/Incident-Playbook

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

MIT LicenseMIT

Join the chat at https://gitter.im/Incident-Playbook/community

If you have an idea for the project please start a discusssion.

PURPOSE OF PROJECT

That this project will be created by the SOC/Incident Response Community

  • Develop a Catalog of Incident Response Playbook for every MITRE Technique (Keep in mind it won't work for some tactics).
  • Develop a Catalog of Incident Response Playbook for uncommon incidents.
  • Develop JSON Setup for Playbooks
  • Develop a Catalog of Exercise Scenarios that can be used for training purposes.
  • Develop a Catalog of tools used for Incident Response [Plus Reviews for the different tools].
  • Develop a Catalog of Incident Response Automations.
  • Develop a Catalog of Checklists [For Before, During, After Incidents].
  • Develop a Catalog of Roles that a organization can use, to build their own program.
  • Develop a Catalog of Event Codes and API Actions that you can/will see in a SIEM Detections.
  • Develop a Battle Card Book, that can be reference for immediate help during a incident.

MITRE ATTACK

Tactic

Intial Access
Collection
Credential Access
Defense Evasion
Persistence
Exfiltration
Impact

For every pull request submitted a issue must also be created.

Immediate Goals/Projects

Wiki

Contributors

Planning on Adding Photos later

Sponsors

SPONSORS