In the ContraForce Portal, users are able to respond to incidents with a single click using Gamebooks.
Gamebooks can be accessed by either clicking the "Respond" button for High severity incidents shown in the New High Severity Incidents card or by clicking the title of an incident shown in the Open Incidents Table.
When the Gamebooks page is opened, the operator is shown summary information about the incident as well as the recommended Gamebook for that incident type. If a Gamebook has not been run by the operator for that incident in the past, an AI generated Gamebook will be recommended.
What Incident Information is Available?
On the Gamebooks page, the user can see data that is organized into 5 different categories.
- Summary: A brief description of the incident is shown as well as associated MITRE ATT&CK information.
- Entities: All entities related to the incident are listed.
- Timeline: A timeline of the actions related to the incident.
- Evidence: If available, the raw evidence logs for the incident will be shown. Note that some incidents do not have raw evidence log data.
- Comments: As the operator investigates and responds to the incident, comments can be added to facilitate communication between team members and to incident actions.
How Do I Edit Gamebooks?
By clicking "Edit", the user will open the ContraForce Security Workbench. By selecting various entities shown in the entity graph, the user can customize the response actions for that incident.