Discussion about incident response best practices, tools and run books
What are the best resources for creating runbooks for Security operations Center?
Powershell in a windows house. It’s changed my environment over the last 5 years
Finally another powershell fan outside of a powershell forum… Been trying to get my colleagues to adopt it but they refuse…
SANS has a pretty handy “Incident Responder’s Handbook” that doesn’t suck: https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901
It’s not specifically a runbook, but it does provide the framework for what should be in a runbook, and it could be used to establish a baseline if you’re looking at spinning up a SOC for the first time.