Welcome
Run the Console with confidence
The Global Rail Cyber Security Console turns real-world incidents into checks, controls, and action. This guide explains how the product works, how to operate it day-to-day, and how to wire it into the rest of your security and engineering stack.
What you'll find here
The guide is grouped into seven sections. Use the sidebar to jump straight in, or follow the recommended path: Get started → Workflows → How-to guides.
- Get started — first 15 minutes, plus role-specific tours for security leads and engineers.
- Workflows — what good looks like when you operate the Console week-to-week.
- How-to guides — task-focused recipes for specific jobs.
- Reference — coverage, severity, schemas, frameworks, API, and roles.
- Admin & Integrations — wiring identity, network controls, and third-party systems.
All sections
Get started
Start here
- Overview
- Quickstart
- For security leads
- For engineers
Workflows
Start here
- Choosing what to test
- Safe testing on operational systems
- Interpreting results
- Closing the loop
How-to guides
Start here
- Connect assets
- Set up authentication
- Run an assessment
- Use the Threat Library
Reference
Start here
- Attack coverage
- Severity model
- Finding schema
- Frameworks
Admin
Start here
- Users
- SSO
- IP allowlist
- Audit log
Integrations
Start here
- Slack
- Jira
- SIEM
- Wiz