cyber-ir-playbook

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.

1.59x

Quality

53%

Does it follow best practices?

Impact

99%

1.59x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/0x-professor/cyber-ir-playbook/SKILL.md

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

Ingest incident events with timestamps.
Classify events into detection, containment, eradication, recovery, or post-incident phases.
Build ordered timeline and summarize current phase completion.
Produce a report artifact for internal and executive audiences.

Use Bundled Resources

Run scripts/ir_timeline_report.py to generate a deterministic timeline report.
Read references/ir-phase-guide.md for phase mapping guidance.

Guardrails

Focus on defensive incident handling and post-incident learning.
Do not provide offensive exploitation instructions.

Repository: openclaw/skills
Commit: 754c182

Last updated: 5 days ago
Created: 5 days ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.