Skills
.Work. You
Rest

defensive-incident-response

Community

Defensive IR playbook for rapid containment.

Data & Analytics#incident#response#kql#picerl#mitre#mde#hunt-queries
Authorriparino
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Incident response lifecycles can be chaotic; this playbook provides a structured, repeatable approach to identify, contain, and eradicate threats using the PICERL lifecycle, evidence collection order, and KQL queries for rapid investigation.

Core Features & Use Cases

  • PICERL phases with concrete actions and decision points
  • Containment guidance, evidence ordering, and MITRE ATT&CK mapping
  • Per-phase KQL hunt queries and remediation steps
  • Use case: contain a compromised host, scope lateral movement, and rotate credentials

Quick Start

Initiate incident response by identifying scope, isolating affected hosts, and executing the PICERL lifecycle with recommended actions.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: defensive-incident-response
Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#defensive-incident-response

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.