GraphLattice

GraphLattice Range, now in early access

Rehearse real incidents before they happen.

A hands-on incident-response range covering identity and cloud attacks end to end, scored on a production-grade identity and cloud graph model.

Request access Browse scenarios

Free Community Edition. No credit card.

150+Attack scenarios
5Phase IR loop
12+Platforms & clouds
100%MITRE ATT&CK + D3FEND mapped

Why Range

Everything a responder needs to train for real

Real-attack scenarios

Train on documented incidents across AD, Entra ID, Microsoft 365, Intune, AWS, Azure, GCP, Okta, and Snowflake. Identity first, then the cloud and SaaS it unlocks.

Full IR loop

Every scenario runs Detection, Containment, Eradication, Forensics, and Recovery, plus the decisions a CISO has to make.

Train the way you defend

Decisions are scored on the same identity and cloud graph model used to detect these attacks in production.

Fresh from threat intel

New scenarios are drafted from live threat-intelligence feeds and published after expert review, so the library stays current.

Credentials and teams

Enterprise-class completion certificates, competency badges, and team and presenter modes.

For real responders

Built for SOC and IR teams, blue teams, and MSSPs training analysts on the attacks they actually face.

Free to start

Start free. Stay free.

GraphLattice Range has a free Community Edition that stays free, so anyone can start training today. No credit card, no waiting.

Community FREE
Free

The free way in. Run real incident-response scenarios end to end.

  • One hands-on scenario from every system, refreshed monthly: AD, Entra, M365, AWS, Azure, GCP, Okta, SaaS, and more
  • The full IR loop: detect, contain, eradicate, investigate, recover
  • Decisions scored on the identity and cloud graph model
  • Debrief, achievements, and a completion certificate
  • Play at your own pace, with progress saved automatically
  • No credit card
Start free

FAQ

Frequently asked

What is GraphLattice Range?

A hands-on incident-response simulation. Teams rehearse documented attacks end to end across identity and the cloud and SaaS those attacks pivot into.

What attacks does it cover?

Identity-centric attacks across Active Directory, Entra ID, Microsoft 365, Intune, AWS, Azure, GCP, Okta, and Snowflake, drawn from documented incidents.

How are scenarios scored?

Decisions are scored on an identity and cloud graph model, the same kind of model used to detect these attacks in production.

How do I get access?

GraphLattice Range is in early access. Request access and we will set up a guided session.