A procedure is a predefined set of steps and actions that need to be followed to accomplish a specific security-related task or address a particular issue. Procedures are often documented and provide a systematic approach to incident response, patch management, access control, and vulnerability assessment. Procedures help ensure that tasks are executed consistently and comply with security policies.
Step 1: Click the Procedures tab of the RunbooksDB module.
Step 2: Click New Procedure.
Step 3: Fill out the provided fields.
Procedure Title (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "Obfuscated Files or Information AE-T1027."
Procedure ID (required): The procedure title should include MITRE technique numbers when applicable (i.e., T1027) with an additional local indicator to distinguish from the official MITRE technique, such as "AE-T1027."
RunbooksDB Repository (required): Every procedure must be associated with a RunbooksDB repository, and only repositories that the user can edit appear in the pulldown menu.
Procedure Description (required): A rich-text field to enter any content, images, or tables needed to describe the procedure.
Tags: Enter any tags to help future search and filtering tasks.
Execution Steps (required): A set of steps to achieve specific security-related goals and address potential threats or vulnerabilities. A procedure must have at least one step.
Add Step Success Criteria: Click this to access a rich-text field to provide the success criteria of the previously entered step.
Add Another Execution Step: Click this button to add additional steps.
Step 4: Click Save at the top of the page.
The procedure is now available from the Procedures tab and can be viewed, edited, or deleted from this location.
Techniques: Click Add Techniques to add existing techniques in RunbooksDB to the procedure. They will then appear on the "New Procedure" page.