Security Playbooks Diagrams

Back to list of all Outcomes

Original Working Session content: Security Playbooks Diagrams


  • Diagrams of Security Playbooks published

Synopsis and Takeaways

We discussed how best to visualise the information contained in a playbook, realising that without data, we are restricted to process flows.

OWASP is proactive, but we recognise that certain situations are reactive by nature – you can only start to solve a problem when the problem arises.

We agreed that playbooks should include process diagrams, but only where necessary. It is difficult to come up with diagrams without data, and data usually comes after the playbook has been followed (e.g., pen-test, bug bounty).

We also agreed that we should create iconography for different audiences to help readers define the scope of the playbook. The audiences could include:

  • The buyer or end-user
  • The person who follows the process
  • The person who takes the result of the process and deals with the outcome (analyse, distil, process).


Ayehu’s site has a really good example of what these diagrams could look like:

The Phantom product seems to have native Playbook support (which can be also scripted):

Threat Connect also looks interesting:


Working materials

Here are the current ‘work in progress’ materials for this session


1. Introduction and purpose

2. Executive summary

3. Playbook (template table)

4. Global glossary

5. Conclusion

Back to list of all Outcomes

Edit this page here