GitXplorerGitXplorer
a

aws-incident-response-playbooks

public
943 stars
195 forks
1 issues

Commits

List of commits on branch master.
Verified
48ed511645822191e7fcb472979fcc716b45e0d0

Update Markdown to clickable link for AWS Shield

ccolto committed 2 years ago
Verified
1375f5aa83ea204793d14e57b9440fd2dc108c24

Update IRP-Ransomware.md

cchamsinghaws committed 2 years ago
Verified
713385550cb4025e69fed3eef9970700673b3f41

Update IRP-PersonalDataBreach.md

aagairola committed 2 years ago
Unverified
9ce5aa355845c864679abc4929b0fc64da908ef1

Add IRP-PersonalDataBreach.md

aagairola committed 2 years ago
Verified
7c7abfa646499f400bfb8fc84d4011aae9f297c8

Update IRP-Ransomware.md

cchamsinghaws committed 2 years ago
Unverified
ed4c609c8c8a824cdfde6d2634b94b7401fa32b8

Small edit

committed 2 years ago

README

The README file for this repository.

AWS Incident Response Playbook Samples

These playbooks are created to be used as templates only. They should be customized by administrators working with AWS to suit their particular needs, risks, available tools and work processes. These guides are not official AWS documentation and are provided as-is to customers using AWS products and who are looking to improve their incident response capability.

The playbooks included below cover several common scenarios faced by AWS customers. They outline steps based on the NIST Computer Security Incident Handling Guide (Special Publication 800-61 Revision 2) that can be used to:

  • Gather evidence
  • Contain and then eradicate the incident
  • Recover from the incident
  • Conduct post-incident activities, including post-mortem and feedback processes

Interested readers may also find the AWS Security Incident Response Guide (first published in June 2019) a useful guide as an overview of how the below steps were created.

Each playbook corresponds to a unique incident and there are 5 parts to handling each incident type, following the NIST guidelines referenced above. Each part corresponds to an action in that NIST document.

It is not sufficient to customize these scenarios to the need of your customers, organization or applications. It is important that these playbook scenarios are tested (for example, in Game Days) prior to deployment to your knowledge management system and that all responders are familiar with the actions required to respond to an incident.

Note that some of the incident response steps noted in each scenario may incur costs in your AWS account(s) for services used in either preparing for, or responding to incidents. Customizing these scenarios and testing them will help you to determine if additional costs will be incurred. You can use AWS Cost Explorer and look at costs incurred over a particular time frame (such as when running Game Days) to establish what the possible impact might be.

Usage

The playbooks are written in markdown to facilitate editing and consumption into a variety of user systems.

Security

See CONTRIBUTING for more information.

License Summary

The documentation is made available under the Creative Commons Attribution-ShareAlike 4.0 International License. See the LICENSE file.

The sample code within this documentation is made available under the MIT-0 license. See the LICENSE-SAMPLECODE file.