cyber-ir-playbook

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

  1. Ingest incident events with timestamps.
  2. Classify events into detection, containment, eradication, recovery, or post-incident phases.
  3. Build ordered timeline and summarize current phase completion.
  4. Produce a report artifact for internal and executive audiences.

Use Bundled Resources

  • Run scripts/ir_timeline_report.py to generate a deterministic timeline report.
  • Read references/ir-phase-guide.md for phase mapping guidance.

Guardrails

  • Focus on defensive incident handling and post-incident learning.
  • Do not provide offensive exploitation instructions.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Indigo DEX

Interact with decentralized exchanges on Cardano through the Indigo Protocol ecosystem.

Registry SourceRecently Updated
General00
adacapo21
General

feishu voice reply

飞书语音消息自动回复技能 - 使用 Edge TTS 生成语音并通过飞书 API 发送

Registry SourceRecently Updated
General00
xmx0632
General

x-cmd

x-cmd is a **POSIX Shell library/framework** providing modular architecture for shell scripting. Load first: `. ~/.x-cmd.root/X`, then use `x <mod> [subcmd.....

Registry SourceRecently Updated
General156
edwinjhlee