incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cyber × Network Fusionextremely-hardBrownout-Masked IntrusionCritical asset
Scenario

Intermittent backbone brownout masking an active intrusion under noisy, decaying telemetry

A extremely-hard Cyber × Network Fusion scenario on Brownout-Masked Intrusion.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 4 templates in this Track + Difficulty pool.

catalog id · fusion-brownout-masked-intrusion

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Fault-vs-adversary triage under decaying telemetry
  • Evidence-preserving containment during an outage
MITRE ATT&CKmitre-attack
  • Exfiltration Over C2 Channel · ExfiltrationT1041 · TA0010
    MappedHigh confidence

    Trains recognition of a steady covert egress hidden under outage noise.

  • Network Denial of Service · ImpactT1498 · TA0040
    PartialMedium confidence

    Trains reasoning about instability that may be exploited or induced as cover.

MITRE D3FENDmitre-d3fend
  • Network Traffic AnalysisD3-NTA
    MappedHigh confidence

    Trains off-box flow analysis that survives the SIEM visibility gaps.

  • Network Traffic FilteringD3-NTF
    MappedHigh confidence

    Trains the targeted egress block that stops exfil without bouncing links.

NIST CSF 2.0nist-csf-2
  • Anomalies and Events · DetectDE.AE · DE
    MappedHigh confidence

    Trains anomaly detection on a flow that rises while everything else degrades.

  • Mitigation · RespondRS.MI · RS
    MappedHigh confidence

    Trains containment of the intrusion while the availability fault is stabilized.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains fault-vs-adversary triage under noisy, decaying telemetry.

  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains evidence-preserving containment instead of resetting links and counters.

CISA Cybersecurity Performance Goalscisa-cpg
  • Detecting Relevant Threats and TTPs3.A
    MappedHigh confidence

    Trains the detection baseline for exfil masked by an outage.

  • Secure Sensitive Data2.I
    MappedMedium confidence

    Trains the data-protection lens on the confirmed bulk egress.

CIS Controls v8cis-controls
  • Network Monitoring and DefenseControl 13
    MappedHigh confidence

    Trains the network-monitoring control the triage depends on.

  • Audit Log ManagementControl 8
    MappedMedium confidence

    Trains reasoning about the SIEM ingest gaps that masked the intrusion.