Incident Response


(Vari) #1

Discussion about incident response best practices, tools and run books


(Vari) #2

What are the best resources for creating runbooks for Security operations Center?


(N3tl0kr) #3

Powershell in a windows house. It’s changed my environment over the last 5 years


(Edwin Eekelaers) #4

Finally another powershell fan outside of a powershell forum… Been trying to get my colleagues to adopt it but they refuse…


(Jason Ross) #5

SANS has a pretty handy “Incident Responder’s Handbook” that doesn’t suck: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

It’s not specifically a runbook, but it does provide the framework for what should be in a runbook, and it could be used to establish a baseline if you’re looking at spinning up a SOC for the first time.