PURPOSE OF PROJECT
That this project will be created by the SOC/Incident Response Community
- Develop a Catalog of Incident Response Playbook for every MITRE Technique (that possible, to make one for).
- Develop a Catalog of Incident Response Playbook for uncommon incidents.
- Develop a Catalog of Exercise Scenarios that can be used for training purposes.
- Develop a Catalog of tools used for Incident Response
[Plus Reviews for the different tools]. - Develop a Catalog of Incident Response Automations.
- Develop a Catalog of Checklists
[For Before, During, After Incidents]. - Develop a Catalog of Roles that a organization can use, to build their own program.
- Develop a Catalog of Event Codes and API Actions that you can/will see in a SIEM Detections.
-
Creating a New Playbook
-
For every pull request submitted a issue must also be created.
-
-
MITRE Techniques
Incident Response Phases
This project will use a modified Incident Response Process of mixing SANS Incident Response Process and NIST Incident Response Process.
NOTE: The common "preparation" phase will not be part of this Incident Response Process, but on each playbook will include a
(P) Preparationat the beginning of each playbook.
More than one phase can be running in parallel.
- Investigate
- Remediate (contain, eradicate)
- Communicate
- Recover
- Lessons Learned
If you have any changes that you think would be good for this incident response process please create a issue description what you want to change to this incident response process.
Inspiration For This Project
Just felt like there was something missing for Incident Response and a centrally place for playbooks, SIEM Processes, Forensics and other processes around Incident Response.
1 Jan 25, 2022
9 Oct 08, 2022
7 Feb 28, 2022
8 Jan 30, 2022
6 May 26, 2022
0 Jan 05, 2022
2 Oct 16, 2022
47 Nov 16, 2022
7 Sep 28, 2021
3 Apr 22, 2022
1 Dec 12, 2021
7 Oct 30, 2022
1 Dec 05, 2022
3 Sep 13, 2022
50 Sep 28, 2022
5 Nov 19, 2021
1 Jan 03, 2022
25 Oct 23, 2022
59 Dec 27, 2022