creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/building-malware-incident-communication-template/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

2.2 KiB
Raw Blame History

API Reference: Malware Incident Communication Templates

Severity Levels

Level Response Time Escalation Update Frequency
Critical 15 minutes CISO + Legal + CEO 1 hour
High 1 hour CISO + SOC Manager 2 hours
Medium 4 hours SOC Manager 4 hours
Low 24 hours SOC Analyst Daily

Malware Categories

Type Impact Primary Containment
Ransomware Data encryption, ops disruption Isolate hosts, disable shares
Trojan Unauthorized access, exfiltration Block C2, isolate hosts
Wiper Data destruction Immediate isolation
Infostealer Credential/PII theft Block exfiltration channels
Worm Lateral spread Segment network

Incident Response Phases (NIST SP 800-61)

Phase Communication Focus
Detection Initial notification, severity classification
Containment Status updates, scope assessment
Eradication Technical progress, IOC sharing
Recovery Service restoration, monitoring
Post-Incident Lessons learned, executive summary

Regulatory Notification Deadlines

Regulation Deadline Authority
GDPR 72 hours Data Protection Authority
HIPAA 60 days HHS OCR
PCI DSS Immediate Card brands + acquirer
CCPA Without unreasonable delay CA Attorney General
NIS2 24h early warning + 72h full CSIRT

Communication Template Fields

Field Required Description
incident_id Yes Unique incident identifier
severity Yes critical/high/medium/low
subject Yes Email/notification subject line
timestamp Yes ISO 8601 format
affected_systems Yes List of impacted assets
actions_taken Yes Completed response actions
next_steps Yes Planned response actions

VERIS Framework Mapping

VERIS Field Maps To
action.malware.variety malware_type
attribute.integrity impact
timeline.incident detection timestamp
asset.assets affected_systems
Reference in New Issue View Git Blame Copy Permalink