Platform Features
A comprehensive suite of tools designed to manage large-scale cyber defence exercises from a single platform. From pre-exercise preparation to real-time coordination and post-exercise analysis — every component works together seamlessly within an isolated, self-hosted network.
Detailed Feature Modules
Secure Internal Email
A full-featured email system that lives entirely within the exercise network. Compose messages with a rich text editor, attach files up to 25 MB, and organize conversations in threaded views. Send to individual participants or entire distribution groups. Every attachment is stored in encrypted object storage with UUID-based access controls — no sequential IDs, no enumeration attacks.
- Threaded conversations with reply-in-context
- Rich text composition (CKEditor)
- File attachments via drag-and-drop (up to 10 files, 25 MB each)
- Email distribution groups for team-wide messaging
- Real-time toast notifications on new messages
- Unread count tracking and inbox search
- Bulk thread management (select, delete)
Instant Messaging
Coordinate instantly with direct messages or group channels. Messages are delivered in real time via WebSocket connections, with full conversation history preserved and searchable. Share files directly from your personal cloud storage into any chat.
- One-on-one direct messaging
- Group channels (mapped to email groups)
- Real-time delivery with read indicators
- File sharing from integrated file manager
- Paginated message history with "load more"
- Persistent storage — nothing lost on disconnect
Structured Task Coordination
Organize your defence procedures into hierarchical checklists. Assign tasks by exercise phase, team, system type, and DMZ zone. Participants check off items in real time, with instant progress tracking visible to coordinators. Clone checklists across teams, drag-and-drop to reorder, and monitor completion through dedicated statistics and report pages.
- Create checklists from rich text bulleted/numbered lists (auto-parsed)
- Assign by Phase (1–4), Team, System, DMZ Zone, and User
- Real-time checkbox toggle with AJAX updates
- Live progress bars per checklist
- Clone existing checklists for rapid deployment
- Drag-and-drop item reordering
- Dedicated Statistics and Reports dashboards
Incident & Threat Intelligence Logging
Document every incident as it unfolds using structured MISP-style entries. Log IP addresses, hostnames, affected zones, attack patterns, actions taken, and related indicators. Attach evidence files and write detailed notes with a rich text editor. Toggle entries between draft and published states for review workflows.
- Structured fields: IP/Host, Zone, Attack Pattern, Actions, Indicators
- Rich text notes with embedded formatting
- File attachments (evidence, logs, pcaps) stored in object storage
- Published/Unpublished toggle for review workflows
- Searchable, sortable, paginated table view
- Image preview with full-screen overlay
- Per-user attribution and timestamps
Personal Cloud Storage
Each participant gets a personal cloud file manager backed by S3-compatible object storage. Create folders, upload files via drag-and-drop, and share directly into chat conversations. Download individual files or entire folders. All files are identified by UUIDs — never by sequential IDs.
- Hierarchical folder structure with breadcrumb navigation
- Drag-and-drop file upload to S3-compatible storage
- Create, rename, and delete folders
- Share files to direct or group chats with optional message
- Download files or entire folders
- Search across all your files
- Secure UUID-based access
Comprehensive Reporting
Two dedicated reporting interfaces — tabular and graphical — give exercise coordinators full visibility into team performance. Track task completion by phase, system, DMZ zone, team, and individual user. View user statistics, login activity, and per-checklist breakdowns all in one place.
- Tabular reports with sortable columns
- Graphical dashboards with bar charts, pie charts (ApexCharts)
- Breakdown by Phase, DMZ, System, Team, and User
- Per-checklist detailed completion tracking
- User activity: total, active, inactive, by country, by team
- Export-ready data views
Application Monitoring & Screenshots
Register the web applications your team is defending and let HexShield automatically capture screenshots at configurable intervals. A headless Chromium worker periodically visits every registered URL, takes a full-page screenshot, and stores it in object storage. Browse the screenshot gallery with thumbnails, full-size previews, and download options.
- Register applications with URL and notes
- Automated Playwright/Chromium screenshot capture
- Configurable capture interval (default: 30 seconds)
- Screenshot gallery with card grid layout
- Full-size preview modal and download
- Admin controls to start/stop the worker
- Per-user bookmarking of favourite applications
Exercise Event Calendar
A visual calendar for scheduling exercise events, briefings, and milestones. Create colour-coded events with details, switch between month, week, and day views, and keep your entire team aligned on the exercise timeline.
- FullCalendar integration (month / week / day views)
- Colour-coded event categories
- Create, edit, and delete events via modal dialogs
- Drag-and-drop event scheduling
Team Knowledge Base
A fully integrated Outline Wiki instance with single sign-on. Your team can collaboratively create, edit, and organize documentation in real time. Rich Markdown editing, nested document hierarchies, and powerful search — all authenticated through the same Keycloak SSO as the rest of the platform.
- Full Outline Wiki with real-time collaborative editing
- Single Sign-On — one login covers wiki, platform, and code hosting
- Rich Markdown with embeds and formatting
- Nested collections and documents
- Full-text search across all documentation
- Local file storage — data stays on your network
Self-Hosted Git Repositories
A built-in Gitea instance gives your team full Git repository hosting for scripts, tools, and configuration files. Integrated with SSO so participants don't need separate credentials. Create repos, manage branches, submit pull requests — all within the exercise network.
- Full Gitea instance with Git hosting
- SSO integration via Keycloak (auto-registration)
- Repository management, branches, pull requests
- Issue tracking for collaborative development
- Accessible via web UI and Git CLI
Visual AI Pipeline Builder
Integrated LangFlow provides a visual drag-and-drop interface for building AI and LLM workflows. Connect to locally running LLM models via Ollama — no external API calls, no data leaving your network. Create RAG (Retrieval-Augmented Generation) pipelines, ingest exercise documentation into vector stores, and build automated analysis workflows — all without writing code.
- Visual drag-and-drop AI workflow builder
- Local LLM integration via Ollama (Llama, Mistral, CodeLlama, etc.)
- RAG document ingestion and vector store
- Automated analysis and report generation
- API endpoints for programmatic access
- Runs entirely on-premises — air-gap compatible
Live Notifications & Presence
Every component of HexShield is connected through a unified real-time event bus. New emails trigger instant toast notifications. Chat messages appear the moment they're sent. Online presence shows who's active right now. All powered by WebSockets with zero polling overhead.
- Unified Socket.IO event architecture
- Toast notifications for emails, chat, and system events
- Live online/offline user presence
- Handler registry pattern — extensible for custom event types
- Event logging for audit and replay
Ready to Command Your Next Exercise?
Deploy HexShield in minutes and manage your entire exercise team from a single platform. No cloud subscriptions, no vendor lock-in, no data leaving your network.
Schedule a Demo