← Back to all products

Incident Response Kit

$19

Incident response toolkit with playbook generator, communication templates, and timeline builder.

📁 10 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

incident-response-kit/ ├── LICENSE ├── README.md ├── examples/ │ └── sample_events.json ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_configuration-reference.md │ └── 04_license.md ├── index.html └── src/ └── incident_response_kit.py

📖 Documentation Preview README excerpt

Incident Response Kit

A structured incident response toolkit: playbook generator, communication templates, timeline builder, and severity classifier. Be ready when things go wrong.

Features

  • Playbook generator — step-by-step response plans for data breaches, DDoS, ransomware, phishing, and more
  • Communication templates — pre-written drafts for stakeholders, customers, and technical teams
  • Timeline builder — build chronological incident timelines from event JSON
  • Severity classifier — classify incidents as P1-P4 with SLA targets and escalation rules
  • Role assignments — suggested team roles for each incident type (IC, comms lead, technical lead)
  • Response workflows — checklists for containment, eradication, recovery, and lessons learned
  • JSON and Markdown output — structured data or human-readable documents
  • Customizable — adapt playbooks and templates to your organization's procedures

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)

Quick Start


# Generate a data breach response playbook
python src/incident_response_kit.py --mode playbook --type data-breach

# Build a timeline from events
python src/incident_response_kit.py --mode timeline --events examples/sample_events.json

# Generate a stakeholder communication template
python src/incident_response_kit.py --mode template --type stakeholder

# Classify an incident by description
python src/incident_response_kit.py --mode classify --description "Database accessible without auth"

Output

Playbooks and templates output as Markdown documents ready to share. Timelines render as chronological event lists. The classifier returns a severity level with SLA targets and recommended actions.

Configuration Reference

Event files for timeline building (see examples/sample_events.json):


{
    "incident_id": "INC-2026-042",
    "incident_type": "data-breach",
    "severity": "P1",
    "events": [
        {
            "timestamp": "2026-03-14T08:00:00Z",
            "description": "Anomalous database query volume detected",
            "actor": "monitoring-system"
        },
        {
            "timestamp": "2026-03-14T08:15:00Z",
            "description": "SOC analyst confirms unauthorized access",
            "actor": "security-team"
        }

*... continues with setup instructions, usage examples, and more.*

📄 Code Sample .py preview

src/incident_response_kit.py #!/usr/bin/env python3 """ Incident Response Kit — Security Kit (DataNest) A structured incident response toolkit: playbook generator, communication templates, timeline builder, and severity classifier. Be ready when things go wrong. Usage: python incident_response_kit.py --mode playbook --type data-breach python incident_response_kit.py --mode timeline --events events.json python incident_response_kit.py --mode template --type stakeholder python incident_response_kit.py --mode classify --description "Database accessible without auth" Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import json import logging import sys from dataclasses import dataclass, field, asdict from datetime import datetime, timezone from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Constants # --------------------------------------------------------------------------- logger = logging.getLogger("incident_response_kit") # Severity levels with SLA targets (in hours) # Why SLAs: Without defined response times, teams treat all incidents # the same — either everything is a fire drill or nothing gets fixed. SEVERITY_LEVELS: dict[str, dict[str, Any]] = { "P1": { "name": "Critical", "description": "Complete system outage or active data breach", "response_sla_hours": 0.25, # 15 minutes "resolution_sla_hours": 4, "notify": ["on-call engineer", "engineering lead", "CTO", "legal"], "examples": ["Data breach confirmed", "Full production outage", "Ransomware detected"], }, "P2": { "name": "High", "description": "Major feature broken, data at risk, or significant user impact", # ... 588 more lines ...
Buy Now — $19 Back to Products