Sign Up for Our Newsletter
* indicates required
Incident Response

Incident Response Test

There are many reasons for an organization to perform an incident response test. The main reason to test your incident response is to ensure adequate preparation in case of a breach.

But first, what exactly is incident response? And how does it work?

Incident response is an organized method of approaching the aftermath of a data breach or cyber attack (i.e. “incident”). The goal of incident response is to carry out a predetermined plan to minimize damage and recovery cost.

Incident response includes:

  • Advanced preparation and training
  • Threat identification, containment, and eradication
  • System recovery
  • Post-response review and lessons learned

Having an incident response plan is meaningless if the plan isn’t practiced. Running test scenarios helps teams stay on the same page about what responsibilities fall to whom, reducing potential chaos and confusion.

Threatcare’s Breach and Attack Simulation platform makes it easy to test incident response by simulating activity that looks like a real-world cyber attack. If you haven’t already downloaded the Threatcare app, download it here.

Threatcare is built on the MITRE ATT&CK framework, helping your team standardize testing practices.

Step-by-Step Guide to Testing Incident Response with Threatcare

The SANS Institute provides six steps for effective incident response. The Threatcare app helps you streamline these best practices with an easy and actionable approach.

Step 1. Navigate to the Playbooks tab in the Threatcare app.

Step 2. Once you’ve located the Playbooks tab, you may click on any icon to run a Playbook. The Threatcare app comes equipped with pre-configured playbooks based on the MITRE ATT&CK framework.  In order to run random attacker techniques, click “Roll the Dice.”


Step 3. Review the results. If you’re using the free version of Threatcare, you’ll be able to review the results of your selected playbook in the console on the Techniques tab.

Now, let the incident response begin!


Step 4. Once your team carries out incident response, compare your team’s plan to Threatcare’s findings.

Click on the Events tab. Users who pay for Threatcare Pro can review detailed results and artifacts related to the playbook run by clicking the “View Details” button on the Events tab. Sign up for Threatcare Pro or download Threatcare for free.

Are there any discrepancies between your team’s findings and Threatcare’s findings? Are there specific areas where your team needs to improve?


View Details

Step 5. Generate a report. Generating reports will support your analysis efforts and assist with log correlation. To generate a detailed report, navigate to the Events tab, check the boxes to the left of the events you’d like to include in the report, and click the “Download Report” button.

Download Report

About Threatcare

Threatcare’s automated Breach and Attack Simulation solutions and highly experienced Services Team provide real-time insights and actionable recommendations that enable you to build, measure, and maintain a strong cybersecurity program as your organization scales.

Visit or call +1-833-365-CARE for more information.