{"ok":true,"generatedAt":"2026-07-01T13:23:15.698Z","count":8,"totalPacks":8,"totalScenarios":48,"packs":[{"id":"five-minute-awareness","title":"5-Minute Awareness Warmup","audience":"Beginners and mobile users","time":"5 minutes","difficulty":"Beginner","goal":"Practice safe first reactions to phishing, QR, MFA, and rumor signals.","scenarioIds":["phish-or-legit-001","phish-or-legit-002","inbox-impostor-001","qr-trap-001","mfa-fatigue-defender-001","swipe-the-signal-001"],"count":6,"categories":{"Awareness":5,"Mobile":1},"scenarios":[{"id":"phish-or-legit-001","gameId":"phish-or-legit","title":"Urgent payroll change","prompt":"An email claims payroll details must be updated today. The display name is Finance Team, but the sender domain is finarnce-example.com.","answer":"report","gameTitle":"Phish Or Legit","category":"Awareness","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=phish-or-legit&scenario=phish-or-legit-001&pack=five-minute-awareness"},{"id":"phish-or-legit-002","gameId":"phish-or-legit","title":"Shared document lure","prompt":"A file-share email claims a vendor sent a contract update. The link text says View Document, but the destination is a newly registered lookalike domain.","answer":"report-and-verify","gameTitle":"Phish Or Legit","category":"Awareness","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=phish-or-legit&scenario=phish-or-legit-002&pack=five-minute-awareness"},{"id":"inbox-impostor-001","gameId":"inbox-impostor","title":"Cloud invoice notice","prompt":"A message uses the right logo but the reply-to points to a free mailbox and the login link uses a lookalike domain.","answer":"report","gameTitle":"Inbox Impostor","category":"Awareness","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=inbox-impostor&scenario=inbox-impostor-001&pack=five-minute-awareness"},{"id":"qr-trap-001","gameId":"qr-trap","title":"Lobby poster","prompt":"A QR code in the office lobby says Wi-Fi credentials expired and asks users to sign in again.","answer":"verify-with-it","gameTitle":"QR Trap","category":"Awareness","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=qr-trap&scenario=qr-trap-001&pack=five-minute-awareness"},{"id":"mfa-fatigue-defender-001","gameId":"mfa-fatigue-defender","title":"Push storm","prompt":"A user receives six MFA prompts they did not initiate while working from home.","answer":"deny-report-reset","gameTitle":"MFA Fatigue Defender","category":"Awareness","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=mfa-fatigue-defender&scenario=mfa-fatigue-defender-001&pack=five-minute-awareness"},{"id":"swipe-the-signal-001","gameId":"swipe-the-signal","title":"Fresh rumor","prompt":"A social post claims exploitation, but no vendor advisory, PoC, KEV, or telemetry is available.","answer":"needs-validation","gameTitle":"Swipe The Signal","category":"Mobile","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=swipe-the-signal&scenario=swipe-the-signal-001&pack=five-minute-awareness"}],"startUrl":"/pages/mini-game-player.html?id=phish-or-legit&scenario=phish-or-legit-001&pack=five-minute-awareness"},{"id":"patch-owner-sprint","title":"Patch Owner Sprint","audience":"Patch owners and vulnerability managers","time":"12 minutes","difficulty":"Analyst","goal":"Choose patch, control, SLA, rollback, and sequencing decisions under pressure.","scenarioIds":["patch-panic-001","patch-panic-002","patch-panic-003","sla-sprint-001","patch-train-dispatcher-001","patch-train-dispatcher-002"],"count":6,"categories":{"Operations":6},"scenarios":[{"id":"patch-panic-001","gameId":"patch-panic","title":"Two-hour window","prompt":"You can patch one service tonight: internet-facing KEV appliance with vendor fix, or internal low-exposure library with higher CVSS.","answer":"patch-kev-appliance","gameTitle":"Patch Panic","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=patch-panic&scenario=patch-panic-001&pack=patch-owner-sprint"},{"id":"patch-panic-002","gameId":"patch-panic","title":"Rollback trap","prompt":"A public PoC exists for an internal service, but the patch has failed staging twice and a network restriction can be applied immediately.","answer":"apply-temporary-restriction","gameTitle":"Patch