Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Test plans are displayed on the Test Plans tab of the Runbooks module.
Step 1: From the Test Plans tab of the Runbooks module, click Start under the "Actions" menu of the test plan.
Step 2: Select the client from the pulldown menu. Click Next.
Step 3: Review and update details as desired. Click Continue.
Step 4: Review the engagement. Add new procedures by clicking Select next to the procedure to include or delete existing ones from the engagement by clicking the x within the procedure box in the right-hand column. Click Add X Procedures.
Step 5: Review the engagement coverage. The plan can still be modified from this page by clicking Add Procedures or clicking the X to remove an existing procedure. The order of procedures can also be changed by selecting a box and dragging it to the desired location.
When ready, click Start new engagement.
Step 6: Begin engagement by selecting a procedure and clicking View.
Step 7: The procedure page will appear. Conduct the procedure, then click Save.
Step 8: Click Close to return to the page of the test plan that lists all contained procedures, or click the navigation arrow to move to the following procedure.
Click Close from the test plan overview page to return to the Engagements tab.
From the Test Plans tab of the Runbooks home page, click View under the "Actions" menu of the test plan.
From the Test Plans tab of the Runbooks home page, click Edit under the "Actions" menu of the test plan. If the user cannot edit, the option will not exist.
From the Test Plans tab of the Runbooks home page, click the three dots under the "Actions" menu of the test plan and then click Delete. If the user cannot delete it, the option will not exist.
Test plans can be exported locally as a YAML file.
From the Test Plans tab of the Runbooks module, click the three dots under the "Actions" menu of the test plan and then click Export.
A dialog box will appear confirming the download. Click Continue export.
The test plan will download to the local device as a YAML file.
Step 1: Click View under the "Actions" column of an engagement.
Step 2: Click Submit Engagement.
Clicking Submit Engagement cannot be reversed.
The engagement is now a report, and PlexTrac redirects to the Procedures tab of the Reports module.
Submitted engagements will still be displayed in the Runbooks module, but the engagement can no longer be viewed or edited, and the link provided under the "Actions" column will open the Reports module.
Deleting a submitted engagement in Runbooks does not delete the report.
Step 1: From the Test Plans tab of the Runbooks module, click New Test Plan.
Step 2: Select whether to start a new plan or modify an existing test plan.
If starting from scratch, click Next.
If starting from an existing test plan, select that option, then click Select next to the plan to use as a template. Click Next.
Step 3: From the Test Plan Details tab, insert the test plan title (required) and enter a description and tags. Click Continue.
Step 4: From the Select Procedures tab, add the relevant procedures to the test plan. Use the filtering options to find desired procedures.
Add new procedures by clicking Select next to the procedure to include or delete existing ones from the engagement by clicking the x within the procedure box in the right-hand column. Click Add X Procedures.
Step 5: Review the engagement coverage. The plan can still be modified from this page by clicking Add Procedures or clicking the X to remove an existing procedure. The order of procedures can also be changed by selecting a box and dragging it to the desired location.
When ready, click Create Test Plan.
The engagement is now ready to be started. Click Start new engagement, or click Close and return to the Test Plans tab.
The test plan is now listed for future access on the Test Plans tab.
Engagements are displayed on the Engagements tab of the Runbooks module.
This view shows the engagement title, associated test plan, associated client, date the engagement was last updated, and engagement progress. Engagements can also be viewed, edited or deleted from the "Actions" column.
Engagements are identified as submitted, not submitted, or in progress.
Progress is based on the completion of contained procedures, and progress is displayed in two locations:
On the Engagements tab as a progress bar:
Within the top toolbar of the engagement's home page:
Engagements completed but not submitted will display "Not Submitted" under the 100% progress bar.
Engagements submitted become reports and are identified with a green checkmark and label and will remain listed in Runbooks until deleted.
Only engagements that are in progress can be edited. Once an engagement is submitted and becomes a report, it cannot be edited.
