What are Gamebooks in ContraForce?

In ContraForce, Gamebooks are an extension of One-Click Response. This article will cover what can be used in a Gamebook and how to create them.

In ContraForce, Playbooks used for One-Click Response can be combined to create a Gamebook. More information about One-Click Response can be found here. Gamebooks allow users to automate and customize more components of their incident response process. 

To start, there are 8 different Playbooks available to ContraForce users for One-Click Response. They are listed below. 

  • Lockout User
    • This playbook disables a user’s account and prevents them from signing in. 
  • Reset User Password
    • This playbook prevents a user from generating new sign ins without first resetting their password during their next sign in attempt. The temporary password for the selected user/entity will be in the Comments section of the incident. 
      • A Reset Password playbook cannot be executed on a locked out/disabled user. The Reset Password playbook should be run before the Lockout User playbook.
  • Invalidate Existing Sessions
    • This playbook ends a user’s signed in sessions, preventing the authorization of additional actions associated with those sessions
  • Isolate Endpoint
    • This playbook disables an endpoint's external networking capabilities.
  • Scan Endpoint
    • This playbook triggers an anti-virus scan on an endpoint.
  • Acknowledge Response
    • This playbook updates an incident, adding a comment containing a timestamp and the username of the user who executed the playbook.
  • Quarantine File
    • This playbook stops a file from being used by other programs and deletes it.
  • Block IP
    • This playbook updates a firewall’s rules to block network traffic from a specific IP address.

By default, a Gamebook will include one Playbook.

Gamebooks are created within the Investigate page for a specific incident. From the Command page, clicking Respond will open the Playbook details. From here, clicking Add to Gamebook or Go to Gamebook will open the Investigation page for that incident. 

From the Incidents page, clicking the title of an incident will open the incident details. An Investigate button will be shown on the top right which will open the Investigation page. 

Playbooks are added to a Gamebook by clicking the green plus sign (+) button. They are removed by clicking red minus sign (-) button. As Gamebooks are added, the user will be able to identify which playbooks will be executed at each step of the Gamebook.