Panic","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=patch-panic&scenario=patch-panic-002&pack=patch-owner-sprint"},{"id":"patch-panic-003","gameId":"patch-panic","title":"Quiet but exposed","prompt":"A medium CVSS appliance issue is internet-facing and vendor says exploitation is likely. A higher CVSS desktop issue has no exposed assets.","answer":"patch-exposed-appliance","gameTitle":"Patch Panic","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=patch-panic&scenario=patch-panic-003&pack=patch-owner-sprint"},{"id":"sla-sprint-001","gameId":"sla-sprint","title":"Fast but fragile","prompt":"A critical service has public PoC chatter, but vendor guidance is incomplete and rollback risk is high.","answer":"same-day-with-validation","gameTitle":"SLA Sprint","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=sla-sprint&scenario=sla-sprint-001&pack=patch-owner-sprint"},{"id":"patch-train-dispatcher-001","gameId":"patch-train-dispatcher","title":"Dependency collision","prompt":"Two systems share a database dependency. Patching both at the same time increases rollback risk.","answer":"sequence-with-rollback","gameTitle":"Patch Train Dispatcher","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=patch-train-dispatcher&scenario=patch-train-dispatcher-001&pack=patch-owner-sprint"},{"id":"patch-train-dispatcher-002","gameId":"patch-train-dispatcher","title":"Shared login service","prompt":"Three apps depend on the same login service. Patching the login service first reduces duplicated app downtime.","answer":"patch-shared-service-first","gameTitle":"Patch Train Dispatcher","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=patch-train-dispatcher&scenario=patch-train-dispatcher-002&pack=patch-owner-sprint"}],"startUrl":"/pages/mini-game-player.html?id=patch-panic&scenario=patch-panic-001&pack=patch-owner-sprint"},{"id":"evidence-discipline","title":"Evidence Discipline","audience":"Analysts, auditors, and reviewers","time":"10 minutes","difficulty":"Beginner","goal":"Separate proven claims from assumptions before closing or escalating work.","scenarioIds":["cve-courtroom-001","cve-courtroom-002","cve-courtroom-003","scanner-finding-trial-001","scanner-finding-trial-002","security-court-001"],"count":6,"categories":{"Evidence":6},"scenarios":[{"id":"cve-courtroom-001","gameId":"cve-courtroom","title":"The exposure claim","prompt":"A public CVE page says exploitation exists. A draft brief says our company is exposed and compromised.","answer":"not-proven","gameTitle":"CVE Courtroom","category":"Evidence","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=cve-courtroom&scenario=cve-courtroom-001&pack=evidence-discipline"},{"id":"cve-courtroom-002","gameId":"cve-courtroom","title":"The fixed claim","prompt":"A team says the issue is fixed because a change ticket was closed, but no version proof, deployment evidence, or validation scan exists.","answer":"not-proven","gameTitle":"CVE Courtroom","category":"Evidence","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=cve-courtroom&scenario=cve-courtroom-002&pack=evidence-discipline"},{"id":"cve-courtroom-003","gameId":"cve-courtroom","title":"The affected claim","prompt":"A scanner maps a CPE to a product family, but the asset owner says the vulnerable module is not installed.","answer":"needs-validation","gameTitle":"CVE Courtroom","category":"Evidence","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=cve-courtroom&scenario=cve-courtroom-003&pack=evidence-discipline"},{"id":"scanner-finding-trial-001","gameId":"scanner-finding-trial","title":"Backported package","prompt":"A scanner flags OpenSSL by upstream version, but the Linux vendor advisory says the fix was backported.","answer":"needs-validation","gameTitle":"Scanner Finding Trial","category":"Evidence","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=scanner-finding-trial&scenario=scanner-finding-trial-001&pack=evidence-discipline"},{"id":"scanner-finding-trial-002","gameId":"scanner-finding-trial","title":"Feature flag off","prompt":"A scanner flags an exposed service, but exploitation requires an optional feature that the owner says is disabled in configuration.","answer":"collect-config-proof","gameTitle":"Scanner Finding