| Tactic | Technique ID | Technique Name | Sub-Technique Name | Platforms | Permissions Required |
|---|---|---|---|---|---|
(P) Preparation
Assign steps to individuals or teams to work concurrently, when possible; this playbook is not purely sequential. Use your best judgment.
TODO: Expand investigation steps, including key questions and strategies, for <Type of Incident>.
- Plan remediation events where these steps are launched together (or in coordinated fashion), with appropriate teams ready to respond to any disruption.
- Consider the timing and tradeoffs of remediation actions: your response has consequences.
TODO: Customize containment steps, tactical and strategic, for <Type of Incident>.
TODO: Specify tools and procedures for each step, below.
TODO: Consider automating containment measures using orchestration tools.
- Inventory (enumerate & assess)
- Detect | Deny | Disrupt | Degrade | Deceive | Destroy
- Observe -> Orient -> Decide -> Act
TODO: Customize eradication steps, tactical and strategic, for <Type of Incident>.
TODO: Specify tools and procedures for each step, below.
TODO: Specify financial, personnel, and logistical resources to accomplish remediation.
TODO: Customize communication steps for <Type of Incident>
TODO: Specify tools and procedures (including who must be involved) for each step, below, or refer to overall plan.
In addition to the general steps and guidance in the incident response plan:
TODO: Customize recovery steps for <Type of Incident>.
TODO: Specify tools and procedures for each step, below.
In addition to the general steps and guidance in the incident response plan:
TODO: Add items that will occur post recover.
- Perform routine cyber hygiene due diligence
- Engage external cybersecurity-as-a-service providers and response professionals
- "Title", Author Last Name (Date)