performing-purple-team-exercise
Installation
SKILL.md
Performing Purple Team Exercise
When to Use
Use this skill when:
- SOC teams need to validate that detection rules actually fire for the threats they target
- Red team assessments produced findings that need translation into detection improvements
- New detection tools or SIEM migrations require validation of detection coverage
- Analyst training requires hands-on experience with real attack techniques and SIEM responses
- Quarterly or semi-annual detection validation cycles are scheduled
Do not use for unannounced red team engagements — purple team exercises require explicit coordination between offensive and defensive teams with real-time collaboration.