Cyber Incident Response Playbook Battle Cards Logo

Cyber Incident Response Playbook Battle Cards

0
Free
Visit Website

A collection of Cyber Incident Response Playbook Battle Cards (PBC) which are recipes for preparing and applying countermeasures against cyber threats and attacks. PBC follow a prescriptive approach to combat various TTP deployed by cyber threat actors, aiding the kinetic activities conducted by humans prior to, during, and after cybersecurity incident response. Inspired by CERT Societe Generale's IRM, these cards are valuable resources for incident response teams. For more information, visit: - CERT Societe Generale's IRM: https://github.com/certsocietegenerale/IRM/ - GuardSight's Cybersecurity Incident Response Plan: https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan - Incident Response Playbooks: https://www.incidentresponse.com/playbooks/ - NIST Cybersecurity Framework: https://www.nist.gov/cyberframework - NIST Special Publication 800-184: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf - NIST Special Publication 800-61 Rev. 2: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final - MITRE Cyber Exercise Playbook: https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf

FEATURES

ALTERNATIVES

A DFIR Playbook Spec based on YAML for collaborative incident response processes.

Dropzone AI is an autonomous AI agent for SOCs that performs end-to-end investigations of security alerts, integrating with existing cybersecurity tools and data sources.

A proof of concept for using the SSM Agent in Fargate for incident response

Stronghold is the easiest way to securely configure your Mac.

A project that uses Athena and EventBridge to investigate API activity and notify of actions for incident response and misconfiguration detection.

Open-source abuse management toolkit for automating and improving the abuse handling process.

Malware allows attackers to execute Windows commands from a remote environment

PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.

PINNED