knowledge/csirp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf3cadc6970845a90067edadbd2d4dd05a65a18f
csirp/containment/initial-response.md
T
Hermes Agent bf3cadc697 Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00

646 B
Raw Blame History

Initial Response Procedure

1. Detection & Analysis

  1. Verify the incident is not a false positive
  2. Document initial findings
  3. Determine severity level

2. Initial Containment

  • Isolate affected systems from the network
  • Preserve evidence (do not power off if possible)
  • Document system state

Severity Levels

Level Description Response Time
Critical Active breach, data exfiltration Immediate
High Confirmed malware, unauthorized access 1 hour
Medium Suspected intrusion, investigation needed 4 hours
Low Policy violation, minor anomaly 24 hours
Reference in New Issue View Git Blame Copy Permalink