一键导入
incident-response
Security incident detection, analysis, containment, eradication, recovery, and lessons learned per NIST SP 800-61r2 and ISO 27035
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security incident detection, analysis, containment, eradication, recovery, and lessons learned per NIST SP 800-61r2 and ISO 27035
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
GitHub Agentic Workflows (gh-aw) - markdown-based AI automation with 5-layer security, safe outputs, and Continuous AI patterns
gh-aw CLI usage, compilation, testing, debugging, add-wizard, and CI/CD practices for GitHub Agentic Workflows
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
5-layer defense-in-depth security for GitHub Agentic Workflows - safe outputs, threat detection, AWF firewall, and zero-trust patterns
Continuous AI patterns from Agent Factory - issue triage, documentation sync, code quality, security scanning, and project coordination
GDPR compliance including privacy by design, data protection requirements, consent management, right to be forgotten, and data breach response
| name | incident-response |
| description | Security incident detection, analysis, containment, eradication, recovery, and lessons learned per NIST SP 800-61r2 and ISO 27035 |
| license | Apache-2.0 |
Establish comprehensive procedures for detecting, analyzing, containing, eradicating, and recovering from security incidents across all Hack23 projects, aligned with NIST SP 800-61r2 and ISO 27035.
MUST classify incidents by severity:
| Severity | Description | Response Time | Escalation |
|---|---|---|---|
| Critical | Active exploitation, data breach, system compromise | 1 hour | CEO immediate |
| High | Vulnerability with exploit available, unauthorized access attempt | 4 hours | CEO within 24h |
| Medium | Suspicious activity, policy violation, failed attacks | 24 hours | Weekly review |
| Low | Minor policy deviations, informational alerts | 72 hours | Monthly review |
Phase 1: Detection & Analysis
Phase 2: Containment
Phase 3: Eradication & Recovery
Phase 4: Post-Incident
When a secret is detected in source code:
.gitignore and pre-commit hooks