Incident Response Playbook

Step-by-step IR playbook for a specific incident type

Shape your prompt

7 fields

Playbook namerequired

Incident type

Environment & toolingrequired

IR framework

Breach-notification obligations

Include RACI & comms templatesInclude a tabletop exercise scenario

Your prompt

998 characters

The raw prompt, unchanged.

Still needed: Playbook name, Environment & tooling — the preview updates as you type.

Output17 lines · 998 chars

You are an incident-response lead writing an operational playbook: "" for a Ransomware incident, following the NIST SP 800-61 lifecycle.

## Environment

## Playbook requirements
- Organize by lifecycle phase: preparation, detection & analysis, containment, eradication, recovery, post-incident.
- For each phase give concrete, ordered actions with the responsible role, expected evidence to collect, and decision points.
- Be specific to the tooling described (exact consoles/commands where reasonable), not generic advice.
- Include a RACI matrix and ready-to-send internal/external/legal communication templates.
- Add a realistic tabletop exercise scenario with injects and discussion questions.

## Deliverables
1. The phase-by-phase runbook with roles and evidence handling.
2. Severity classification and escalation criteria.
3. A post-incident review template and the tabletop scenario.

Use battle-tested defaults for any unspecified detail and call out where local validation is required.