Framework

A knowledge base of actionable Incident Response techniques, based on @MITREattack philosophy.

RE&CT

🇷🇺 Русская версия The RE&CT Framework is designed for accumulating, describing and categorizing actionable Incident Response techniques. RE&CT's philosophy is based on the MITRE's ATT&CK framework. The columns represent Response Stages. The cells repsresent Response Actions.

atc-project.github.io

ATT&CK® Navigator

atc-project.github.io

Existing collections of resources

Procedures

guardsight/gsvsoc_cirt-playbook-battle-cards

Cyber Incident Response Team Playbook Battle Cards - guardsight/gsvsoc_cirt-playbook-battle-cards

github.com

guardsight/gsvsoc_cirt-playbook-battle-cards

certsocietegenerale/IRM

CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved. One IRM exists for each security incident we're used to dealing with.

github.com

counteractive/incident-response-plan-template

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or window. Reload to refresh your session. Reload to refresh your session. We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products.

github.com

counteractive/incident-response-plan-template

Procedure_604P2_Incident_Handling.pdf119.6KB

Tool specific Playbooks

phantomcyber/playbooks

Phantom Community Playbooks GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together. This is the 4.9 branch of the Phantom Community Playbooks repository, which contains the default initial playbooks and custom functions for each Phantom instance.

github.com

Cortex XSOAR - Security Orchestration, Automation and Response (SOAR)

Cortex XSOAR is the industry's only extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intelligence management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence and automate response for any security use case, resulting in significantly faster responses that require less manual review.

www.paloaltonetworks.com

Cortex XSOAR - Security Orchestration, Automation and Response (SOAR)

IncidentResponse.com | Incident Response Playbooks Gallery

It's time to share your playbook with your team or your industry peers. Share them, review them, discuss them, use them to help you automate your response. Suggestions, feedback and other questions? Feel free to contact us at: info@incidentresponse.com

www.incidentresponse.com

PagerDuty Incident Response Documentation

This documentation covers parts of the PagerDuty Incident Response process. It is a cut-down version of our internal documentation, used at PagerDuty for any major incidents, and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident, but also what to do during and after.

response.pagerduty.com

PagerDuty Incident Response Documentation

PagerDuty/incident-response-docs

github.com

Cheatsheets

Forms

Sample Incident Handling Forms | SCORE | SANS Institute

Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.

www.sans.org

Sample Incident Handling Forms | SCORE | SANS Institute

Incident category specific resources

Ransomware

NIST Special Publication (SP) 1800-26 (Draft), Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data corruption and destruction.

csrc.nist.gov

NIST Special Publication (SP) 1800-26 (Draft), Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Playbooks Library

Framework

RE&CT

ATT&CK® Navigator

Existing collections of resources

Procedures

guardsight/gsvsoc_cirt-playbook-battle-cards

certsocietegenerale/IRM

counteractive/incident-response-plan-template

Tool specific Playbooks

phantomcyber/playbooks

Cortex XSOAR - Security Orchestration, Automation and Response (SOAR)

IncidentResponse.com | Incident Response Playbooks Gallery

PagerDuty Incident Response Documentation

PagerDuty/incident-response-docs

Cheatsheets

Forms

Sample Incident Handling Forms | SCORE | SANS Institute

Incident category specific resources

Ransomware

NIST Special Publication (SP) 1800-26 (Draft), Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events