Each folder contains a Playbook that is broken down into 6 section as per NIST – 800.61 r2
1- Preparation
This section should include the following informations
List of ALL Assets
Servers
Endpoints (+critical ones)
Networks
Applications
Employees
Security Products
Baselines
Communication Plan
Which Security Events
Thresholds
How to access Security Tools
How to provision access
Create Playbooks
Plan Exercises
Table Top
Hands On
2- Detection and Analysis
This section should include the following informations
Gathering of Information
Analyzing the Data
Building Detections
Root Cause Analysis
Depth and Breath of the Attack
Admin Rights
Affected Systems
Techniques Used
Indicators of Compromise / Indicators of Attack
Tactics Techniques and Procdures (TTP)
IP Address
Email Address
File Hash
Command Line
etc.
3- Containment, Eradication, and Recovery
This section should include the following informations
Isolate Affected Systems
Patch Threat Entry Point
Predefine threshold
For Customers
For internal systems
For escalations
Preauthorized actions
Per customers
Per environment
Prod
QA
Internet Facing
How to Remove the Threat on All Affected Systems
Get Systems Operational
Rebuilt and Resume Service
4- Post-Incident Activity
Lessons Learn
New Detection
New Hardening
New Patch Management
etc.
This repository contains all the Incident Response Playbooks and Workflows of Company’s SOC.
Download & read the complete report & playbooks ready for use below 👇👇👇
Views: 83
