Step 1: From the WriteupsDB module home page, click New Repository.

Step 2: Fill out the provided fields.

1. Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.

2. Writeup ID Prefix: A three-character value that is unique to this repository. The Section ID Prefix value informs the future relationship of all sections created within the repository to a specific repository. Once assigned to a particular repository with the prefix, sections will automatically increment as they are added. An error message will display if the prefix already exists after clicking the Create button.

3. Description: Describes the repository in 350 characters or less. The number of characters remaining in the description is presented at the bottom right of the box.

4. Repository Access: Defines what users and roles can access the writeups in this repository.

Step 3: Click Create.

A notification confirms the action and the repository will appear as a card on the Repositories tab.

A procedure is a predefined set of steps and actions that must be followed to accomplish a specific security-related task or address a particular issue. Procedures are often documented and provide a systematic approach to incident response, patch management, access control, and vulnerability assessment. They help ensure that tasks are executed consistently and comply with security policies.

Step 1: Click the Procedures tab of the RunbooksDB module.

Step 2: Click New Procedure.

Step 3: Fill out the provided fields.

1. Procedure Title (required): The procedure title should include MITRE technique numbers when applicable (e.g., T1027), with an additional local indicator to distinguish it from the official MITRE technique, such as "Obfuscated Files or Information AE-T1027."

2. Procedure ID (required): The procedure ID should combine the MITRE technique number (e.g., T1027) with an organization-specific identifier and a sequential number, such as "AE-T1027-001" or "T1027-AE-001". This maintains consistency, links to MITRE techniques, and supports standardization within an organization.

3. RunbooksDB Repository (required): Every procedure must be associated with a RunbooksDB repository and only repositories that the user can edit appear in the pulldown menu.

5. Procedure Description (required): A rich-text field to enter any content, images, or tables needed to describe the procedure. A procedure description should be detailed and actionable, including clear objectives, step-by-step instructions, and mapping to relevant MITRE ATT&CK techniques. It should be based on real-world adversary behaviors and include technical details, expected outcomes, and potential variations. Additionally, it should provide safety precautions and guidance on detection and mitigation strategies.

6. Tags: Enter any tags to help future search and filtering tasks.

7. Execution Steps (required): A set of steps to achieve specific security-related goals and address potential threats or vulnerabilities. A procedure must have at least one step.

8. Add Step Success Criteria: Click this to access a rich-text field to provide the success criteria of the previously entered step. A good step success criteria should include measurable outcomes that align with the exercise's objectives. These criteria should be based on observable indicators that reflect real-world adversary behaviors. For example, success might be defined as achieving unauthorized access within a certain timeframe using specific tactics.

9. Add Another Execution Step: Click this button to add additional steps.

Step 4: Click Save at the top of the page.

The procedure is now available from the Procedures tab and can be viewed, edited, or deleted from this location.

If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.

Adding Users

Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.

Step 2: Click Users & Permissions.

Step 3: Click Add User.

Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.

Step 5: Edit the permission or delete a user, if needed. Click Done.

Deleting Users

Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.

Step 2: Click Users & Permissions.

Step 3: Identify the user to remove and click the X in that row.

Step 4: Click Done.

Changing Settings

Admins can modify the repository name, prefix, description and access setting.

Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.

Step 2: Click Repository Settings.

Step 3: Click Update.

Copying a Repository

Step 1: From the Repositories tab of the NarrativesDB module, click the three dots in a repository card and click Copy Repository.

Step 2: Update the repository name, add a section ID, and validate access permissions. Click Copy.

The new repository is created and listed on the Repositories tab.

Deleting a Repository

Admins can delete a repository in two ways:

Click the three dots in a repository card from the NarrativesDB home page, then click Delete Retory.

or

Go to the repository settings and click Delete Repository.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

NarrativesDB comes with six sections that are part of the sample repository. These sections can be modified, copied to another repository, or deleted.

Editing a Section

Step 1: From the Repositories tab of the NarrativesDB module, click Sections.

