incident-response-plan▌
aj-geddes/useful-ai-prompts · updated Apr 8, 2026
Structured approach to detecting, responding to, containing, and recovering from security incidents with comprehensive playbooks and automation.
Incident Response Plan
Table of Contents
Overview
Structured approach to detecting, responding to, containing, and recovering from security incidents with comprehensive playbooks and automation.
When to Use
- Security breach detection
- Data breach response
- Malware infection
- DDoS attacks
- Insider threats
- Compliance violations
- Post-incident analysis
Quick Start
Minimal working example:
# incident_response.py
from dataclasses import dataclass, field
from typing import List, Dict, Optional
from enum import Enum
from datetime import datetime
import json
class IncidentSeverity(Enum):
CRITICAL = "critical" # P1 - Business critical
HIGH = "high" # P2 - Major impact
MEDIUM = "medium" # P3 - Moderate impact
LOW = "low" # P4 - Minor impact
class IncidentStatus(Enum):
DETECTED = "detected"
INVESTIGATING = "investigating"
CONTAINED = "contained"
ERADICATED = "eradicated"
RECOVERED = "recovered"
CLOSED = "closed"
class IncidentType(Enum):
DATA_BREACH = "data_breach"
MALWARE = "malware"
UNAUTHORIZED_ACCESS = "unauthorized_access"
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
| Guide | Contents |
|---|---|
| Incident Response Framework | Incident Response Framework |
| Node.js Incident Detection & Response | Node.js Incident Detection & Response |
Best Practices
✅ DO
- Maintain incident response plan
- Define clear escalation paths
- Practice incident drills
- Document all actions
- Preserve evidence
- Communicate transparently
- Conduct post-incident reviews
- Update playbooks regularly
❌ DON'T
- Panic or rush
- Delete evidence
- Skip documentation
- Work in isolation
- Ignore lessons learned
- Delay notifications
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★29 reviews- ★★★★★Advait Sethi· Dec 28, 2024
Useful defaults in incident-response-plan — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Kabir Harris· Dec 24, 2024
incident-response-plan has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Shikha Mishra· Dec 12, 2024
We added incident-response-plan from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Amelia Patel· Nov 19, 2024
We added incident-response-plan from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Emma Smith· Nov 15, 2024
Solid pick for teams standardizing on skills: incident-response-plan is focused, and the summary matches what you get after install.
- ★★★★★Rahul Santra· Nov 3, 2024
Useful defaults in incident-response-plan — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Pratham Ware· Oct 22, 2024
Registry listing for incident-response-plan matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Jin Kapoor· Oct 10, 2024
incident-response-plan reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Emma Mehta· Oct 6, 2024
incident-response-plan is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Aditi Bhatia· Sep 21, 2024
I recommend incident-response-plan for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
showing 1-10 of 29