Post-Incident Review -- NIST SP 800-61 Rev 2

Framework: NIST SP 800-61 Rev 2 (Section 3.4: Post-Incident Activity) Role: SOC Analyst, Security Engineer, vCISO Time: 30-60 min Output: Post-incident review report with blameless retrospective, root cause analysis, control failure mapping, metrics (MTTD, MTTR, MTTC), lessons learned, and remediation tracking plan

1. When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Invoke this skill when any of the following conditions are met: