Can this skill help with legal evidence preservation?

Yes, the skill provides specific guidance on collecting database logs, network traffic, and application logs in a manner that supports forensic investigation.

How does Claude help during a ransomware attack?

Claude identifies the incident type and generates a step-by-step playbook for isolating systems, removing the threat, and initiating secure data recovery.

Is this skill only for active security incidents?

No, it is equally effective for proactive security planning, allowing teams to draft incident response plans and run simulation scenarios.

What incident types are supported?

The skill handles a wide range of incidents including data breaches, ransomware, DDoS attacks, unauthorized access, and malware infections.

Does it provide remediation steps after an attack?

Yes, it develops detailed remediation plans to patch vulnerabilities exploited during an incident and restore systems to a known-secure state.

Security Incident Responder

Name: Security Incident Responder
Author: jeremylongshore

byjeremylongshore

•

883

Security & Testing

Guides developers and security teams through the end-to-end incident response lifecycle, from containment and forensics to post-incident remediation.

About

The Security Incident Responder skill transforms Claude into a digital first responder capable of managing complex security breaches and system attacks. It provides structured guidance for classifying threats such as ransomware, DDoS, or data breaches, and generates tailored containment, eradication, and recovery playbooks. By assisting with forensic evidence collection, timeline construction, and remediation planning, this skill ensures that teams follow industry best practices to minimize damage and prevent future occurrences.

Key Features

Post-incident reporting and lessons learned documentation
883 GitHub stars
Tailored response playbook generation for specific attack vectors
Step-by-step guidance for forensic evidence and log collection
Automated incident classification and severity assessment
Detailed remediation planning and vulnerability mitigation

Use Cases

Managing a live ransomware attack with structured containment and recovery steps
Investigating suspected unauthorized access or data breaches in production databases
Developing and documenting proactive incident response plans and organizational playbooks

About

Key Features

Post-incident reporting and lessons learned documentation
883 GitHub stars
Tailored response playbook generation for specific attack vectors
Step-by-step guidance for forensic evidence and log collection
Automated incident classification and severity assessment
Detailed remediation planning and vulnerability mitigation

Use Cases

Managing a live ransomware attack with structured containment and recovery steps
Investigating suspected unauthorized access or data breaches in production databases
Developing and documenting proactive incident response plans and organizational playbooks