事件响应计划模板 - 安全事件检测、响应与恢复自动化框架

incident-response-plan by aj-geddes/useful-ai-prompts

172 周安装量

160 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill incident-response-plan

自动化风险管理安全

🇨🇳中文介绍

事件响应计划

概述

通过全面的预案和自动化，采用结构化方法来检测、响应、遏制安全事件并从中恢复。

何时使用

安全漏洞检测
数据泄露响应
恶意软件感染
DDoS 攻击
内部威胁
合规性违规
事后分析

快速开始

最小工作示例：

# incident_response.py
from dataclasses import dataclass, field
from typing import List, Dict, Optional
from enum import Enum
from datetime import datetime
import json

class IncidentSeverity(Enum):
    CRITICAL = "critical"  # P1 - 业务关键
    HIGH = "high"          # P2 - 重大影响
    MEDIUM = "medium"      # P3 - 中等影响
    LOW = "low"            # P4 - 轻微影响

class IncidentStatus(Enum):
    DETECTED = "detected"
    INVESTIGATING = "investigating"
    CONTAINED = "contained"
    ERADICATED = "eradicated"
    RECOVERED = "recovered"
    CLOSED = "closed"

class IncidentType(Enum):
    DATA_BREACH = "data_breach"
    MALWARE = "malware"
    UNAUTHORIZED_ACCESS = "unauthorized_access"
// ... (完整实现请参阅参考指南)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
事件响应框架	事件响应框架
Node.js 事件检测与响应	Node.js 事件检测与响应

🇺🇸English

Incident Response Plan

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Structured approach to detecting, responding to, containing, and recovering from security incidents with comprehensive playbooks and automation.

When to Use

Security breach detection
Data breach response
Malware infection
DDoS attacks
Insider threats
Compliance violations
Post-incident analysis

Quick Start

Minimal working example:

# incident_response.py
from dataclasses import dataclass, field
from typing import List, Dict, Optional
from enum import Enum
from datetime import datetime
import json

class IncidentSeverity(Enum):
    CRITICAL = "critical"  # P1 - Business critical
    HIGH = "high"          # P2 - Major impact
    MEDIUM = "medium"      # P3 - Moderate impact
    LOW = "low"            # P4 - Minor impact

class IncidentStatus(Enum):
    DETECTED = "detected"
    INVESTIGATING = "investigating"
    CONTAINED = "contained"
    ERADICATED = "eradicated"
    RECOVERED = "recovered"
    CLOSED = "closed"

class IncidentType(Enum):
    DATA_BREACH = "data_breach"
    MALWARE = "malware"
    UNAUTHORIZED_ACCESS = "unauthorized_access"
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Incident Response Framework	Incident Response Framework
Node.js Incident Detection & Response	Node.js Incident Detection & Response

Best Practices

✅ DO

Maintain incident response plan
Define clear escalation paths
Practice incident drills
Document all actions
Preserve evidence
Communicate transparently
Conduct post-incident reviews
Update playbooks regularly

❌ DON'T

Panic or rush
Delete evidence
Skip documentation
Work in isolation
Ignore lessons learned
Delay notifications

Weekly Installs

133

Repository

aj-geddes/usefu…-prompts

GitHub Stars

116

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode112

codex111

gemini-cli109

cursor102

claude-code102

github-copilot92

事件响应计划模板 - 安全事件检测、响应与恢复自动化框架

🇨🇳中文介绍

事件响应计划

目录

概述

何时使用

快速开始

相关 Skills

参考指南

最佳实践

✅ 建议

❌ 不建议