Question 1

How to customize battle cards for our specific threat landscape?

Accepted Answer

Map your organization's threats to the TTPs covered in the battle cards, then adapt the prescriptive recipes to align with your tools and procedures. The community-inspired approach allows for flexibility, but it requires manual effort to tailor the guidance.

Question 2

Battle cards vs traditional incident response playbooks: what's the difference?

Accepted Answer

Battle cards are more prescriptive and TTP-focused, providing specific countermeasures for threats, while traditional playbooks might offer broader, less actionable guidelines. This project emphasizes concrete recipes to move from theory to practice.

Question 3

Does this project include scripts for automating responses?

Accepted Answer

No, the project is focused on human-centric kinetic activities and does not provide automation scripts. Teams need to implement the countermeasures manually or integrate them with their own security orchestration tools.

Question 4

How does this align with NIST or other frameworks?

Accepted Answer

The battle cards follow the PICERL model, which is compatible with frameworks like NIST SP 800-61. The SEE ALSO section references NIST documents, but implementation requires manual mapping to ensure compliance.

Question 5

What are best practices for using these battle cards in training?

Accepted Answer

Use them in tabletop exercises to simulate responses to specific TTPs, reinforcing the prescriptive steps. Adapt the recipes to your team's workflow and tools for effective hands-on learning.

Question 6

Comparison: guardsight battle cards vs certsocietegenerale/IRM?

Accepted Answer

Guardsight's battle cards are inspired by IRM but are more prescriptive and structured around the PICERL model. IRM offers a broader set of resources, while this project focuses on actionable, TTP-based recipes for direct defense.

GuardSIght Playbook Battle Cards

What is GuardSIght Playbook Battle Cards?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions