377 lines
19 KiB
JSON
377 lines
19 KiB
JSON
[
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night SOC (Security Operations Center) where triage analysts watch a flood of IDS alerts",
|
|
"sceneVariants": [
|
|
"A dim room with curved displays showing threat timelines",
|
|
"An analyst twinning an alert to a ticketing system",
|
|
"A chat wall where red-team and blue-team coordinate responses",
|
|
"A flood of automated indicators-of-compromise scrolling past",
|
|
"A senior operator authorizing an escalation to incident response"
|
|
],
|
|
"actions": [
|
|
"Anomalous inbound traffic is triaged and prioritized by risk score",
|
|
"A playbook triggers an automated containment script against an infected host",
|
|
"A forensic sandbox ingests an attached binary for dynamic analysis",
|
|
"A pager alerts an on-call responder to join the war-room"
|
|
],
|
|
"camera": "Tight low-light shots across monitors with HUD overlays and hand-close cutaways",
|
|
"accents": [
|
|
"cold cyan monitor glows reflected on glass surfaces",
|
|
"fine log-line micro-text visible in zoomed overlays"
|
|
],
|
|
"mood": "tense methodical urgency (night)",
|
|
"lighting": "low-room, high-screen contrast",
|
|
"style": "technical incident documentary"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Midnight threat-hunt basement where seasoned hunters sift telemetry for stealthy attackers",
|
|
"sceneVariants": [
|
|
"A cluster of laptops with packet captures and timeline visualizations",
|
|
"A whiteboard mapping lateral movement across a corporate estate",
|
|
"A hunter running YARA scans against recent file drops",
|
|
"A coffee-stained notebook with IOC shorthand",
|
|
"A deep-dive window showing process trees and parent-child relationships"
|
|
],
|
|
"actions": [
|
|
"A hunter correlates endpoint telemetry to reveal a living-off-the-land technique",
|
|
"A retrospective enrichment adds indicators to the shared IOC repo",
|
|
"A stealthy persistence is detected and an eradication plan drafted",
|
|
"A timeline is exported and shared with stakeholders for action"
|
|
],
|
|
"camera": "Handheld intimate passes with detailed screen and notebook inserts",
|
|
"accents": [
|
|
"warm desk-lamp edge glints on annotated notes",
|
|
"micro-detail on packet hex dumps and offset markers"
|
|
],
|
|
"mood": "intense investigative focus (night)",
|
|
"lighting": "localized warm task lights",
|
|
"style": "deep-dive security vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn blue-team briefing room where new threat intel informs patch prioritization",
|
|
"sceneVariants": [
|
|
"A morning stand-up with charts showing exposure windows",
|
|
"A list of vulnerable CVEs ordered by exploitability",
|
|
"A liaison from IT presenting scheduled maintenance windows",
|
|
"A whiteboard mapping quick mitigations and compensating controls",
|
|
"A calm assigned owner for each priority item"
|
|
],
|
|
"actions": [
|
|
"A prioritized remediation list is sent to change control",
|
|
"Workarounds are applied to high-risk assets pending patches",
|
|
"A communication to impacted business units is drafted",
|
|
"A verification job schedules post-patch validation scans"
|
|
],
|
|
"camera": "Clean daytime mid-shots with whiteboard details and tablet overlays",
|
|
"accents": [
|
|
"soft morning light on marker strokes and printed CVE pages",
|
|
"fine typography in ticketing UI closeups"
|
|
],
|
|
"mood": "practical collaborative urgency (day)",
|
|
"lighting": "bright meeting-room daylight",
|
|
"style": "enterprise operations documentary"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night red-team exercise where simulated adversaries attempt to bypass controls",
|
|
"sceneVariants": [
|
|
"A dim collaborative space with command-line windows and scripts",
|
|
"A physical penetration test team coordinating with virtual ops",
|
|
"A simulated phishing campaign being launched for a tabletop",
|
|
"A scoreboard showing success metrics for attack paths",
|
|
"A debrief room filled with post-exploit snapshots"
|
|
],
|
|
"actions": [
|
|
"The red team executes a priced attack chain to test detection",
|
|
"Phishing templates are sent in controlled manner and click rates measured",
|
|
"A live purple-team session adjusts detection rules in response",
|
|
"A final after-action reviews missed detections and improves telemetry"
|
|
],
|
|
