Archer Knox — Intelligence-Led Security Operations
Archer Knox Security Archer Knox Security

Threat Scenario Lab

Build a complete threat scenario and see how intel, ops, and playbooks respond.

This lab is a stripped-down version of how we reason about threats: who you are, what’s at risk, what’s happening, and how your posture should actually change. Nothing you select is stored or transmitted.

Start with your organizational profile, layer in a scenario, and the lab will generate a recommended posture, playbook stack, and stakeholder map in real time.

Start the lab Back to threat intel overview

For demonstration only. In a live engagement, this logic is tied to your actual data, jurisdictions, and risk posture.

Site Security Lab

Step 1: Who are we protecting?

Use the toggles to rough-in your organization. This doesn’t need to be perfect. The point is to get close enough that the scenario downstream feels familiar.

Sector

Footprint

Primary exposure

You can change these at any time. The scenario and recommended posture will adjust as you go.

Baseline profile

Sector: not yet set Footprint: unknown Exposure: mixed

Start by selecting sector, footprint, and what you believe is most at risk. The lab will use that context to tune how it interprets threats and which functions must be in the loop.

Step 2: What’s actually happening?

Define a scenario: how the threat is showing up, how confident you are it’s real, and how quickly it could become a problem. The lab will treat this as a live case.

Threat vector

Confidence

Immediacy

In reality, we’d also weigh jurisdiction, local partners, internal politics, and prior history. For this lab, we keep it simple and focus on structure.

Scenario sketch

Vector: not set Confidence: unknown Immediacy: unknown

Once you specify the vector, confidence, and immediacy, this card will describe a working scenario in plain language—what’s on the table and what is not.

See posture & playbooks →

Step 3: What should our posture be?

Based on your profile and scenario, the lab proposes a posture, which playbook stack should be live, and which functions must be engaged. This is the part that leadership, legal, and security must agree on.

Posture

Baseline — watching quietly

With current selections, the lab assumes a baseline posture: keep an eye on signals, capture clean records, and avoid unnecessary disruption. If confidence or immediacy increases, this will shift to Elevated or Incident.

Playbooks

Foundational playbooks only

The current mix suggests running only foundational playbooks: executive harassment awareness, facility-disruption monitoring, and digital brand abuse with low-level intervention.

Stakeholders

Security-led, light cross-functional visibility

Security and threat intel own the scenario with optional visibility for Legal and HR. If the threat targets named individuals or could disrupt operations, Comms and senior leadership should be briefed.