Free incident response plan template based on NIST SP 800-61. Includes playbooks for ransomware, phishing, data breach, and BEC.

Enterprise incident response playbooks aligned with NIST SP 800-61 and SANS IR framework with MITRE ATT&CK mappings

Hands-on incident response simulation lab — blue team procedures, SOC workflows, Salt Typhoon APT research, and DR failover documentation

Strategic cybersecurity governance repository featuring a hybrid Incident Response Plan (IRP) integrating NIST SP 800-61 Rev. 2 and SANS methodologies. Includes modernized forensic forms, chain of custody protocols, and policy analysis.

Cross-framework Incident Response Playbook Library — ISO/IEC 27035:2016 + NIST SP 800-61 r2 (CSF 2.0).

Building a brute force detection rule in Microsoft Sentinel and working the resulting incident to closure using the NIST 800-61 lifecycle. KQL analytics rule, entity mapping, and NSG containment.

AI-powered Incident Response Plan engine for MSPs — NIST 800-61 aligned playbooks, BYOM (Anthropic/OpenAI/Gemini/Ollama), ConnectWise + N8N integration, 2,000-incident scenario corpus + 60 tests

Building a Microsoft Sentinel detection rule for impossible travel sign-in activity using Azure SigninLogs and KQL. Investigating user logon geography and working the incident to closure under NIST SP 800-61.

Building a Microsoft Sentinel detection rule for suspicious PowerShell web requests (Invoke-WebRequest) and working the incident to closure using the NIST 800-61 lifecycle. KQL analytics rule, entity mapping, and execution verification.

NIST 800-61–aligned runbooks for cloud credential compromise, business email compromise, ransomware, and data exfiltration.

I-powered SIEM alert triage tool — MITRE ATT&CK mapping, IOC extraction, false positive reduction, and investigation playbooks using Claude AI