Yeah, very unusual. Purpleteam is usually over some prod or prod-like environment.
I think they want you to put this in your purpleteam lab not as your actual defensive stack.
Might work for some folks but imo, the logging/detection/alerting part should alway be your actual prod stack but you can simulate attacks in a lab environment. What I have seen in the industry at large is a lot of purpleteam excercises are done in production, a red team excercise blended with a blue team investigation and response.
I think they want you to put this in your purpleteam lab not as your actual defensive stack.
Might work for some folks but imo, the logging/detection/alerting part should alway be your actual prod stack but you can simulate attacks in a lab environment. What I have seen in the industry at large is a lot of purpleteam excercises are done in production, a red team excercise blended with a blue team investigation and response.