Scribd Logo
Upload

Welcome to Scribd!

  • IR Playbooks - Mathieu Saulnier

    Uploaded by

    scott tang
    154 views24 pages
    The document introduces a new open source incident response playbook resource created by Mathieu Saulnier. It provides background on his new position at Syntax and their need for standardized playbooks. The hybrid format combines markdown, Draw.io diagrams, and templates to make the playbooks easy to modify and contribute to openly on GitLab. The document demonstrates the playbooks and outlines how others can contribute and help strengthen incident response through open collaboration.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document introduces a new open source incident response playbook resource created by Mathieu Saulnier. It provides background on his new position at Syntax and their need for standardized playbooks. The hybrid format combines markdown, Draw.io diagrams, and templates to make the playbooks easy to modify and contribute to openly on GitLab. The document demonstrates the playbooks and outlines how others can contribute and help strengthen incident response through open collaboration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    154 views24 pages

    IR Playbooks - Mathieu Saulnier

    Uploaded by

    scott tang
    The document introduces a new open source incident response playbook resource created by Mathieu Saulnier. It provides background on his new position at Syntax and their need for standardized playbooks. The hybrid format combines markdown, Draw.io diagrams, and templates to make the playbooks easy to modify and contribute to openly on GitLab. The document demonstrates the playbooks and outlines how others can contribute and help strengthen incident response through open collaboration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Incident Response

    Playbooks
    A New Open Source Resource
    Bio

    Mathieu Saulnier
    Sr Manager Incident Response at
    Syntax
    Core Mentor @BlueTeamVillage
    Threat Hunting
    Adversary Detection
    Talks at : Derbycon, BTV,
    NorthSec, SecTor & BSides

    @ScoubiMtl
    Agenda
    Background
    Current Playbooks
    Our Hybrid Format
    Our Current Playbooks
    How to Contribute
    Background
    New Position at Syntax They Wanted Someone to Own IR
    Hired July 2020
    Asked Questions
    SOC
    Management
    Higher Manager
    IR Plan
    IR Playbooks
    Microplays / WI
    Plan vs Playbooks vs Microplays
    C-Level

    INCIDENT RESPONSE PLAN

    Ransom AD Phish Account


    Manager

    Comp
    SOC

    Submit Retrieve Create Client Isolate Comm.


    Analyst

    Hash PCAP User Contact Endpoint Temp.


    SOC

    VT WAF EDR Regular EDR Clients


    HA IPS SIEM Off Hour Switch Internal
    Escalation 3rd Party
    Current Playbooks
    IRM

    Société Générale
    PDF
    Windows Centric
    More Procedure
    No Edits in 5 Years
    Gov.scot

    Scottish Governement
    PDF
    Reviewed in 2020
    Overlap
    Workflow in the Annex
    Incidentresponse
    .com
    Consortium
    PDF & Visio
    9 Playbooks
    All very similar
    Flow chart
    Ayehu.com

    Part of Resolve (?)


    Images
    Limited Sample
    High Level
    Flow chart
    Taksati

    Chris Taylor
    PowerPoint
    Visio / Draw.io
    Workflow with
    details
    Perfect level
    But there’s Only
    One
    Syntax Playbooks

    Git
    Markdown / Draw.io
    Open & Free
    Easy to modify
    RE&CT

    @atc_project
    Modular
    Open Source
    Framework
    Lack real content
    Austin Songer

    github.com/austinsonger/
    Incident-Playbook
    Playbook for every MITRE
    Technique
    Exercise Scenarios that
    can be used for training
    purposes
    Demo Time!
    gitlab.com/syntax-ir/playbooks/
    Sub Folders

    Products Tools
    This folder contains This folder contains
    information about the various information about the various
    “commercial” products we use free/online tools we use
    during an incident. during an incident.
    How To Contribute
    Clone/Fork the Repo Build Pipelines
    Add, Modify Contents CI/CD
    Use Templates Draw.io automation
    Submit PR Become a Maintainer
    Stronger Together
    Thank You!

    Mathieu Saulnier
    @ScoubiMtl

    You might also like