Show Menu
Cheatography

Incident Response Cheat Sheet (DRAFT) by

A Cheat Sheet for Incident Response

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Roles and Respon­sib­ilities

Incident Manager
Leads response efforts, making key decisions and ensuring coordi­nation across the team
Tools
Project management software for task tracking (e.g., Asana, Jira)
Security Analysts
Conduct technical invest­iga­tions and analyses using various tools
Tools
SIEM systems for monitoring and analysis (e.g., Splunk, LogRhy­thm), and forensics analysis tools for in-depth invest­igation (e.g., Encase, FTK)
Commun­ica­tions Officer
Manages all commun­ica­tions, ensuring clarity and timeliness
Tools
Secure commun­ication platforms (e.g., Signal, Microsoft Teams for internal coordi­nation)
IT Specia­lists
Implement technical fixes and restore systems
Tools
Endpoint detection and response (EDR) tools for mitigating threats (e.g., CrowdS­trike Falcon, Microsoft Defender for Endpoint)
Legal and Compliance Officer
Provides legal guidance and ensures compliance with relevant laws and regula­tions
Tools
Compliance management software (e.g., LogicGate, NAVEX Global)

Incident Response Phases

Phase
Key Actions
Tools
Prepar­ation
Establish an incident response policy, form a response team, and prepare incident response playbooks
Training platforms (e.g., Infosec IQ, CyberHoot)
Detection and Analysis
Monitor systems for signs of unauth­orized activity, analyze alerts to confirm incidents
SIEM systems, intrusion detection systems (IDS) like Snort or Suricata
Contai­nment
Isolate affected systems, apply short-term fixes
Network segmen­tation tools, firewall and intrusion prevention systems (IPS)
Eradic­ation and Recovery
Remove malware, apply patches, and recover data from backups
Antivi­rus­/ma­lware removal tools, patch management software (e.g., Manage­Engine Patch Manager Plus), backup and recovery solutions (e.g., Veeam, Acronis)
Post-I­ncident Evaluation
Document the incident, evaluate response effect­ive­ness, update plans and defenses based on lessons learned
After-­action review templates, lessons learned databases