Dashboard

—

Today's Focus

Active Case

Case Title

Severity

Status

Opened

Owner / Team

Active Tasks

No pending tasks.

Last Alert

No alerts generated yet.

Quick Triage Checklist

Investigation Reminders

What changed?Review recent system changes, new processes, new accounts, modified configs.
Who was affected?Identify users, systems, data types, and business impact scope.
What evidence supports this?Do not proceed on assumptions — find corroborating log entries.
Could this be a false positive?Check if normal business activity could explain the alert before escalating.
What if we do nothing?Assess the risk of inaction to inform escalation decisions.

SOC Triage

Generate and triage simulated alerts. History persists across sessions.

⚡

Queue is clear

Click + New Alert to generate a realistic triage scenario.

Incident Response Playbooks

Detect → Contain → Eradicate → Recover. Click any playbook to expand.

Pentest Helper

Quick-reference cheat sheets. Click a section to expand.

Investigation Helper

Analyst Notes

Auto-saved. All data stored locally in your browser.

Case Notes

Case / Incident Title

Investigation Notes

Investigation Timeline

No timeline entries yet. Add entries to track the investigation progression.

Indicators of Compromise

IP Addresses

Domains / URLs

File Hashes

Usernames / Accounts

Hostnames / Systems

Evidence Tracker

No evidence entries yet.

Shift To-Do

Track tasks for this shift. Auto-saved.

0Total

0Pending

0Done

Sort:

Show:

✓

No tasks

Add your first task above to get started.

Governance & Risk

Settings

Data Management

Export All Data

Download a JSON backup of all notes, tasks, cases, and alerts.

Import Backup

Restore from a previously exported JSON backup file.

Import JSON

Reset Application

Clear all stored data permanently. This cannot be undone.

Preferences

Compact Mode

Reduce spacing throughout the interface for denser information display.

Collapse Sidebar

Show icons only — hides text labels for more workspace width.

About

CyberWorkbench is a fully offline cybersecurity operations assistant designed for SOC analysts, incident responders, and security practitioners.

It runs entirely in your browser — no server, no account, no internet required. All data is stored locally using localStorage. Export backups regularly to avoid data loss if you clear browser storage.

Use it as your daily companion for shift management, incident tracking, triage practice, and quick reference during active investigations.

Version 2.0 Offline No backend No tracking