Incident-Playbook
Incident-Playbook copied to clipboard
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
If you have an idea for the project please start a discusssion.
PURPOSE OF PROJECT
That this project will be created by the SOC/Incident Response Community
- Develop a Catalog of Incident Response Playbook for every MITRE Technique (Keep in mind it won't work for some tactics).
- Develop a Catalog of Incident Response Playbook for uncommon incidents.
- Develop JSON Setup for Playbooks
- Develop a Catalog of Exercise Scenarios that can be used for training purposes.
- Develop a Catalog of tools used for Incident Response
[Plus Reviews for the different tools]
. - Develop a Catalog of Incident Response Automations.
- Develop a Catalog of Checklists
[For Before, During, After Incidents]
. - Develop a Catalog of Roles that a organization can use, to build their own program.
- Develop a Catalog of Event Codes and API Actions that you can/will see in a SIEM Detections.
- Develop a Battle Card Book, that can be reference for immediate help during a incident.
MITRE ATTACK
Tactic
Intial Access
- [X] Playbook: T1133 - Unauthorized VPN and VDI Access
- [X] Playbook: T1189 - Drive By Compromise
- [X] Playbook: T1566 - Phishing
Collection
- [X] Playbook: T1114 - Cloud Email Compromise
Credential Access
- [ ] Playbook: T1110.003 - Password Spraying
Defense Evasion
- [X] Playbook: T1055 - Process Injection
Persistence
- [X] Playbook: T1053 - Scheduled Task/Job
Exfiltration
- [X] Playbook: T1052.001 - Exfiltration over USB
Impact
- [ ] Playbook: T1485 - Data Destruction
- [X] Playbook: T1486 - Data Encrypted for Impact Ransomware
- [ ] Playbook: T1489 - Service Stop
- [X] Playbook: T1491.002 - External Defacement
For every pull request submitted a issue must also be created.
- Please Read Creating a New Playbook;
- Check the list of MITRE Techniques to choose from and create a new issue;
- Or you can just look at the list of issues that are ready to be worked on.
Immediate Goals/Projects
- Figure out how to Integrate Atomic Red Team
Wiki
Contributors
Planning on Adding Photos later
Sponsors
SPONSORS |
---|