What tools does the Security Incident Responder use?

The skill utilizes specialized Bash commands for log analysis, network tracing, and forensics, alongside standard file manipulation tools to document the incident.

How does this skill help during a ransomware attack?

It provides a structured workflow for containing the attack, identifying the entry point, and coordinating recovery while ensuring all forensic evidence is preserved.

Can this skill generate official documentation?

Yes, it automatically creates a standardized incident response playbook in Markdown format, including triage details, containment steps, and recovery plans.

Do I need specific permissions to use this skill?

Yes, you need read access to system/application logs and write permissions for the directory where incident documentation is stored for the skill to function correctly.

Security Incident Responder

Name: Security Incident Responder
Author: jeremylongshore

byjeremylongshore

•

983

보안 및 테스팅

Analyzes and orchestrates security incident response, forensic investigations, and remediation workflows within Claude Code.

소개

This skill empowers Claude to act as a digital forensics and incident response (DFIR) assistant by guiding users through the critical stages of an incident lifecycle. It facilitates rapid triage, evidence preservation, and root cause analysis by leveraging specialized tools for log analysis, network tracing, and system forensics. Whether handling ransomware, data breaches, or unauthorized access, this skill helps contain threats and automatically generates standardized incident playbooks and after-action reports to ensure compliance and recovery.

주요 기능

Automated incident triage and impact scoping
Integration with specialized Bash tools for deep system forensics
Automated generation of standardized incident response playbooks
Step-by-step guidance for threat containment and eradication
983 GitHub stars
Forensic evidence preservation using log analysis and network captures

사용 사례

Developing and documenting post-incident After-Action Reports (AAR)
Responding to active ransomware attacks or malware infections
Investigating unauthorized data access or potential data breaches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills responding-to-security-incidents

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개