Getting Started Guide

Set up your first scenario in 6 steps

Follow this guide to go from account creation to running your first live exercise — in under 30 minutes.

1
Setup

Organization Setup

When you first log in, you'll be taken to your organization page. Here you'll define the fundamentals of your security team and infrastructure.

  • Organization name (e.g., "Acme Corp Security")
  • Industry and company size
  • Infrastructure type (cloud, on-prem, hybrid)
  • Domain name (for audit trail tracking)
💡 Pro tip: This info is used in reports and notifications to participants. Keep it professional and recognizable to your team.
2
Users

Create Your Team Users

Add the people who will participate in and manage exercises. You can assign different roles to control what each person can do.

  • Invite facilitators (who run the exercise)
  • Add participants (CISO, SOC lead, IR lead, etc.)
  • Set roles: system_admin, scenario_manager, facilitator, observer, auditor
  • Specify their position (CISO, SOC Analyst, IR Lead, etc.)
💡 Pro tip: You can invite users via email. They'll get a link to set their password and join immediately.
3
Groups

Organize Users into Groups

Groups represent teams within your security organization. This makes it easy to assign responsibility across departments without listing people individually.

  • Create group for SOC team (detection, triage)
  • Create group for IR team (containment, response)
  • Create group for leadership (informed stakeholders)
  • Add users to groups and define roles within each group
💡 Pro tip: Use groups to match your actual org chart. When you assign a group to an event, all members automatically get notified.
4
Scenario

Create a Scenario & Assign RACI

Build your threat scenario with an event chain. For each event, map it to MITRE ATT&CK, NIST CSF, and assign Responsible, Accountable, Consulted, and Informed (RACI) roles.

  • Create new scenario (e.g., "Ransomware via Phishing")
  • Add actor profile and business context
  • Build event chain: Initial Access → Execution → Persistence → etc.
  • For each event, assign RACI:
    • Accountable: SOC/IR team (must respond)
    • Responsible: Team lead or incident commander
    • Consulted: Expert teams (networking, forensics)
    • Informed: Leadership and compliance
  • Tag each event with MITRE technique and NIST stage
💡 Pro tip: The RACI assignment determines who gets notified for each event during the exercise. Use groups to avoid repetitive clicking.
5
Execute

Create Exercise & Run It Live

Now it's time to put your team to the test. Launch the exercise and control the flow from the facilitator dashboard.

  • Create a new exercise from your scenario
  • Name it and set the date (can run immediately or schedule)
  • System automatically emails all assigned participants their unique links
  • Open the facilitator dashboard to:
    • Inject events manually on demand
    • Auto-schedule events on a timer
    • Watch participant responses in real time
    • See SLA timing for each response
  • The AI Facilitator evaluates responses and injects follow-up pressure
💡 Pro tip: Pause the exercise anytime to debrief. The platform tracks all timings, so you can compare actual vs. target response times later.
6
Report

Review the Post-Exercise Report

Once you mark the exercise complete, the system generates a comprehensive report. Share it with your team and leadership.

  • SLA Compliance: How fast did each person/team respond vs. target?
  • MITRE Coverage: Which ATT&CK techniques were exercised? Which gaps remain?
  • NIST CSF Breakdown: Percentage coverage of Identify/Protect/Detect/Respond/Recover
  • Gap Analysis: Uncovered techniques, missing response procedures, training needs
  • Debrief Notes: AI-generated hotwash summary of what went well and what to improve
💡 Pro tip: Export the report as PDF for your audit file. Share the online version with team leads for deeper dives into specific events.

Ready to build your first exercise?

Sign up now and get a 14-day free trial. No credit card required.

Create Your Account →