Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In the Content Library, three types of repositories exist:
Open Repository: Open repositories are available to anyone with repository access. Users with permission can view and edit the content within this repository. Open repositories are designed to be easily accessible and collaborative, enabling users to contribute and modify content freely. They function as a shared space.
Managed Repository: Managed repositories are accessible to anyone with repository access, allowing them to view the repository content. Editors must be added manually. Managed repositories are suitable for creating shared spaces where multiple users can access and utilize the content but have limited editing capabilities.
Private Repository: Private repositories are the most restricted. Only added users with specific permissions can view and edit the content within private repositories. Private repositories are ideal for in-process documents or content that should only be accessible to select individuals.
Users' level of access and editing permissions should be considered when selecting a repository type.
Managed repositories allow for broader access with limited editing capabilities, private repositories restrict access to authorized individuals, and open repositories provide an open and collaborative environment for content sharing and editing.
Definition: A “Dropbox” to which any user with feature-level access may contribute content.
Default behavior: None
Recommended Use: To enable all users to contribute without restriction.
Definition: Users can view, but only those added to a given repository as an editor and have an RBAC of MANAGE_{content}_REPOSITORIES under Content Library permissions may add or edit content.
Default behavior: View-only access unless an editor is added to enable modification of content or the user has appropriate RBAC permissions.
Recommended Use: To restrict edit access to qualified individuals (copy editors) within a defined set of narrative sections. This is ideal for teams working on various projects who want to maintain their versions of narrative sections and small to mid-size teams that don’t need to restrict access to use but want to limit curation to leadership.
Definition: A repository to store narrative sections is unavailable unless a user is explicitly given read and edit permissions.
Default behavior: Users may view only (Viewer) or edit (Editor).
Recommended Use: This is a place to copy manually created sections that may contain client-specific data that needs to be sanitized, a place to work on drafts for new narrative sections not ready for general use, or a place to store final narrative sections not available for general use.
Step 1: From the Repositories tab of the NarrativesDB module, click New Repository.
Step 2: Enter information in the fields (a red asterisk marks required fields), select the desired security access for the repository, and click Create.
The Section ID Prefix value informs the future relationship of all sections created within the repository to a specific repository. Once assigned to a particular repository with the prefix, sections will automatically increment as they are added.
The new repository is now listed on the Repositories tab.
Admins can modify the repository name, prefix, description and access setting.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Repository Settings.
Step 3: Click Update.
Step 1: From the Repositories tab of the NarrativesDB module, click the three dots in a repository card and click Copy Repository.
Step 2: Update the repository name, add a section ID, and validate access permissions. Click Copy.
The new repository is created and listed on the Repositories tab.
This action will permanently delete the repository and all its sections for all users.
Admins can delete a repository in two ways:
Click the three dots in a repository card from the NarrativesDB home page, then click Delete Retory.
or
Go to the repository settings and click Delete Repository.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The NarrativesDB home page consists of two tabs:
Repositories: A centralized location where all sections can be stored and managed.
Sections: A dedicated space to create reusable content for narrative sections within a report.
PlexTrac provides a sample narratives repository containing six sample narrative sections to demonstrate how content reuse might exist.
The sample repository is an Open repository that cannot be deleted but can be modified.
Sections are containers that contain a title, body, and tags. They are reusable in reports and are stored in this tab.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The Content Library is a menu item that provides access to repositories for narratives, writeups and runbooks. These repositories allow users to create, manage, and reuse content across the platform when generating reports or findings.
Users access it by clicking Content Library in the application's main menu.
The Content Library repositories offer numerous advantages:
Reusability: Users can create and access reusable items such as writeups and narrative sections. Instead of recreating content from scratch, users can leverage existing content, saving time and effort.
Standardization and Consistency: The Content Library promotes standardization and consistency by organizing reusable content within repositories. Users can load and access predefined repositories and templates.
Efficiency: Users can quickly locate and retrieve relevant content, streamlining the report creation process and improving overall efficiency.
