A playbook is a guide to help people in charge of handling security incidents.

It includes the full steps to be taken to attend an incident from the Preparation to Post-incident activities, currently this is the methodology that we uses:

Within this document is possible to visualize the list of current playbooks and runbooks that has developed.

It is important to emphasize the Playbooks will invoke the Runbooks depending of the type of incident, as well as the phase of our methodology.

A runbook is a technical guide that contains the specific procedures to be done in different activities.

List of Playbooks
#

Below is possible to visualize the current list of available Playbooks and their status:

#	Playbook Name
1	Ransomware
2	Data Breach
3	Phishing Attack
4	Distributed Denial of Service (DDoS)
5	Malware Infection/Attack
6	Credential Compromise
7	Advanced Persistent Threat and targeted attack
8	Web Application Attack
9	Cloud Security Incident
10	Business Email Compromise (BEC)

List of Runbooks
#

Below is possible to visualize the current list of available Runbooks and their status:

#	Playbook Name
1	Disk Acquisition - Dead System
2	Disk Acquisition - Live System
3	Disk Analysis
4	Endpoint Detection And Response
5	Event Log Analysis
6	Event Log Parsing
7	Installing And Updating Tools
8	Memory Acquisition - Linux
9	Memory Acquisition - Windows
10	Memory Analysis
11	Patch Management & Vulnerability Scanning
12	Sigma Rules
13	Super TimeLine Creation
14	Triage - Artifacts Collection
15	Triage - Live Linux Examination
16	Triage - Live Linux Examination
17	Yara Rules

There are no articles to list here yet.

List of Playbooks#

List of Runbooks#

List of Playbooks
#

List of Runbooks
#