Step 2: Navigate to the desired section to update and click Edit.

Step 3: Make desired edits to the section. Click Close when finished.

Copying a Section

Step 1: From the Repositories tab of the NarrativesDB module, click Sections.

Step 2: Navigate to the desired section to update and click Copy To.

Step 3: Select the repository to copy the section from the pulldown menu.

Step 4: Click Copy.

A notification confirms the action was successful, and the copied section now appears in the new repository.

Deleting a Section

Step 1: From the Repositories tab of the NarrativesDB module, click Sections.

Step 2: Click the three dots under the "Actions" column, then click Delete.

Step 3: A modal will appear, confirming the action. Click Delete Section.

Bulk Actions

When editing multiple sections, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.

Bulk action options appear after selecting one or more sections by clicking the checkbox or the box next to the column header.

Click Actions to see the list of options available.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

Fields that are required do not have an X available.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

The Content Library menu provides access to repositories for narratives, writeups and runbooks. These repositories allow users to create, manage, and reuse content across the platform when generating reports or findings.

Users access it by clicking Content Library in the application's main menu.

Overview

The Content Library repositories offer numerous advantages:

• Reusability: Users can create and access reusable items such as writeups and narrative sections. Instead of recreating content from scratch, users can leverage existing content, saving time and effort.

• Standardization and Consistency: The Content Library promotes standardization and consistency by organizing reusable content within repositories. Users can load and access predefined repositories and templates.

• Efficiency: Users can quickly locate and retrieve relevant content, streamlining the report creation process and improving overall efficiency.

• Collaboration: The Content Library is designed to promote collaboration and knowledge sharing. It allows users to designate repositories for multiple individuals to access and contribute.

• Scalability: As the Content Library accumulates reusable items, it becomes a valuable resource that grows with the organization's needs. New users can leverage existing content, maintaining consistency even as the user base expands.

• Customization: Users can create repositories, set permissions for viewing and editing, organize content within repositories, establish templates, customize layout, add tags or metadata, and integrate with external tools.

In the Content Library, three types of repositories exist:

1. Open Repository: Open repositories are available to anyone with repository access. Users with permission can view and edit the content within this repository. Open repositories are created for easy access and collaboration, allowing users to contribute and modify content freely. They serve as a shared space.

2. Managed Repository: Managed repositories are accessible to anyone with repository access, allowing them to view the repository content. Editors must be added manually. Managed repositories are suitable for creating shared spaces where multiple users can access and utilize the content but have limited editing capabilities.

3. Private Repository: Private repositories are the most restricted. Only added users with specific permissions can view and edit the content within private repositories. Private repositories are ideal for in-process documents or content that should only be accessible to select individuals.

Users' level of access and editing permissions should be considered when selecting a repository type.

Managed repositories allow for broader access with limited editing capabilities, private repositories restrict access to authorized individuals, and open repositories provide an open and collaborative environment for content sharing and editing.

Open Repository

Definition: A “Dropbox” to which any user with feature-level access may contribute content.

Default behavior: None

Recommended Use: To enable all users to contribute without restriction.

Managed Repository

Definition: Users can view, but only those added to a given repository as an editor and have an RBAC of MANAGE_{content}_REPOSITORIES under Content Library permissions may add or edit content.

Default behavior: View-only access unless an editor is added to enable modification of content or the user has appropriate RBAC permissions.

Recommended Use: To restrict edit access to qualified individuals (copy editors) within a defined set of narrative sections. This is ideal for teams working on various projects who want to maintain their versions of narrative sections and small to mid-size teams that don’t need to restrict access to use but want to limit curation to leadership.

Private Repository

Definition: A repository to store narrative sections is unavailable unless a user is explicitly given read and edit permissions.

Default behavior: Users may view only (Viewer) or edit (Editor).

Recommended Use: This is a place to copy manually created sections that may contain client-specific data that needs to be sanitized, a place to work on drafts for new narrative sections not ready for general use, or a place to store final narrative sections not available for general use.

