Collaborate With Runbooks

Transcript

All right, I’m going to be showcasing some of the great features within our Runbooks Module today. The Runbooks experience within the PlexTrac platform is comprised of three main pieces. The first is an engagement, and this is where you can actually track and run the engagement itself. We also have test plans, and within these test plans you have a series of procedures that have been designed and then can be run as an engagement above that. And thirdly, though, we also have our ability to manage Runbooks as a database, and this is really a great tool for training. Development of more junior team members allows for a lot of repeatability and reuse of great test plans that your team may want to use over time, and of course, affords for you to also update those test plans based on your engagements that occur and additional procedures you find need to be added over time.

So as you can see, we’ve landed here in the RunbooksDB. PlexTrac offers a default or PlexTrac curated database for Runbooks from the get go. And this is great if you want to just get started. It gives you a great foundation to begin with. And as you can see, this is based on the MITRE ATT&CK methodology.

In this example, all of these repositories that I just showed you, within them you’re able to create your procedures, your techniques, your tactics, and methodologies. Here’s an example where maybe we want to have a database to pull from based off of OWASP, just as an example. So if you’re a leader of a team who’s looking to run blue team exercises, red team exercises, or truly do those tabletop or purple teaming exercises, curating this repository of runbooks can be very, very helpful. You can curate specific repositories for blue team exercises. You could curate repositories for the red team only. You could also just include your standard tabletop exercises here.

So once you start to build out your repository — that’s built up of all of your procedures, your techniques and tactics — you can leverage your whole list to build out those repositories. Then as you move into Runbooks, you can navigate over to your test plans. And this is where we can find all of those test plans. If you’re creating a brand new test plan, you can start from an existing one. You can also start from scratch.

This is going to allow you to pull from your repository here. So if we start a new engagement or a new test plan, you’re going to be able to create some data, including tagging to help you just identify this test plan. You may want to have a description that helps other team members know when and how to leverage this test plan. This is where now the power of your Runbooks database is going to come in because you can filter through all of those databases, including your methodologies, your tactics, your techniques, and your procedures, as well as any of your repositories you have built out just like any of our other features in PlexTrac. You can also filter by tags if that’s appropriate.

So as you go through, you can kind of see the flow here. We’re going to define what our test plan is. We’re going to select our procedures either purely from our existing procedures or from our repositories as needed. And as you start to fill up, and I’m just going to select a few, for example’s sake here, you start to fill up your test plan, you’re going to move on. And we’ve got this great moment here for you to finalize and determine if you’ve got the right coverage you’re looking for. And with the way that Runbooks works in PlexTrac, you want to keep in mind coverage is going to be important because you want this to be reusable and leverageable by other team members downstream in the product.

So as you can see, creating a test plan is pretty easy. Once you have that repository going and when you’re just getting started, you can leverage our out-of-the-box option from here. If we want to actually start an engagement, we can start one from here. We can also just always come back to Runbooks. Any of our active running engagements are going to be shown here, and this is great for leadership to manage the progress of an engagement that’s ongoing.

We’re going to go ahead and start a new one from an existing test plan. We’ll use the PlexTrac one. Okay, so we’re continuing with our test plan that we previously created and we’re moving on into our engagement. Now that this engagement has been started and is based on a test plan, you can see all of the procedures that have been populated here to allow essentially your operators to get started on this activity.

So let’s dig into one of these procedures and kind of showcase how collaboration works. As you can see, within every procedure, we’ve got information, including tags, if those are relevant to your internal procedures. And from here, the actions we can take are to determine if we’re in progress. As we continue down the page, we’re going to have options to collaborate as a red team and a blue team. Now this doesn’t limit you from using Runbooks for a red team-only engagement or a blue team-only engagement, vut you can see how if I come in here as a red teamer and I start to provide data about outcomes of these procedures, I can then as a blue team member be in same page. It’s a great same-page experience to allow you to see the outcomes as the procedure and the overall engagement proceeds.

Now what’s great about the process of getting this into the reporting process is that each of the procedures can be determined in terms of finding severity. So let’s say our team collaborates — they come in, they add notes, they mark the outcomes of their procedures — and now we know that this is a critical finding based on that engagement. Coming in here and identifying this finding means that when we submit this engagement, all of this data is going to then flow through into the reporting tools within PlexTrac and we’ll be able to create a report full of all of the findings from that engagement.

So now that I’ve shown you a little bit of the detail of engaging with a procedure during an active engagement, I want to come back to the engagement’s landing and just give you a sense of what an in-progress engagement looks like. So in this case, now that we have an active engagement, I didn’t mark a particular procedure in action. Let’s go ahead and do that and I’m going to provide a little data here. I’m going to mark this as completed. So from the engagements panel here, we provide a view of every active engagement. So if your team is running multiple engagements, you’re going to be able to see all of the active engagements and their progress and then dive into the details if needed. With this particular engagement that we started, I mentioned that this data is then going to flow through into the reporting part of the PlexTrac platform and I want to show that to you. So let’s go ahead and submit our engagement. So as you can see, we’ve now sent along all of the outcomes and procedures data from our engagement now flowing into the reporting part of the PlexTrac platform. And this is where all of the great reporting features are going to take over and allow you to effectively communicate what needs to be done and what was found in that engagement.

This is also where you’re going to find some of our features around remediation.So once these have flown through into the reporting part of the platform, you can easily associate each of these findings with Jira or ServiceNow or you can use our out-of-the-box status tracking features and go ahead and assign this finding to a member of your team within the PlexTrac platform to go ahead and get started on this issue here.

So I hope this is helpful in just showcasing how the Runbooks module enables collaboration, enables leadership, allows more junior team members to follow easily repeatable test plans, and then leads into some of our great reporting features that can help you effectively communicate all the way through to remediation and retest.