Brief, import-ready scenarios that showcase AttackFlow workflows. Each demo file can be loaded via the Import Kill Chain control in the app.
| Use Case | Description | Demo File |
|---|---|---|
| UC1 - Incident Response TTP Mapping | Healthcare breach reconstruction with evidence-based technique placement, IOCs, CVEs, and confidence scoring. | usecase-examples/01-incident-response.json |
| UC2 - Red Team Operation Planning | Financial services assumed-breach plan mapping intended TTPs, tooling, and infrastructure across the UKC. | usecase-examples/02-red-team-planning.json |
| UC3 - Blue Team Defense Posture Assessment | OT/IT defense gap analysis using ATT&CK, CAPEC, and CWE mapping plus mitigations. | usecase-examples/03-blue-team-defense.json |
| UC4 - CTI Report Building | Aerospace espionage campaign narrative combining techniques with rich STIX objects. | usecase-examples/04-cti-report.json |
| UC5 - Vulnerability-Centric Risk Analysis | Perimeter CVE analysis linked to CWE/CAPEC/ATT&CK with prioritized exploit paths. | usecase-examples/05-vulnerability-risk.json |
| UC6 - Purple Team Exercise Planning and Debrief | AD compromise exercise with attempted, detected, and missed techniques plus remediation actions. | usecase-examples/06-purple-team.json |
| UC7 - Ransomware Playbook Documentation | BlackCat/ALPHV affiliate playbook covering the full kill chain, tools, and IOCs. | usecase-examples/07-ransomware-playbook.json |
| UC8 - Supply Chain Attack Analysis | MSP supply chain compromise with multi-hop techniques, identities, and shared infrastructure. | usecase-examples/08-supply-chain.json |