Collaboration: The Content Library is designed to promote collaboration and knowledge sharing. It allows users to designate repositories for multiple individuals to access and contribute.
Scalability: As the Content Library grows with the accumulation of reusable items, it becomes a valuable resource that scales with the organization's needs. New users can leverage existing content, maintaining consistency even as the user base expands.
Customization: Users can create repositories, set permissions for viewing and editing, organize content within repositories, establish templates, customize layout, add tags or metadata, and integrate with external tools.
NarrativesDB comes with six sections that are part of the sample repository. These sections can be modified, copied to another repository, or deleted.
Narrative sections can be created/edited but not copied from an external source. They can be added to a report from NarrativesDB but not from a report to NarrativesDB.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Navigate to the desired section to update and click Edit.
Step 3: Make desired edits to the section. Click Close when finished.
All changes are saved dynamically.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Navigate to the desired section to update and click Copy To.
Step 3: Select the repository to copy the section from the pulldown menu.
Step 4: Click Copy.
A notification confirms the action was successful, and the copied section now appears in the new repository.
Completing this task permanently deletes the section and cannot be undone.
Step 1: From the Repositories tab of the NarrativesDB module, click Sections.
Step 2: Click the three dots under the "Actions" column, then click Delete.
Step 3: A modal will appear, confirming the action. Click Delete Section.
When editing multiple sections, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.
Bulk action options appear after selecting one or more sections by clicking the checkbox or the box next to the column header.
Click Actions to see the list of options available.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal also represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
The WriteUpsDB module has two tabs:
Repositories: Displays all writeup repositories that exist in a tenancy. A repository can be Open, Managed, or Private.
Writeups: Displays all writeups in various repositories, including those created manually and imported.
By default, PlexTrac provides a default repository container to contain any existing writeups. This repository can be renamed, modified, and deleted.
Once added, any extra repositories will be displayed on the page alphabetically according to their title.
Each repository card provides the following information:
Repository Title
Repository Type: Open, Managed, or Private
Meatballs Menu: options to copy or delete the repository
Repository Description
Number of contained writeups
Number of added users
Click the Writeups tab to view all writeups for a tenancy. This view will display useful information such as the writeup ID, parent repository, writeup severity, source, assigned tags, and the ability to edit, copy, or delete any selected writeup.
When editing multiple reports, PlexTrac offers bulk action capabilities. Bulk actions provide several advantages, including time-saving and increased efficiency by processing numerous items simultaneously.
Bulk action options appear after one or more writeups are selected by clicking the checkbox to the far left of the Title field or by clicking the box next to the column header.
Click Actions to see the list of options.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
WriteupsDB serves as a central repository for all the writeups available in PlexTrac. Its purpose is to categorize, associate them with specific use cases, and facilitate reuse. By structuring and refining the findings, writeups can be seamlessly incorporated into other deliverables, such as a report.
Users access by clicking Content Library in the application's main menu and then clicking WriteupsDB.
WriteupsDB serves as a valuable tool for tracking and organizing vulnerability information. Benefits of WriteupsDB include:
Enhanced Organization and Access: WriteupsDB provides a centralized database where items can be added or imported, making it effortless to organize and access information related to vulnerabilities. This centralized approach improves efficiency and streamlines tracking and documenting vulnerabilities.
Improved Permissions and Segregation: With the introduction of repositories, PlexTrac offers improved permissions and segregation capabilities. Instead of managing writeups as a list, users can create repositories to categorize and segregate writeups based on different contexts, such as incident response or vulnerability management. This feature ensures that the right users have the appropriate level of access in their specific domains and can work without interference from unrelated teams.
Standardization and Collaboration: WriteupsDB enables the standardization of vulnerability documentation by encouraging and reusing templates. This ensures consistency in the format and language, making it easier for stakeholders to understand and analyze vulnerabilities. The platform also supports collaboration, allowing multiple users to work on writeups simultaneously and facilitating peer reviews for improved quality and accuracy.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the Repositories tab of the NarrativesDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Identify the user to remove and click the X in that row.