Trial","category":"Evidence","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=scanner-finding-trial&scenario=scanner-finding-trial-002&pack=evidence-discipline"},{"id":"security-court-001","gameId":"security-court","title":"The compromise claim","prompt":"A report says attackers use this CVE. A stakeholder wants to write 'we were breached by it.'","answer":"reject-and-rewrite","gameTitle":"Security Court","category":"Evidence","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=security-court&scenario=security-court-001&pack=evidence-discipline"}],"startUrl":"/pages/mini-game-player.html?id=cve-courtroom&scenario=cve-courtroom-001&pack=evidence-discipline"},{"id":"soc-shift","title":"SOC Shift Simulator Path","audience":"SOC analysts and incident responders","time":"15 minutes","difficulty":"Analyst","goal":"Prioritize alerts, preserve evidence, and choose containment without overclaiming.","scenarioIds":["soc-shift-simulator-001","soc-shift-simulator-002","incident-timeline-builder-001","incident-timeline-builder-002","tap-to-contain-001","tap-to-contain-002"],"count":6,"categories":{"SOC":2,"Incident Response":4},"scenarios":[{"id":"soc-shift-simulator-001","gameId":"soc-shift-simulator","title":"Shift handoff","prompt":"Two hours remain. One alert maps to a KEV edge appliance; three low-confidence scanner findings need owner validation.","answer":"investigate-kev-alert","gameTitle":"SOC Shift Simulator","category":"SOC","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=soc-shift-simulator&scenario=soc-shift-simulator-001&pack=soc-shift"},{"id":"soc-shift-simulator-002","gameId":"soc-shift-simulator","title":"Alert flood","prompt":"A noisy detection rule fires 300 times, while one rare event maps to an exposed service named in a vendor exploitation note.","answer":"triage-rare-high-context","gameTitle":"SOC Shift Simulator","category":"SOC","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=soc-shift-simulator&scenario=soc-shift-simulator-002&pack=soc-shift"},{"id":"incident-timeline-builder-001","gameId":"incident-timeline-builder","title":"Mailbox rule alert","prompt":"A suspicious forwarding rule appears after an impossible-travel login. Choose the safest first sequence.","answer":"preserve-then-contain","gameTitle":"Incident Timeline Builder","category":"Incident Response","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=incident-timeline-builder&scenario=incident-timeline-builder-001&pack=soc-shift"},{"id":"incident-timeline-builder-002","gameId":"incident-timeline-builder","title":"Endpoint before mailbox","prompt":"An endpoint alert and suspicious mailbox forwarding rule appear within the same hour. The team needs a defensible sequence.","answer":"timeline-both-evidence-first","gameTitle":"Incident Timeline Builder","category":"Incident Response","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=incident-timeline-builder&scenario=incident-timeline-builder-002&pack=soc-shift"},{"id":"tap-to-contain-001","gameId":"tap-to-contain","title":"Suspicious login","prompt":"A user reports a login they did not make. Mailbox forwarding rules may have changed.","answer":"preserve-then-contain","gameTitle":"Tap To Contain","category":"Incident Response","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=tap-to-contain&scenario=tap-to-contain-001&pack=soc-shift"},{"id":"tap-to-contain-002","gameId":"tap-to-contain","title":"Shared admin account","prompt":"A shared admin account may be abused. Logs are available, and disabling it immediately could interrupt recovery evidence collection.","answer":"preserve-logs-rotate-disable","gameTitle":"Tap To Contain","category":"Incident Response","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=tap-to-contain&scenario=tap-to-contain-002&pack=soc-shift"}],"startUrl":"/pages/mini-game-player.html?id=soc-shift-simulator&scenario=soc-shift-simulator-001&pack=soc-shift"},{"id":"leadership-briefing","title":"Leadership Briefing Path","audience":"Security leads and analysts briefing leaders","time":"10 minutes","difficulty":"Analyst","goal":"Turn messy risk into concise updates with owners, caveats, blockers, and review