AgentSkill.club - Claude Skills Marketplace Logoagentskill.club

responding-to-security-incidentsClaude Skill

Analyze and guide security incident response, investigation, and remediation processes.

1.4k Stars
173 Forks
2025/10/10

Install & Download

Linux / macOS:

请登录后查看安装命令

Windows (PowerShell):

请登录后查看安装命令

Download and extract to ~/.claude/skills/

nameresponding-to-security-incidents
descriptionAnalyze and guide security incident response, investigation, and remediation processes. Use when you need to handle security breaches, classify incidents, develop response playbooks, gather forensic evidence, or coordinate remediation efforts. Trigger with phrases like "security incident response", "ransomware attack response", "data breach investigation", "incident playbook", or "security forensics".
allowed-toolsRead, Write, Edit, Grep, Glob, Bash(log-analysis:*), Bash(forensics:*), Bash(network-trace:*)
version1.0.0
authorJeremy Longshore <jeremy@intentsolutions.io>
licenseMIT

Responding To Security Incidents

Overview

This skill provides automated assistance for the described functionality.

Prerequisites

Before using this skill, ensure:

  • Access to system and application logs in {baseDir}/logs/
  • Network traffic captures or SIEM data available
  • Incident response team contact information
  • Backup systems operational and accessible
  • Write permissions for incident documentation in {baseDir}/incidents/
  • Communication channels established for stakeholder updates

Instructions

  1. Triage the incident and scope affected systems/data.
  2. Preserve evidence (logs, snapshots, network captures) before making changes.
  3. Contain the blast radius and eradicate root cause.
  4. Recover safely and document follow-ups (AAR + backlog).

See {baseDir}/references/implementation.md for detailed implementation guide.

Output

The skill produces:

Primary Output: Incident response playbook saved to {baseDir}/incidents/incident-YYYYMMDD-HHMM.md

Playbook Structure:

# Security Incident Response - [Incident Type]

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources

- NIST Computer Security Incident Handling Guide: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
- SANS Incident Handler's Handbook: https://www.sans.org/white-papers/33901/
- CISA Incident Response Guide: https://www.cisa.gov/incident-response
- Memory analysis: Volatility Framework
- Disk forensics: Autopsy, FTK Imager

Similar Claude Skills & Agent Workflows

idapython

5.1k
mrexodia's avatar - Developer of idapython Claude skillmrexodia/ida-pro-mcp
2026/01/18

IDA Pro Python scripting for reverse engineering.

webhook-signature-validator

1.0k
jeremylongshore's avatar - Developer of webhook-signature-validator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Validate webhook signature validator operations.

bearer-token-validator

1.0k
jeremylongshore's avatar - Developer of bearer-token-validator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Validate bearer token validator operations.

api-key-auth-setup

1.0k
jeremylongshore's avatar - Developer of api-key-auth-setup Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Configure api key auth setup operations.

iam-binding-creator

1.0k
jeremylongshore's avatar - Developer of iam-binding-creator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Create iam binding creator operations.

firewall-rule-generator

1.0k
jeremylongshore's avatar - Developer of firewall-rule-generator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Generate firewall rule generator operations.