Step 4: Click Done.
A repository is a versatile tool for managing writeups. It organizes content into structured categories, allowing for efficient reuse across reports. Repositories grant varying access permissions, enhancing collaboration and control.
Step 1: From the WriteupsDB module home page, click the repository card to update.
Step 2: Click Repository Settings.
If the repository is not configured as an "Open" type repository, admins will see the Users & Permissions link.
All fields that existed when creating the repository are available for editing, with an additional button to delete the repository.
Step 3: Click Submit when finished.
Step 1: From the Repositories tab of the WriteupsDB module, click the meatballs menu found on the repository card.
Step 2: Click Copy Repository.
Step 3: Change the repository name, add a section ID, update the description as needed, and validate access permissions. Click Save.
The new repository is created and listed on the Repositories tab.
This action will delete the repository and all its writeups for all users.
A repository can be deleted in two ways:
A warning message will appear asking for validation. Click Delete to continue.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of columns can be adjusted within this modal by clicking the six dots on the left of the bar for a field and dragging the bar to the desired sequence place.
Click Save when finished.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the WriteupsDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the WriteupsDB home page, select the desired repository card and click Users & Permissions.
Step 2: Select the user to modify and change permissions from the pulldown menu.
Step 3: When finished, click Done.
Step 1: From the WriteupsDB home page, select the desired repository card and click Users & Permissions.
Step 2: Select the user to remove and click the X in that row.
Step 3: When finished, click Done.
Click the meatballs menu in the repository card and then click Delete Repository.
Click the repository card, click Repository Settings, and then click Delete Repository, which is found at the bottom of the modal.
Step 1: From a report, click the Findings tab.
Step 2: Click Add Findings and select "From WriteupsDB" from the pulldown menu.
Step 3: Search or use the provided pulldown filters to display the desired writeups(s) to add.
Step 4: Click the box next to the writeup(s) to add. Selected writeups will appear on the right in the "TO BE ADDED TO REPORT" column. Click Add X Writeups.
Click the box next to "Writeups" in the table header to add all available writeups.
The selected writeups now appear on the Findings tab of the report.
Once a writeup becomes a finding, it is a standalone object that is not impacted if the source writeup or repository is deleted or the same writeup added to another report is edited or deleted.
To add all available writeups (or start with all writeups selected to begin with and then uncheck those not desired), click the box next to "Writeups" in the table header below the search bar.
Writeups can be copied within the WriteupsDB module or from a finding within a report.
Step 1: Within a report, click the Findings tab.
Step 2: Find the finding to copy. Click the meatballs menu (three dots) under "Actions" and click Copy to WriteupsDB.
Step 3: Select the repository from the pulldown menu and click Copy.
Finding details unique to this report will also be copied; be sure to remove any sensitive information.
Step 1: From the WriteupsDB module, go to the writeup to copy and click Copy To under the "Actions" column.
Step 2: Select the destination repository from the pulldown menu and click Copy.
RunbooksDB enables collaborative testing for threat emulation and simulation, known as Purple Teaming. Organizations can create reusable test plans that encompass a set of procedures.
Users access by clicking Content Library in the application's main menu and then clicking RunbooksDB.
Runbooks comprise a particular methodology, a series of tactics, techniques, and procedures collectively known as TTPs. Runbooks are executed and turned into an engagement tied to a specific client. Once the engagement is finished and submitted, it becomes a report.
RunbooksDB offers several benefits:
Standardization: Runbooks provide standardized procedures and workflows for various tasks and processes. This consistency helps ensure that critical steps are not missed during an operation.
Efficiency: By having predefined procedures and automation scripts within runbooks, teams can respond to incidents and complete tasks more efficiently. This reduces the time and effort required for routine operations.
Consistency: Runbooks help maintain consistency in the way tasks are performed. This is crucial in cybersecurity and incident response, as consistent procedures are necessary to identify and mitigate threats effectively.
Training and Onboarding: Runbooks are valuable training materials for new team members. They can use runbooks to learn how to perform various tasks and understand best practices, ensuring a smooth onboarding process.