Step 1: Click View under the "Actions" column of an in-progress engagement.
Step 2: The engagement overview page provides information about the engagement and all included procedures.
Step 3: Click View under the "Actions" column of the procedure to update.
Step 4: Update the procedure status and finding severity by selecting the desired values from the pulldown menus.
Step 5: Add operators by clicking Managing operators. These names appear on the test plan when the runbook is submitted and becomes a report.
Step 6: Assign an operator(s) for the red and blue teams. Click Save.
Step 7: Run the execution steps for the procedure, and when completed, identify the outcomes for blue and red teams from the provided options and enter an attack source in the provided box.
Step 8: Add assets, procedure logs, attachments, and notes as needed to provide additional support and context.
Step 9: Scroll to the top of the page and click Save.
Step 10: Continue to the next procedure in the engagement by clicking the page navigation aid at the top of the page.
Procedures can be viewed and edited without leaving this page using the navigation icons at the top of the screen.
All engagement sections are contained in containers that can be collapsed or expanded for usability.
Step 1: From the Runbooks module home page (the Engagements tab), click Start New Engagement.
Step 2: Select the client from the Client pulldown menu.
Step 3: Select if the engagement is new or to be modified from an existing test plan.
Existing test plans are greyed out unless "Start from an existing Test Plan" is selected. These plans can be leveraged as a starting point by clicking Select next to the test plan.
To reduce the list of test plans provided, filter by tactic or test plan title in the search box.
Step 4: Click Next.
Step 5: On the Engagement Details tab, enter a title (required), a description, and any required tags. If an existing test plan was selected in the previous step, information in that test plan is populated by default and can be edited.
Click Continue.
Step 6: On the Select Procedures tab, select the procedures for this engagement by clicking the Select button next to the procedure to add. If leveraging an existing test plan, all procedures from that template are displayed in the right-hand column.
This list can be reduced by clicking the x button of the procedure to remove at the right of the box.
The procedure sequence can be adjusted by clicking and dragging the procedure to its desired line.
The list of procedures displayed on the screen can be adjusted using the provided filter options.
If required procedures have not yet been created, the engagement can be completed and procedures added later, but it is recommended to create the procedures first in RunbooksDB.
Step 7: Click Add X Procedures when finished.
Step 8: View a summary of the engagement from the Finalize Engagement tab. The title, description, tags, engagement coverage, and assigned procedures are displayed.
Click Create Engagement.
The engagement is now active and ready to be executed.
It also is now listed on the Engagements tab.
In the Runbooks module, users can create detailed guides for red teaming and penetration testing, documenting the procedures, vulnerabilities, and recommendations for enhancing security.
Runbooks work with the RunbooksDB repository in the Content Library, enabling the reuse of existing procedures, tactics, and methodologies with or without modifications to fit new test plans.
Users access the module by clicking Runbooks in the application's main menu.
In cybersecurity, professionals often rely on a practice known as red teaming to test and strengthen their defenses. This process involves simulating real-world cyberattacks to assess vulnerabilities and response capabilities. During such engagements, teams create what are known as runbooks to guide their actions and record their findings.
These runbooks serve as comprehensive records, documenting various procedures and tactics employed during the engagements. They outline the steps the red team takes, the vulnerabilities they exploit, and the recommendations they make to improve security. In essence, runbooks are the playbook for these security exercises.
The ultimate objective of these engagements is to evaluate the red team's proficiency in executing attack procedures and the blue team's capability to detect, protect against, and respond to them. The outcomes of these engagements are compiled in reports, which are then shared with clients or internal teams. These reports offer valuable insights into the effectiveness of the existing security measures and provide recommendations for improvements.
The Runbooks module has two tabs:
Engagements: Displays all runbooks created for a client, including those in progress and those submitted as a report (if not deleted).
Test Plans: Displays all existing test plans created or imported.
RunbooksDB is accessible at any time on both tabs by clicking Manage RunbooksDB.
