Packages
This tab presents a table with all the Packages that EVE or a User has created. From here the user can carry out tasks of managing the packages and obtaining details.
Packages Table
The created packages are displayed in this table. By default, the EndPoints will be displayed inline at the top of the table.
By default, ten rows of information are displayed. If the user wish to see more or change the pagination in the lower right corner are the pagination controls.
The sections of the table include:
· Name
Displays the name given to the package when it was created.
· Type
Displays the type of package that was assigned to it when it was created. See Package Categories.
· Status
Shows whether a package has been tested or not.
Indicates that the package has not been tested on any Endpoint.
Indicates that some of the artifacts in the package have already been tested.
Indicates that the package has been tested on some Endpoint.
· Actions
Allows the user to view package information, edit and remove the package.
Intelligence Report Attachment in Package Creation
Within Epiphany Validation Engine (EVE), users have the ability to associate intelligence documentation with validation packages. During the package creation process, an optional section allows users to upload a PDF file containing contextual threat intelligence relevant to the scenario being emulated.
This capability ensures that technical emulation activities are supported by strategic and operational threat context.
Purpose of Intelligence Report Attachment
The attached intelligence document may include information such as:
Threat actor profiles
Malware family analysis
Industry-specific attack patterns
Regional targeting trends
Historical incident summaries
Tactics, techniques, and procedures (TTPs)
Attribution data (when applicable)
This functionality enables organizations to document the rationale behind a validation package and align emulation activities with real-world threat intelligence.
The PDF serves as supporting documentation and does not affect the execution logic of the emulation itself.
Default Intelligence Reports
By default, EVE automatically associates intelligence reports with packages involving:
Ransomware scenarios
Specific malware families requested by the customer
These reports provide contextual background on the relevant ransomware groups or malware families, including behavior patterns and operational characteristics typically observed in real incidents.
This ensures that commonly requested threat scenarios are supported with foundational intelligence context without requiring manual upload.
User-Provided Intelligence
For custom or organization-specific scenarios, users may upload their own intelligence reports. These may originate from:
Internal threat intelligence teams
Incident response findings
Industry ISAC advisories
Commercial intelligence feeds
Open-source intelligence research
This flexibility allows organizations to:
Align validation exercises with their risk profile
Replicate threat activity observed in their sector
Maintain documentation consistency for audit or compliance purposes
Support executive-level reporting with contextual references
Operational Integration
The intelligence attachment process follows this workflow:
User creates a validation package
User selects or defines the threat scenario
Optional PDF intelligence report is uploaded
Package is finalized and deployed in campaign
The uploaded report becomes part of the package documentation and remains associated with the validation scenario for future reference.
Last updated