OpenSkillIndex← back to search
claude-code

Skills cyber-ir-playbook

Build incident response timelines and report packs from event logs. Use for detection-to-recovery reporting, phase tracking, and stakeholder-ready incident summaries.

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/0x-professor/cyber-ir-playbook" ~/.claude/skills/clawdbot-skills-cyber-ir-playbook && rm -rf "$T"
manifest: skills/0x-professor/cyber-ir-playbook/SKILL.md
source content

Cyber IR Playbook

Overview

Convert incident events into a standardized response timeline and phase-based report.

Workflow

  1. Ingest incident events with timestamps.
  2. Classify events into detection, containment, eradication, recovery, or post-incident phases.
  3. Build ordered timeline and summarize current phase completion.
  4. Produce a report artifact for internal and executive audiences.

Use Bundled Resources

  • Run 
    scripts/ir_timeline_report.py
    to generate a deterministic timeline report.
  • Read 
    references/ir-phase-guide.md
    for phase mapping guidance.

Guardrails

  • Focus on defensive incident handling and post-incident learning.
  • Do not provide offensive exploitation instructions.