AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2025-11-22 · Documentation medium

File: security-ir/latest/userguide/appendix.md

Summary

Added IR/SOC metadata template table for incident response preparation

Security assessment

Provides documentation for security operations teams to improve incident response readiness, but does not address a specific vulnerability or security incident.

Diff

diff --git a/security-ir/latest/userguide/appendix.md b/security-ir/latest/userguide/appendix.md
index 2b2a99e69..86de12ba2 100644
--- a//security-ir/latest/userguide/appendix.md
+++ b//security-ir/latest/userguide/appendix.md
@@ -6,0 +7,9 @@
+Providing your metadata upfront to our CIRT, can help accelerate the profile creation time, improving the confidence in our triaging technology out of the gate. This will help reduce the upfront false positives identified when we begin to ingest your threat findings and create your "known good world."
+
+IR and SOC Personnel Contact Information Entry | IR | SOC Personnel: Role, Name, Email | Primary, Secondary Escalation Contacts | Internal, Known CIDR Ranges | External, Known CIDR Ranges | Additional Cloud Service Providers | Working AWS Regions | DNS Server IPs (if other than Route 53 Resolver) | VPN | Remote Access Solutions and IPs | Critical Application Names | Account Numbers | Uncommon Ports Commonly Used | ERD | AV | Vulnerability Management Tools Used | IDP | Locations  
+---|---|---|---|---|---|---|---|---|---|---|---|---  
+1 | SOC Commander, John Smith, [email protected] | Primary | 10.0.0.0/16 | 5.5.60.0/20 (Azure) | Azure | us-east-1, us-east-2 | N/A | Direct Connect, Public VIF 116.32.8.7 | Nginx Webserver (Example Critical) | 1234567890 | 8080 | CrowdStrike Falcon | Entra, Azure  
+|  |  |  |  |  |  |  |  |  |  |  |   
+|  |  |  |  |  |  |  |  |  |  |  |   
+|  |  |  |  |  |  |  |  |  |  |  |   
+