Playbook Forge: Incident Response Playbook Builder

[+] Status: Complete [+] Origin: Portfolio Project [+] Date: 2025.01
>> TECH_STACK:
[React][FastAPI][ReactFlow][Python][TypeScript][Tailwind CSS]

Playbook Forge is a visual incident response playbook builder. Instead of writing playbooks as static documents, analysts build them as interactive flowcharts using a node-based editor. Each step in the workflow includes runbook details, responsible roles, SLA timers, and conditional branching for success, failure, and escalation paths.

The tool integrates with the MITRE ATT&CK framework to provide pre-built step templates for common techniques. Finished playbooks export to PDF (with embedded flowchart diagrams), JSON (for SOAR platform ingestion), and Markdown (for documentation wikis). A built-in validation engine checks for dead-end paths, missing escalation steps, and incomplete configurations before publishing.

Open Source

This project is open source and available on GitHub

View Repository 27 Commits Star on GitHub

Full-stack application centered on a ReactFlow visual editor:

React + TypeScript
Frontend Framework

Component architecture for the playbook editor, step configuration panels, and workflow validation interface

ReactFlow
Node Graph Editor

Interactive node-based flowchart editor for building visual incident response workflows with drag-and-drop step connections

FastAPI
Backend API

Python backend handling playbook persistence, template management, MITRE ATT&CK integration, and export pipeline

Tailwind CSS
Styling

Consistent design system for the editor interface, step cards, and exported playbook documents

Visual Editor Node-Based Workflow Builder
Problem: Writing IR playbooks as text documents makes it hard to visualize decision paths and parallel actions
Solution: Built a ReactFlow-based visual editor where analysts drag IR steps onto a canvas, connect them with conditional edges (success/failure/escalation), and configure each step with runbook details, responsible roles, and SLA timers
Result: Visual workflow representation makes complex branching playbooks intuitive to build and review
Integration MITRE ATT&CK Step Templates
Problem: Building playbooks from scratch for every technique is repetitive and error-prone
Solution: Pre-built step templates mapped to ATT&CK tactics and techniques. Analysts select the relevant technique and get a starting workflow with recommended response steps, which they can then customize for their environment
Result: Reduces playbook creation time by providing proven response patterns as starting points
Export Pipeline Multi-Format Playbook Export
Problem: Playbooks need to be shared as PDFs for management review, JSON for SOAR integration, and Markdown for wiki documentation
Solution: Built an export pipeline that converts the visual graph into structured documents. PDF output includes the flowchart as an SVG diagram. JSON output follows a schema compatible with common SOAR platforms. Markdown preserves the step hierarchy
Result: One source of truth generates outputs for every stakeholder and system
Validation Workflow Completeness Checker
Problem: Incomplete playbooks with dead-end paths or missing escalation steps create gaps during real incidents
Solution: Implemented graph analysis that validates every path terminates properly, all decision nodes have both branches defined, and escalation steps include contact information and SLA timers
Result: Catches gaps before playbooks are published, reducing risk of procedural failures during incidents
ReactFlow
  • Custom node types
  • Edge validation
  • Layout algorithms
  • Graph serialization
Full-Stack
  • React + FastAPI integration
  • REST API design
  • Template management
  • File export pipeline
Security Operations
  • IR playbook methodology
  • MITRE ATT&CK mapping
  • SOAR integration patterns
  • SLA management
Graph Analysis
  • Path validation
  • Dead-end detection
  • Cycle prevention
  • Completeness scoring
Complete
  • Visual node-based playbook editor
  • MITRE ATT&CK step template library
  • Conditional branching (success/failure/escalation)
  • Multi-format export (PDF, JSON, Markdown)
  • Workflow validation and completeness checks
  • SLA timer configuration per step