Playbook-NG pulls entries from a database of post-compromise countermeasures and mitigations called COUN7ER. COUN7ER is a researched and curated collection of atomic actions that incident responders can take to contain and evict adversary agency within their networks and assets. As a Rosetta Stone of defensive measures, COUN7ER cross-references its countermeasures to many other frameworks, such as MITRE’s ATT&CK™, Common Weakness Enumeration (CWE), and preventive best practice where applicable. The current COUN7ER catalog contains over 100 fully developed entries.
The COUN7ER database is continuously reviewed and updated based on incident observations, threat intelligence, and any other source of information on threat actor tactics. Countermeasures undergo a rigorous review process to conform to written style, voice, and accuracy. CISA conducts internal tabletops to exercise countermeasures to examine potential challenges with implementation as well as effectiveness against adversary actions. For more information, contact us at playbook-ngATATmail.cisa.dhs.gov.
This project is MIT Licensed.
This project makes use of MITRE ATT&CK® - ATT&CK Terms of Use.
A live instance of the Playbook-NG tool using COUN7ER is hosted by CISA at https://www.cisa.gov/eviction-strategies-tool
This database is developed and maintained by CISA to provide a vetted resource of containment and eviction guidance to the public.
CISA would like to sincerely thank members of the following agencies for their valuable participation and feedback during testing of this project:
- Cyber National Mission Forces
- Indian Health Service
- Job Corps, Department of Labor
- Department of Labor
- Millennium Challenge Corporation
- National Institute of Standards and Technology (NIST)
- National Science Foundation (NSF)
- Department of Energy
- Department of State
- US Army Corps of Engineers
COUN7ER, including any associated information, playbook, strategies, countermeasures, apparatus, process, product, guidance or any other content, is provided “as is” and for general informational purposes only. Neither CISA nor the United States Government, nor any of their employees, make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, suitability, or efficacy of any output or content from COUN7ER. Users hereby acknowledge that using COUN7ER may require expert knowledge and advanced technical capabilities beyond what is typical for members of the public; and that the use or reliance upon the countermeasures, content, or any other information obtained from COUN7ER may cause adverse consequences, including potential device or system failure.
Users assume all risks from the use of COUN7ER, and without limiting the foregoing, users are responsible for any actions they take on systems and devices. In no event shall the United States Government, its employees, or its contractors or subcontractors be liable for any damages including, but not limited to, direct, indirect, special or consequential damages, arising out of, resulting from, or in any way connected with COUN7ER or its use; whether or not based upon warranty, contract, tort, or otherwise; whether or not arising out of negligence; and whether or not injury was sustained from, or arose out of the results of, or reliance upon COUN7ER.
References to any specific entity, commercial product, process, data format or service by trade name, trademark, manufacturer, or otherwise, do not constitute or imply an endorsement, recommendation, or favoring by CISA or the United States Government. All trademarks are the property of their respective owners. Users acknowledge that information within COUN7ER may not constitute the most up-to-date guidance or technical information and COUN7ER is not intended to, and does not constitute advice for compliance, regulatory, or legal purposes. Users should confer with their respective advisors and subject matter experts to obtain advice based on their individual circumstances.