AWS whitepapers documentation change
Summary
Complete removal of playbook content requirements documentation
Security assessment
Deletes guidance on security playbook components but shows no evidence of fixing a specific security weakness or vulnerability.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/what-to-include-in-playbooks.md b/whitepapers/latest/aws-security-incident-response-guide/what-to-include-in-playbooks.md index a5b5f297a..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/what-to-include-in-playbooks.md +++ b//whitepapers/latest/aws-security-incident-response-guide/what-to-include-in-playbooks.md @@ -1 +0,0 @@ -[View a markdown version of this page](what-to-include-in-playbooks.md) @@ -3,56 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#what-to-include-in-playbooks "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# What to include in playbooks - -Playbooks should contain technical steps for a security analyst to complete in order to adequately investigate and respond to a potential security incident. - -Items to include in a playbook include: - - * **Playbook overview** – What risk or incident scenario does this playbook address? What is the goal of the playbook? - - * **Prerequisites** – What logs and detection mechanisms are required for this incident scenario? What is the expected notification? - - * **Stakeholder information** – Who is involved and what is their contact information? What are each of the stakeholders’ responsibilities? - - * **Response steps** – Across phases of incident response, what tactical steps should be taken? What queries should an analyst run? What code should be run to achieve the desired outcome? - - * **Detect** – How will the incident be detected? - - * **Analyze** – How will the scope of impact be determined? - - * **Contain** – How will the incident be isolated to limit scope? - - * **Eradicate** – How will the threat be removed from the environment? - - * **Recover** – How will the affected system or resource be brought back into production? - - * **Expected outcomes** – After queries and code are run, what is the expected result of the playbook? - - - - -To verify consistent information in each playbook, it can be helpful to create a playbook template to use across your other security playbooks. Some of the previously listed items, such as stakeholder information, can be shared across multiple playbooks. If that is the case, you can create centralized documentation for that information and reference it in the playbook, then enumerate the explicit differences in the playbook. This will prevent you from having to update the same information in all of your individual playbooks. Through creating a template and identifying common or shared information in playbooks, you can simplify and speed up playbook development. Lastly, your playbooks will likely evolve over time; once you have confirmed that the steps are consistent, this forms the requirements for automation. - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -What to create playbooks for - -Sample playbooks - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.