creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/conducting-post-incident-lessons-learned/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

44 lines
1.5 KiB
Markdown
Raw Blame History

# Post-Incident Lessons Learned — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| requests | `pip install requests` | API calls to ticketing/SIEM systems |
| jinja2 | `pip install Jinja2` | Report template rendering |
| matplotlib | `pip install matplotlib` | Timeline and metric visualization |
## Key Metrics
| Metric | Formula | Target |
|--------|---------|--------|
| MTTD | Detection time - Incident start | < 30 minutes |
| MTTC | Containment time - Detection time | < 60 minutes |
| MTTR | Resolution time - Detection time | < 4 hours |
| Dwell Time | Detection time - Initial compromise | < 24 hours |
## NIST SP 800-61 Phases
| Phase | Activities |
|-------|-----------|
| Preparation | Playbooks, tools, training |
| Detection & Analysis | Alert triage, scoping, evidence collection |
| Containment | Short-term and long-term isolation |
| Eradication & Recovery | Root cause removal, system restoration |
| Post-Incident | Lessons learned, action items, metrics |
## Report Template Sections
| Section | Content |
|---------|---------|
| Executive Summary | Impact, scope, duration |
| Timeline | Chronological event sequence |
| Root Cause | 5-Whys or fishbone analysis |
| Action Items | Prioritized P1/P2/P3 with owners |
## External References
- [NIST SP 800-61 Rev. 2](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final)
- [SANS Incident Handler's Handbook](https://www.sans.org/white-papers/33901/)
- [VERIS Framework](http://veriscommunity.net/)
Reference in New Issue View Git Blame Copy Permalink