"camera": "Grainy handheld for covert mood intercut with terminal closeups",
|
|
"accents": [
|
|
"keyboard rim light micro-glow and coffee cup ring micro-detail",
|
|
"fine console font and timestamp micro-annotations"
|
|
],
|
|
"mood": "provocative controlled tension (night)",
|
|
"lighting": "low warm desk lamps with monitor highlights",
|
|
"style": "red-team exercise film"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn secure dev pipeline where SAST/DAST and CI gates block vulnerable code from merging",
|
|
"sceneVariants": [
|
|
"A CI dashboard showing passing and failing security gates",
|
|
"A developer iterating on a failing SAST finding",
|
|
"A merge request with automated security comments",
|
|
"A policy bot refusing to merge until tests are green",
|
|
"A team retrospective reviewing prevented vulnerabilities"
|
|
],
|
|
"actions": [
|
|
"SAST flags insecure deserialization and a fix is pushed",
|
|
"DAST runs catch an authentication bypass on a staging endpoint",
|
|
"A gated pipeline halts deployment until remediation",
|
|
"A security champion wires an educational note into the PR"
|
|
],
|
|
"camera": "Crisp dev-screen inserts with team collaboration mid-shots",
|
|
"accents": [
|
|
"soft morning reflection on laptop chassis and printed stack diagrams",
|
|
"fine diff snippet micro-typography"
|
|
],
|
|
"mood": "constructive proactive discipline (day)",
|
|
"lighting": "bright engineering space daylight",
|
|
"style": "DevSecOps process vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night IoT farm where edge-device fleets are monitored for firmware anomalies",
|
|
"sceneVariants": [
|
|
"A greenhouse of smart sensors with a low-power gateway",
|
|
"A dashboard flagging anomalous firmware checksums",
|
|
"A technician scheduling a staged OTA update",
|
|
"A low-bandwidth link throttling large updates into batches",
|
|
"A remote field console displaying device health"
|
|
],
|
|
"actions": [
|
|
"A rollback is prepared for devices failing checksum validation",
|
|
"A limited OTA is pushed to a pilot group for canary testing",
|
|
"A device is quarantined remotely to avoid lateral spread",
|
|
"A device manifests snapshot is captured and stored for analysis"
|
|
],
|
|
"camera": "Macro device-feeds and long-lens greenhouse passes",
|
|
"accents": [
|
|
"soft LED grow-light reflections on sensor housings",
|
|
"micro-scratch detail on plastic enclosures"
|
|
],
|
|
"mood": "protective technical calm (night)",
|
|
"lighting": "muted greenhouse task light with instrument glows",
|
|
"style": "operational IoT security"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn phishing simulation center where user-awareness metrics drive targeted training",
|
|
"sceneVariants": [
|
|
"A training room with participants interacting with simulated phishing emails",
|
|
"A panel showing click-through rates by department",
|
|
"A facilitator guiding a role-play on social-engineering",
|
|
"A small rewards board for teams showing exemplary reporting",
|
|
"A feedback kiosk for users to submit concerns"
|
|
],
|
|
"actions": [
|
|
"A targeted simulated campaign is launched and response rates measured",
|
|
"Employees who report suspicious messages are immediately retrained",
|
|
"A metric dashboard surfaces at-risk groups for focused outreach",
|
|
"A positive reinforcement program issues recognition tokens"
|
|
],
|
|
"camera": "Warm human-focused shots with close-ups on email UI and reaction faces",
|
|
"accents": [
|
|
"morning sun reflection on presentation screens",
|
|
"fine paper and print micro-detail on training handouts"
|
|
],
|
|
"mood": "educational engaged optimism (day)",
|
|
"lighting": "bright classroom daylight with soft fills",
|
|
"style": "awareness training vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night financial fraud ops where transaction analytics and anomaly detection protect accounts",
|
|
"sceneVariants": [
|
|
"A bank ops room with live transaction streams and risk scores",
|
|
"An account analyst freezing a suspicious transfer in real time",
|
|
"A fraud-hit list being automatically reconciled with KYC data",
|
|
"A legal hold placed on accounts pending verification",
|
|
"A small alert window showing geolocation mismatches"
|
|
],
|
|
"actions": [
|
|
"An unusual geo-velocity triggers a temporary block and verification call",
|
|
