cyber-ir-playbook

The Cyber IR Playbook is a specialized tool for security operations and incident response teams. It automates the transformation of raw incident events into standardized, stakeholder-ready documentation. By ingesting event logs with timestamps, the agent maps activities to the NIST-aligned incident lifecycle phases, including detection, containment, eradication, recovery, and post-incident activities. This skill is designed to reduce the administrative burden of manual timeline reconstruction during high-pressure security incidents, providing clear visibility for internal teams and executive leadership.

• Automated timeline generation based on raw incident event logs and chronological data.

• Phase-based classification of incidents following industry-standard IR frameworks.

• Generation of comprehensive, executive-ready summary report packs.

• Deterministic reporting capabilities via bundled Python utility scripts.

• Support for post-incident learning and tactical documentation.

• Users should provide well-structured incident event logs with accurate timestamps to ensure timeline integrity.

• Follow the phase-mapping guidance provided in the reference documentation to ensure consistent classification.

• The tool is strictly for defensive security operations; do not use it to generate offensive exploitation content.

• Integrate with other analysis tools by utilizing the provided python scripts for batch report generation.

• Always prioritize accuracy in the input data to ensure the resulting timeline correctly reflects the incident progression.