Automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment

The invention claimed is: 1 . An apparatus, comprising: an automated sandbox generator for a wargaming cyber-attack exercise on a mimic network in a cloud environment, comprising: a cloud deployment component configured to provide an automated solution to deploy the mimic network, which consists of a portion of 1) an information technology network, 2) a cloud network, 3) an email network, or 4) a combination of all three, in a sandbox environment in the cloud environment, where the mimic network is i) a clone of some subset of components from 1) the information technology network, 2) the cloud network, 3) the email network, or 4) the combination of all three, that exists in an organization's environment, ii) a subset of predefined example components found in network architectures, or iii) some combination of both, and where the cloud deployment component is further configured to utilize a sandbox creator to create the sandbox environment in the cloud environment, an attack engine configured to deploy a cyber threat to use an exploit that can be tested and interacted with during the wargaming cyber-attack exercise in the mimic network deployed by the cloud deployment component, a monitoring component configured to communicate with a series of sensors deployed in the mimic network in the sandbox environment in the cloud environment, a user interface component configured to communicate with the monitoring component to display results of testing in the wargaming cyber-attack exercise be displayed in the user interface component, where the monitoring component is configured to utilize an existing set of artificial intelligence models trained on a normal pattern of life of entities in the organization's environment and its associated machine learning, where the user interface component is configured to display, in real time, results of the wargaming cyber-attack exercise being conducted in the sandbox environment, to create a behavioral profile of how the cyber threat using the exploit would actually perform in that particular organization's environment, and where instructions for the cloud deployment component, the attack engine, the user interface component, and the monitoring component are configured to be stored in one or more non-transitory machine readable medium to be executed by one or more processing units. 2 . The apparatus of claim 1 , where the attack engine is configured to interacted with the deployed cyber threat via being capable of remote control over actions taken by the cyber threat, during the wargaming cyber-attack exercise in the mimic network deployed by the cloud deployment component. 3 . The apparatus of claim 1 , where the user interface component is configured to mimic at least an appearance and functionality of a user interface of a cyber security appliance protecting the 1) information technology network, 2) cloud network, and/or 3) email network, that exists in the organization's environment. 4 . The apparatus of claim 1 , where the monitoring component is configured to utilize the existing set of artificial intelligence models trained on the normal pattern of life of the entities in the organization's environment and its associated machine learning by making a snapshot of a state of an existing cyber security appliance that is a mirror copy of the cyber security appliance protecting the organization's environment. 5 . The apparatus of claim 1 , where the monitoring component is configured to utilize the existing set of artificial intelligence models trained on the normal pattern of life of the entities in the organization's environment and its associated machine learning by establishing a secure communications channel with an actual cyber security appliance that is operating in real time to protect the organization's environment, but is made aware, such as by markers or other indicators that information being sent via the secure communications channel is coming from the wargaming cyber-attack exercise in the sandbox environment in the cloud environment. 6 . The apparatus of claim 1 , wherein i) a cyber security appliance protecting the organization's environment, ii) a separate recording component, or iii) a combination of both, is configured to record parameters, messages, model breaches, and other results of the wargaming cyber-attack exercise for later review as a wargaming cyber-attack exercise session that can reviewed in a future. 7 . The apparatus of claim 1 , where the user interface component is further configured to output specific aspects of the results of the wargaming cyber-attack exercise in a form of a printable report. 8 . The apparatus of claim 1 , where the user interface component cooperating with the attack engine is further configured to present controls and menu options to allow individual human cyber security professionals to interact with the cyber threat deployed by the attack engine during the cyber-attack on the mimic network in the cloud environment, as it happens in real time, during the wargaming cyber-attack exercise whether i) to attempt to mitigate the cyber-attack by the cyber threat and the exploit it is using from progressing in real time, and ii) conversely, to interact with the cyber threat during the cyber-attack on the mimic network in such a way to make progress on goals of the cyber-attack by augmenting and/or overriding scripted actions of the cyber threat during the cyber-attack on the mimic network. 9 . The apparatus of claim 1 , where the attack engine is further configured to utilize automatic attack construction for the cyber threat, which can incorporate i) an importation of an output of attack path modeling from a prevent cyber-attack simulator, ii) an awareness of Attack Surface Monitoring, and iii) any combination of both, to try and establish when a customer is vulnerable to a certain exploit used by the cyber threat in the cyber-attack on the mimic network. 10 . The apparatus of claim 1 , where the attack engine is further configured to record events and data in a log of attack data of how the cyber-attack is progressing on the mimic network, what components in the mimic network are being affected by the cyber threat, effects of any counter measures used by a human cybersecurity team and any automated responses by an autonomous response module in a cyber security appliance on the cyber threat that was deployed, and then the attack engine is configured to send out the log to the user interface component so that the human cybersecurity team can observe how the cyber-attack on the mimic network is playing out. 11 . A method of a wargaming cyber-attack exercise, comprising: providing an automated sandbox generator for the wargaming cyber-attack exercise on a mimic network in a cloud environment, providing a cloud deployment component to provide an automated solution to deploy the mimic network, which consists of a portion of 1) an information technology network, 2) a cloud network, 3) an email network, or 4) a combination of all three, in a sandbox environment in the cloud environment, where the mimic network is i) a clone of some subset of components from 1) the information technology network, 2) the cloud network, 3) the email network, or 4) the combination of all three, that exists in an organization's environment, ii) a subset of predefined example components found in network architectures, or iii) some combination of both, providing the cloud deployment component to utilize a sandbox creator to create the sandbox environment in the cloud environment, providing an attack engine to deploy a cyber threat to use an exploit that can be tested and interacted with during the wargaming cyber-attack exercise in the m