Ready-to-use procedures for your security operations
Incident response playbooks are step-by-step procedures that guide your team through handling security incidents consistently and effectively. Each playbook includes:
Clear actions to take at each phase
Ensure nothing is missed
Know what to preserve
Stakeholder messaging ready to go
Essential steps for responding to a reported phishing email, from initial triage to remediation.
Basic procedures for initial malware analysis and containment when malware is detected on a system.
Universal first steps for any security incident, designed for IT staff who may be first on scene.
Rapid response guide for when a user account is suspected or confirmed compromised.
First responder procedures for when an incident is detected
Response procedures for specific attack types like ransomware, BEC, and insider threats
Detailed technical workflows for forensics, log analysis, and IOC collection
Templates and procedures for stakeholder communication during incidents
Essential steps for responding to a reported phishing email, from initial triage to remediation.
Basic procedures for initial malware analysis and containment when malware is detected on a system.
Universal first steps for any security incident, designed for IT staff who may be first on scene.
Rapid response guide for when a user account is suspected or confirmed compromised.
Framework for classifying security incidents by type and severity to guide response priorities.
Comprehensive response procedures for ransomware attacks, from detection to recovery.
Response procedures for BEC attacks including wire fraud attempts and executive impersonation.
Procedures for investigating potential insider threats, balancing security with legal and HR considerations.
Investigation procedures for suspected or confirmed data exfiltration incidents.
Procedures for detecting and responding to cryptocurrency mining malware on systems.
Fundamental procedures for capturing and analyzing system memory during incident response.
Procedures for capturing and analyzing network traffic during security incidents.
Systematic approach to analyzing logs during incident investigation.
Standardized procedures for collecting and documenting indicators of compromise.
Procedures for forensic evidence collection from Windows and Linux endpoints.
Template for briefing executive leadership on security incidents.
Checklist for engaging legal counsel and managing legal aspects of incident response.
Communication templates for customer notification during security incidents.
Escalation procedures and contact matrix for security incidents.