For many pentesters, work management is loose, informal, and often not done at all. You keep everything in your head because you know what has to happen, when, and why. At the same time, that informal work management makes it hard to scale, hard to collaborate inside of a team, and hard to offer status and progress updates to clients without explicitly telling them what you’re testing and when.
Cyver Core uses project management tooling, including integrated runbooks and playbooks, so you can map out your pentests, their timelines, and processes – and then effortlessly share that progress and updates with your clients.
Pentest Runbooks in Cyver Core
Cyver Core uses a simple setup to allow you to build runbooks and playbooks inside of Cyver Core. In addition, we offer several default and basic options you can use as-is, or update and modify to specifically meet your needs.
Workflows – Workflows provide the chapters of your attack narrative. You use the workflow feature in Cyver Core to build your runbook. It covers the stages of your pentest and it should change based on the type of pentest you do. For example, if you have a red teaming exercise, the runbook is completely different.
Playbook – From there, you use the checklists feature in Cyver Core to set up your playbook. This details the full list of things that you’ll have to complete to finish that chapter of the runbook. Checklists are specific tasks, linked to methodology, attack narrative, or the compliance framework you’re using. And, they include specific actions that you can assign to your team and check off.
Labels – Cyver Core also uses labels, which you can use to map vulnerability findings to each stage of the runbook, to methodology, and to compliance frameworks. Then, your full narrative is there, ready to be automatically imported into your report.
Automatic Updates – As you check those items off, the progress of your workflow will automatically update, moving you further through the runbook. In addition, in Cyver Core, you can select which of those workflow items are visible to the client, so they can automatically see progress updates, which stage of the workflow you’re in, what work you’ve already done, and what you’re working on now.
Setting Up Different Runbooks with Cyver Core
Cyver Core offers a standard set of runbooks including workflows and checklists for different types of pentests and an assortment of checklists for different compliance frameworks including OWASP Top 10, NIST, and red teaming options like MITRE Attack and Cyber Kill Chain. You can also build your own with whatever specific steps you want in the pentest.
In addition, if you choose a workflow for something that isn’t a pentest, it will also completely adapt your runbook.
For example, if you’re red teaming, you don’t get a scope and go ahead to find whatever you can – there are no stages, no checking a list of predefined items, you’re going for a single goal or scenario and you’ll often have to restart stages as you reach the end of a stage. That means your runbook has to be flexible, repeatable, and nestable. If you have to go back to stage 1 to try another door after you reached a dead end, or if you have to try to exploit a new weakness, your runbook has to be able to reflect that.
Cyver Core allows you to create scenarios, add steps, and then progress deeper into the scenario. You can align those steps into your playbook with the checklists, including new phases of information gathering as you make the bridge from one item to the next – and you can effortlessly share that progress with the client.
Why Use Runbooks?
Many pentesters still like to do everything manually. In addition, if you know what you’re doing, you often don’t need a runbook to run a compliance pentest or similar. However, that becomes more of an issue when you’re working in teams, when you’re trying to update clients, and when you have to collaborate on pentests.
- Your entire story in one place
- Assigned work and work items
- Easy traceability
- Automatically share progress to clients
So, workflows make it easy to work with teams. They make it easier to work with external pentesters and experts. They enable easier work sharing via assigned work. And, they remove the burden of giving your client updates on what you’re doing and when, because that’s all in the platform, right where the client can see it.
If you’d like to see more about how workflows and checklists combine into your pentest runbook, contact us for a demo, and we’d be happy to show you how.