# Creating a Procedure

A procedure is a predefined set of steps and actions that must be followed to accomplish a specific security-related task or address a particular issue. Procedures are often documented and provide a systematic approach to incident response, patch management, access control, and vulnerability assessment. They help ensure that tasks are executed consistently and comply with security policies.

<mark style="background-color:yellow;">Step 1:</mark> Click the **Procedures** tab of the **RunbooksDB** module.&#x20;

<mark style="background-color:yellow;">Step 2:</mark> Click **New Procedure**.&#x20;

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2F3SdvA8tm2yCOmG3yabZM%2Fimage.png?alt=media&#x26;token=10ec25ed-198f-4b7f-bda5-b26ef3d0087d" alt="" width="563"><figcaption></figcaption></figure></div>

<mark style="background-color:yellow;">Step 3:</mark> Fill out the provided fields.

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FcPmYadnqWTlc6syTBjas%2Fimage.png?alt=media&#x26;token=32125fec-6bf8-47e5-a461-750dcb32ab02" alt="" width="563"><figcaption></figcaption></figure></div>

1. **Procedure Title (required):** The procedure title should include MITRE technique numbers when applicable (e.g., T1027), with an additional local indicator to distinguish it from the official MITRE technique, such as "Obfuscated Files or Information AE-T1027."
2. **Procedure ID (required):** The procedure ID should combine the MITRE technique number (e.g., T1027) with an organization-specific identifier and a sequential number, such as "AE-T1027-001" or "T1027-AE-001". This maintains consistency, links to MITRE techniques, and supports standardization within an organization.
3. **RunbooksDB Repository (required)**: Every procedure must be associated with a **RunbooksDB** repository and only repositories that the user can edit appear in the pulldown menu.
4. **Techniques**: Click **Add Techniques** to add existing techniques in **RunbooksDB** to the procedure. They will then appear on the "New Procedure" page.\
   ![](https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2Fugs8QiJ7xIjuoYVz9MJO%2Fimage.png?alt=media\&token=f8f66a3a-9b94-4df8-9118-9fd552a49e38)
5. **Procedure Description (required):** A rich-text field to enter any content, images, or tables needed to describe the procedure. A procedure description should be detailed and actionable, including clear objectives, step-by-step instructions, and mapping to relevant MITRE ATT\&CK techniques. It should be based on real-world adversary behaviors and include technical details, expected outcomes, and potential variations. Additionally, it should provide safety precautions and guidance on detection and mitigation strategies.&#x20;
6. **Tags:** Enter any tags to help future search and filtering tasks.
7. **Execution Steps (required)**: A set of steps to achieve specific security-related goals and address potential threats or vulnerabilities. A procedure must have at least one step.
8. **Add Step Success Criteria**: Click this to access a rich-text field to provide the success criteria of the previously entered step. A good step success criteria should include measurable outcomes that align with the exercise's objectives. These criteria should be based on observable indicators that reflect real-world adversary behaviors. For example, success might be defined as achieving unauthorized access within a certain timeframe using specific tactics.
9. **Add Another Execution Step**: Click this button to add additional steps.

<mark style="background-color:yellow;">Step 4:</mark> Click **Save** at the top of the page.

The procedure is now available from the **Procedures** tab and can be viewed, edited, or deleted from this location.