PurpleLab is an open-source cybersecurity lab designed for analysts to create and test detection rules, simulate logs, and run malware tests in a sandboxed environment. It integrates a Windows 10 VM with forensic tools, a Flask backend, MySQL, and Elasticsearch, supporting SIEM tools like Splunk. Key features include log simulation, malware testing, MITRE ATT&CK integration, and Sigma rule conversion. Setup requires Ubuntu Server 22.04 with hardware virtualization enabled. While powerful for threat detection and incident response, PurpleLab is not hardened by default, requiring additional security measures before use in sensitive environments.

‍