Step 1: From the Repositories tab of the NarrativesDB module, click New Repository.

Step 2: Enter information in the fields (a red asterisk marks required fields), select the desired security access for the repository, and click Create.

The new repository is now listed on the Repositories tab.

NarrativesDB is a repository that houses all of PlexTrac's narrative sections. Its primary purpose is facilitating categorization, association with defined use cases, and reusability.

Users access by clicking Content Library in the application's main menu and then clicking NarrativesDB.

Overview

Reports use narratives to provide context, clarify complex information, and improve comprehension. These narratives also serve as persuasive tools, influencing opinions and motivating action through storytelling. By placing data and facts into real-life contexts, narratives help audiences understand the relevance of information, making them versatile and impactful tools. As a result, narratives are valuable assets in reports and promote effective communication.

NarrativesDB enables users to create and manage this messaging, freeing up time for problem-solving.

For example, instead of initiating each report from scratch and composing a unique narrative every time, organizations have the flexibility to create simple sections that serve as a starting point. These sections can be reused or further enhanced to align with the specific needs of each report, providing a time-saving and efficient solution for report generation.

The NarrativesDB home page consists of two tabs:

• Repositories: A centralized location where all sections can be stored and managed.

• Sections: A dedicated space to create reusable content for narrative sections within a report.

Repositories Tab

PlexTrac provides a sample narratives repository containing six sample narrative sections to demonstrate how content reuse might exist.

The sample repository is an Open repository that cannot be deleted but can be modified.

Sections Tab

Sections are containers that contain a title, body, and tags. They are reusable in reports and are stored in this tab.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

Creating a Section

Step 1: From the Repositories tab of the NarrativesDB module, click Sections.

Step 2: Click New Section.

Step 3: Enter desired information (required fields are marked with a red asterisk).

Step 4: Click Close.

The process of creating a writeup is similar to that of creating a finding.

Step 1: From the WriteupsDB home page, click the Writeups tab.

Step 2: Click New Writeup.

Step 3: A modal will appear with the option to start from default finding fields or use a custom findings layout. Choose an option and click Next.

Step 4: Enter the writeup name and select the repository and severity. Click Create.

Step 5: Enter the information in the provided fields on the "Create New Writeup" page. Required fields are denoted with a red asterisk.

New sections for the writeup can be added by clicking Add new custom field at the bottom of the page. There is no limit to the number of new sections that can be added. Any section can be deleted by clicking the Remove button.

Step 6: Click Close at the top of the page. All changes are autosaved.

If the repository is not an "Open" type repository, admins can manage users by clicking Users & Permissions.

Adding Users

Step 1: From the Repositories tab of the WriteupsDB home page, click the card of the repository to modify.

Step 2: Click Users & Permissions.

Step 3: Click Add User.

Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.

Step 5: Edit the permission or delete a user, if needed. Click Done.

Modifying Users

Step 1: Select the desired repository card from the WriteupsDB home page and click Users & Permissions.

Step 2: Select the user to modify and change permissions from the pulldown menu.

Step 3: When finished, click Done.

Deleting Users

Step 1: Select the desired repository card from the WriteupsDB home page and click Users & Permissions.

Step 2: Select the user to remove and click the X in that row.

Step 3: When finished, click Done.

The WriteUpsDB module has two tabs:

• Repositories: Displays all writeup repositories that exist in a tenancy. A repository can be .

• Writeups: Displays all writeups in various repositories, including those created manually and imported.

Repositories Tab

PlexTrac provides a default repository container for any existing writeups. This repository can be renamed, modified, and deleted.

Once added, any extra repositories will be displayed on the page alphabetically according to their title.

Each repository card provides the following information:

1. Repository Title

2. Repository Type: Open, Managed, or Private

3. Meatballs Menu: options to copy or delete the repository

4. Repository Description

5. Number of contained writeups

6. Number of added users

Writeups Tab

Click the Writeups tab to view all writeups for a tenancy. This view will display helpful information such as the writeup ID, parent repository, writeup severity, source, assigned tags, and the ability to edit, copy, or delete any selected writeup.

