About This Tool

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Primary Use Case

This tool is used by Red Teams to create decoy incidents and distractions during engagements, by Blue Teams to convert tabletop exercises into realistic, automated live-fire drills, and by Purple Teams to methodically test and map sensor and alerting capabilities. It enables scalable, repeatable, and distributed security event simulations that generate network and filesystem artifacts to train and evaluate security operations.

Key Features

Modular and menu-driven interface for easy event chain creation

Cross-platform support for broad deployment

Time-delayed and distributed execution of custom security event sequences

Dynamic extensibility via custom Fire modules

Supports creation of decoys, distractions, and lures for Red Team operations

Enables realistic Blue Team and Purple Team drills with sensor and alert mapping

Generates network and filesystem artifacts to simulate real incidents

Date-time stamped event logging for coordination and tracking

Insights & Recommendations

Users should ensure compatibility with Python versions as the project was migrating to Python3 as of mid-2020. Proper coordination between Red and Blue teams is recommended to avoid unintended disruptions. The tool is ideal for controlled environments and pre-approved exercises to prevent accidental impact on production systems.

Installation

Clone the repository from GitHub: git clone https://github.com/TryCatchHCF/DumpsterFire.git
Navigate into the DumpsterFire directory
Run the tool using the provided Python scripts (note: migration to Python3 was planned as of 2020)
Add custom Fire modules by placing them into the FireModules directory
Start DumpsterFire and use the menu-driven interface to create and run event chains

Usage

Run DumpsterFire main script

Starts the DumpsterFire menu-driven interface for building and executing event chains

Place custom Fire modules in FireModules directory

Adds new event modules that DumpsterFire auto-detects and makes available at startup

Trigger DumpsterFire events immediately or schedule with date-time triggers

Executes the created security incident simulations either on demand or at a specified future time

Smart Usage Notes

Integrate DumpsterFire with SIEM and SOAR platforms to automate incident simulation and response validation.Use DumpsterFire to create realistic decoy incidents that can distract and mislead adversaries during Red Team engagements.Leverage the tool to convert tabletop exercises into live-fire drills, enhancing Blue Team readiness and alert validation.Develop custom Fire modules to simulate emerging threats and test sensor coverage dynamically.Schedule distributed, time-delayed event chains to continuously test detection and response capabilities without manual intervention.

OpenSec Atlas

DumpsterFire