Containment Playbooks Skill

Comprehensive containment procedures for isolating security threats during active incidents. Provides structured playbooks for network, endpoint, identity, cloud, and application containment.

Capabilities

• Network Containment: Host isolation, firewall blocks, DNS sinkholing, network segmentation
• Endpoint Containment: EDR isolation, process termination, service disabling, memory preservation
• Identity Containment: Account disable, session termination, credential reset, MFA reset
• Cloud Containment: IAM revocation, resource isolation, API key rotation, security group lockdown
• Application Containment: WAF rules, rate limiting, service shutdown, database lockdown
• Email Containment: Message quarantine, sender blocking, rule removal
• Playbook Execution: Track and document containment actions

Quick Start

from containment_utils import (
    NetworkContainment, EndpointContainment, IdentityContainment,