Blue Team Actions
Module: mitigation.pyDescription: Modifies the firewall state to drop traffic targeting specific ports on a subnet.
IsolateHost
Module: mitigation.pyDescription: Sets target host status to isolated, dropping all inbound and outbound traffic capabilities.
Remove
Module: mitigation.pyDescription: Resets the compromised state of a target host, terminating executing Red policies on that node.
RestoreFromBackup
Module: mitigation.pyDescription: Reverts target host state vector to baseline initial configuration.
RestoreHost
Module: mitigation.pyDescription: Reverts host status from isolated, re-establishing network connectivity.
SecurityAwarenessTraining
Module: mitigation.pyDescription: Decreases the human_vulnerability_score scalar for all nodes in a target subnet.
DecoyApache / DecoySSHD / DecoyTomcat
Module: deception.pyDescription: Instantiates a decoy service node matching specific port signatures (80, 22, 8080) to intercept discovery requests.
DeployDecoy
Module: deception.pyDescription: Instantiates a generic decoy service node.
DeployHoneytoken
Module: deception.pyDescription: Injects a honeytoken state into a host. Subsequent token extraction actions by Red agents trigger an explicit SIEM event with perfect confidence mapping to the executor's ID.
Module: deception.pyDescription: Alters telemetry states to return falsified observation arrays to Red agent discovery actions.
RotateKerberos
Module: identity.pyDescription: Invalidates existing Domain Controller token arrays globally.
Analyze
Module: analysis.pyDescription: Queries the complete unmasked state of a specific host node.
Monitor
Module: analysis.pyDescription: Increases the SIEM event generation probability scalar for actions executing on a target subnet.