Incident Response Workflow

@snippbot/workflow-incident-response ORG

Workflow Template

Structured incident response workflow following NIST SP 800-61. Guides teams through six phases — Detection, Triage, Containment, Investigation, Remediation, and Post-Mortem — each with checklists, prompts, and evidence-collection guidance.

security incident-response nist post-mortem workflow

Install

$ snippbot marketplace install @snippbot/workflow-incident-response

Steps (6)

pkg__snippbot__Detection & Alerting

Confirm the incident and assign severity

pkg__snippbot__Triage & Classification

Assess scope, impact, and regulatory requirements

pkg__snippbot__Containment

Isolate affected systems while preserving forensic evidence

pkg__snippbot__Investigation

Reconstruct the attack timeline and identify root cause

pkg__snippbot__Remediation & Recovery

Eradicate threats and restore operations

pkg__snippbot__Post-Mortem

Document lessons learned and assign improvement actions

Versions (1)

1.0.0

0 downloads 2026-05-29