responding-to-security-incidents
by jeremylongshore
Hundreds of Claude Code plugins with embedded AI skills. Learn via interactive Jupyter tutorials.
Run in ManusSKILL.md
name: responding-to-security-incidents description: | Analyze and guide security incident response, investigation, and remediation processes. Use when you need to handle security breaches, classify incidents, develop response playbooks, gather forensic evidence, or coordinate remediation efforts. Trigger with phrases like "security incident response", "ransomware attack response", "data breach investigation", "incident playbook", or "security forensics".
allowed-tools: Read, Write, Edit, Grep, Glob, Bash(log-analysis:), Bash(forensics:), Bash(network-trace:*) version: 1.0.0 author: Jeremy Longshore jeremy@intentsolutions.io license: MIT
Responding To Security Incidents
Overview
This skill provides automated assistance for the described functionality.
Prerequisites
Before using this skill, ensure:
- Access to system and application logs in {baseDir}/logs/
- Network traffic captures or SIEM data available
- Incident response team contact information
- Backup systems operational and accessible
- Write permissions for incident documentation in {baseDir}/incidents/
- Communication channels established for stakeholder updates
Instructions
- Triage the incident and scope affected systems/data.
- Preserve evidence (logs, snapshots, network captures) before making changes.
- Contain the blast radius and eradicate root cause.
- Recover safely and document follow-ups (AAR + backlog).
See {baseDir}/references/implementation.md for detailed implementation guide.
Output
The skill produces:
Primary Output: Incident response playbook saved to {baseDir}/incidents/incident-YYYYMMDD-HHMM.md
Playbook Structure:
# Security Incident Response - [Incident Type]
## Error Handling
See `{baseDir}/references/errors.md` for comprehensive error handling.
## Examples
See `{baseDir}/references/examples.md` for detailed examples.
## Resources
- NIST Computer Security Incident Handling Guide: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
- SANS Incident Handler's Handbook: https://www.sans.org/white-papers/33901/
- CISA Incident Response Guide: https://www.cisa.gov/incident-response
- Memory analysis: Volatility Framework
- Disk forensics: Autopsy, FTK Imager
Score
Total Score
Based on repository quality metrics
SKILL.mdファイルが含まれている
ライセンスが設定されている
100文字以上の説明がある
GitHub Stars 1000以上
1ヶ月以内に更新
10回以上フォークされている
オープンIssueが50未満
プログラミング言語が設定されている
1つ以上のタグが設定されている
Reviews
Reviews coming soon
