This dataset is released under a CC 4.0 attributions license (https://creativecommons.org/licenses/by/4.0/). If you use this dataset, please cite "Holm, H., Helgeson, L.: An Empirical Study of Automated Adversary Emulators. In: IFIP International Conference on ICT Systems Security and Privacy Protection. pp. X-Y. Springer (2025)". 

* The tested environment is described in environment.json
* The mapping to MITRE ATT&CK is described in enterprise-attack-v15.1_mapping.xlsx
* Graphs and tables (as shown in the paper) are available in graphs/
* The tool results are available under their respective directories
** Each tool directory includes four sub-directories, one for each of the four examined scenarios
** Each scenario directory includes three kinds of files: 
*** source_*.[txt|json]: Source descriptions of conducted actions during each test.
*** statistics_*.json: Metric results for each test. The numbers in this file concern the relative time (in seconds) of fulfillment for the respective key. For example, root["machines"]["dmz04.testco4.com"] = 100 means that the machine dmz04.testco4.com was identified by the tool 100 seconds from the start of the test.
*** wazuh_*.json: Raw wazuh logs for each test.