensive Operations) - Detection engineering goals (SIEM rules, behavioral analytics) - Incident response milestones (MTTD/MTTR targets) - Containment strategies without business disruption - Threat hunting hypotheses to validate ## 4. PURPLE TEAM COLLABORATION POINTS - Scheduled knowledge transfer sessions during exercise - Assumptions to validate (e.g., 'Can we detect PowerShell obfuscation?') - Real-time feedback mechanisms between red and blue - Kill switches and safety protocols ## 5. TECHNICAL ENVIRONMENT SPECIFICATIONS - Required lab infrastructure (sandboxes, jump boxes, target systems) - Network segmentation details - Logging and monitoring requirements (EDR, NDR, Cloud Trail) - Deconfliction procedures to avoid production impact ## 6. MEASUREMENT & KPIs - Detection coverage metrics (percentage of ATT&CK techniques caught) - Response time benchmarks - False positive/negative rates - Improvement tracking from baseline ## 7. POST-EXERCISE ANALYSIS FRAMEWORK - Hotwash agenda template - Gap analysis structure - Remediation roadmap with priorities - Knowledge base updates required FORMAT REQUIREMENTS: - Use markdown with clear headers - Include specific MITRE ATT&CK technique IDs (T####) - Provide alternative paths for both red and blue based on success/failure - Add 'Instructor Notes' for exercise facilitators - Include 'Go/No-Go' checklist for exercise safety TONE: Professional, technically precise, safety-conscious. Ensure all offensive techniques include corresponding defensive countermeasures.
You are an elite cybersecurity exercise architect specializing in purple team operations. Create a comprehensive purple team scenario based on the following parameters: **TARGET ENVIRONMENT:** [INDUSTRY] sector organization with [INFRASTRUCTURE_TYPE] infrastructure **THREAT MODEL:** [THREAT_ACTOR_PROFILE] (e.g., APT29, Ransomware-as-a-Service, Insider Threat) **EXERCISE SCOPE:** [SCOPE] (e.g., Initial Access to Domain Compromise, Lateral Movement Detection, Data Exfiltration Prevention) **DIFFICULTY LEVEL:** [DIFFICULTY] (Beginner/Intermediate/Advanced) **COMPLIANCE CONTEXT:** [FRAMEWORK] (e.g., NIST 800-53, MITRE ATT&CK, ISO 27001) Generate a complete purple team exercise containing: ## 1. SCENARIO NARRATIVE - Business context and critical assets at risk - Threat actor motivation and TTPs (Tactics, Techniques, Procedures) - Assumed breach starting point ## 2. RED TEAM PLAYBOOK (Offensive Operations) - Phase-by-phase attack chain mapped to MITRE ATT&CK - Specific tools/commands to be used (simulated or actual safe versions) - Expected dwell time and stealth requirements - Success criteria for red team (flags to capture) ## 3. BLUE TEAM OBJECTIVES (Defensive Operations) - Detection engineering goals (SIEM rules, behavioral analytics) - Incident response milestones (MTTD/MTTR targets) - Containment strategies without business disruption - Threat hunting hypotheses to validate ## 4. PURPLE TEAM COLLABORATION POINTS - Scheduled knowledge transfer sessions during exercise - Assumptions to validate (e.g., 'Can we detect PowerShell obfuscation?') - Real-time feedback mechanisms between red and blue - Kill switches and safety protocols ## 5. TECHNICAL ENVIRONMENT SPECIFICATIONS - Required lab infrastructure (sandboxes, jump boxes, target systems) - Network segmentation details - Logging and monitoring requirements (EDR, NDR, Cloud Trail) - Deconfliction procedures to avoid production impact ## 6. MEASUREMENT & KPIs - Detection coverage metrics (percentage of ATT&CK techniques caught) - Response time benchmarks - False positive/negative rates - Improvement tracking from baseline ## 7. POST-EXERCISE ANALYSIS FRAMEWORK - Hotwash agenda template - Gap analysis structure - Remediation roadmap with priorities - Knowledge base updates required FORMAT REQUIREMENTS: - Use markdown with clear headers - Include specific MITRE ATT&CK technique IDs (T####) - Provide alternative paths for both red and blue based on success/failure - Add 'Instructor Notes' for exercise facilitators - Include 'Go/No-Go' checklist for exercise safety TONE: Professional, technically precise, safety-conscious. Ensure all offensive techniques include corresponding defensive countermeasures.
Best Use Cases
Designing quarterly adversary simulation exercises to validate SOC detection capabilities against emerging ransomware tactics
Creating onboarding scenarios for new security analysts to learn both offensive tradecraft and defensive countermeasures simultaneously
Developing compliance validation exercises that map purple team outcomes to NIST Cybersecurity Framework requirements for auditors
Building capture-the-flag (CTF) style training for red and blue teams to compete collaboratively while improving detection engineering
Constructing tabletop scenarios for executive leadership to understand the business impact of specific attack chains and response delays
Frequently Asked Questions
More Like This
Back to LibraryAdvanced Multi-Platform Threat Hunting Query Generator
This prompt helps security analysts, threat hunters, and detection engineers convert vague threat scenarios and IOCs into structured, tiered query sets. It generates platform-specific syntax with performance optimization, false positive handling, and investigation playbooks to accelerate proactive threat detection.
#query-builder#threat-hunting+3
AI ISO 27001 Internal Audit Report Generator
This prompt template enables security professionals and compliance officers to rapidly produce detailed ISO 27001 internal audit reports. It structures findings by control domains, assesses compliance maturity, identifies gaps with risk ratings, and generates prioritized remediation roadmaps aligned with Annex A controls.
#iso 27001#information-security+3
AI SOC2 Non-Conformity Report Generator
This prompt transforms scattered audit findings, system logs, and control test results into comprehensive SOC2 Non-Conformity Reports (NCRs) that meet auditor standards. It structures findings against Trust Services Criteria, assigns severity levels, and generates actionable remediation plans to accelerate your compliance journey.
#soc2#compliance+3
Get This Prompt
FreeQuick Actions
Open in Playground
Estimated time:11 min
Verified by64 experts