|
|
|
|
|
|
by _8j50
1194 days ago
|
|
|
Yeah, very unusual. Purpleteam is usually over some prod or prod-like environment. I think they want you to put this in your purpleteam lab not as your actual defensive stack. Might work for some folks but imo, the logging/detection/alerting part should alway be your actual prod stack but you can simulate attacks in a lab environment. What I have seen in the industry at large is a lot of purpleteam excercises are done in production, a red team excercise blended with a blue team investigation and response. |
|
|