securityadvanced
Incident Response Playbook
Generates an incident response playbook for a specific type of security incident.
Prompt
Create an incident response playbook for the following scenario:
**Incident type**: {{incidentType}} (data breach, ransomware, DDoS, insider threat, supply chain compromise, credential stuffing)
**System affected**: {{system}}
**Team size**: {{teamSize}}
**Compliance requirements**: {{compliance}} (SOC2/HIPAA/GDPR/PCI-DSS/none)
Playbook sections:
1. **Detection**: indicators of compromise (IoCs), monitoring alerts, user reports
2. **Triage** (first 15 minutes): severity assessment, initial scope, communication
3. **Containment** (first hour): isolation steps, preserve evidence, block attack vectors
4. **Investigation**: forensic data to collect, timeline reconstruction, root cause analysis
5. **Eradication**: remove attacker access, patch vulnerabilities, reset credentials
6. **Recovery**: restore services, verify integrity, monitor for re-compromise
7. **Communication**: internal (engineering, exec, legal), external (customers, regulators, media)
8. **Post-incident**: retrospective template, action items, metrics to track
9. **Regulatory**: notification requirements and timelines for {{compliance}}
Include checklists that can be printed and used during an actual incident.Variables
{{incidentType}}{{system}}{{teamSize}}{{compliance}}
Use Cases
- Building IR runbooks
- Compliance documentation
- Security team training exercises
Compatible Models
claude-sonnet-4-20250514gpt-4o
Tags
incident-responseplaybooksecurity-operations
Details
- Author
- PromptIndex
- Updated
- 2026-04-01
- Difficulty
- advanced
Related Prompts
- Threat Model Generator
Generates a STRIDE-based threat model for a system or feature.
- Security Code Audit
Performs a security-focused code review identifying vulnerabilities and fixes.
- Dependency Risk Analyzer
Assesses the risk profile of project dependencies based on maintenance, popularity, and security history.