timing.","scenarioIds":["executive-brief-boss-fight-001","executive-brief-boss-fight-002","executive-brief-boss-fight-003","ticket-surgeon-001","escalation-ladder-climb-001","closure-stamp-001"],"count":6,"categories":{"Communication":6},"scenarios":[{"id":"executive-brief-boss-fight-001","gameId":"executive-brief-boss-fight","title":"Blocked change","prompt":"Patch is available, but the owner cannot take downtime until Sunday. SOC has a detection idea and edge access can be restricted.","answer":"brief-with-owner-control-review","gameTitle":"Executive Brief Boss Fight","category":"Communication","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=executive-brief-boss-fight&scenario=executive-brief-boss-fight-001&pack=leadership-briefing"},{"id":"executive-brief-boss-fight-002","gameId":"executive-brief-boss-fight","title":"Leader asks if breached","prompt":"Leadership asks whether a KEV item means the company was compromised. Inventory is still being checked and SOC has no matching alerts yet.","answer":"brief-validation-underway","gameTitle":"Executive Brief Boss Fight","category":"Communication","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=executive-brief-boss-fight&scenario=executive-brief-boss-fight-002&pack=leadership-briefing"},{"id":"executive-brief-boss-fight-003","gameId":"executive-brief-boss-fight","title":"Risk acceptance ask","prompt":"A business owner wants to accept risk for 45 days because patching blocks a launch, but no compensating control has been proposed.","answer":"request-controls-and-expiry","gameTitle":"Executive Brief Boss Fight","category":"Communication","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=executive-brief-boss-fight&scenario=executive-brief-boss-fight-003&pack=leadership-briefing"},{"id":"ticket-surgeon-001","gameId":"ticket-surgeon","title":"Vague ticket","prompt":"A ticket says 'Patch CVE ASAP' with no asset, owner, version proof, rollback note, or due date.","answer":"add-evidence-owner-date","gameTitle":"Ticket Surgeon","category":"Communication","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=ticket-surgeon&scenario=ticket-surgeon-001&pack=leadership-briefing"},{"id":"escalation-ladder-climb-001","gameId":"escalation-ladder-climb","title":"Possible exploitation","prompt":"A vulnerable exposed system has suspicious logs, but no confirmed compromise yet.","answer":"soc-review-with-evidence","gameTitle":"Escalation Ladder Climb","category":"Communication","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=escalation-ladder-climb&scenario=escalation-ladder-climb-001&pack=leadership-briefing"},{"id":"closure-stamp-001","gameId":"closure-stamp","title":"Mitigation only","prompt":"Access restriction is in place, but the vulnerable package is not patched.","answer":"mitigated-with-review","gameTitle":"Closure Stamp","category":"Communication","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=closure-stamp&scenario=closure-stamp-001&pack=leadership-briefing"}],"startUrl":"/pages/mini-game-player.html?id=executive-brief-boss-fight&scenario=executive-brief-boss-fight-001&pack=leadership-briefing"},{"id":"small-business-resilience","title":"Small Business Resilience","audience":"Small business owners, MSPs, and students","time":"12 minutes","difficulty":"Beginner","goal":"Make practical security investments and recovery choices with limited resources.","scenarioIds":["security-budget-builder-001","security-budget-builder-002","ransomware-readiness-tycoon-001","vendor-risk-negotiator-001","vendor-risk-negotiator-002","daily-60-second-drill-002"],"count":6,"categories":{"Strategy":3,"GRC":2,"Mobile":1},"scenarios":[{"id":"security-budget-builder-001","gameId":"security-budget-builder","title":"Ten-point budget","prompt":"A small company can fund three improvements before audit season.","answer":"mfa-backups-logging","gameTitle":"Security Budget Builder","category":"Strategy","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=security-budget-builder&scenario=security-budget-builder-001&pack=small-business-resilience"},{"id":"security-budget-builder-002","gameId":"security-budget-builder","title":"Clinic basics","prompt":"A small clinic has no MFA, no tested backups, and old laptops. Budget covers only two first