Question 1

Is this ECS or CEF or both?

Accepted Answer

ECS (Elastic Common Schema) aligned by default — column names match the ECS specification where applicable. CEF mapping available on request for Enterprise tier.

Question 2

Can I tune the attack mix?

Accepted Answer

Yes on Enterprise. Tell us which MITRE techniques you care about most (e.g., heavy on T1110.003 brute force for SAR rule testing) and we deliver a custom variant.

Question 3

Will this train a model that catches real attacks?

Accepted Answer

Synthetic data won't perfectly replicate your production traffic — that's true of every synthetic dataset. What you get is a clean labelled sandbox to iterate on features, rules, and pipelines. Fine-tune on your own labelled incidents when you have them.

Question 4

What sources are included?

Accepted Answer

Authentication (logon events), network (TCP/UDP connections, DNS), web (HTTP requests), file (read/write/delete), process (start/parent). Multi-source unified into one CSV.

Attack logs your SOC can train on.
Without an actual breach.

SOC Event Logs — coming Q3 2026.

Specs

For whom

Attack logs your SOC can train on.Without an actual breach.

SOC Event Logs — coming Q3 2026.

Specs

For whom

Attack logs your SOC can train on.
Without an actual breach.