CodersSecret
Runtime Defense Lab

Incident Response Simulator

You are on call. Falco fires, Tetragon blocks a syscall, an audit log raises a flag. Each scenario drops you into the first 60 seconds of an incident — the moment between "alert" and "decision". Triage well, contain fast, write the post-mortem.

6 scenarios~15 minutesHard
RUNHard

How the simulator works

  • Each scenario shows a Falco rule firing, an audit-log line, or a runtime telemetry event from a real cluster.
  • Choose the right next action — the wrong answers explain why they look reasonable but waste critical time.
  • Read the production explanation, follow the link to the deeper lesson, and move to the next scenario.
  • Score yourself across all six rounds — covering shell-in-container, lateral movement, crypto-mining, container drift, audit-log triage, and eBPF-detected fileless attacks.