Getting Started
      Back to home
      1. Knowledge Base
      2. Getting Started

      ContraForce Security Workbench Overview

      The Security Workbench allows users to create custom responses to incidents using various ContraForce response actions.

      Welcome to the ContraForce Security Workbench! In this space, you can create custom response workflows using a catalog of AI-mapped playbooks that natively associate the recommended response for each entity that was impacted by adversarial actions. All related entity objects in the incident investigation can be visualized and queried further with a no-code query. With a few clicks, you can daisy-chain robust incident response workflows for fast incident resolution. 

      Overview

      The Security Workbench screenshot displayed above provides an overview of the incident, including its status and owner, which can be easily edited on this page. Additionally, users can view a summary of the incident and a list of entities that were affected. This feature enables swift and efficient incident resolution.

      Under the Comments tab, any comments that have been added by your team will be visible. The work history of the incident is also visible under the History tab. The History tab is a great way to track the Gamebook actions that have been previously been ran for the incident. 

      How do I customize response actions?

       

      After selecting an entity from the entity graph, a carousel of response actions for that entity type will be shown. Use the + icon to add the action to the Gamebook. The arrows on either side rotate through the various actions available. The red - icon will remove the action from the gamebook. 

       

       

      As actions are added to the Gamebook, they will be listed under Gamebook card below the Incident Response Carousel. Prior to running the Gamebook, a status of Pending will be shown for all actions. Once you are ready to run the Gamebook, click Run Gamebook. The status of the Gamebook will update to Pending, then Finished. 

       

      Can I load previously used Gamebooks? 

      All previously run Gamebooks will be visible under the History tab. From here, previously ran Gamebooks can be loaded. 

      Additional Gamebook History

       

      image

       

      Gamebook history for all incidents can be viewed on the Gamebooks page. Information around the status, the incident, the actions taken, and the time to run can be seen for each action. Clicking on the row will expand the row to show additional information.