Incident Response Skill

Support the complete incident response lifecycle with documentation, timeline analysis, and comprehensive reporting capabilities.

Capabilities

• Timeline Analysis: Build and analyze incident timelines with event correlation
• Incident Documentation: Create structured incident records with full audit trail
• Evidence Tracking: Maintain chain of custody documentation
• IR Reporting: Generate reports for technical, executive, and regulatory audiences
• Playbook Support: Follow and document playbook execution
• Lessons Learned: Facilitate post-incident reviews

Quick Start

from ir_utils import Incident, IncidentTimeline, EvidenceTracker

# Create an incident