"A forensic snapshot of account activity is generated for review",
|
|
"A machine learning detector refines thresholds based on false-positive feedback",
|
|
"A coordinated takedown handoff is prepared for law enforcement"
|
|
],
|
|
"camera": "Tense close-in action with UI overlays and phone-call reaction shots",
|
|
"accents": [
|
|
"soft amber server indicator glows and micro-font transaction timestamps",
|
|
"fine print on legal hold notices"
|
|
],
|
|
"mood": "urgent protective focus (night)",
|
|
"lighting": "low control-room with bright transaction displays",
|
|
"style": "financial security procedural"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn supply-chain review where SBOMs and dependency scans prevent vulnerable components in builds",
|
|
"sceneVariants": [
|
|
"A software bill-of-materials viewer with nested dependency trees",
|
|
"A developer replacing a flagged transitive dependency",
|
|
"A compliance officer signing off an SBOM snapshot",
|
|
"An automated scanner highlighting outdated packages",
|
|
"A small archive of vendor attestations and licenses"
|
|
],
|
|
"actions": [
|
|
"Automated SBOM comparison detects a flagged CVE in a transitive dependency",
|
|
"A developer upgrades the package and a regression test is triggered",
|
|
"A vendor attests a fix and a new signed SBOM is published",
|
|
"A compliance snapshot is retained for audit trail"
|
|
],
|
|
"camera": "Clean closeups on tree viewers and merge workflow screens",
|
|
"accents": [
|
|
"bright morning desk light reflecting on printed SBOM sheets",
|
|
"micro-typography on package hashes and signature stamps"
|
|
],
|
|
"mood": "methodical preventive diligence (day)",
|
|
"lighting": "bright engineering daylight",
|
|
"style": "supply-chain security vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night zero-trust control-point where access policies and micro-segmentation dynamically enforce least privilege",
|
|
"sceneVariants": [
|
|
"A network map showing microsegments with live policy hits",
|
|
"A workstation request locked by a conditional access policy",
|
|
"A sudden policy enforcement preventing lateral access",
|
|
"A policy authoring console showing recent changes",
|
|
"An auditor reviewing an access exception request"
|
|
],
|
|
"actions": [
|
|
"A conditional access rule triggers MFA and device posture checks",
|
|
"Micro-segmentation isolates a suspicious host from critical data lanes",
|
|
"An access exception is logged and routed to approvers",
|
|
"A policy test-run simulates impact prior to global rollout"
|
|
],
|
|
"camera": "Tidy console closeups and network-map wide reveals",
|
|
"accents": [
|
|
"cool vector-map micro-lines and crisp console typography",
|
|
"fine badge ID micro-text and token bead detail"
|
|
],
|
|
"mood": "disciplined cautious control (night)",
|
|
"lighting": "low ops with bright policy-map accents",
|
|
"style": "modern security architecture film"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn incident post-mortem where teams annotate root-cause and continuous improvement items",
|
|
"sceneVariants": [
|
|
"A war-room whiteboard full of timeline swimlanes and root cause trees",
|
|
"Teams documenting mitigations and preventive action items",
|
|
"A retrospective board where wins and gaps are listed",
|
|
"A CI job queue showing remediation tests in flight",
|
|
"A small gratitude note for on-call staff pinned to the board"
|
|
],
|
|
"actions": [
|
|
"An RCA session produces a prioritized action plan",
|
|
"Mitigations are scheduled into sprint cycles and owners assigned",
|
|
"A knowledge-base article is written to prevent recurrence",
|
|
"A public executive summary is prepared for stakeholders"
|
|
],
|
|
"camera": "Conversational mid-shots with close annotations on whiteboard and keyboard",
|
|
"accents": [
|
|
"soft morning meeting light and marker ink micro-texture",
|
|
"fine printed checklist micro-detail"
|
|
],
|
|
"mood": "reflective constructive closure (day)",
|
|
"lighting": "bright meeting-room daylight",
|
|
"style": "organizational improvement vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night cloud-hunt where serverless telemetry and ephemeral instances complicate detection",
|
|
"sceneVariants": [
|
|
"A cloud monitoring wall showing ephemeral function invocations",
|
|
"An analyst investigating short-lived anomalous invocations",
|
|