moves.","answer":"mfa-and-tested-backups","gameTitle":"Security Budget Builder","category":"Strategy","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=security-budget-builder&scenario=security-budget-builder-002&pack=small-business-resilience"},{"id":"ransomware-readiness-tycoon-001","gameId":"ransomware-readiness-tycoon","title":"Untested backups","prompt":"Backups exist, MFA is partial, and restore testing has not happened this year.","answer":"test-restores-expand-mfa","gameTitle":"Ransomware Readiness Tycoon","category":"Strategy","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=ransomware-readiness-tycoon&scenario=ransomware-readiness-tycoon-001&pack=small-business-resilience"},{"id":"vendor-risk-negotiator-001","gameId":"vendor-risk-negotiator","title":"Critical vendor, missing evidence","prompt":"A vendor will process customer data but has no SOC 2 report, no DPA, and no named security contact.","answer":"request-evidence-before-approval","gameTitle":"Vendor Risk Negotiator","category":"GRC","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=vendor-risk-negotiator&scenario=vendor-risk-negotiator-001&pack=small-business-resilience"},{"id":"vendor-risk-negotiator-002","gameId":"vendor-risk-negotiator","title":"Expired report","prompt":"A vendor provides a SOC 2 report that expired eight months ago and a security contact who no longer works there.","answer":"request-current-evidence","gameTitle":"Vendor Risk Negotiator","category":"GRC","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=vendor-risk-negotiator&scenario=vendor-risk-negotiator-002&pack=small-business-resilience"},{"id":"daily-60-second-drill-002","gameId":"daily-60-second-drill","title":"One-minute caveat","prompt":"A vendor says exploitation is possible but has not confirmed active exploitation. Inventory shows one potentially affected asset.","answer":"validate-asset-and-monitor","gameTitle":"Daily 60-Second Drill","category":"Mobile","difficulty":"Beginner","playUrl":"/pages/mini-game-player.html?id=daily-60-second-drill&scenario=daily-60-second-drill-002&pack=small-business-resilience"}],"startUrl":"/pages/mini-game-player.html?id=security-budget-builder&scenario=security-budget-builder-001&pack=small-business-resilience"},{"id":"threat-intel-chain","title":"Threat Intel Chain Reading","audience":"Threat intel and vulnerability analysts","time":"15 minutes","difficulty":"Advanced","goal":"Interpret exploitation, prerequisites, indicators, and attack-path blockers.","scenarioIds":["kev-or-hype-001","exploit-chain-builder-001","attack-chain-puzzle-001","attack-chain-puzzle-002","ioc-triage-table-001","exploitability-chess-001"],"count":6,"categories":{"Threat Intel":6},"scenarios":[{"id":"kev-or-hype-001","gameId":"kev-or-hype","title":"KEV but not deployed","prompt":"A CVE is in KEV, but the affected product is not in the environment inventory.","answer":"validate-inventory","gameTitle":"KEV Or Hype","category":"Threat Intel","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=kev-or-hype&scenario=kev-or-hype-001&pack=threat-intel-chain"},{"id":"exploit-chain-builder-001","gameId":"exploit-chain-builder","title":"Missing prerequisite","prompt":"A public exploit requires authenticated admin access, but the service is only reachable through VPN and admin MFA.","answer":"remove-exposure","gameTitle":"Exploit Chain Builder","category":"Threat Intel","difficulty":"Advanced","playUrl":"/pages/mini-game-player.html?id=exploit-chain-builder&scenario=exploit-chain-builder-001&pack=threat-intel-chain"},{"id":"attack-chain-puzzle-001","gameId":"attack-chain-puzzle","title":"Break the path","prompt":"The chain needs internet reachability, vulnerable upload feature, and unauthenticated access. You can change only one condition today.","answer":"remove-exposure","gameTitle":"Attack Chain Puzzle","category":"Threat Intel","difficulty":"Advanced","playUrl":"/pages/mini-game-player.html?id=attack-chain-puzzle&scenario=attack-chain-puzzle-001&pack=threat-intel-chain"},{"id":"attack-chain-puzzle-002","gameId":"attack-chain-puzzle","title":"User interaction required","prompt":"The exploit requires a user to open a malicious file on a system that has macros blocked and attachment detonation