Bulk Actions

When editing multiple reports, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.

Bulk action options appear after one or more writeups are selected by clicking the checkbox to the far left of the Title field or by clicking the box next to the column header.

Click Actions to see the list of options.

Configuring Views

The table view can be customized by clicking the column view icon to the right of the search bar.

Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.

When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.

This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.

The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.

Click Save when finished.

WriteupsDB is a central repository for all the writeups available in PlexTrac. Its purpose is to categorize them, associate them with specific use cases, and facilitate reuse. By structuring and refining the findings, writeups can be seamlessly incorporated into other deliverables, such as a report.

Users access by clicking Content Library in the application's main menu and then clicking WriteupsDB.

Overview

WriteupsDB serves as a valuable tool for tracking and organizing vulnerability information. Benefits of WriteupsDB include:

• Enhanced Organization and Access: WriteupsDB provides a centralized database where items can be added or imported, making it effortless to organize and access information related to vulnerabilities. This centralized approach improves efficiency and streamlines tracking and documenting vulnerabilities.

• Improved Permissions and Segregation: With the introduction of repositories, PlexTrac offers improved permissions and segregation capabilities. Instead of managing writeups as a list, users can create repositories to categorize and segregate writeups based on different contexts, such as incident response or vulnerability management. This feature ensures that the right users have the appropriate level of access in their specific domains and can work without interference from unrelated teams.

• Standardization and Collaboration: WriteupsDB enables the standardization of vulnerability documentation by encouraging and reusing templates. This ensures consistency in the format and language, making it easier for stakeholders to understand and analyze vulnerabilities. The platform also supports collaboration, allowing multiple users to work on writeups simultaneously and facilitating peer reviews for improved quality and accuracy.

A repository is a versatile tool for managing writeups. It organizes content into structured categories, allowing for efficient reuse across reports. Repositories grant varying access permissions, enhancing collaboration and control.

Changing Settings

Step 1: From the WriteupsDB module home page, click the repository to update.

Step 2: Click Repository Settings.

All fields that existed when creating the repository are available for editing, with an additional button to delete the repository.

Step 3: Click Submit when finished.

Copying a Repository

Step 1: From the Repositories tab of the WriteupsDB module, click the meatballs menu found on the repository card to copy.

Step 2: Click Copy Repository.

Step 3: Change the repository name, add a section ID, update the description as needed, and validate access permissions. Click Save.

The new repository has been created and is listed on the Repositories tab.

Deleting a Repository

A repository can be deleted in two ways:

A warning message will appear asking for validation. Click Delete to continue.

Writeups can be copied within the WriteupsDB module or from a finding within a report.

Copying a Writeup Within a Report

Step 1: Within a report, click the Findings tab.

Step 2: Find the finding to copy. Click the meatballs menu (three dots) under "Actions" and click Copy to WriteupsDB.

Step 3: Select the repository from the pulldown menu and click Copy.

Copying within WriteupsDB

Step 1: From the WriteupsDB module, go to the writeup to copy and click Copy To under the "Actions" column.

Step 2: Select the destination repository from the pulldown menu and click Copy.

Step 1: From a report, click the Findings tab.

Step 2: Click Add Findings and select "From WriteupsDB" from the pulldown menu.

Step 3: Search for or use the provided pulldown filters to display the desired writeups(s) to add.

Step 4: Click the box next to the writeup(s) to add. Selected writeups will appear in the "TO BE ADDED TO REPORT" column on the right. Click Add X Writeups.

The selected writeups now appear on the Findings tab of the report.

RunbooksDB enables collaborative testing for threat emulation and simulation, known as Purple Teaming. Organizations can create reusable test plans that encompass a set of procedures.

Users access by clicking Content Library in the application's main menu and then clicking RunbooksDB.

