When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft releases first SimuLand dataset publicly to facilitate security research

A Microsoft logo on a grey background with a padlock icon in a circle on the right

A month ago, Microsoft announced the open-source SimuLand initiative which allows security researchers to deploy lab environments, reproduce attack patterns and techniques, and then test whether tooling such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel can detect adversarial patterns. Researchers can also capture telemetry from these experiments to extend their own research. Now, Microsoft has released a public dataset from the first simulation exercise.

For those curious about how Microsoft generated this dataset, it was a result of collecting the telemetry from running the first simulation activity in the lab guides. The simulation in question is about how attackers can steal the Azure Directory Federated Services (ADFS) token-signing certificate from an on-premises ADFS server and then utilize it to sign a new Security Assertion Markup Language (SAML) token that can be used to access mail data from the Microsoft Graph API.

The dataset is a collection of security events that occurred during the simulation. Some of them can be seen below:

A flowchart of the security events collected from the first simulation in Microsoft SimuLand
Image via Microsoft

The security logs have been collected through the Microsoft 365 Defender Advanced hunting API and the Azure Log Analytics workspace API. Microsoft says that sharing this dataset will allow researchers to better analyze adversarial scenarios, improve their detection rules, model the chain of events, automate simulation plans, and plan hackathons and challenges internally.

Microsoft has also vowed to release more datasets and add new lab guides. You can find out more about the SimuLand initiative on GitHub here and check out the first SimuLand dataset on the GitHub-powered Security Datasets repository here.

Report a problem with article
Next Article

Bill Gates on meeting Epstein: It was a huge mistake

ADATA Xtreme Innovation event
Previous Article

ADATA launches "World's Fastest" SE920 USB4 external SSD and uber-fast 12,600MT/s DDR5

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment