Integrations

Runbooks

This tab only supports the legacy Runbooks V1 solution.

The Runbooks tab allows the ability to view success at remediating issues over time by displaying data from all published runbooks a user has permission to view. It reveals trends to see how blue and red team outcomes change (or not) over time to ensure that blue team success increases as red team success decreases.

Each runbook is separated by a container that can be expanded or collapsed.

Clicking a container for a runbook provides a graphical view of the following information:

  • Runbook Stats: overviews clients impacted, findings generated, and tactics covered.

  • Tactics Covered: shows how many procedures in a runbook were created as findings and how effective a security program was at stopping a technique.

  • Red Team Outcomes: provides a view and percentage breakdown of red team outcomes; moving the cursor around the pie chart provides additional information.

  • Blue Team Outcomes: provides a view and percentage breakdown of blue team outcomes; moving the cursor around the pie chart provides further information.

  • Client Engagement Analysis: provides a bar chart graph visual of blue and red team outcomes by date to measure progress over time

When filters are selected, the data displayed refreshes, and the active filters are listed at the top of the page.

Filters

Search filters allow users to refine and narrow their search results based on specific criteria or parameters.

Analytics filter values and data sets are updated every minute. If a tag or field was updated but did not appear as expected, wait one minute and try again.

A list of all filters and values for the tab exists below:

  • Client(s)

  • Date range (values selected shown in query bar)

  • Runbooks (values selected shown in query bar)

  • Methodologies (values selected shown in query bar)

  • Engagements (values selected shown in query bar)

  • Engagement Tags

  • Tactics (values selected shown in query bar)

  • Red Team Outcome

    • Success

    • Partial Success

    • Failed

    • Unknown

  • Blue Team Outcome

    • Blocked

    • Alerted

    • Logged

    • No Evidence

  • Included as Finding

    • True

    • False

PreviousAssetsNextTrends & SLAs

Last updated

Was this helpful?