Violet's NLP User Guide

Note: This is an archived page. Violet is now the Threatcare Suite

Welcome to the Violet User guide. Violet is a virtual purple team used by cybersecurity professionals. Violet’s AI and NLP capabilities make Violet a unique platform, able to take commands through a keyboard or spoken voice — to perform in-depth proactive cyber defense tasks. Violet is a breach and attack simulation (BAS) technology.

Violet is able to listen to a user’s voice to perform multiple tasks at once, so it is important to read through the user guide to understand how to use Violet properly.

Violet’s voice commands can be broken down into three basic parts:

  1. Run multiple simluations
  2. Run a single simulation
  3. Run the Violet knowledge base

To run multiple simulations built into a specific task user can ask Violet to CHECK or TEST one of their current products.

Examples: “CHECK my Firewall, TEST my DLP

These examples will make Violet run multiple simulations to verify if products in your security stack are currently up and working properly.

To run a single simulation a user can ask Violet toRUN“, “MIMIC or SIMULATE a specific attack. Violet has over a hundred (and growing) built-in attacks that are benign and can be run on a live network.

Examples: SIMULATE malware beaconing“, “RUN a credit card exfiltration“, “MIMIC DNS Tunneling

To find out more about Violet’s many capabilities — and how Violet can be used to augment multiple security jobs — select one of the options on the screen for a more in-depth look at why organizations choose Violet to validate security tools, verify protection, and save time while helping keep their systems protected.

Red Team

Red Team’s exist to test an organizations security in place to help enable a defensive (Blue Team) verify that hackers are unable to break into systems using various popular methods.

Violet acts as a Red Team by testing an organizations security stack while performing various benign simulations known to be used by hackers.

Many companies are required by law to be compliant with industry regulations regarding security protection and require yearly pen tests. Unfortunately, a system can become unprotected at any moment. The only way to verify that systems are protected is through regular simulation testing.

Red Team command examples with Violet:

RUN data exfiltration"

MIMIC DNS Tunneling

SIMULATE malware beaconing

Blue Team

A Blue Team exists to protect an organization from cyber attacks. This is done by maintaining proper security on systems while abiding by best practices and utilizing a proper security stack to enable protection.

One small malfunction or instance of software not properly managed could leave an organization vulnerable.

Many organizations are unable to verify that their security software is working properly. Violet eliminates doubt by not just verifying that the Blue Team has secured their organization properly, but also by enabling Blue Team’s to test their security stack and possible future purchases as well.

Blue Team command examples with Violet:

CHECK my firewall"


TRANSFER a zip file

Knowledge Base

Violet has a built-in knowledge base to help answer cybersecurity related questions. Violet defines countless terms used in the space while offering more advanced explanations by including links within Threatcare’s website.

Violet’s knowledge base is used to help further train security professionals while giving them quick access to an ever-expanding archive of information.

Some examples of commands a user could tell Violet include:

What is data exfiltration?

What is lateral movement?

What is an egress scan?

Core Competencies

Core competencies are important for an organization to have — at minimum — to make sure that they have a solid level of protection. Violet works to verify that an organizations core competencies are properly working.

Users can also use Violet to Schedule simulations to provide a paper trail showing that regular work has been done to maintain core competencies.

These competencies include:

Data loss prevention

Intrusion detection/prevention

Lateral movement detection

Archive Movement (.TAR, .ZIP, .RAR)

Executable Transfers (.EXE)

Egress Protection

Questions and Answers

Violet has Natural Language Processing (NLP) capabilities. Users are given the option to drag and drop simulations and playbooks within the platform, type, or speak commands to Violet.

Violet runs commands or gives answers after being asked questions, asked to perform a specific task, or asked to define a cybersecurity term.

The basic NLP format is as follows:

WHAT is __________?

RUN a __________.

SIMULATE a __________.

TEST my __________.

CHECK my __________.

MIMIC __________.

HOW DOES __________ work.

TELL ME about __________.

EXPLAIN __________.

DEFINE  __________.

DESCRIBE  __________.

TRANSFER a  __________ file.


Group on-demand simulations together to simulate the kill chain and test your defense in depth.

This function of Violet is perfect for teams running advanced tabletop exercises. Using Violet you can easily drag and drop simulations together and save them.

Use saved simulation groups and schedule them to be run regularly at specific future dates and times.

Cybersecurity Skills

Violet is used by many organizations to augment various cybersecurity jobs. Violet can perform the tasks of multiple professionals, enabling security teams to have many “virtual members", making protection for organizations much more extensive.

Violet is an AI virtual Purple Team, combining functions of both Red Teams and Blue Teams.

Some jobs that can be augmented by Violet include:

WAS Engineer

OSINT Analyst

Cybersecurity Analyst

Digital Forensics Analyst

Penetration Tester

Cloud Security Analyst

Cybersecurity Auditor

Cybersecurity Engineer


Violet offers diligence by maintaining a paper trail of monthly internal audit checks. Users can log in to Violet to pull time stamped reports showing that current security systems have been maintained properly.

By offering diligence, users can fill the role of an internal security auditor by being able to easily show reports to managers and executives — proving that they have been properly configuring their security tools throughout different points in time.


Every simulation Violet does comes with reports of the results after the simulation is completed. The metadata Violet offers include computer forensic level reports, timestamps, and point-of-exit analysis for the initiated simulation.

Reports can be exported through Violets API, and downloaded as a .CSV file for a users records.