active.","answer":"preserve-blocking-controls","gameTitle":"Attack Chain Puzzle","category":"Threat Intel","difficulty":"Advanced","playUrl":"/pages/mini-game-player.html?id=attack-chain-puzzle&scenario=attack-chain-puzzle-002&pack=threat-intel-chain"},{"id":"ioc-triage-table-001","gameId":"ioc-triage-table","title":"Noisy domain","prompt":"A report includes a shared CDN domain and one malware-specific URL path.","answer":"use-full-url-path","gameTitle":"IOC Triage Table","category":"Threat Intel","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=ioc-triage-table&scenario=ioc-triage-table-001&pack=threat-intel-chain"},{"id":"exploitability-chess-001","gameId":"exploitability-chess","title":"Remove a piece","prompt":"The exploit path needs unauthenticated internet access to an admin endpoint.","answer":"remove-exposure","gameTitle":"Exploitability Chess","category":"Threat Intel","difficulty":"Advanced","playUrl":"/pages/mini-game-player.html?id=exploitability-chess&scenario=exploitability-chess-001&pack=threat-intel-chain"}],"startUrl":"/pages/mini-game-player.html?id=kev-or-hype&scenario=kev-or-hype-001&pack=threat-intel-chain"},{"id":"mitigation-control-room","title":"Mitigation Control Room","audience":"Patch, platform, and risk teams","time":"12 minutes","difficulty":"Analyst","goal":"Pick temporary controls and review triggers when patching is blocked or unsafe.","scenarioIds":["mitigation-match-001","control-match-arena-001","control-match-arena-002","no-patch-navigator-001","risk-tetris-001","scanner-finding-trial-003"],"count":6,"categories":{"Operations":5,"Evidence":1},"scenarios":[{"id":"mitigation-match-001","gameId":"mitigation-match","title":"Feature can be disabled","prompt":"A vulnerable optional upload feature is internet-facing. Patch needs a vendor maintenance window in three days.","answer":"disable-feature-review","gameTitle":"Mitigation Match","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=mitigation-match&scenario=mitigation-match-001&pack=mitigation-control-room"},{"id":"control-match-arena-001","gameId":"control-match-arena","title":"No window until Sunday","prompt":"An exposed feature cannot be patched until Sunday, but access can be limited to VPN users today.","answer":"restrict-access","gameTitle":"Control Match Arena","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=control-match-arena&scenario=control-match-arena-001&pack=mitigation-control-room"},{"id":"control-match-arena-002","gameId":"control-match-arena","title":"WAF is not enough","prompt":"A WAF rule can block one exploit path, but the vulnerable admin endpoint remains exposed and unauthenticated.","answer":"combine-waf-with-access-restriction","gameTitle":"Control Match Arena","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=control-match-arena&scenario=control-match-arena-002&pack=mitigation-control-room"},{"id":"no-patch-navigator-001","gameId":"no-patch-navigator","title":"No vendor fix","prompt":"A vendor confirms no patch is available yet for an exposed admin interface.","answer":"restrict-access-monitor","gameTitle":"No-Patch Navigator","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=no-patch-navigator&scenario=no-patch-navigator-001&pack=mitigation-control-room"},{"id":"risk-tetris-001","gameId":"risk-tetris","title":"Stacked pressure","prompt":"A block has KEV, internet-facing, patch available, and owner confirmed exposure.","answer":"patch-window-now","gameTitle":"Risk Tetris","category":"Operations","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=risk-tetris&scenario=risk-tetris-001&pack=mitigation-control-room"},{"id":"scanner-finding-trial-003","gameId":"scanner-finding-trial","title":"Plugin stale","prompt":"A scanner plugin references old vendor guidance. The vendor later narrowed affected versions and published a superseding advisory.","answer":"review-superseding-advisory","gameTitle":"Scanner Finding Trial","category":"Evidence","difficulty":"Analyst","playUrl":"/pages/mini-game-player.html?id=scanner-finding-trial&scenario=scanner-finding-trial-003&pack=mitigation-control-room"}],"startUrl":"/pages/mini-game-player.html?id=mitigation-match&scenario=mitigation-match-001&pack=mitigation-control-room"}]}