security-incident-playbook-generator
Security Incident Playbook Generator
Prepare for security incidents with structured response plans.
Incident Response Phases
# Security Incident Response Playbook
## Phase 1: Detection & Triage (0-15 min)
### Detection Sources
- Security alerts (CloudWatch, Sentry)
- User reports
- Anomaly detection
- Penetration test findings
### Initial Assessment
- [ ] Identify incident type
- [ ] Assess severity (P0-P3)
- [ ] Determine scope
- [ ] Alert on-call security
## Phase 2: Containment (15-60 min)
### Immediate Actions
- [ ] Isolate affected systems
- [ ] Revoke compromised credentials
- [ ] Block malicious IPs
- [ ] Enable enhanced monitoring
### Evidence Preservation
- [ ] Capture logs
- [ ] Take system snapshots
- [ ] Document timeline
- [ ] Preserve artifacts
## Phase 3: Eradication (1-24 hours)
- [ ] Remove malware
- [ ] Close vulnerabilities
- [ ] Reset passwords
- [ ] Update firewall rules
## Phase 4: Recovery (24-72 hours)
- [ ] Restore from backup
- [ ] Verify system integrity
- [ ] Resume operations
- [ ] Monitor for reinfection
## Phase 5: Post-Incident (1 week)
- [ ] Document lessons learned
- [ ] Update procedures
- [ ] Security training
- [ ] Notify affected users (if required)
Output Checklist
- Response phases defined
- Containment procedures
- Communication templates
- Evidence collection rules
- Post-incident review ENDFILE
More from monkey1sai/openai-cli
multi-tenant-safety-checker
Ensures tenant isolation at query and policy level using Row Level Security, automated testing, and security audits. Prevents data leakage between tenants. Use for "multi-tenancy", "tenant isolation", "RLS", or "data security".
10modal-drawer-system
Implements accessible modals and drawers with focus trap, ESC to close, scroll lock, portal rendering, and ARIA attributes. Includes sample implementations for common use cases like edit forms, confirmations, and detail views. Use when building "modals", "dialogs", "drawers", "sidebars", or "overlays".
10eslint-prettier-config
Configures ESLint and Prettier for consistent code quality with TypeScript, React, and modern best practices. Use when users request "ESLint setup", "Prettier config", "linting configuration", "code formatting", or "lint rules".
9api-security-hardener
Hardens API security with rate limiting, input validation, authentication, and protection against common attacks. Use when users request "API security", "secure API", "rate limiting", "input validation", or "API protection".
9secure-headers-csp-builder
Implements security headers and Content Security Policy with safe rollout strategy (report-only → enforce), testing, and compatibility checks. Use for "security headers", "CSP", "HTTP headers", or "XSS protection".
9bruno-collection-generator
Generates Bruno collection files (.bru) from Express, Next.js, Fastify, or other API routes. Creates organized collections with environments, authentication, and folder structure for the open-source Bruno API client. Use when users request "generate bruno collection", "bruno api testing", "create bru files", or "bruno import".
9