building-incident-response-playbook
Installation
SKILL.md
Building Incident Response Playbooks
When to Use
- Establishing or maturing an incident response program from scratch
- Documenting procedures for a new incident type after a novel attack
- Automating response workflows in a SOAR platform (Cortex XSOAR, Splunk SOAR)
- Preparing for compliance audits requiring documented IR procedures (SOC 2, PCI-DSS, HIPAA)
- Conducting a gap analysis of existing IR capabilities against specific threat scenarios
Do not use for one-time ad hoc investigations; playbooks are reusable procedure documents, not case-specific reports.