Leonidas
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
Free593
Free593
Leonidas
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignLeonidas Description
Leonidas is a framework designed for executing attacker actions in cloud environments. The tool provides a YAML-based format for defining cloud attacker tactics, techniques, and procedures (TTPs) along with their associated detection properties. The framework can compile these definitions into multiple outputs including a web API that exposes each test case as an individual endpoint, Sigma rules for detection purposes, and documentation. The API deployment utilizes an AWS-native CI/CD pipeline and requires API key authentication for access. The tool includes a local generator component that can be installed to create Sigma rules and documentation from the defined test cases. This allows security teams to both simulate cloud-based attacks and develop corresponding detection capabilities.
Leonidas FAQ
Common questions about Leonidas including features, pricing, alternatives, and user reviews.
Leonidas is A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions. It is a Threat Management solution designed to help security teams with Red Team, MITRE Attack, AWS.
Leonidas is a free Threat Management tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/fsecurelabs/leonidas/ for download and installation instructions.
Popular alternatives to Leonidas include:
1.GoSecure Titan® Adversarial Simulation - Human-led adversary emulation service testing detection & response capabilities (Commercial)
2.NetSPI Detective Controls Testing - Validates detective security controls through attack simulations and testing (Commercial)
3.Mitigant Cloud Attack Emulation - Cloud attack emulation platform for validating AWS security controls (Commercial)
4.ZAIUX ZAIUX® Evo - SaaS BAS platform automating C2 attacks with AI-driven remediation plans (Commercial)
5.SafeBreach Exposure Validation Platform - Exposure validation platform combining BAS and attack path validation (CART) (Commercial)
Compare these tools and more at https://cybersectools.com/categories/threat-management
Leonidas is for security teams and organizations that need Red Team, MITRE Attack, AWS, Sigma, Detection Rules. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Threat Management tools can be found at https://cybersectools.com/categories/threat-management
Have more questions? Browse our categories or search for specific tools.