NarrativesDB is a repository that houses all of the narrative sections within PlexTrac. Its primary purpose is facilitating categorization, association with defined use cases, and reusability.
Users access by clicking Content Library in the application's main menu and then clicking NarrativesDB.
Reports use narratives to provide context, clarify complex information, and improve comprehension. These narratives also serve as persuasive tools, influencing opinions and motivating action through storytelling. By placing data and facts into real-life contexts, narratives help audiences understand the relevance of information, making them a versatile and impactful tool. As a result, narratives are a valuable asset in reports and promote effective communication.
NarrativesDB enables users to create and manage this messaging, freeing up time for problem-solving.
For example, instead of initiating each report from scratch and composing a unique narrative every time, organizations have the flexibility to create simple sections that serve as a starting point. These sections can be reused or further enhanced to align with the specific needs of each report, providing a time-saving and efficient solution for report generation.
The RunbooksDB home page consists of five tabs:
Repositories: A set of processes that can be reused and have controlled access.
Procedures: A set of steps required to execute a tactic. For example, a procedure for browser extension-based persistence could describe how a malicious extension is injected to maintain persistence.
Techniques: A grouping of procedures. Techniques are added to a tactic for use in an engagement. For example, if a tactic is persistence, a technique could exist for browser extensions.
Tactics: A grouping of techniques. Tactics are added to a methodology for use in a runbook. This usually represents a type of attack, such as persistence or a privilege escalation from the MITRE ATT&CK framework. This can also be a logical grouping or structure for techniques.
Methodologies: A grouping of tactics that are put into a runbook. It contains a title, ID, description, and the series of tactics selected. Tactics can be chosen to apply to the methodology when used as a runbook. This is similar to how the MITRE ATT&CK is broken down, where the methodology represents the framework for TTPs.
PlexTrac provides a container for all instances called "PlexTrac Curated" that contains community-produced procedures on MITRE/CTI.
This repository contains over 1100 MITRE procedures from the ATT&CK matrix that can be leveraged. This repository is available to all users and cannot be deleted.
Once a test plan is imported, another repository called "Import" is created, which contains all procedures that were part of imported test plans.
The default repositories cannot be deleted.
Once added, any additional repositories will be displayed on the page alphabetically according to their title.
Each repository card provides the following information:
Repository Title
Repository Type: Open, Managed, or Private
Meatballs Menu: options to copy or delete the repository
Repository Description
Number of contained procedures
Number of added users
To view all procedures, click the Procedures tab. This view will display useful information such as the procedure ID, repository ID, methodology, repository, source, assigned tags, and the ability to edit or delete a procedure.
To view all techniques, click the Techniques tab. This view will display useful information such as the title, ID, leveraged tactics, and the ability to edit or delete.
To view all tactics, click the Tactics tab. This view will display useful information such as the title, ID, leveraged methodology, and the ability to edit or delete.
To view all methodologies, click the Methodologies tab. This view will display useful information such as the title, ID, and the ability to edit or delete.
If the repository is not an "Open" type repository, admins have the option of managing users by clicking Users & Permissions.
Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.
Step 2: Click Users & Permissions.
Step 3: Click Add User.
Step 4: Type in the user from the pulldown menu and select the permission. Repeat as necessary. Click Add X Users.
Step 5: Edit the permission or delete a user, if needed. Click Done.
Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.
Step 2: Select the user to modify and change permissions from the pulldown menu.
Step 3: When finished, click Done.
Step 1: From the RunbooksDB home page, click the desired repository card and click Users & Permissions.
Step 2: Select the user to remove and click the X in that row.
Step 3: When finished, click Done.
Step 1: From the Repositories tab of the RunbooksDB module, click New Repository.
Step 2: Enter information in the fields (a red asterisk marks required fields), select the desired security access for the repository, and click Save.
Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.
Writeup ID Prefix: A three-character value that is unique to this repository. If the prefix already exists, an error message will display after clicking the Create button.
Description: Describes the repository.
