GitHub - austinsonger/Incident-Playbook: Incident Response Process and Playbooks...

If you have an idea for the project please start a discusssion.

PURPOSE OF PROJECT

That this project will be created by the SOC/Incident Response Community

• Develop a Catalog of Incident Response Playbook for every MITRE Technique (Keep in mind it won't work for some tactics).
• Develop a Catalog of Incident Response Playbook for uncommon incidents.
• Develop a Catalog of Exercise Scenarios that can be used for training purposes.
• Develop a Catalog of tools used for Incident Response [Plus Reviews for the different tools].
• Develop a Catalog of Incident Response Automations.
• Develop a Catalog of Checklists [For Before, During, After Incidents].
• Develop a Catalog of Roles that a organization can use, to build their own program.
• Develop a Catalog of Event Codes and API Actions that you can/will see in a SIEM Detections.

For every pull request submitted a issue must also be created.

• Please Read Creating a New Playbook;
• Check the list of MITRE Techniques to choose from and create a new issue;
• Or you can just look at the list of issues that are ready to be worked on.

Incident Response Phases

This project will use a modified Incident Response Process of mixing SANS Incident Response Process and NIST Incident Response Process.

NOTE: The common "preparation" phase will not be part of this Incident Response Process, but on each playbook will include a (P) Preparation at the beginning of each playbook.

More than one phase can be running in parallel.

1. Investigate
2. Remediate (contain, eradicate)
3. Communicate
4. Recover
5. Lessons Learned

If you have any changes that you think would be good for this incident response process please create a issue description what you want to change to this incident response process.

Inspiration For This Project

Just felt like there was something missing for Incident Response and a centrally place for playbooks, SIEM Processes, Forensics and other processes around Incident Response.