cyber-ir-playbook

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

  1. Ingest incident events with timestamps.
  2. Classify events into detection, containment, eradication, recovery, or post-incident phases.
  3. Build ordered timeline and summarize current phase completion.
  4. Produce a report artifact for internal and executive audiences.

Use Bundled Resources

  • Run scripts/ir_timeline_report.py to generate a deterministic timeline report.
  • Read references/ir-phase-guide.md for phase mapping guidance.

Guardrails

  • Focus on defensive incident handling and post-incident learning.
  • Do not provide offensive exploitation instructions.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Triple Layer Memory

# Triple-Layer Memory System

Archived SourceRecently Updated
General--
0range-x
General

session-rotate-80

Auto-create a new session when OpenClaw context usage reaches 80% without requiring Mem0 or file memory systems. Use when users want default OpenClaw to proactively rotate sessions and avoid context overflow in long chats.

Archived SourceRecently Updated
General--
0range-x
General

polymarket-sports-edge

Find odds divergence between sportsbook consensus and Polymarket sports markets, then trade the gap.

Archived SourceRecently Updated
General--
jim.sexton