Workshop Templates
Artifact templates for the workshop. Download the Excel or Word file for your organization and fill it in during the lab exercises. Each template includes dropdown lists for defined field values. The Markdown reference on each template page shows the full field definitions and instructions.
These templates are a starting point, not a finished product. Every organization's infrastructure, risk profile, and operational needs are different. Adapt the fields, categories, and procedures to fit your environment. Add columns that matter to your team, remove ones that do not apply, and adjust the dropdown values to match your terminology. The best version of these templates is the one your team will actually use -- refine them as your monitoring program matures.
| Template | Artifact | Module | Download | Description |
|---|---|---|---|---|
| Baseline Document | 7 | M5 | Excel | Consolidated external exposure baseline combining Module 2 (attack surface), Module 3 (personnel), and Module 4 (vulnerabilities) with four-category classification system |
| Personnel Exposure Inventory | 3 | M3 | Excel | Role-based personnel inventory with tier assignments, breach tracking, prioritization matrix, and professional network exposure |
| Vulnerability Correlation Table | 4 | M4 | Excel | Asset-to-CVE mapping with CPE identifiers, CISA KEV status, P0-P3 priority ratings, vendor PSIRT tracking, and source checklist |
| Monitoring Checklist | 6 | M5 | Word | Pull-based weekly and monthly monitoring checklist with tool queries, baseline references, finding logs, and cycle summary tracking |
| Operational Runbook | 8 | M6 | Word | Cadenced monitoring procedures (daily, weekly, monthly, quarterly) with [CORE]/[FULL] labels, checklists, ownership, and escalation paths |
NRECA Worked Examples
Pre-filled examples using NRECA data from the workshop. These show what completed templates look like with real organizational data.
| Example | Template | Download | Description |
|---|---|---|---|
| NRECA Monitoring Checklist | Monitoring Checklist | Word | Weekly and monthly checklists pre-filled with NRECA queries (FortiGate, electric.coop/cooperative.com domains, Tier 1 personnel), hypothetical finding entries, and cycle summaries |
| NRECA Runbook | Operational Runbook | Word | Full runbook with NRECA-specific daily triage (5 Google Alert queries), weekly checks (FortiGate, KEV, CT for 4 domains, HIBP for 5 Tier 1 personnel), monthly review, and quarterly assessment with [CORE]/[FULL] labels |