Logo
AWS Incident Response Runbook Samples

AWS Incident Response Runbook Samples

#Operations Management#Security Operations

A defense-in-depth security automation and monitoring framework utilizing threat intelligence, machine learning, and serverless technologies.

Visit Website

These run-books serve as templates for

These run-books are designed to be used solely as templates.

They should be tailored by administrators

They should be tailored by administrators who work with AWS to meet their specific needs, address potential risks, utilize available tools, and align with their work processes.

These guides are not official AWS documentation

These guides are not official AWS documentation. They are provided as-is for customers who use AWS products and want to enhance their incident response capabilities.

The run-books provided below address

The run-books provided below address several common scenarios that AWS customers frequently encounter.

Steps Based on NIST Computer Security Incident Handling Guide

This document outlines steps based on the NIST Computer Security Incident Handling Guide (Special Publication 800-61 Revision 2) that can be utilized to: - Gather evidence - Contain and then eliminate the incident - Recover from the incident - Perform post-incident activities, including post-mortem analyses and feedback processes. Readers who are interested may also find the AWS Security Incident Response Guide (originally published in June 2019) to be a helpful resource for understanding how the steps below were developed. Each runbook is tailored to a specific incident, and there are five components involved in managing each type of incident, adhering to the NIST guidelines mentioned earlier. Each component aligns with an action specified in that NIST document.

It is not sufficient to customize

It is not sufficient to customize the system without considering other essential factors.