Webinar takeaway – IR Playbooks – A New Open Source Resource

My key takeaways

• management wants to know what, not how
• IR plan aka policy
• IR playbook aka process
• microplays aka procedures
  • microplays are the actual steps to be taken in response to an incident
• you don’t plan while under stress
  • that’s when a playbook becomes handy
• even if every incident is unique and the environment is uinque, there usual process are most time the same and can be written down in a playbook
• an incident commander connects the C-Level and the IR team

Env

• Provided by Wild West Hackin’ Fest

• Speaker

  • Mathieu Saulnier

additional links

• https://www.youtube.com/c/WildWestHackinFest/
• 
• https://gitlab.com/syntax-ir/playbooks/-/tree/main/
• https://incidentresponse.com
• https://ayehu.com
• https://atc-project.github.io/atc-react/
• https://docs.microsoft.com/en-us/security/compass/incident-response-playbooks
• https://github.com/austinsonger/Incident-Playbook

User comments

• Fraggle780 — heute um 19:41 Uhr
  yes – contain is isolation, eradicate is nuking from orbit
• SilentTom — heute um 19:43 Uhr
  Please dont power down. You make us forensic analysts very sad;-)
• MaliciousPackage — heute um 19:49 Uhr
  Awwww why so much hate for the red team?
  • Velda | The Deputy — heute um 19:50 Uhr
    Their offensive 😄