How to build Incident Response Playbooks


Here is a collection of videos and articles which are well written with great content on how to design a incident response playbook.

Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy

A brief introduction to the concept of Incident Response playbooks. It recomments a basic structure and provides some tips for creating effective documents for junior analysts.

An Incident Response Playbook: From Monitoring to Operations

This webcast outlines the most common types of events and indicators of compromise (IOCs) and walk through a number of different incident types based on these. By building smarter incident response playbooks, IR teams can be better equipped to detect and respond more effectively in a number of scenarios.

Crafting the InfoSec Playbook

This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Cyber Exercise Playbook

This paper provides an overview of the cyber exercise process from inception to reporting. It introduces the terminology and life cycle of a cyber exercise and then focuses on the planning and execution aspects of such exercises, to include objectives, scenarios, reporting and assessment procedures, network architecture, tools, and lessons learned from utilizing the scenarios outlined during an exercise with Partner Nations. Reading this document and reviewing the reference materials should enable exercise planners to understand the purpose, objectives, planning, and execution processes for conducting cyber exercises.

Blue Team Handbook: Incident Response Edition

The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics.


More Demisto Resources

All articles loaded
No more articles to load