"A chase through distributed logs across multiple cloud regions",
|
|
"A lambda function snapshot with suspicious environment variables",
|
|
"A cloud bill anomaly showing spikes during off-hours"
|
|
],
|
|
"actions": [
|
|
"A distributed trace is stitched across ephemeral services to locate anomaly",
|
|
"A function execution is frozen for forensic artifact collection",
|
|
"An alert triggers an automated rollback of a misconfigured deployment",
|
|
"A cost anomaly leads to an abuse investigation and throttling"
|
|
],
|
|
"camera": "Rapid digital overlays with terminal closeups and graph zoom-ins",
|
|
"accents": [
|
|
"neon cloud-dashboard micro-gradients and log line micro-type",
|
|
"fine JSON snippet micro-structure in closeups"
|
|
],
|
|
"mood": "technical hunting intensity (night)",
|
|
"lighting": "dim ops with bright cloud dashboards",
|
|
"style": "cloud security vignette"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn hardware trust bench where firmware signing and root-of-trust checks protect supply chain components",
|
|
"sceneVariants": [
|
|
"A bench testing secure boot chains on embedded devices",
|
|
"An engineer validating a TPM attestation log",
|
|
"A sealed kit of signed firmware images ready for deployment",
|
|
"A compliance stamp of approval being affixed to a batch",
|
|
"A quiet lab with ESD mats and precision screwdrivers"
|
|
],
|
|
"actions": [
|
|
"A secure boot verification rejects a tampered image",
|
|
"An attestation report is generated and uploaded to a ledger",
|
|
"A rollback firmware is staged for compromised units",
|
|
"A batch is quarantined pending vendor re-certification"
|
|
],
|
|
"camera": "Macro hardware-close with steady lab-wide context",
|
|
"accents": [
|
|
"polished PCB micro-traces and stamped serial micro-text",
|
|
"fine ESD mat texture and antibody-like sticker micro-detail"
|
|
],
|
|
"mood": "methodical trust-building (day)",
|
|
"lighting": "bright laboratory task lighting",
|
|
"style": "hardware supply-security documentary"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Night tabletop crisis simulation where executives practice communication under an incident",
|
|
"sceneVariants": [
|
|
"A conference table with scripted scenario injects and a timeline board",
|
|
"A communications lead rehearsing public messaging",
|
|
"A legal counsel role-playing regulator interactions",
|
|
"A simulated social media wildfire displayed on a monitor",
|
|
"A final debrief capturing gaps in message cadence"
|
|
],
|
|
"actions": [
|
|
"A media playbook is activated and mock statements released",
|
|
"Cross-functional roles execute communication and technical responses",
|
|
"A simulated regulator interaction tests record and audit readiness",
|
|
"A review annotates improvements to notification speed and clarity"
|
|
],
|
|
"camera": "Formal static wide with reaction cuts and script closeups",
|
|
"accents": [
|
|
"warm conference rim-light and printed script micro-text",
|
|
"fine mock-social post imagery micro-detail"
|
|
],
|
|
"mood": "serious prepared composure (night)",
|
|
"lighting": "controlled interior lighting",
|
|
"style": "executive crisis preparedness film"
|
|
},
|
|
{
|
|
"subGenre": "Cyber Security",
|
|
"scene": "Dawn privacy-by-design workshop where engineers and product teams bake privacy controls into features",
|
|
"sceneVariants": [
|
|
"A co-design space with mock user journeys and privacy checklists",
|
|
"A feature owner adding data minimization steps to a spec",
|
|
"A UX designer mapping consent flows and redaction points",
|
|
"A compliance officer endorsing a privacy-preserving architecture",
|
|
"A small whiteboard with retention timelines and anonymization strategies"
|
|
],
|
|
"actions": [
|
|
"A design decision chooses pseudonymization over cleartext collection",
|
|
"A retention schedule is shortened and automated deletion scheduled",
|
|
"A consent flow mockup is tested with user focus groups",
|
|
"A privacy impact assessment is drafted for sign-off"
|
|
],
|
|
"camera": "Friendly collaborative passes with detailed UI and whiteboard closeups",
|
|
"accents": [
|
|
"soft morning light on sticky notes and printed flow diagrams",
|
|
"fine UI micro-typography and consent micro-copy detail"
|
|
],
|
|
"mood": "collaborative ethical clarity (day)",
|
|
"lighting": "bright workshop daylight",
|
|
"style": "product privacy design film"
|
|
}
|
|
] |