Posted by: kurtsh | June 2, 2021

RELEASE: SimuLand to enable customers to repro/test of attack scenarios

To help the broader security community go beyond alerts and detections to:

  • understand the underlying attack behaviors and technical implementation of adversary techniques
  • better respond to investigations of related attacks

Microsoft is releasing SimuLand.


SimuLand is an open-source initiative by Microsoft to help security researchers around the world deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify the effectiveness of related Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.

These lab environments will provide use cases from a variety of data sources including telemetry from  Microsoft 365 Defender security products, Azure Defender, and other integrated data sources through Azure Sentinel data connectors.


%d bloggers like this: