Demos & Downloads

Run a tabletop in under an hour

Download the starter kit and follow a guided scenario — generate a Net Assessment and IAP from Playbooks, RIFs, and Mission Folders with human approvals at lockpoints.

Setup~10 minUnzip & configure
Run~30–45 minPer scenario
OutputsNet Assessment • IAPAuditable
ModeOffline-firstAir-gap friendly

Downloads

Starter files and demo data. Host these at ./downloads/ on your site.

TEW Starter Kit

Repo skeleton, JSON schemas, sample Playbooks/RIFs/Mission/Net Assessment files.

SHA256: fill-in-after-hosting

Download ZIP See schemas
C-UAS Data

Swarm over stadium

RF/radar/EO-IR CSVs + a prebuilt stadium RIF and mission scaffold.

  • modules/cuas/demo/uas_tracks.csv
  • rif_target_folders/city/stadium_a/
  • mission_folders/INC-DEMO-CUAS/
Port/Maritime Data

Hazmat release at Berth 3

AIS snapshots, plume polygons, terminal RIF, and mission scaffold.

  • modules/port_maritime/demo/ais.json
  • modules/port_maritime/demo/plume.geojson
  • rif_target_folders/port/terminal_b3/
  • mission_folders/INC-DEMO-PORT/
Cyber Data

EAS deception during storm

SOC alert summaries, EAS samples, cyber target folder, mission scaffold.

  • modules/cyber/demo/soc_alerts.json
  • modules/cyber/demo/eas_samples.json
  • modules/cyber/cyber_target_folders/example_entity/ctf.yaml
  • mission_folders/INC-DEMO-CYBER/

Checksums

Verify downloads on offline systems. Compare your local file’s SHA256 to the values below.

File Size SHA256
Verify a local file

Choose a file from your machine to compute its SHA256 in-browser. No data leaves the device.

Quickstart

Three steps to go from zero to products.

1) Unpack

Unzip into a working directory (e.g., ~/tew/). Verify the tree matches the docs.

unzip tew-starter.zip -d ~/tew/

2) Configure

Set agency info, RBAC roles, and local storage paths in your app’s config.

cp config.example.yaml config.yaml
# edit: org name, roles, storage, redaction levels

3) Load a scenario

Open the scenario’s Mission Folder; walk through the steps below.

open mission_folders/INC-DEMO-CUAS/mf.yaml

C-UAS: Swarm over stadium

Detect → Discriminate → Locate → Decide.

Step-by-step

  1. Import uas_tracks.csv → watch correlation & scoring.
  2. Open rif_target_folders/city/stadium_a/rif.yaml for venue context.
  3. Promote to Incident → state Alert → Warning (IC approval).
  4. Fusion bench: draft Intel Estimate + COAs; assign operator-hunt tasks.
  5. Publish Net Assessment → draft Warning & IAP annex → approve.
  6. Run AAR; codify findings into the C-UAS playbook.

Artifacts used

  • Playbook: playbooks/cuas/ (sample)
  • RIF: Stadium A
  • Mission: INC-DEMO-CUAS
  • Products: Warning, IAP (annex)

Expected outputs

  • Net Assessment (with cited sources)
  • Warning (role-redacted variants)
  • IAP Annex — C-UAS Operator Hunt

Port/Maritime: Hazmat at Berth 3

Cross-infrastructure impacts with plume & traffic overlays.

Step-by-step

  1. Load ais.json + plume.geojson.
  2. Open Terminal B3 RIF; review support sites and evac routes.
  3. Promote to Incident → approve state change as needed.
  4. Fusion: draft Intel Estimate + COAs; plan traffic and surge mitigation.
  5. Publish Net Assessment → draft Warning + IAP annex → approve.
  6. Run AAR; update terminal playbook/RIF with lessons learned.

Artifacts used

  • Playbook: playbooks/port_maritime/ (sample)
  • RIF: Terminal B3
  • Mission: INC-DEMO-PORT
  • Products: Net Assessment, Warning, IAP annex

Expected outputs

  • Net Assessment (consequence + second-order)
  • Warning (exec + field variants)
  • IAP Annex — Port Hazmat Response

Cyber: EAS deception during storm

Resolve conflicting alerts; correct public messaging with audit.

Step-by-step

  1. Load soc_alerts.json + eas_samples.json.
  2. Open cyber target folder; verify power/alt-power and contacts.
  3. Promote to Incident; IC approves state as required.
  4. Fusion: draft Intel Estimate + COAs; prepare corrected public messaging.
  5. Publish Net Assessment → draft Warning + IAP annex → approve & disseminate.
  6. Run AAR; add deception indicators to playbooks.

Artifacts used

  • Playbook: playbooks/cyber/ (sample)
  • CTF: Example Entity
  • Mission: INC-DEMO-CYBER
  • Products: Net Assessment, Warning, IAP annex

Expected outputs

  • Net Assessment (messaging & power dependencies)
  • Warning (audience-specific variants)
  • IAP Annex — EAS Correction

API smoke tests

Use these to verify your API wiring locally.

Create an incident

curl -sS -X POST https://localhost/api/v1/incidents \
  -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
  -d '{ "title":"Demo Incident", "initial_state":"Alert", "priority":"High" }'

Transition state

curl -sS -X POST https://localhost/api/v1/incidents/INC-DEMO/transition \
  -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
  -d '{ "to_state":"Warning", "reason":"Demo signals", "notify":true }'

Draft a SITREP

curl -sS -X POST https://localhost/api/v1/products/sitrep/draft \
  -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
  -d '{ "incident_id":"INC-DEMO", "audience":"IC", "redaction_level":"Secret" }'

Need help customizing the scenarios?

We can tailor demo data to your venues, sensors, and comms stack.

See artifact guide Request Access