← Back to all products
$19
Incident Response Kit
Incident response toolkit with playbook generator, communication templates, and timeline builder.
JSONMarkdownPython
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 10 files
incident-response-kit/
├── LICENSE
├── README.md
├── examples/
│ └── sample_events.json
├── free-sample.zip
├── guide/
│ ├── 01_features.md
│ ├── 02_quick-start.md
│ ├── 03_configuration-reference.md
│ └── 04_license.md
├── index.html
└── src/
└── incident_response_kit.py
📖 Documentation Preview README excerpt
Incident Response Kit
A structured incident response toolkit: playbook generator, communication templates, timeline builder, and severity classifier. Be ready when things go wrong.
Features
- Playbook generator — step-by-step response plans for data breaches, DDoS, ransomware, phishing, and more
- Communication templates — pre-written drafts for stakeholders, customers, and technical teams
- Timeline builder — build chronological incident timelines from event JSON
- Severity classifier — classify incidents as P1-P4 with SLA targets and escalation rules
- Role assignments — suggested team roles for each incident type (IC, comms lead, technical lead)
- Response workflows — checklists for containment, eradication, recovery, and lessons learned
- JSON and Markdown output — structured data or human-readable documents
- Customizable — adapt playbooks and templates to your organization's procedures
Requirements
- Python 3.10+
- No external dependencies (stdlib only)
Quick Start
# Generate a data breach response playbook
python src/incident_response_kit.py --mode playbook --type data-breach
# Build a timeline from events
python src/incident_response_kit.py --mode timeline --events examples/sample_events.json
# Generate a stakeholder communication template
python src/incident_response_kit.py --mode template --type stakeholder
# Classify an incident by description
python src/incident_response_kit.py --mode classify --description "Database accessible without auth"
Output
Playbooks and templates output as Markdown documents ready to share. Timelines render as chronological event lists. The classifier returns a severity level with SLA targets and recommended actions.
Configuration Reference
Event files for timeline building (see examples/sample_events.json):
{
"incident_id": "INC-2026-042",
"incident_type": "data-breach",
"severity": "P1",
"events": [
{
"timestamp": "2026-03-14T08:00:00Z",
"description": "Anomalous database query volume detected",
"actor": "monitoring-system"
},
{
"timestamp": "2026-03-14T08:15:00Z",
"description": "SOC analyst confirms unauthorized access",
"actor": "security-team"
}
*... continues with setup instructions, usage examples, and more.*
📄 Code Sample .py preview
src/incident_response_kit.py
#!/usr/bin/env python3
"""
Incident Response Kit — Security Kit (DataNest)
A structured incident response toolkit: playbook generator, communication
templates, timeline builder, and severity classifier. Be ready when
things go wrong.
Usage:
python incident_response_kit.py --mode playbook --type data-breach
python incident_response_kit.py --mode timeline --events events.json
python incident_response_kit.py --mode template --type stakeholder
python incident_response_kit.py --mode classify --description "Database accessible without auth"
Dependencies: Python 3.10+ stdlib only (no pip packages)
License: MIT
"""
from __future__ import annotations
import argparse
import json
import logging
import sys
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone
from pathlib import Path
from typing import Any
# ---------------------------------------------------------------------------
# Constants
# ---------------------------------------------------------------------------
logger = logging.getLogger("incident_response_kit")
# Severity levels with SLA targets (in hours)
# Why SLAs: Without defined response times, teams treat all incidents
# the same — either everything is a fire drill or nothing gets fixed.
SEVERITY_LEVELS: dict[str, dict[str, Any]] = {
"P1": {
"name": "Critical",
"description": "Complete system outage or active data breach",
"response_sla_hours": 0.25, # 15 minutes
"resolution_sla_hours": 4,
"notify": ["on-call engineer", "engineering lead", "CTO", "legal"],
"examples": ["Data breach confirmed", "Full production outage", "Ransomware detected"],
},
"P2": {
"name": "High",
"description": "Major feature broken, data at risk, or significant user impact",
# ... 588 more lines ...