Overview

Runbooks comprise a particular methodology, a series of tactics, techniques, and procedures collectively known as TTPs. Runbooks are executed and turned into an engagement tied to a specific client. Once the engagement is finished and submitted, it becomes a report.

RunbooksDB offers several benefits:

• Standardization: Runbooks provide standardized procedures and workflows for various tasks and processes. This consistency helps ensure that critical steps are not missed during an operation.

• Efficiency: By having predefined procedures and automation scripts within runbooks, teams can respond to incidents and complete tasks more efficiently, which reduces the time and effort required for routine operations.

• Consistency: Runbooks help maintain consistency in task performance. This is crucial in cybersecurity and incident response, as consistent procedures are necessary to identify and mitigate threats effectively.

• Training and Onboarding: Runbooks are valuable training materials for new team members. They can use runbooks to learn how to perform various tasks and understand best practices, ensuring a smooth onboarding process.

PlexTrac provides a downloadable CSV file that can be used as a template for entering writeups offline and importing them into WriteupsDB.

Downloading the CSV Template

Step 1: From the WriteupsDB module, click the Writeups tab.

Step 2: Click Import Writeups.

Step 3: Click Download CSV template file.

The file will be downloaded locally for editing.

Writeups CSV Field Mappings

When importing the CSV file, all fields below must appear as column headers and follow the rules defined in the table. Otherwise, the file may be rejected when imported or require further manual editing within PlexTrac.

Importing the CSV Template

Step 1: From the WriteupsDB module, click the Writeups tab.

Step 2: Click Import Writeups.

Step 3: Drag the file into the designated box or navigate to the file on the computer.

Step 4: Click Upload.

When completed, the imported writeups will be displayed within the selected repository.

Changing Settings

Admins can modify the repository name, prefix, description, and access settings.

Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.

Step 2: Click Repository Settings.

Step 3: Make the desired changes, then click Save.

Deleting a Repository

From the RunbooksDB home page's Repositories tab, click the three dots in the repository card and then click Delete Repository.

A warning message appears asking for validation. Click Delete Repository.

The RunbooksDB home page consists of five tabs:

• Repositories: A set of processes that can be reused and have controlled access.

• Procedures: A set of steps required to execute a tactic. For example, a procedure for browser extension-based persistence could describe how a malicious extension is injected to maintain persistence.

• Techniques: A grouping of procedures. Techniques are added to a tactic for use in an engagement. For example, if a tactic is persistence, a technique could exist for browser extensions.

• Tactics: A grouping of techniques. Tactics are added to a methodology for use in a runbook. This usually represents a type of attack, such as persistence or a privilege escalation from the MITRE ATT&CK framework. This can also be a logical grouping or structure for techniques.

• Methodologies: A grouping of tactics that are put into a runbook. It contains a title, ID, description, and the selected series of tactics. Tactics can be chosen to apply to the methodology when used as a runbook. This is similar to how the MITRE ATT&CK is broken down, where the methodology represents the framework for TTPs.

Repositories Tab

PlexTrac provides a container for all instances called "PlexTrac Curated" that contains community-produced procedures on MITRE/CTI.

This repository contains over 1,500 MITRE procedures from the ATT&CK matrix that can be leveraged. It is available to all users and cannot be deleted.

Once a test plan is imported, another default repository is created. This repository contains all procedures included in the imported test plans.

Once added, any additional repositories will be displayed on the page alphabetically according to their title.

Each repository card offers an overview of its contents and settings. It includes the Repository Title, which helps identify the repository, and the Repository Type, which can be categorized as Open, Managed, or Private. The meatballs menu provides convenient options for copying or deleting the repository. Additionally, a Repository Description is available for further context. The card also displays the number of procedures contained, giving insight into the repository's complexity and the number of added users. This indicates the level of collaboration or access granted to others.

