How Scenarium Works

Inject Management

Injects are the building blocks of any crisis simulation. In Scenarium, an inject is a self-contained narrative element -- a situation update, a piece of breaking news, a phone call transcript, a leaked document -- that the exercise director releases to participants at the right moment.

Each inject in Scenarium can contain:

• Rich text content -- Formatted narrative with headings, lists, and emphasis, written directly in the inject editor.
• Media attachments -- Images, PDFs, and documents that add realism. Participants can view embedded media directly within the inject.
• Structured questions -- Five question types (Framework, List, Multi-select, Matrix, and Chat) let exercise designers capture specific, structured responses from each participant group.
• Track assignments -- Injects can be assigned to specific tracks (e.g., Communications, Operations, Leadership), so different teams receive only the injects relevant to their role.
• Scheduling rules -- Injects can be published manually by the director, on a timed schedule, or held for conditional release based on exercise progress.

The inject editor provides a drag-and-drop interface for reordering the inject sequence, making it easy to restructure a scenario during the design phase without losing any content.

Real-Time Coordination

During exercise execution, Scenarium uses WebSocket connections (powered by Laravel Reverb) to deliver updates instantly to all connected clients. When the director publishes an inject, participants see it within one second -- no page refresh required. Similarly, when a participant submits a response, the director's progress matrix updates in real time.

This real-time architecture eliminates the "email lag" problem that plagues spreadsheet-based exercises, where directors never have a current picture of participation status. With Scenarium, the director always knows exactly which teams have responded, which are still working, and which have not yet started.

Participant Tracking

Scenarium's progress matrix gives exercise directors a live, at-a-glance view of exercise status. The matrix displays every participant group on one axis and every inject on the other, with color-coded cells indicating response status:

Directors can drill into any cell to read the specific responses submitted by that group. Participation percentages, response counts, and timing data are computed automatically, giving directors the situational awareness they need to pace the exercise correctly.

Automated Reporting

After the exercise, assembling a report is typically the most time-consuming task. Scenarium eliminates this bottleneck by generating structured reports automatically from the exercise data.

Available export formats include:

• PDF reports -- Branded, presentation-ready documents containing the exercise overview, inject timeline, participant responses, and summary statistics. Suitable for executive briefings and compliance records.
• JSON exports -- Machine-readable data files containing the complete exercise structure and all responses. Useful for integration with other systems, long-term archival, or custom analysis pipelines.
• CSV exports -- Tabular data exports for analysis in spreadsheet tools. Each response is a row, making it easy to filter, pivot, and chart outcomes.

Reports include the full inject timeline, every response from every group, director comments, participation statistics, and response timestamps. Organizations that previously spent days compiling after-action reports can now produce them in a single click.

Who Uses Scenarium

Scenarium is built around three primary user roles, each with a tailored experience:

Integration with Existing Workflows

Scenarium is designed to complement, not replace, your existing tools and processes:

• JSON import/export -- Import exercise definitions from other systems or reuse past exercises as templates. Export complete exercise data for integration with your GRC platform, SIEM, or internal reporting tools.
• Role-based access control -- Integrate with your organization's user management through Scenarium's flexible role system. Six built-in roles cover common organizational structures, and custom roles can be configured.
• Multi-organization support -- Consultants and managed service providers can operate multiple client organizations from a single Scenarium instance, each with isolated data and independent user management.
• Standards alignment -- Exercise outputs are structured to support compliance reporting for NIST CSF, ISO 27001, ISO 22301, DORA, NIS2, and similar frameworks that require documented testing evidence.

Technical Architecture

Scenarium is built on Laravel 12 with Livewire 3 for reactive server-rendered components, and Laravel Reverb for WebSocket broadcasting. The stack is designed for reliability and low latency:

• Server-side rendering -- All application state is managed on the server, reducing client complexity and improving security. No sensitive data is exposed in JavaScript bundles.
• Real-time updates -- WebSocket channels push inject publications, response submissions, and status changes to all connected clients in under one second.
• File security -- Media attachments are served through authenticated routes, never publicly accessible. Access is verified against the user's exercise permissions on every request.
• Data isolation -- Multi-tenant architecture ensures that each organization's data is completely isolated at the application layer.