Skills

responding-to-security-incidents

Installation
SKILL.md

Responding To Security Incidents

Overview

Guide the full NIST SP 800-61 incident response lifecycle: detection, containment, eradication, recovery, and post-incident analysis. Classify incidents by type (ransomware, data breach, DDoS, credential compromise, insider threat) and severity, then coordinate evidence preservation, threat containment, and root-cause investigation.

Prerequisites

  • System and application logs accessible in ${CLAUDE_SKILL_DIR}/logs/ (auth logs, web server logs, database access logs)
  • Network traffic captures (PCAP) or SIEM alert exports available
  • Incident response team contact information and escalation paths documented
  • Backup systems operational and recovery procedures tested
  • Write permissions for incident documentation in ${CLAUDE_SKILL_DIR}/incidents/
  • Forensic tools available: Volatility (memory), Autopsy/FTK Imager (disk), tcpdump/Wireshark (network)

Instructions

Installs
1
Repository
jeremylongshore…ins-plus
GitHub Stars
2.2K
First Seen
Apr 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
responding-to-security-incidents — jeremylongshore/claude-code-plugins-plus