Testing Lab

Use Case Factory Testing Lab is an internal tool built for the Airbus Security Operations Center (SOC) to validate and continuously test cyber-attack detection use cases. It allows SOC analysts to select real-world attack scenarios, execute them on controlled test machines, and verify whether existing detection rules still trigger correctly in Splunk. I led the product and technical design and developed the frontend.

Key features:

• ⚔️ Attack selection & execution: Choose specific cyber-attack scenarios to test SOC detection rules
• 📊 Monitoring dashboard: Track pending and running tests, re-run or skip executions, and download PDF reports
• 🤖 Automated execution: Automatically run supported attacks on dedicated test machines and monitor their detection
• 🎯 Manual execution flows: Step-by-step guidance for attacks requiring human interaction
• 📄 Reporting: Generate PDF reports summarizing detection success and coverage
• 🛡️ MITRE ATT&CK mapping: Test and validate detection rules against standardized attack techniques