MITRE Caldera
Caldera is an automated adversary emulation platform built on the MITRE ATT&CK framework. Use it to run simulated attacks against your lab, test detection coverage, and validate response playbooks.
Caldera is resource-intensive. The ATT&CK knowledge base (Stockpile and Atomic plugins) takes 5–15 minutes to fully load on first boot. The environment health check waits for this to complete before marking the tool as healthy.
Access
URL:
https://caldera.<env-name>.ops.aithroyz.comDefault credentials: Shown in Environments detail page. Admin + operator users are created automatically.
Running your first operation
1
Deploy an agent
Go to Caldera → Agents → click the deployment icon. Copy the one-liner for your target OS (Linux/Windows/macOS) and run it on an endpoint within the environment network.
2
Create an adversary
Go to Adversaries → New Adversary. Add ATT&CK techniques from the library — or use a built-in profile like "discovery" or "lateral movement".
3
Create and run an operation
Go to Operations → New Operation. Select your adversary, target group, and planner. Click Start. Caldera executes each technique and logs results.
4
Review results in Elastic
If Elastic Stack is deployed alongside Caldera, technique executions generate events in Kibana. Compare what Caldera did vs what Wazuh/Elastic detected.
⚠
Caldera runs real attack techniques. Only deploy agents to hosts you own and that are isolated from production networks. The Aithroyz VPC is isolated by default — never install a Caldera agent on a machine outside the environment unless you're intentionally doing red team exercises.