AWS Incident Response Runbook Samples
These run-books are created to be used as templates only. They should be customized by administrators working with AWS to suit their particular needs, risks, available tools and work processes. These guides are not official AWS documentation and are provided as-is to customers using AWS products and who are looking to improve their incident response capability. The run-books included below cover several common scenarios faced by AWS customers. They outline steps based on the NIST Computer Security Incident Handling Guide (Special Publication 800-61 Revision 2) that can be used to: - Gather evidence - Contain and then eradicate the incident - Recover from the incident - Conduct post-incident activities, including post-mortem and feedback processes Interested readers may also find the AWS Security Incident Response Guide (first published in June 2019) a useful guide as an overview of how the below steps were created. Each runbook corresponds to a unique incident and there are 5 parts to handling each incident type, following the NIST guidelines referenced above. Each part corresponds to an action in that NIST document. It is not sufficient to customize t
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
Detect signed malware and track stolen code-signing certificates using osquery.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
Workflows for Shuffle automation tool with structured categories and customization options.
Anomali is an AI-Powered Security Operations Platform that delivers speed, scale, and performance at a reduced cost, combining ETL, SIEM, XDR, SOAR, and TIP to detect, investigate, respond, and remediate threats.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
A module-based AWS response tool for incident response in AWS environments.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.