security-incident-playbook-generator

Security Incident Playbook Generator

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-incident-playbook-generator" with this command: npx skills add monkey1sai/openai-cli/monkey1sai-openai-cli-security-incident-playbook-generator

Security Incident Playbook Generator

Prepare for security incidents with structured response plans.

Incident Response Phases

Security Incident Response Playbook

Phase 1: Detection & Triage (0-15 min)

Detection Sources

  • Security alerts (CloudWatch, Sentry)
  • User reports
  • Anomaly detection
  • Penetration test findings

Initial Assessment

  • Identify incident type
  • Assess severity (P0-P3)
  • Determine scope
  • Alert on-call security

Phase 2: Containment (15-60 min)

Immediate Actions

  • Isolate affected systems
  • Revoke compromised credentials
  • Block malicious IPs
  • Enable enhanced monitoring

Evidence Preservation

  • Capture logs
  • Take system snapshots
  • Document timeline
  • Preserve artifacts

Phase 3: Eradication (1-24 hours)

  • Remove malware
  • Close vulnerabilities
  • Reset passwords
  • Update firewall rules

Phase 4: Recovery (24-72 hours)

  • Restore from backup
  • Verify system integrity
  • Resume operations
  • Monitor for reinfection

Phase 5: Post-Incident (1 week)

  • Document lessons learned
  • Update procedures
  • Security training
  • Notify affected users (if required)

Output Checklist

  • Response phases defined

  • Containment procedures

  • Communication templates

  • Evidence collection rules

  • Post-incident review ENDFILE

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

threat-model-generator

No summary provided by upstream source.

Repository SourceNeeds Review
-8
monkey1sai
Security

auth-security-reviewer

No summary provided by upstream source.

Repository SourceNeeds Review
-8
monkey1sai
Security

accessibility-auditor

No summary provided by upstream source.

Repository SourceNeeds Review
-8
monkey1sai