GitXplorerGitXplorer
a

aws-incident-response-playbooks

public
943 stars
195 forks
1 issues

Commits

List of commits on branch master.
Verified
be50b9d71b796695472b8004b76dcc0b81e66700

Merge pull request #8 from gregcope/patch-1

pphillisf committed a month ago
Verified
70fe50aec04e0fa4a1bde079060d1e5d42b26fac

Update IRP-DoS.md

ggregcope committed a month ago
Verified
31a63b87f3fdea1db521d74e26692d2ba7a4ac6e

Update IRP-Ransomware.md

cchamsinghaws committed 8 months ago
Verified
01969f287c22308e672d9c687726106b0bedf756

Merge pull request #6 from colto/patch-1

pphillisf committed a year ago
Verified
af024c1a01ae822133ac0b78e56b5fede20d83b0

Merge pull request #7 from zbraiterman/update-readme

pphillisf committed a year ago
Unverified
67b4bc5d2f7549bf647d159e32f3206c3f0e94a7

Have all bullet points start with a capital letter

zzbraiterman committed 2 years ago

README

The README file for this repository.

AWS Incident Response Playbook Samples

These playbooks are created to be used as templates only. They should be customized by administrators working with AWS to suit their particular needs, risks, available tools and work processes. These guides are not official AWS documentation and are provided as-is to customers using AWS products and who are looking to improve their incident response capability.

The playbooks included below cover several common scenarios faced by AWS customers. They outline steps based on the NIST Computer Security Incident Handling Guide (Special Publication 800-61 Revision 2) that can be used to:

  • Gather evidence
  • Contain and then eradicate the incident
  • Recover from the incident
  • Conduct post-incident activities, including post-mortem and feedback processes

Interested readers may also find the AWS Security Incident Response Guide (first published in June 2019) a useful guide as an overview of how the below steps were created.

Each playbook corresponds to a unique incident and there are 5 parts to handling each incident type, following the NIST guidelines referenced above. Each part corresponds to an action in that NIST document.

It is not sufficient to customize these scenarios to the need of your customers, organization or applications. It is important that these playbook scenarios are tested (for example, in Game Days) prior to deployment to your knowledge management system and that all responders are familiar with the actions required to respond to an incident.

Note that some of the incident response steps noted in each scenario may incur costs in your AWS account(s) for services used in either preparing for, or responding to incidents. Customizing these scenarios and testing them will help you to determine if additional costs will be incurred. You can use AWS Cost Explorer and look at costs incurred over a particular time frame (such as when running Game Days) to establish what the possible impact might be.

Usage

The playbooks are written in markdown to facilitate editing and consumption into a variety of user systems.

Security

See CONTRIBUTING for more information.

License Summary

The documentation is made available under the Creative Commons Attribution-ShareAlike 4.0 International License. See the LICENSE file.

The sample code within this documentation is made available under the MIT-0 license. See the LICENSE-SAMPLECODE file.