AWS Incident Response Runbook Samples
These run-books are created to be used as templates only. They should be customized by administrators working with AWS to suit their particular needs, risks, available tools and work processes. These guides are not official AWS documentation and are provided as-is to customers using AWS products and who are looking to improve their incident response capability. The run-books included below cover several common scenarios faced by AWS customers. They outline steps based on the NIST Computer Security Incident Handling Guide (Special Publication 800-61 Revision 2) that can be used to: - Gather evidence - Contain and then eradicate the incident - Recover from the incident - Conduct post-incident activities, including post-mortem and feedback processes Interested readers may also find the AWS Security Incident Response Guide (first published in June 2019) a useful guide as an overview of how the below steps were created. Each runbook corresponds to a unique incident and there are 5 parts to handling each incident type, following the NIST guidelines referenced above. Each part corresponds to an action in that NIST document. It is not sufficient to customize t
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A custom activity repository for Ayehu NG automation platform, allowing users to create and modify activities to fit their specific needs.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Repository of templates for Ayehu's workflows with the ability to design, execute, and automate IT and business processes.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
Modular SOAR implementation in Python for security orchestration, automation, and response.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.