All News

<< Next Post - Previous Post >>

Free Cyber Incident Playbooks on GitHub

We are in the process of migrating our free resources/download to GitHub in an effort to facilitate the contribution from and to the cyber security community.

The first open source project we uploaded to GitHub is our cryptography project (BUGS) and the second one is our ES Cyber Incident playbooks project.

Our Cyber incident playbooks project is based on the work done by the CERT Societe Generale (SG CERT) which is available for free, under the Creative Commons Attribution 3.0 Unported License, on GitHub. Our project uses the same licensing model and you are free to use the content of our document(s) as per the aforementioned license and with referencing the author(s).

This project provides a number of Incident Response Methodologies (IRM), also called incident playbooks, aimed at helping a company with the handling of different types of cyber incidents. It consists of a PDF document which has been laid out so each IRM can be printed as a dual sided standalone page.

Compare to the great work done by the SG CERT this version provides:

  • A definition for each type of IRM documented;
  • New order to the IRM references;
  • Cosmetic changes;
  • Opportunity to include your incident response team contact details;
  • A more visual IRM cycle;
  • Updates to the content of the IRMs;
  • Standardisation of the each phase objectives definition;
  • Standardisation of the Lessons Learnt phase actions.

  • Although the PDF document can be used AS-IS, we recommend you do the following:

  • Review each IRM to ensure the actions listed are aligned with your Incident Response processes;
  • Include your incident contact details in each of the IRM abstract section.

    You can download the Playbook PDF document on the following GitHub link:
    ES Cyber Incident playbooks project


    As we use and receive feedback on the document we will provide updates. Looking forward to hear your suggestions for improvement.
    Please use the github issues/pull requests or you can contact us directly at: [email protected]

    Below is our current list of Incident Playbooks covered by this project (this list will be updated in time):
  • PHISHING
  • SOCIAL ENGINEERING
  • INFORMATION LEAKAGE
  • INSIDER ABUSE
  • MOBILE MALWARE
  • WINDOWS MALWARE
  • WINDOWS INTRUSION
  • UNIX INTRUSION
  • RANSOMWARE
  • DDOS
  • NETWORK ATTACK
  • WEBSITE DEFACEMENT
  • WORM INFECTION
  • BLACKMAIL
  • TRADEMARK INFRINGEMENT
  • << Next Post - Previous Post >>