Designed for Realism.
Built for ease.

Every feature in Breachday is built to mimic real-world incident response pressure while keeping facilitation smooth, and to turn every exercise into compliance-ready evidence.

Preparation

Default and CTEP-based templates + a builder for the rest

Your scenario prep no longer lives across a dozen spreadsheet tabs. Start with default Breachday scenarios drawn from real-world public breaches, or pick a CTEP-based sector template and run it today. Clone any template and customize the narrative, phases, injects, and decision prompts to match your environment.

  • Default Breachday scenarios based on real public breach patterns
  • CTEP-based sector templates (Plus / Pro)
  • Phase-based timeline: Detection → Containment → Recovery
  • Inject types: situation update, escalation, decision required, curveball
  • Attach simulated artifacts (logs, emails, screenshots) to any inject
T-05m
T+00m
T+15m
Execution

Custom role seats & live facilitation

Eliminate login friction. Participants join via a 4-character room code and claim a role seat your org defines: Incident Commander, Comms, Legal, IT/Security, Operations, or anything else. Facilitators control phase progression, release injects on demand, and capture per-inject observations during the live session.

  • No accounts for participants
  • Custom role seats with org-defined labels and colors
  • Real-time presence — see who's in the room
  • Response modes: vote, freeform text, or read-only situation update
  • Session lifecycle: Lobby → Active → Paused → Completed
  • Up to 8 custom roles on Starter, unlimited on Plus / Pro
CERT

Maya Chen

Joined
CERT

Theo Brennan

Joined
INFOSEC

Priya Nakamura

Joined
CO

Compliance

Review

Audit-ready after-action reports

Every action, decision, and observation is captured live and rolled up into a branded report your auditors will actually accept. The days of reconstructing a tabletop from memory three weeks later are over.

  • Chronological timeline of every inject and response
  • Per-inject vote tallies, freeform responses, and observations
  • Affected IT assets and BIA processes exercised
  • Facilitator notes and participant roster
  • Branded PDF (with your logo) and structured JSON export
report_Q3_ransomware.pdf

After Action Report

Exercise: Ransomware Containment & Recovery
Date: Oct 14, 2025
Facilitator: admin@...
Duration: 1h 45m

Executive Summary

Follow-Through

Lessons learned tracker

The exercise is only useful if the gaps actually get fixed. Capture action items during or after every session, assign owners, and track them through to resolution from a single dashboard.

  • Title, description, owner, and status (Open / In Progress / Completed / Cancelled)
  • Kanban board for dragging action items through to resolution
  • Linked to the originating exercise session for full context
  • Dashboard widget surfaces overdue follow-ups
  • Auditors see closure evidence, with a clear trail from finding to fix
Lessons Learned
4 items
Update IR runbook for IdP lockout
In Progress
Add wire-fraud verification step
Completed
Document legal escalation contacts
Open
BC ProgramPlus / Pro

IT Asset Register & BIA

Tabletop exercises shouldn't live in a vacuum. Maintain your critical systems and business processes inside Breachday and link them directly to scenarios, so reports show exactly which assets and processes were exercised.

  • Asset register: applications, servers, data stores, networks, SaaS, vendors
  • RTO / RPO targets, criticality, and ownership per asset
  • Vendors, assets, processes, and roles all linkable together as dependencies
  • Business Impact Analysis with process → asset / role / vendor dependencies
  • Link "Affected systems" and "Processes in focus" to any scenario
  • 50 IT assets, vendors & BC processes each on Plus; unlimited on Pro
Critical Systems
Stripe BillingCritical
Type
SaaS
RTO
2h
RPO
15m
Customer DB (prod)Critical
Type
Data
RTO
4h
RPO
5m
Okta IdPHigh
Type
SaaS
RTO
1h
RPO
CommsPlus / Pro

Crisis Communication Plans

When something actually breaks, no one should be writing the customer email from scratch. Build pre-approved communication templates for customers, employees, regulators, and the press, then exercise them live.

  • Custom and system communication plan templates
  • Link plans to live exercise sessions
  • PDF and packet export for crisis runbooks
  • Aligns with SEC 4-day disclosure and SOC 2 communication controls
Comm Plan • Customer Notice
Approved
Subject
Important: Service incident notice — {{ incident_id }}
Body preview
CustomersStatus PagePress Room

Ready to run better exercises?

Stop fighting document version control and start focusing on your team's incident readiness.

Book a Demo