Skip to content
Cyber Toolbox
Cybersecurity co-ordination platform · v2.0

Co-ordinate cybersecurity in one place.

Manage incidents and exposures against the policies, standards and procedures that already govern your organisation. Pre-built playbooks and runbooks get your team responding in minutes, not meetings.

Book a demoTour the platform
Govern
Policies & playbooks
Respond
Live IR workspace
Remediate
Exposure register

Aligned to the standards your auditors recognise

NIST CSF 2.0NIST SP 800-61r3ISO/IEC 27001ISO/IEC 27035NZISMCPS 234Essential EightIEC 62443
Pillars

Four pillars, one workspace. No more tab-switching.

Govern your control library. Respond when something happens. Remediate the exposures that drive risk down. Simulate before the real thing lands. Each pillar shares the same policy hierarchy and the same data model — so the work in one shows up in the others.

Govern

Policies that translate into action

A six-layer document hierarchy — policy, standard, procedure, playbook, runbook, automation — versioned, owned, and customisable per organisation. Baseline templates ship in the box; you customise and own your copies from day one.

  • Pre-built playbook and runbook library aligned to NIST CSF 2.0, ISO 27001 and NZISM.
  • Inline RASCI on every artefact, with notifications when responsibilities change.
  • Every artefact versioned. Every incident records the version it ran.
Read more
Respond

A live workspace for the IR lead

Declare an incident, attach the right playbook, assign the procedure checklist, and let the activity log capture every move. Regulatory clocks and comms timers stay on screen so the IR lead never has to do mental arithmetic.

  • Activity log is append-only — a legally defensible record by design.
  • Comms timers and notification deadlines visible at all times.
  • Scoped external access for DFIR, legal, insurers and partners.
Read more
Remediate

Exposures, tracked to verified close

A central register for every vulnerability, control gap and weakness — with risk scoring, owner, due date, and a verification step before close. Trend visibility tells you if the programme is actually working.

  • Map exposures to the policies, standards and procedures they violate.
  • Workflow from triage through remediation to verification.
  • Quarterly trend reporting — by team, by service, by control family.
Read more
Simulate

Tabletops that use the same workspace

Run exercise cases against the same playbooks, the same checklists and the same activity log your live response uses. Tagged separately so they stay out of programme metrics — but practised in the muscle memory of the tool your team will reach for at 02:00.

  • Exercise cases flagged and excluded from "needs me" surfaces.
  • Replay a previous tabletop to seed a new scenario.
  • After-action report shares the same PIR template as live incidents.
Read more
Use cases

Two flagship workflows. One platform.

The platform supports more — change management, audit response, third-party risk — but these two are where most teams start.

Use case

Incident response

Declare in 30 seconds. Co-ordinate from one place. Defensible record by design.

  • Live activity log, never editable
  • Comms timers and regulatory clocks always visible
  • Scoped external access for DFIR, legal, insurers
  • Auto-generated PIR timeline
Use case

Exposure response

A vulnerability scanner gives you a list. We give you a programme.

  • Single register: vulns, control gaps, audit findings
  • Risk-based triage with EPSS and asset criticality
  • Verification gate before close
  • Quarterly trend reporting that lands at the board
Foundation

A six-layer document hierarchy. Every artefact has an owner, a version, and a parent.

Policy at the top, automation at the bottom — and an unbroken accountability chain in between. Baseline templates come pre-loaded; you customise and own your copy from day one.

  • L1PolicyDomain ownership
  • L2StandardMandatory rules
  • L3ProcedureStep-by-step
  • L4PlaybookIncident workflow
  • L5RunbookOperator action
  • L6AutomationCode / triggered
Library

Pre-built playbooks & runbooks. Customisable from day one.

A starter library covering the incidents you'll actually face — and the runbooks the team needs at 02:00. Every artefact is yours from the moment you log in. Versioned. Owned. Editable.

TypeCodeName
playbookPB-IR-001Ransomware response
playbookPB-IR-002Business email compromise
playbookPB-IR-003Insider threat — data exfil
playbookPB-IR-004OT/ICS safety incident
runbookRB-NET-007Isolate compromised host
runbookRB-IDP-002Revoke and rotate credentials
runbookRB-EDR-001Triage EDR alert
runbookRB-VLN-003Patch verification workflow
Browse all 244 playbooks & runbooks

Bring your incident response into one workspace.

Pre-built playbooks. A defensible audit trail. Comms timers and regulatory clocks always on screen. Try it on a 30-minute discovery call.

Book a demoExplore features