DuckIntel / Security Tools
20 multi-phase tabletop exercises with real-world incident scenarios, discussion questions, injects, and MITRE ATT&CK After Action Reviews. Free, no login.
SOC Tabletop Exercises provides 22 multi-phase incident response scenarios designed for team practice. Each tabletop walks a group through a realistic security incident — ransomware, business email compromise, supply chain attack, insider threat, cloud breach — across multiple phases: initial detection, containment, eradication, recovery, and post-incident review.
Tabletop exercises are the most effective way to identify gaps in your incident response plan before a real incident exposes them. By running through a realistic scenario as a team, you surface coordination problems (who gets the call at 2am?), tool gaps (do we have the logs we need?), communication breakdowns (who approves taking a server offline?), and missing playbooks. Regular tabletops dramatically reduce incident response time and improve outcomes.
Each DuckIntel tabletop includes a phase-by-phase narrative, timed discussion questions for each phase, inject cards that introduce new developments mid-exercise, and a MITRE ATT&CK After Action Review that maps what the fictional attackers did to specific ATT&CK techniques. The AI-powered tabletop generator creates unique custom scenarios based on your industry, threat type, team size, and time pressure.
Related tools
Analyst SimulationsIncident Report GeneratorIncident Timeline BuilderMITRE ATT&CK Navigator
Part of DuckIntel.io — 59 free browser-based security tools for SOC analysts. No login. No tracking. 100% client-side.