Repository Access: Defines what users and roles can access the writeups in this repository.
The new repository now has a card on the Repositories tab.
Cyber attackers or threat actors use specific methods, tactics, and procedures known as techniques to compromise computer systems, gain unauthorized access, or achieve their malicious objectives. These techniques exploit vulnerabilities and weaknesses in computer systems and networks by adversaries.
Step 1: Click the Techniques tab of the RunbooksDB module.
Step 2: Click New Technique.
Step 3: Fill out the provided fields.
Technique Title (required)
Technique ID (required)
Procedures: Click Add Procedures to bring up a new modal to add procedures to the technique.
Tactic: Click Add Tactics to bring up a new modal to add tactics to the technique.
Technique Description: A rich-text field to enter any content, images, or tables to describe the technique.
Tags: Enter any tags to help future search and filtering tasks.
Step 4: Click Save.
The technique is now available from the Techniques tab and can be viewed, edited, or deleted from this location.
Admins can modify the repository name, prefix, description and access setting.
Step 1: From the Repositories tab of the RunbooksDB home page, click the card of the repository to modify.
Step 2: Click Repository Settings.
Step 3: Make the desired changes, then click Save.
This action will permanently delete the repository and all its sections for all users.
Click the three dots in the repository card and click Delete Repository.
A warning message appears asking for validation. Click Delete Repository.
Tactics are higher-level categories or strategies used by adversaries to achieve their goals. In the MITRE ATT&CK framework, tactics are broader than techniques and represent the overall objectives of an attack. For example, tactics might include "Execution," "Persistence," "Privilege Escalation," and "Defense Evasion." Tactics encompass a range of techniques that support a specific objective.
Step 1: Click the Tactics tab of the RunbooksDB module.
Step 2: Click New Tactic.
Step 3: Fill out the provided fields.
Tactic Title (required)
Tactic ID (required)
Techniques: Click Add Techniques to bring up a new modal to add techniques to the tactic.
Methodologies: Click Add Methodologies to bring up a new modal to add methodologies to the tactic.
Tactic Description: A rich-text field to enter any content, images, or tables to describe the tactic.
Tags: Enter any tags to help future search and filtering tasks.
Step 4: Click Save.
The tactic is now available from the Tactics tab and can be viewed, edited, or deleted from this location.
Step 1: From the WriteupsDB module home page, click New Repository.
Step 2: Fill out the provided fields.
Repository Name: Describes the repository and is displayed on the repository card from the Repositories tab.
Step 3: Click Create.
A notification will appear confirming the action, and the repository will appear as a card on the Repositories tab.
The process of creating a writeup is similar to that of creating a finding.
Step 1: From the WriteupsDB home page, click the Writeups tab.
Step 2: Click New Writeup.
Step 3: A modal will appear with the option to start from default finding fields or use a custom findings layout. Choose an option and click Start.
Step 4: Enter the information in the provided fields on the "Create New Writeup" page. Required fields are denoted with a red asterisk.
New sections for the writeup can be added by clicking Add Field at the bottom of the page. There is no limit to the number of new sections. Any section can be deleted by clicking the Remove button.
Step 5: Scroll back to the top of the page and click Close. All changes are autosaved.
PlexTrac provides a downloadable CSV file that can be used as a template for entering writeups offline and importing later into WriteupsDB.
Step 1: From the WriteupsDB module, click the Writeups tab.
Step 2: Click Import Writeups.
Step 3: Click Download CSV template file.
The file will be downloaded locally for editing.
Save the CSV template in UTF-8 format to prevent including non-UTF characters that may break the importer.
When importing the CSV file, all fields below must appear as column headers and follow the rules defined in the table. Otherwise, the file may be rejected when imported or require further manual editing within PlexTrac.
Title, description, and severity are required.
Step 1: From the WriteupsDB module, click the Writeups tab.
Step 2: Click Import Writeups.
Step 3: Drag the file into the designated box or navigate to the file on the computer.
Step 4: Click Upload.
When completed, the imported writeups will be displayed within the selected repository.
