Links

Runbooks

In the Runbooks module, users can create detailed guides for red teaming and penetration testing, documenting the procedures, vulnerabilities, and recommendations for enhancing security.
Runbooks work with the RunbooksDB repository in the Content Library, enabling the reuse of existing procedures, tactics, and methodologies with or without modifications to fit new test plans.
Users access the module by clicking Runbooks in the application's main menu.

Overview

In cybersecurity, professionals often rely on a practice known as red teaming to test and strengthen their defenses. This process involves simulating real-world cyberattacks to assess vulnerabilities and response capabilities. During such engagements, teams create what are known as runbooks to guide their actions and record their findings.
These runbooks serve as comprehensive records, documenting various procedures and tactics employed during the engagements. They outline the steps the red team takes, the vulnerabilities they exploit, and the recommendations they make to improve security. In essence, runbooks are the playbook for these security exercises.
The ultimate objective of these engagements is to evaluate the red team's proficiency in executing attack procedures and the blue team's capability to detect, protect against, and respond to them. The outcomes of these engagements are compiled in reports, which are then shared with clients or internal teams. These reports offer valuable insights into the effectiveness of the existing security measures and provide recommendations for improvements.
The Runbooks module has two tabs:
  • Engagements: Displays all runbooks created for a client, including those in progress and those submitted as a report (if not deleted).
  • Test Plans: Displays all existing test plans created or imported.
RunbooksDB is accessible at any time on both tabs by clicking Manage RunbooksDB.