Incident-Playbook
Incident-Playbook is a community-driven project that catalogs incident response playbooks mapped to MITRE ATT&CK tactics and techniques. It provides structured playbooks for handling specific attack techniques such as phishing, ransomware, process injection, credential access, data exfiltration, and unauthorized VPN access. The project also covers uncommon incident scenarios, exercise scenarios for training, SIEM event codes, API actions, response checklists for before, during, and after incidents, role catalogs for building incident response programs, and a battle card book for quick reference during active incidents. Contributors can create new playbooks by selecting a MITRE technique, submitting an issue, and opening a pull request. The goal is to build a comprehensive, open-source resource for SOC and incident response teams to prepare for, respond to, and recover from cybersecurity incidents.