Skip to content

SnapAttack Documentation

Why SnapAttack?

We believe cybersecurity is only as strong as the weakest link. Only by working together can we collectively gather enough information to prevent attacks and stay on top of new ones. By bridging the actions of red teams and blue teams, we can create a collaborative purple team at community scale. SnapAttack is created to lower the barrier to entry such that anyone can contribute, collaborate, use, hunt, simulate, deploy, emulate, and validate behavioral detections in their network using an intuitive graphical user interface, machine-based scoring, and integrations. Ultimately, our platform is centered around a library of vendor-neutral behavioral detections and threat data married together in such a way that detections are validated against true-positive attacks for confidence in functionality and visibility into threat coverage.

The community edition of our platform will forever be free (as in beer), as well as any content generated by the community. It has been said that "a rising tide lifts all boats", and we hope to help improve the security of the community at large.

Community Features

The community edition of our platform is currently in read-only mode. We've included many of the Atomic Red Team attacks and the Sigma community detections. There are also samples of subscription content. You can review the searching and filtering documentation to help find interesting, relevant content in the platform.

Community Contributors

It is our long-term goal to be the platform for sharing intelligence, threat and detection data, and we intend to make that process easy and allow anyone to contribute content. In the short-term, we are limiting contributor access to vetted individuals who will use the platform and provide feedback before we release general availability to the entire community. You can request contributor access here. Contributors have the ability to create intelligence, threats, and detections in the platform.

Community Edition vs. Enterprise Edition

The community edition of SnapAttack is intended to make creating and sharing threat and detection data easier. In the full community edition, users will be able to add their own captured threats and create new detections. Organizations may use the community edition free of charge to defend their networks. However, organizations looking to take their security to the next level may consider the enterprise edition of SnapAttack, which includes additional features such as: - One click integrations and deployments with SIEMs, EDRs, and other security tools - Ability to simulate attacks in your network to validate deployed detections - Measuring the detection confidence in your environment, versus the generalized confidence level shared with the community, and being able to tune for false positives to improve confidence - Advanced reporting options to measure and track detection coverage and team progress - Ability to create private content (intelligence, threats, and detections) viewable only within your organization

Contact us to schedule a demo or setup a POC for your organization.