Cyber Incident Response Playbook Battle Cards Logo

Cyber Incident Response Playbook Battle Cards

0
Free
Visit Website

A collection of Cyber Incident Response Playbook Battle Cards (PBC) which are recipes for preparing and applying countermeasures against cyber threats and attacks. PBC follow a prescriptive approach to combat various TTP deployed by cyber threat actors, aiding the kinetic activities conducted by humans prior to, during, and after cybersecurity incident response. Inspired by CERT Societe Generale's IRM, these cards are valuable resources for incident response teams. For more information, visit: - CERT Societe Generale's IRM: https://github.com/certsocietegenerale/IRM/ - GuardSight's Cybersecurity Incident Response Plan: https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan - Incident Response Playbooks: https://www.incidentresponse.com/playbooks/ - NIST Cybersecurity Framework: https://www.nist.gov/cyberframework - NIST Special Publication 800-184: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf - NIST Special Publication 800-61 Rev. 2: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final - MITRE Cyber Exercise Playbook: https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf

FEATURES

ALTERNATIVES

An open-source SOAR tool for automating threat and incident response workflows using CACAO security playbooks.

A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.

Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.

AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.

Datadog offers a comprehensive suite of cybersecurity tools for various aspects of application and infrastructure monitoring.

A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.

Reveelium UEBA is a French-developed User and Entity Behavior Analytics solution that uses artificial intelligence to detect abnormal behaviors and security threats by analyzing user and entity activities within an organization's network.

A public incident response process documentation used at PagerDuty