Procedures Tab

To view all procedures, click the Procedures tab. This view will display helpful information such as the procedure ID, repository ID, methodology, repository, source, assigned tags, and the ability to edit or delete a procedure.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Techniques Tab

Click the Techniques tab to view all techniques. This view will display the title, ID, leveraged tactics, and the ability to edit or delete them.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Tactics Tab

To view all tactics, click the Tactics tab. This view will display the title, ID, leveraged methodology, and the ability to edit or delete.

Configuring Table View

The table view can be customized by clicking the column view icon to the right of the search bar.

Methodologies Tab

Click on the Methodologies tab to see all methodologies and find the title, ID, and options to edit or delete them.

Step 1: From the Repositories tab of the RunbooksDB module, click New Repository.

Step 2: Enter information in the fields and select the desired security access for the repository.

1. Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.

3. Description: Describes the repository.

Step 3: Click Create.

The new repository now has a card on the Repositories tab.

If the repository is not an "Open" type repository, admins can manage users by clicking Users & Permissions.

Adding Users

Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.

Step 2: Click Users & Permissions.

Step 3: Click Add User.

Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.

Step 5: Edit the permission or delete a user, if needed. Click Done.

Modifying Users

Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.

Step 2: Select the user to modify and change permissions from the pulldown menu.

Step 3: When finished, click Done.

Deleting Users

Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.

Step 2: Select the user to remove and click the X in that row.

Step 3: When finished, click Done.

A methodology is a structured approach or framework to guide a comprehensive and systematic process. In cybersecurity, a methodology is often a documented set of guidelines and procedures for performing tasks such as penetration testing, risk assessment, security assessments, or incident response. Methodologies provide a structured way to conduct activities and ensure consistency in approach.

Step 1: Click the Methodologies tab of the RunbooksDB module.

Step 2: Click New Methodology.

Step 3: Enter a methodology title and ID (both fields are required).

Step 4: Click Add Tactics. A modal will appear with available tactics to add to the methodology. Click Select next to the tactics to add, and the selected tactics will appear in the right column.

Step 5: When finished, click Add X Tactics.

Enter a methodology description and any desired tags.

Step 6: Click Save at the top of the page.

The methodology is now available from the Methodologies tab and can be viewed, edited, or deleted from this location.

Cyber attackers or threat actors use specific methods, tactics, and procedures known as techniques to compromise computer systems, gain unauthorized access, or achieve their malicious objectives. These techniques exploit vulnerabilities and weaknesses in computer systems and networks by adversaries.

Step 1: Click the Techniques tab of the RunbooksDB module.

Step 2: Click New Technique.

Step 3: Fill out the provided fields.

1. Technique Title (required)

2. Technique ID (required)

3. Procedures: Click Add Procedures to bring up a new modal to add procedures to the technique.

4. Tactic: Click Add Tactics to bring up a new modal to add tactics to the technique.

5. Technique Description: A rich-text field to enter any content, images, or tables to describe the technique.

6. Tags: Enter any tags to help future search and filtering tasks.

Step 4: Click Save.

The technique is now available from the Techniques tab, which can be viewed, edited, or deleted.

Tactics are higher-level categories or strategies used by adversaries to achieve their goals. In the MITRE ATT&CK framework, tactics are broader than techniques and represent the overall objectives of an attack. For example, tactics might include "Execution," "Persistence," "Privilege Escalation," and "Defense Evasion." Tactics encompass a range of techniques that support a specific objective.

Step 1: Click the Tactics tab of the RunbooksDB module.

Step 2: Click New Tactic.

Step 3: Fill out the provided fields.

1. Tactic Title (required)

2. Tactic ID (required)

3. Techniques: Click Add Techniques to bring up a new modal to add techniques to the tactic.

4. Methodologies: Click Add Methodologies to bring up a new modal to add methodologies to the tactic.

5. Tactic Description: A rich-text field to enter any content, images, or tables to describe the tactic.

6. Tags: Enter any tags to help future search and filtering tasks.

Step 4: Click Save.

The tactic is now available from the Tactics tab, which can be viewed, edited, or deleted.