Incident response training that works under pressure
A platform for running cyber incident tabletop exercises. Structured scenarios, real-time multiplayer sessions, decision scoring, and exportable debrief reports — ready to use immediately.
SOC reports unusual lateral movement across 12 endpoints. Logs show credentials for a service account being used from an unknown IP. The CFO's workstation may be compromised.
As Incident Commander, what is your immediate priority?
Scenarios covering 14 incident types
Structured practice for incident response teams
A tabletop exercise is a facilitated discussion-based session where a team works through a simulated incident scenario. There is no live system impact — but the decisions are real.
Teams work through a sequence of injects: alerts, escalations, and consequences that unfold based on the decisions made. The goal is to surface gaps in process, communication, and decision-making before a real incident exposes them.
Incident Tabletop structures these exercises with branching scenarios, tracked decisions, scored outcomes, and a data-driven debrief. The platform handles the mechanics so facilitators can focus on the team.
A scenario is presented
InjectThe team receives a realistic incident inject — an alert, an escalation, a piece of threat intelligence. The situation is ambiguous. Information is incomplete. Decisions need to be made.
Decisions are made under pressure
DecisionThe Incident Commander chooses how to respond. Each decision carries a consequence — optimal, suboptimal, poor, or catastrophic — and shapes how the scenario unfolds. The team tracks actions, assigns owners, and logs notes in real time.
The exercise is debriefed with data
DebriefAfter the exercise, every decision is reviewed. Scoring covers decision quality, response speed, confidence, and action management. Gaps in People, Process, Technology, and Vendors are captured. A PDF report is exported.
Built for the people who run incident response
Security Teams
Build and test your incident response capability with realistic exercises. Rotate the Incident Commander role, run scenarios your team has never seen, and track readiness improvement over time.
- Test runbooks against scenarios you haven't pre-planned
- Rotate IC responsibility across the team
- Produce audit evidence for ISO 27001, SOC 2, DORA, and NIS2
- Track readiness scores across exercises over time
Security Consultants
Run professional tabletop exercises for clients without building everything from scratch. Use AI to generate scenarios tailored to each client's technology stack. Export a branded debrief PDF at the end of each session.
- Generate client-specific scenarios from their org profile
- Facilitate live sessions with full pacing control
- Export professional debrief reports for client handover
- Reuse scenario libraries across similar client environments
MSPs & MSSPs
Add incident readiness services to your portfolio. Run tabletop exercises as a managed service for multiple clients. The Partner Licence covers multi-client management, volume pricing, and branded outputs.
- Manage exercises across multiple client organisations
- Offer incident readiness as a recurring service
- Branded reports for client delivery
- Volume pricing through the Partner Licence
Everything you need to run effective exercises
Scenario library with branching injects
Pre-authored scenarios across 14 incident types. Each decision changes the scenario path — choices with poor consequences escalate the situation; optimal decisions de-escalate. No two exercises play the same way.
Multiplayer exercise sessions
Host a live session with a 6-character code. The Incident Commander makes decisions; other participants suggest actions and track responses in real time over WebSocket. Pause and resume as needed.
Decision tracking and scoring
Every decision is recorded with a consequence label. Post-exercise scoring covers five dimensions: decision quality, response speed, confidence levels, action management, and thoroughness. Scores build a measurable readiness baseline.
Debrief with gap analysis
A structured debrief captures gaps in People, Process, Technology, and Vendors. Decision paths are visualised. AI generates an executive summary. Export a full PDF report — ready for leadership, auditors, or client handover.
Organisation modelling and blast radius
Map your systems, people, and assets. Define dependency relationships and criticality ratings. The Blast Radius Explorer simulates how a single failure cascades through your infrastructure — before an incident does it for real.
AI-generated scenarios and injects
Generate scenarios tailored to your organisation profile — using your actual systems, people, and risk context. AI Mode lets teams respond with free-form actions and receive dynamically generated consequences.
Privacy-first
Runs entirely in your browser. Your scenario data never leaves your device unless you choose cloud storage.
Self-hostable
Connect your own storage: SQLite, DynamoDB, Cosmos DB, or Firestore. Full data sovereignty.
SAML SSO
Enterprise authentication with any SAML 2.0 identity provider — Okta, Azure AD, Google Workspace.
Encrypted credentials
Per-user credential encryption using HKDF-SHA256 and AES-256-GCM for maximum security.
Ready to run your first exercise?
The platform is immediately usable. Choose a scenario from the library, invite your team with a 6-character session code, and start.