Here is a collection of videos and articles which are well written with great content on how to design a incident response playbook.
A brief introduction to the concept of Incident Response playbooks. It recomments a basic structure and provides some tips for creating effective documents for junior analysts.
This webcast outlines the most common types of events and indicators of compromise (IOCs) and walk through a number of different incident types based on these. By building smarter incident response playbooks, IR teams can be better equipped to detect and respond more effectively in a number of scenarios.
This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.
This paper provides an overview of the cyber exercise process from inception to reporting. It introduces the terminology and life cycle of a cyber exercise and then focuses on the planning and execution aspects of such exercises, to include objectives, scenarios, reporting and assessment procedures, network architecture, tools, and lessons learned from utilizing the scenarios outlined during an exercise with Partner Nations. Reading this document and reviewing the reference materials should enable exercise planners to understand the purpose, objectives, planning, and execution processes for conducting cyber exercises.
The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics.