Responding To Security Incidents

Overview

This skill provides automated assistance for the described functionality.

Prerequisites

Before using this skill, ensure:

• Access to system and application logs in {baseDir}/logs/
• Network traffic captures or SIEM data available
• Incident response team contact information
• Backup systems operational and accessible
• Write permissions for incident documentation in {baseDir}/incidents/
• Communication channels established for stakeholder updates

Instructions

1. Triage the incident and scope affected systems/data.