SnapAttack: Purple Team Security Platform

Staying Ahead of the Threat

Centralize Offensive Tradecraft 

Capture and organize the latest adversary tradecraft – from your own internal threat data or our ever-growing attack database – in an easily digestible and actionable way. Gain confidence in your organization's ability to prepare for, prevent, and detect emerging threats. 

Improve Detection with Your Existing Tools 

Use our advanced analytic builder to create, test, and deploy quality behavioral analytics for your existing security tools. Reduce the time and skill level needed to create new detection logic that has higher confidence and lower false positives, and is more robust to attack variants.

Measure and Reduce Risk 

Validate your security controls—such as antivirus, endpoint detection and response (EDR), and custom security information and event management (SIEM) alerts—against true positive attacks, mapped to the industry-standard MITRE ATT&CK® framework. Track detection coverage and gaps, and prioritize your analytic backlog.


Powerful Features


Test the effectiveness of your organization's defenses and controls against emerging threats. Take action to close gaps and prevent attacks, or create and test behavioral analytics that enable hunt teams and SOC analysts to monitor for them.


Make cyber threat intelligence actionable by identifying specific adversary tactics, techniques, and procedures (TTPs), moving beyond static signatures and indicators of compromise to advanced behavioral detections.


Gain confidence in your organization’s ability to prevent, detect, and respond to true positive attacks in a single database mapped to the MITRE ATT&CK framework.


Create a culture aligned to a collective goal by reducing knowledge silos and process breakdowns that cause friction among teams. Leverage the diversity of a community to create the best-of-breed analytics.


Provide a real-time view of your defensive posture by transitioning from large, infrequent assessments to shorter, iterative cycles with focused objectives.


Designed to seamlessly fit in with your security team’s daily workflows, and complement existing investments in SIEM, EDR, and other security tools.

How It Works

Learn how SnapAttack fits in with your organization

Dashboards that answer the questions you care about

  • Device security settings can be dynamically updated based on evolving needs. 
  • Quickly understand your defensive posture, detection coverage, and gaps.
  • Filter and sort by analytic confidence, attack tactic/technique, threat group, and other criteria.
  • Track inputs from your red team, blue team, and threat intelligence with a single portal.
  • Prioritize your threats by managing your analytic backlog and detection debt.
Screenshot of the SnapAttack user interface

Review event logs and correlate related activity as graphs

  • Perform post-hoc analysis on threats by viewing logs and events stored in Splunk.
  • Jump to a graph view to more easily see relationships and gain context from the data.
  • Quickly understand the prevalence and maliciousness of events with our data science and AI algorithms.
  • Filter by time, prevalence, or maliciousness to remove background noise and unrelated events.
Dashboard screenshot of the SnapAttack platform

A threat library that memorializes offensive tradecraft

  • Emulate adversary activity in a safe, sandboxed environment, without risk to your corporate environment.
  • View captured video, keystrokes, and event logs from attacker and victim machines and share knowledge between team members.
  • Observe analytic hits and labeled attacks overlaid on captured video timeline.
  • Enable red teams to asynchronously share knowledge with blue teams and collaborate on specific attack scenarios.
Screenshot of the SnapAttack user interface
Screenshot of the SnapAttack Analytics dashboard

Simplify security analytic creation, testing, and deployment

  • Use our Analytic IDE to create powerful behavioral analytics in a single, simple interface.
  • Test analytics against true positive data to ensure they will trigger on real attacks.
  • Fine-tune analytics to make them more robust to attack variations, and reduce false positives.
  • Export your analytics to one of the many support security tools including popular EDRs and SIEMs like Carbon Black, CrowdStrike Falcon, FireEye HX and Splunk.

Map attacks and analytics to the MITRE ATT&CK framework

  • View logs and artifacts left behind from specific adversary attack tactics and techniques.
  • Understand your ability to prevent, detect, and respond to threats.
  • Sort and filter by analytic confidence, threat group, or other criteria.
  • Create heat maps to show your strengths and improvement areas.
Screenshot of the SnapAttack user interface

Deployment and Integration

Simplified to keep your security teams focused on the mission

As a cloud-based software as a service (SaaS) platform, SnapAttack is always up to date. New attack techniques and analytics are regularly pushed with your subscription, but advanced teams can harness the full power of the platform to create their own.

Our analytic engine builds upon the open source Sigma project. Leveraging the power of a broader community, we enable users to create and share highly portable, vendor agnostic security analytics that integrate with over 20 of the top SIEMs and EDRs.

Contact Us for A Demo