THREAT RANGE

Measure and Strengthen Your SOC & DFIR Readiness

Threat Range helps you prove how well SOC, DFIR, and incident response teams perform when it matters most. Build sharper coordination, expose costly gaps earlier, and give leadership clear evidence of readiness, speed, and resilience.

Get a demo

Turn your team performance into measurable readiness

Threat Range gives defenders a realistic place to practice high-pressure response work and gives leaders a better way to measure it. Instead of guessing how teams will perform in a real incident, you can see where they move fast, where they lose time, and where they need support.

Run end-to-end incident response simulations

Your team works through realistic adversary scenarios (e.g. ransomware, multi-day APT intrusions). Every alert, log, artifact, and network trace is captured, just like in a real incident.

Key capabilities:

Simulated attack scenarios with full telemetry (logs, traffic, artifacts)
Hybrid enterprise environments (AD, web servers, workstations, mail, CI systems)
Real-world threat vectors mapped to enterprise environments
Get a demo
Threat Range Page-04

Work inside real SOC & DFIR tools with measurable performance

Investigate directly inside SIEM and EDR environments that analysts use every day.

Participants are scored on:

Speed (MTTD, MTTA, MTTR)
Escalation quality
False positive/false negative accuracy
SLA adherence
Noise reduction

The result? Clear, data-driven visibility into how your team actually performs while building instincts and muscle memory under pressure.

Get a demo
v2 Threat Range Triangle - Website Banner

Quantify team resilience with the Threat Resilience Index (TRI)

The Threat Resilience Index is a live, dynamic score that measures team resilience, collaboration, and investigative accuracy during the exercise.

It reflects:

Damage introduced vs. damage recovered
Real-time response effectiveness
Cross-team coordination quality

After the exercise, detailed analytics provide actionable insights for SOC L1/L2 and Digital Forensics teams.

Get a demo
individual-team-analytics (1)

Move from training sessions to measurable cyber readiness

Validate real operational readiness

Move beyond course completion and see how teams detect, investigate, escalate, and report in a realistic live-fire setting. You get proof of performance where it matters most, during the moments that shape incident outcomes.

Build stronger cross-team execution

Threat Range helps break down silos between SOC, digital forensics, threat hunters, and incident response. Teams learn how to work the case together, not just perform their own step in isolation.

Turn response data into resilience gains

Leaders get clear signals on where time is lost, where accuracy drops, and where coordination slips. That makes it easier to improve playbooks, coaching, and team readiness with evidence instead of guesswork.

How it works

Threat Range places your SOC and DFIR teams inside realistic cyber attack scenarios where they must detect threats, investigate incidents, and respond collaboratively — while the platform measures performance and resilience at every step.

Walk through each stage of the simulation so you can see how a Threat Range exercise plays out in practice.

1. Pick your scenario

Toggle

2. Respond in real SOC workflows

Toggle

3. Measure readiness with post-event analytics

Toggle

Why teams choose Threat Range

banner-logo-security-risk

Threat Range addresses a significant gap in SOC training by providing a platform for simulating live incidents outside production environments. The gamified approach fosters collaboration and team cohesion, creating an environment where team members work toward common goals while developing their skills collectively. This represents a meaningful advancement in practical security operations training.

Dan AstorDirector at Security Risk Advisors

What stronger readiness looks like

IF YOU ARE A...

SOC Analyst (L1/L2)

Toggle
Train to cut through alert noise
Most SOC work is triage under pressure, and the hardest part is separating noise from incidents fast enough to matter. Threat Range gives you a safe environment where you can practice that exact skill with realistic telemetry, real tools, and real consequences.
Practice prioritizing alerts and escalating real threats with confidence.
Sharpen speed, accuracy, and noise reduction while working directly inside SIEM dashboards.
Build confidence in separating false positives from true incidents.
Get a demo

Digital Forensics & Threat Hunter

Toggle

CISO, Security Director or IR Leader

Toggle

Get a full demo with our team

Fill the form to schedule a live product demo and Q&A about our cyber readiness solutions.

The #1 platform to build attack-ready teams and organizations

Maximum curriculum management flexibility, enhanced skills reporting, and engaging gamification features. Book a demo to get the business results.

Your plan includes:

  • Unmatched content library
  • Workforce development plans
  • Centralized user management
  • Advanced analytics & reporting
  • Source, hire, and retain talent

Threat Range FAQs

Contact us to get started.

Do we need to integrate our own tools or set up infrastructure?

No setup is required. Teams connect instantly through the browser and work inside a simulated SIEM and EDR environment.

How is performance measured?

Performance is measured through operational KPIs including MTTD, MTTA, MTTR, FP/FN accuracy, SLA adherence, escalation quality, and the Threat Resilience Index (TRI).

Can scenarios be customized?

Threat Range scenarios evolve with customer feedback and are aligned with real-world threat vectors and frameworks like MITRE ATT&CK and NIST NICE.

Is Threat Range part of Hack The Box plans?

Threat Range is offered as an optional add-on across Hack The Box workforce development plans, with unlimited scenario usage per licensed user.

What makes HTB Threat Range different from hands-on training or tabletop exercises?

Threat Range is designed to stress-test your team’s abilities and simulate the end-to-end incident response lifecycle using realistic telemetry and artifacts (alerts, logs, traffic, investigation data). This helps further assess your team’s training and experience under pressure.

Do teams produce a final deliverable?

Yes, along with the simulation, teams must rebuild the attack kill-chain and submit structured forensic reports with recommended mitigations as part of the workflow.

How easy is it to plan and launch a simulation?

Planning and running a Threat Range simulation is simple with no complex setup required. From your organization’s dashboard in ctf.hackthebox.com/organization, you can browse the Threat Range library and schedule your next exercise in just a few clicks, with no additional HTB support needed.