security-incident-reporting
Installation
SKILL.md
Security Incident Reporting
Comprehensive framework for documenting and analyzing security incidents, drawing from NIST SP 800-61 and SANS methodologies.
When to Use
- After a security incident (DDoS, breach, vulnerability exploitation)
- Creating post-mortem documentation
- Communicating with stakeholders (C-level, legal, security teams)
- Correlating attack patterns with known CVEs
- Establishing incident response metrics (MTTR, dwell time)
Related Skills
- security-audit - Pre-incident vulnerability assessment
- typo3-security - TYPO3 hardening
- SKILL-TYPO3.md - TYPO3-specific incident reporting