Incident Response

(Vari) #1

Discussion about incident response best practices, tools and run books

(Vari) #2

What are the best resources for creating runbooks for Security operations Center?

(N3tl0kr) #3

Powershell in a windows house. It’s changed my environment over the last 5 years

(Edwin Eekelaers) #4

Finally another powershell fan outside of a powershell forum… Been trying to get my colleagues to adopt it but they refuse…

(Jason Ross) #5

SANS has a pretty handy “Incident Responder’s Handbook” that doesn’t suck:

It’s not specifically a runbook, but it does provide the framework for what should be in a runbook, and it could be used to establish a baseline if you’re looking at spinning up a SOC for the first time.