Incident Response
Manage and respond to security incidents
Incidents
Incident Title
Investigating
CRITICAL
INC-001
Created:
2024-12-13 08:45:22
Assigned To:
Sarah Chen
MITRE Technique:
T1190
Affected Assets:
3 servers, 12 endpoints
Description:
Incident description will appear here.
Incident Timeline
2024-12-13 08:45:22
Incident Created
Initial detection from SIEM alert
2024-12-13 08:47:15
Assigned to Sarah Chen
Case assigned to IR analyst
2024-12-13 08:52:33
Playbook Applied
Applied "Ransomware Response" playbook
2024-12-13 09:05:41
Evidence Collected
Memory dump from WEB-SERVER-01
Case Notes
Sarah Chen
2024-12-13 09:15:00
Initial investigation reveals suspicious PowerShell execution. Isolated affected endpoints from network. Proceeding with memory analysis.
Mike Johnson
2024-12-13 09:45:00
Forensics analysis complete. Confirmed ransomware variant: LockBit 3.0. No data exfiltration detected. Recommending full system rebuild.
IR Playbooks
Ransomware Response
12 steps
Malware Outbreak
10 steps
Data Breach
15 steps
Phishing Campaign
8 steps
DDoS Attack
7 steps
Insider Threat
11 steps
Evidence
Memory Dump
WEB-SERVER-01.dmp
512 MB
Network PCAP
capture_2024-12-13.pcap
2.1 GB
Event Logs
security_logs.evtx
45 MB
Malware Sample
suspicious.exe
1.2 MB
Disk Image
system_c_drive.dd
128 GB