Skip to main content

The Problem Gamebooks Solve

Without Gamebooks, responding to a single incident means logging into Defender to isolate a device, switching to Entra ID to disable an account, opening Exchange to delete a phishing email, and documenting each action separately. That’s 4 consoles, multiple credential prompts, and minutes (or hours) of manual work.

How Gamebooks Work

Gamebooks compress that entire workflow into select, run, done:
  1. Open the incident in the Workbench
  2. Click on affected entities in the Entity Context Graph
  3. Select the response actions you want for each entity
  4. Click Run
  5. ContraForce’s IRIS response engine executes all actions across your connected security tools simultaneously
The IRIS engine handles authentication, API calls, error handling, and status tracking. You get a complete audit trail of every action taken.

Key Facts

  • No API mapping required — ContraForce handles all integrations
  • No coding or scripting — actions are selected from a menu
  • Available actions are contextual — they depend on the entity types present in the incident
  • AI agents can run GamebooksSecurity Delivery Agents can autonomously select and execute response actions
  • Approval workflows — high-impact actions can require manager approval before execution
Important distinction: ContraForce Gamebooks handle incident response remediation (containment and response actions like isolation, account disabling, file quarantine). ContraForce does NOT handle vulnerability remediation (patching, software updates, configuration hardening).
For the full reference, see Gamebooks.