Run a tabletop in under an hour
Download the starter kit and follow a guided scenario — generate a Net Assessment and IAP from Playbooks, RIFs, and Mission Folders with human approvals at lockpoints.
Downloads
Starter files and demo data. Host these at ./downloads/ on your site.
TEW Starter Kit
Repo skeleton, JSON schemas, sample Playbooks/RIFs/Mission/Net Assessment files.
SHA256: fill-in-after-hosting
Swarm over stadium
RF/radar/EO-IR CSVs + a prebuilt stadium RIF and mission scaffold.
modules/cuas/demo/uas_tracks.csvrif_target_folders/city/stadium_a/mission_folders/INC-DEMO-CUAS/
Hazmat release at Berth 3
AIS snapshots, plume polygons, terminal RIF, and mission scaffold.
modules/port_maritime/demo/ais.jsonmodules/port_maritime/demo/plume.geojsonrif_target_folders/port/terminal_b3/mission_folders/INC-DEMO-PORT/
EAS deception during storm
SOC alert summaries, EAS samples, cyber target folder, mission scaffold.
modules/cyber/demo/soc_alerts.jsonmodules/cyber/demo/eas_samples.jsonmodules/cyber/cyber_target_folders/example_entity/ctf.yamlmission_folders/INC-DEMO-CYBER/
Checksums
Verify downloads on offline systems. Compare your local file’s SHA256 to the values below.
| File | Size | SHA256 |
|---|
Choose a file from your machine to compute its SHA256 in-browser. No data leaves the device.
Quickstart
Three steps to go from zero to products.
1) Unpack
Unzip into a working directory (e.g., ~/tew/). Verify the tree matches the docs.
unzip tew-starter.zip -d ~/tew/
2) Configure
Set agency info, RBAC roles, and local storage paths in your app’s config.
cp config.example.yaml config.yaml # edit: org name, roles, storage, redaction levels
3) Load a scenario
Open the scenario’s Mission Folder; walk through the steps below.
open mission_folders/INC-DEMO-CUAS/mf.yaml
C-UAS: Swarm over stadium
Detect → Discriminate → Locate → Decide.
Step-by-step
- Import
uas_tracks.csv→ watch correlation & scoring. - Open
rif_target_folders/city/stadium_a/rif.yamlfor venue context. - Promote to Incident → state Alert → Warning (IC approval).
- Fusion bench: draft Intel Estimate + COAs; assign operator-hunt tasks.
- Publish Net Assessment → draft Warning & IAP annex → approve.
- Run AAR; codify findings into the C-UAS playbook.
Artifacts used
- Playbook:
playbooks/cuas/(sample) - RIF: Stadium A
- Mission:
INC-DEMO-CUAS - Products: Warning, IAP (annex)
Expected outputs
- Net Assessment (with cited sources)
- Warning (role-redacted variants)
- IAP Annex — C-UAS Operator Hunt
Port/Maritime: Hazmat at Berth 3
Cross-infrastructure impacts with plume & traffic overlays.
Step-by-step
- Load
ais.json+plume.geojson. - Open Terminal B3 RIF; review support sites and evac routes.
- Promote to Incident → approve state change as needed.
- Fusion: draft Intel Estimate + COAs; plan traffic and surge mitigation.
- Publish Net Assessment → draft Warning + IAP annex → approve.
- Run AAR; update terminal playbook/RIF with lessons learned.
Artifacts used
- Playbook:
playbooks/port_maritime/(sample) - RIF: Terminal B3
- Mission:
INC-DEMO-PORT - Products: Net Assessment, Warning, IAP annex
Expected outputs
- Net Assessment (consequence + second-order)
- Warning (exec + field variants)
- IAP Annex — Port Hazmat Response
Cyber: EAS deception during storm
Resolve conflicting alerts; correct public messaging with audit.
Step-by-step
- Load
soc_alerts.json+eas_samples.json. - Open cyber target folder; verify power/alt-power and contacts.
- Promote to Incident; IC approves state as required.
- Fusion: draft Intel Estimate + COAs; prepare corrected public messaging.
- Publish Net Assessment → draft Warning + IAP annex → approve & disseminate.
- Run AAR; add deception indicators to playbooks.
Artifacts used
- Playbook:
playbooks/cyber/(sample) - CTF: Example Entity
- Mission:
INC-DEMO-CYBER - Products: Net Assessment, Warning, IAP annex
Expected outputs
- Net Assessment (messaging & power dependencies)
- Warning (audience-specific variants)
- IAP Annex — EAS Correction
API smoke tests
Use these to verify your API wiring locally.
Create an incident
curl -sS -X POST https://localhost/api/v1/incidents \
-H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
-d '{ "title":"Demo Incident", "initial_state":"Alert", "priority":"High" }'
Transition state
curl -sS -X POST https://localhost/api/v1/incidents/INC-DEMO/transition \
-H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
-d '{ "to_state":"Warning", "reason":"Demo signals", "notify":true }'
Draft a SITREP
curl -sS -X POST https://localhost/api/v1/products/sitrep/draft \
-H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' \
-d '{ "incident_id":"INC-DEMO", "audience":"IC", "redaction_level":"Secret" }'
Need help customizing the scenarios?
We can tailor demo data to your venues, sensors, and comms stack.