A playbook, also known as a standard operating procedure (SOP), consists of a set of guidelines to handle security incidents and alerts in the SOC.
Incident response methodologies typically involve creating standard operating procedures (SOPs), playbooks, and runbooks to guide teams through the incident response process.
These gudelines provide easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved.
Source: https://github.com/certsocietegenerale/IRM/tree/main/EN
Worm Infection: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-1-WormInfection.pdf- Social Engineering: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-10-SocialEngineering.pdf
- Information Leakage: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-11-InformationLeakage.pdf
- Insider Abuse: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-12-InsiderAbuse.pdf
- Customer Phishing: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-13-Customer_Phishing.pdf
- Scam: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-14-Scam.pdf
- Trademark infringement: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-15-Trademark%20infringement.pdf
- Phishing: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-16-Phishing.pdf
- Ransomware: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-17-Ransomware.pdf
- Large_scale_compromise: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-18-Large_scale_compromise.pdf
- 3rd-party_compromise: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-19-3rd-party_compromise.pdf
- Windows Intrusion: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-2-WindowsIntrusion.pdf
- Unix Linux lntrusionDetection: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-3-UnixLinuxIntrusionDetection.pdf
- DDOS: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-4-DDOS.pdf
- MaliciousNetworkBehaviour: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-5-MaliciousNetworkBehaviour.pdf
- Website-Defacement: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-6-Website-Defacement.pdf
- WindowsMalwareDetection: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-7-WindowsMalwareDetection.pdf
- Blackmail: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-8-Blackmail.pdf
- SmartphoneMalware.pdf: https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-9-SmartphoneMalware.pdf