doctator/bin-there-done-that

DocTator 7ea6dda614 Auto-commit from giteapush.sh at 2025-05-09 16:35:15

2025-05-09 16:35:15 -04:00

674 B

Raw Permalink Blame History

Incident Response Policy

This document defines how we detect, respond to, and report security incidents.

Response Workflow

Detection via monitoring, alert, or client report
Triage severity and affected systems
Contain and isolate threat (e.g., suspend access)
Notify stakeholders if client-impacting
Perform root cause analysis
Patch, re-secure, and document the event

Timelines

Initial triage: within 2 hours
Client notification (if impacted): within 24 hours
Final report delivered internally within 72 hours

Tools Used

Fail2Ban
Genesis Shield alerting
Zabbix/Prometheus incident flags
Manual log reviews (forensic-level)