Writeup ID Prefix: A three-character value that is unique to this repository. The Section ID Prefix value informs the future relationship of all sections created within the repository to a specific repository. Once assigned to a particular repository with the prefix, sections will automatically increment as they are added. If the prefix already exists, an error message will display after clicking the Create button.
Description: Describes the repository in 350 characters or less. The number of characters remaining in the description is presented at the bottom right of the box.
Repository Access: Defines what the writeups in this repository.
Visit the for documentation on the fields referenced below.
title
title
This is a required field.
severity
severity
This is a required field. The severity value must be one of the following (not case-sensitive): "Informational, Low, Medium, High, Critical" If no value is provided in CSV, a value of "Informational" will be assigned.
description
description
This is a required field.
recommendations
recommendations
These are the writeup recommendations.
references
references
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3" NOTE: Do not use commas if providing complete sentences, as any comma will result in a para break. Periods do not trigger a para break.
tags
tags
This field accepts multiple values delimited with a comma.
For example: "Item 1, Item 2, Item 3"
custom field
The headers will be converted to keys and labels in the writeup after import. As many custom fields can be used as desired. For example, "custom field 1," "custom field 2," etc.
score::cvss3
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "9.8::CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
score::cvss
For example: "9.5"
score::YourLabel
Replace "YourLabel" with the Label of a custom scoring system. The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "1000::a+b+c+d"
cves
Separate values with a column. For example: "CVE-1999-0001, CVE-2000-0001"
cwes
Separate values with a column. For example: "CWE-787, CWE-79, CWE-89"
score::cvss3.1
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "3.7::AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L"
score::cvss4
The value before the double colon is the score; the value after is the vector string (calculation), if provided. For example: "5.7::AV:L/AC:H/AT:P/PR:L/UI:A/VC:N/VI:L/VA:H/SC:H/SI:L/SA:N"
A procedure is a predefined set of steps and actions that need to be followed to accomplish a specific security-related task or address a particular issue. Procedures are often documented and provide a systematic approach to incident response, patch management, access control, and vulnerability assessment. Procedures help ensure that tasks are executed consistently and comply with security policies.
Step 1: Click the Procedures tab of the RunbooksDB module.
Step 2: Click New Procedure.
Step 3: Fill out the provided fields.
Procedure Title (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "Obfuscated Files or Information AE-T1027."
Procedure ID (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "AE-T1027."
RunbooksDB Repository (required): Every procedure must be associated with a RunbooksDB repository, and only repositories that the user can edit appear in the pulldown menu.
Procedure Description (required): A rich-text field to enter any content, images, or tables needed to describe the procedure.
Tags: Enter any tags to help future search and filtering tasks.
Execution Steps (required): A set of steps to achieve specific security-related goals and address potential threats or vulnerabilities. A procedure must have at least one step.
Add Step Success Criteria: Click this to access a rich-text field to provide the success criteria of the previously entered step.
Add Another Execution Step: Click this button to add additional steps.
Step 4: Click Save at the top of the page.
The procedure is now available from the Procedures tab and can be viewed, edited, or deleted from this location.
A methodology is a structured approach or framework to guide a comprehensive and systematic process. In cybersecurity, a methodology is often a documented set of guidelines and procedures for performing tasks such as penetration testing, risk assessment, security assessments, or incident response. Methodologies provide a structured way to conduct activities and ensure consistency in approach.
Step 1: Click the Methodologies tab of the RunbooksDB module.
Step 2: Click New Methodology.
Step 3: Enter a methodology title and ID (both fields are required).
Step 4: Click Add Tactics. A modal will appear with available tactics to add to the methodology. Select the tactics, click Add X Tactics, and the added tactics appear on the page.
Step 5: Enter a methodology description and any desired tags.
Step 6: Click Save at the top of the page.
The methodology is now available from the Methodologies tab and can be viewed, edited, or deleted from this location.
Techniques: Click Add Techniques to add existing techniques in RunbooksDB to the procedure. They will then appear on the "New Procedure" page.
