Incident Containment Strategies -- NIST SP 800-61 Rev 2 / MITRE ATT&CK

Frameworks: NIST SP 800-61 Rev 2 (Containment, Eradication, and Recovery), MITRE ATT&CK Enterprise Matrix Role: SOC Analyst, Security Engineer Time: 15-30 min Output: Containment plan with short-term and long-term actions, business impact trade-off analysis, ATT&CK-mapped countermeasures, and rollback criteria

1. When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Invoke this skill when any of the following conditions are met: